morphy201180
Posts: 79 +0
Hi,
Can you help. My avast anti virus does not update automatically and I have noticed PC keeps saying there is low disk space even though there is 1tb free space on my hard drive. I ran malware bytes and it detected a program called antidust.exe which I cant remove.
Recently my computer has also been cutting out and rebooting. I have posted the logs below to see if there is anyway I can remove the virus and get my computer back to normal
Here are the FRST logs:-
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:18-10-2015
Ran by Spartan (administrator) on SPARTACUS (18-10-2015 19:16:38)
Running from C:\
Loaded Profiles: Spartan (Available Profiles: Spartan)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) Language: English (United States)
Internet Explorer Version 6 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AVAST Software) E:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AOMEI Tech Co., Ltd.) E:\Program Files\AOMEI Backupper Standard Edition 2.0.2\ABService.exe
(Apple Inc.) E:\Program Files\Bonjour\mDNSResponder.exe
(Nero AG) C:\Program Files\HSMServiceEntry.exe
(Oracle Corporation) E:\Program Files\Java\jre7\bin\jqs.exe
() C:\Program Files\HTC Sync\adb.exe
(NVIDIA Corporation) E:\WINDOWS\system32\nvsvc32.exe
() E:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
() E:\Program Files\Subsonic\subsonic-service.exe
() E:\Program Files\Subsonic\subsonic-service.exe
(SigmaTel, Inc.) E:\WINDOWS\stsystra.exe
(AVAST Software) E:\Program Files\AVAST Software\Avast\AvastUI.exe
() E:\Program Files\Subsonic\subsonic-agent.exe
(Microsoft Corporation) E:\WINDOWS\system32\wbem\unsecapp.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SigmatelSysTrayApp] => E:\WINDOWS\stsystra.exe [282624 2006-07-27] (SigmaTel, Inc.)
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE E:\WINDOWS\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [nwiz] => nwiz.exe /install
HKLM\...\Run: [NvMediaCenter] => RUNDLL32.EXE E:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
HKLM\...\Run: [AvastUI.exe] => E:\Program Files\AVAST Software\Avast\AvastUI.exe [6134544 2015-10-02] (AVAST Software)
HKLM\...\Run: [BCSSync] => C:\Office14\BCSSync.exe [91520 2010-01-21] (Microsoft Corporation)
HKLM\...\Run: [Adobe ARM] => E:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [998104 2015-07-07] (Adobe Systems Incorporated)
HKU\S-1-5-21-1078081533-1659004503-725345543-1003\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] => "E:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
HKU\S-1-5-21-1078081533-1659004503-725345543-1003\...\Run: [DAEMON Tools Lite] => E:\Program Files\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-1078081533-1659004503-725345543-1003\...\Run: [GoogleDriveSync] => E:\Program Files\Google\Drive\googledrivesync.exe [22568208 2015-09-11] (Google)
HKU\S-1-5-21-1078081533-1659004503-725345543-1003\...\MountPoints2: {0d924b42-2949-11e4-a776-000acd196d62} - H:\autorun.exe
HKU\S-1-5-21-1078081533-1659004503-725345543-1003\...\MountPoints2: {117050c1-6fbe-11e4-b77f-000acd196d62} - G:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-1078081533-1659004503-725345543-1003\...\MountPoints2: {70c33dc7-35ee-11e5-8536-02352a040d7c} - K:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-1078081533-1659004503-725345543-1003\...\MountPoints2: {8e292342-463c-11e4-a66e-000acd196d62} - F:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-1078081533-1659004503-725345543-1003\...\MountPoints2: {e2833743-4a70-11e4-a7a7-000acd196d62} - K:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-1078081533-1659004503-725345543-1003\...\MountPoints2: {e2833745-4a70-11e4-a7a7-000acd196d62} - K:\HTC_Sync_Manager_PC.exe
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => E:\Program Files\Google\Drive\googledrivesync32.dll [2015-09-11] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => E:\Program Files\Google\Drive\googledrivesync32.dll [2015-09-11] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => E:\Program Files\Google\Drive\googledrivesync32.dll [2015-09-11] (Google)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => E:\Program Files\AVAST Software\Avast\ashShell.dll [2015-10-02] (AVAST Software)
ShellIconOverlayIdentifiers: [Groove Explorer Icon Overlay 1 (GFS Unread Stub)] -> {99FD978C-D287-4F50-827F-B2C658EDA8E7} => C:\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [Groove Explorer Icon Overlay 2 (GFS Stub)] -> {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} => C:\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)] -> {920E6DB1-9907-4370-B3A0-BAFC03D81399} => C:\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [Groove Explorer Icon Overlay 3 (GFS Folder)] -> {16F3DD56-1AF5-4347-846D-7C10C4192619} => C:\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [Groove Explorer Icon Overlay 4 (GFS Unread Mark)] -> {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} => C:\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation)
Startup: E:\Documents and Settings\All Users\Start Menu\Programs\Startup\Plex.lnk [2013-05-12]
ShortcutTarget: Plex.lnk -> E:\Program Files\Plex\Plex Media Center\Plex.exe (No File)
Startup: E:\Documents and Settings\All Users\Start Menu\Programs\Startup\Subsonic.lnk [2013-05-11]
ShortcutTarget: Subsonic.lnk -> E:\Program Files\Subsonic\subsonic-agent.exe ()
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Winsock: Catalog5 04 E:\Program Files\Bonjour\mdnsNSP.dll [152864 2010-10-07] (Apple Inc.)
Hosts: Hosts file not detected in the default directory
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{4C30C0C2-C813-4332-BD76-ED8A21061772}: [NameServer] 192.168.0.1
Tcpip\..\Interfaces\{7375FB1F-F5B3-4D7F-96FD-146750802B92}: [DhcpNameServer] 192.168.0.1
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
URLSearchHook: HKU\S-1-5-21-1078081533-1659004503-725345543-1003 - Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - E:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)
BHO: BitComet Helper -> {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} -> C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll [2013-11-29] (BitComet)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> E:\Program Files\Java\jre7\bin\ssv.dll [2014-10-18] (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> E:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-10-18] (Oracle Corporation)
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> E:\WINDOWS\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll [2014-09-09] ()
FF Plugin: @java.com/DTPlugin,version=10.71.2 -> E:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-10-18] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.71.2 -> E:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-10-18] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> E:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Office14\NPSPWRAP.DLL [2010-01-10] (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> E:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> E:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-18] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> E:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-18] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> E:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> E:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> E:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: Adobe Reader -> E:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - E:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - E:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2013-02-11] [not signed]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - E:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - E:\Program Files\AVAST Software\Avast\WebRep\FF [2014-07-07] [not signed]
Chrome:
=======
CHR HomePage: Default -> hxxp://www.trovi.com/?gd=&ctid=CT3323924&octid=EB_ORIGINAL_CTID&ISID=MACBA25C6-6D57-4FFA-8F88-9B3E66A87213&SearchSource=55&CUI=&UM=6&UP=SP9BDA504E-851E-4E1F-BC5C-F26C898B87B9&SSPV=
CHR StartupUrls: Default -> "hxxp://search.conduit.com/?ctid=CT3325290&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=5&UP=SP9BDA504E-851E-4E1F-BC5C-F26C898B87B9&SSPV=","hxxp://search.conduit.com/?ctid=CT3325290&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=5&UP=SP9BC0CE04-ABAF-4544-98E9-149FDA8EA4C0&SSPV=","hxxp://websearch.exitingsearch.info/?pid=2644&r=2014/03/22&hid=7143877000232757666&lg=EN&cc=GB&unqvl=50","hxxp://search.conduit.com/?ctid=CT3325290&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=5&UP=SPC0E83CDB-49D3-495A-833C-DCDF59A2424D&SSPV=","hxxp://www.msn.com/?pc=AV01","hxxp://search.conduit.com/?ctid=CT3325290&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=5&UP=SP6B6F3D42-F44F-4D92-8DAF-929D8489F182&SSPV=","hxxps://uk.yahoo.com/?fr=hp-avast&type=avastbcl"
CHR Profile: E:\Documents and Settings\Spartan\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - E:\Documents and Settings\Spartan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-07-08]
CHR Extension: (Google Drive) - E:\Documents and Settings\Spartan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-08]
CHR Extension: (Google Voice Search Hotword (Beta)) - E:\Documents and Settings\Spartan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-07-29]
CHR Extension: (WOT: Web of Trust, Website Reputation Ratings) - E:\Documents and Settings\Spartan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2015-07-29]
CHR Extension: (YouTube) - E:\Documents and Settings\Spartan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-07-08]
CHR Extension: (Google Search) - E:\Documents and Settings\Spartan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-07-08]
CHR Extension: (Google Docs Offline) - E:\Documents and Settings\Spartan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-17]
CHR Extension: (Avast Online Security) - E:\Documents and Settings\Spartan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-07-08]
CHR Extension: (Chrome Hotword Shared Module) - E:\Documents and Settings\Spartan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-07-24]
CHR Extension: (Application Launcher for Drive (by Google)) - E:\Documents and Settings\Spartan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2014-11-08]
CHR Extension: (Chrome Web Store Payments) - E:\Documents and Settings\Spartan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-08]
CHR Extension: (Gmail) - E:\Documents and Settings\Spartan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-07-08]
CHR HKLM\...\Chrome\Extension: [dhigneefebkcagnpnpbibganpmfgebnk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - E:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-07-29]
CHR HKU\S-1-5-21-1078081533-1659004503-725345543-1003\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 avast! Antivirus; E:\Program Files\AVAST Software\Avast\AvastSvc.exe [146600 2015-10-02] (AVAST Software)
R2 Backupper Service; E:\Program Files\AOMEI Backupper Standard Edition 2.0.2\ABService.exe [29912 2014-08-21] (AOMEI Tech Co., Ltd.)
R2 HTCMonitorService; C:\Program Files\HSMServiceEntry.exe [87368 2014-06-27] (Nero AG)
R2 JavaQuickStarterService; E:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-10-18] (Oracle Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
S3 Microsoft SharePoint Workspace Audit Service; C:\Office14\GROOVE.EXE [30963576 2010-01-21] (Microsoft Corporation)
R2 PassThru Service; E:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2013-10-17] () [File not signed]
R2 Subsonic; E:\Program Files\Subsonic\subsonic-service.exe [259584 2013-04-17] () [File not signed]
S3 WmdmPmSN; C:\WINDOWS\system32\mspmsnsv.dll [X]
S3 WsDrvInst; C:\Program Files\Dr.Fone for Android\DriverInstall.exe [X]
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R0 ambakdrv; E:\WINDOWS\System32\ambakdrv.sys [26424 2014-08-19] () [File not signed]
R1 AmdK8; E:\WINDOWS\System32\DRIVERS\AmdK8.sys [36864 2006-07-02] (Advanced Micro Devices)
R2 ammntdrv; E:\WINDOWS\system32\ammntdrv.sys [129720 2014-08-19] () [File not signed]
R2 amwrtdrv; E:\WINDOWS\system32\amwrtdrv.sys [14392 2014-08-19] () [File not signed]
R2 aswHwid; E:\WINDOWS\system32\drivers\aswHwid.sys [24016 2015-10-02] (AVAST Software)
R2 aswMonFlt; E:\WINDOWS\system32\drivers\aswMonFlt.sys [76000 2015-10-02] (AVAST Software)
R1 aswRdr; E:\WINDOWS\system32\drivers\aswRdr.sys [55200 2015-10-02] (AVAST Software)
R0 aswRvrt; E:\WINDOWS\system32\Drivers\aswRvrt.sys [49776 2015-10-02] (AVAST Software)
R1 aswSnx; E:\WINDOWS\system32\drivers\aswSnx.sys [789296 2015-10-02] (AVAST Software)
R1 aswSP; E:\WINDOWS\system32\drivers\aswSP.sys [434184 2015-10-02] (AVAST Software)
R3 aswStmXP; E:\WINDOWS\system32\drivers\aswStmXP.sys [157888 2015-10-02] (AVAST Software)
S3 aswTdi; E:\WINDOWS\system32\drivers\aswTdi.sys [57888 2015-10-02] (AVAST Software)
R0 aswVmm; E:\WINDOWS\system32\Drivers\aswVmm.sys [208664 2015-10-02] (AVAST Software)
R1 dtsoftbus01; E:\WINDOWS\System32\DRIVERS\dtsoftbus01.sys [243128 2014-08-21] (Disc Soft Ltd)
R1 mbamchameleon; E:\WINDOWS\system32\drivers\mbamchameleon.sys [121560 2015-10-18] (Malwarebytes)
R3 MBAMProtector; E:\WINDOWS\system32\drivers\mbam.sys [23256 2015-06-18] (Malwarebytes Corporation)
R0 nvata; E:\WINDOWS\System32\DRIVERS\nvata.sys [105472 2007-08-25] (NVIDIA Corporation)
S3 qcserxp; E:\WINDOWS\System32\DRIVERS\qcserxp.sys [103424 2009-01-24] (QUALCOMM Incorporated)
S3 rtl8139; E:\WINDOWS\System32\DRIVERS\RTL8139.SYS [20992 2008-04-13] (Realtek Semiconductor Corporation)
R3 serenum; E:\WINDOWS\System32\DRIVERS\nuvserenum.sys [17920 2014-01-12] (Windows (R) Win 7 DDK provider)
R3 Serial; E:\WINDOWS\System32\DRIVERS\nuvserial.sys [76288 2014-01-12] (Nuvoton Technology Corp.)
R0 sptd; E:\WINDOWS\System32\Drivers\sptd.sys [320120 2014-07-24] (Duplex Secure Ltd.)
R3 STHDA; E:\WINDOWS\System32\drivers\sthda.sys [1171464 2006-07-27] (SigmaTel, Inc.)
S4 IntelIde; no ImagePath
S3 lmimirr; system32\DRIVERS\lmimirr.sys [X]
U3 a4yy8xcs; no ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-10-18 19:16 - 2015-10-18 19:16 - 00000000 ____D E:\FRST
2015-10-18 18:59 - 2015-10-18 19:00 - 00000000 ___SD E:\ComboFix
2015-10-18 18:59 - 2011-06-26 07:45 - 00256000 _____ E:\WINDOWS\PEV.exe
2015-10-18 18:59 - 2010-11-07 18:20 - 00208896 _____ E:\WINDOWS\MBR.exe
2015-10-18 18:59 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) E:\WINDOWS\NIRCMD.exe
2015-10-18 18:59 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) E:\WINDOWS\SWREG.exe
2015-10-18 18:59 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) E:\WINDOWS\SWSC.exe
2015-10-18 18:59 - 2000-08-31 01:00 - 00212480 _____ (SteelWerX) E:\WINDOWS\SWXCACLS.exe
2015-10-18 18:59 - 2000-08-31 01:00 - 00098816 _____ E:\WINDOWS\sed.exe
2015-10-18 18:59 - 2000-08-31 01:00 - 00080412 _____ E:\WINDOWS\grep.exe
2015-10-18 18:59 - 2000-08-31 01:00 - 00068096 _____ E:\WINDOWS\zip.exe
2015-10-18 18:58 - 2015-10-18 18:59 - 00000000 ____D E:\Qoobox
2015-10-18 18:58 - 2015-10-18 18:58 - 05636101 ____R (Swearware) E:\Documents and Settings\Spartan\Desktop\ComboFix.exe
2015-10-18 18:58 - 2015-10-18 18:58 - 00000000 ____D E:\WINDOWS\erdnt
2015-10-18 18:55 - 2015-10-18 18:57 - 00000000 ____D E:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
2015-10-18 18:54 - 2015-10-18 18:57 - 00000000 ____D E:\Documents and Settings\Spartan\Desktop\mbar
2015-10-18 18:54 - 2015-10-18 18:54 - 16563352 _____ (Malwarebytes Corp.) E:\Documents and Settings\Spartan\Desktop\mbar-1.09.3.1001.exe
2015-10-18 18:44 - 2015-10-18 18:53 - 00000000 ____D E:\Documents and Settings\All Users\Application Data\RogueKiller
2015-10-18 18:44 - 2015-10-18 18:44 - 18832456 _____ E:\Documents and Settings\Spartan\Desktop\RogueKiller.exe
2015-10-18 18:44 - 2015-10-18 18:44 - 00035064 _____ E:\WINDOWS\system32\Drivers\TrueSight.sys
2015-10-14 13:09 - 2015-10-14 13:09 - 00000000 ___HD E:\WINDOWS\PIF
2015-10-02 10:22 - 2015-10-02 10:21 - 00313472 _____ (AVAST Software) E:\WINDOWS\system32\aswBoot.exe
2015-10-02 10:21 - 2015-10-02 10:21 - 00043112 _____ (AVAST Software) E:\WINDOWS\avastSS.scr
2015-09-21 15:20 - 2015-09-21 15:20 - 00000000 ____D E:\Documents and Settings\Spartan\Application Data\HMYGSetting
2015-09-21 15:18 - 2015-09-21 15:18 - 00000000 ____D E:\Program Files\Common Files\Wondershare
2015-09-21 15:18 - 2015-09-21 15:18 - 00000000 ____D E:\Documents and Settings\Spartan\Local Settings\Application Data\Wondershare
2015-09-21 15:17 - 2015-09-23 01:47 - 00000000 ___HD E:\Program Files\DrFoneAndroid_Temp
2015-09-21 15:17 - 2015-09-21 15:20 - 00000000 ____D E:\Documents and Settings\All Users\Application Data\Wondershare
2015-09-21 15:17 - 2015-09-21 15:17 - 00000000 ____D E:\Documents and Settings\Spartan\Application Data\Wondershare
2015-09-18 19:11 - 2015-09-18 19:11 - 00001024 ____H E:\SYSTAG.BIN
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-10-18 19:16 - 2014-10-02 21:33 - 00000000 ____D E:\Documents and Settings\Spartan\Local Settings\Temp
2015-10-18 19:00 - 2012-07-20 11:06 - 00032566 _____ E:\WINDOWS\SchedLgU.Txt
2015-10-18 19:00 - 2012-07-20 11:06 - 00000006 ____H E:\WINDOWS\Tasks\SA.DAT
2015-10-18 18:55 - 2014-10-12 01:14 - 00170200 ____C (Malwarebytes) E:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-10-18 18:55 - 2014-07-07 02:13 - 00121560 _____ (Malwarebytes) E:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-10-18 18:45 - 2012-07-20 11:44 - 00592924 ____C E:\WINDOWS\system32\PerfStringBackup.INI
2015-10-18 18:42 - 2015-08-20 04:08 - 00000000 ____D E:\Documents and Settings\Spartan\Local Settings\Application Data\HTC MediaHub
2015-10-18 18:41 - 2014-07-08 22:28 - 00000882 _____ E:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-10-18 18:41 - 2014-07-07 02:09 - 00000364 ____H E:\WINDOWS\Tasks\avast! Emergency Update.job
2015-10-18 18:41 - 2012-07-20 11:47 - 00000159 ____C E:\WINDOWS\wiadebug.log
2015-10-18 18:41 - 2012-07-20 11:47 - 00000050 ____C E:\WINDOWS\wiaservc.log
2015-10-18 18:41 - 2012-07-20 11:24 - 00081409 ____C E:\WINDOWS\system32\nvapps.xml
2015-10-18 18:40 - 2012-07-20 11:24 - 00000000 ____D E:\WINDOWS\nview
2015-10-18 18:40 - 2012-07-20 11:07 - 00000178 __SHC E:\Documents and Settings\Spartan\ntuser.ini
2015-10-18 18:40 - 2012-07-20 11:07 - 00000000 ____D E:\Documents and Settings\Spartan
2015-10-18 18:40 - 2012-07-20 10:57 - 02067330 ____C E:\WINDOWS\WindowsUpdate.log
2015-10-18 18:28 - 2014-07-07 02:36 - 00065536 _____ E:\WINDOWS\system32\config\OAlerts.evt
2015-10-18 18:28 - 2001-10-05 01:16 - 00002206 ____C E:\WINDOWS\system32\wpa.dbl
2015-10-18 18:22 - 2014-07-08 22:28 - 00000886 _____ E:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-10-18 12:54 - 2015-02-19 14:05 - 00000410 _____ E:\WINDOWS\brwmark.ini
2015-10-14 14:45 - 2014-07-09 18:39 - 00000000 ____D E:\Documents and Settings\Spartan\Application Data\vlc
2015-10-14 13:09 - 2015-07-29 13:34 - 00629269 _____ E:\WINDOWS\setupapi.log
2015-10-09 01:52 - 2012-07-20 11:06 - 00000000 ____D E:\Documents and Settings\LocalService\Local Settings\Temp
2015-10-06 16:11 - 2015-08-05 17:22 - 00000000 ____D E:\Documents and Settings\Spartan\My Documents\Outlook Files
2015-10-05 01:25 - 2014-10-05 19:28 - 00000000 ____D E:\Documents and Settings\All Users\Start Menu\Programs\Google Drive
2015-10-05 01:25 - 2014-10-05 18:46 - 00001767 _____ E:\Documents and Settings\All Users\Desktop\Google Slides.lnk
2015-10-05 01:25 - 2014-10-05 18:46 - 00001765 _____ E:\Documents and Settings\All Users\Desktop\Google Sheets.lnk
2015-10-05 01:25 - 2014-10-05 18:46 - 00001755 _____ E:\Documents and Settings\All Users\Desktop\Google Docs.lnk
2015-10-02 10:22 - 2015-07-29 13:34 - 00157888 _____ (AVAST Software) E:\WINDOWS\system32\Drivers\aswStmXP.sys
2015-10-02 10:22 - 2014-09-30 07:29 - 00175362 ____C E:\WINDOWS\Wdf01009Inst.log
2015-10-02 10:22 - 2014-07-07 02:48 - 00024016 _____ (AVAST Software) E:\WINDOWS\system32\Drivers\aswHwid.sys
2015-10-02 10:22 - 2014-07-07 02:09 - 00434184 _____ (AVAST Software) E:\WINDOWS\system32\Drivers\aswSP.sys
2015-10-02 10:22 - 2014-07-07 02:09 - 00208664 _____ (AVAST Software) E:\WINDOWS\system32\Drivers\aswVmm.sys
2015-10-02 10:22 - 2014-07-07 02:09 - 00076000 _____ (AVAST Software) E:\WINDOWS\system32\Drivers\aswMonFlt.sys
2015-10-02 10:22 - 2014-07-07 02:09 - 00057888 _____ (AVAST Software) E:\WINDOWS\system32\Drivers\aswTdi.sys
2015-10-02 10:22 - 2014-07-07 02:09 - 00055200 _____ (AVAST Software) E:\WINDOWS\system32\Drivers\aswRdr.sys
2015-10-02 10:22 - 2014-07-07 02:09 - 00049776 _____ (AVAST Software) E:\WINDOWS\system32\Drivers\aswRvrt.sys
2015-10-02 10:21 - 2014-07-07 02:09 - 00789296 _____ (AVAST Software) E:\WINDOWS\system32\Drivers\aswSnx.sys
2015-09-29 00:23 - 2014-07-08 22:31 - 00001813 _____ E:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
2015-09-23 01:43 - 2013-11-05 18:36 - 00028118 _____ E:\WINDOWS\setupact.log
2015-09-22 23:11 - 2014-07-07 02:14 - 00000000 ____D E:\Documents and Settings\Spartan\Application Data\BitComet
2015-09-22 21:55 - 2014-09-30 07:22 - 00000000 ____D E:\Documents and Settings\Spartan\Local Settings\Application Data\Downloaded Installations
2015-09-19 19:50 - 2012-07-20 11:22 - 00000000 ____D E:\Documents and Settings\Spartan\Local Settings\Application Data\Google
2015-09-18 19:11 - 2014-09-12 13:59 - 00000082 ____C E:\WINDOWS\system32\winsevr.dat
2015-09-18 19:11 - 2014-09-12 13:59 - 00000000 ____D E:\Program Files\AOMEI Backupper Standard Edition 2.0.2
2015-09-18 19:11 - 2014-09-12 13:59 - 00000000 ____D E:\Documents and Settings\All Users\Application Data\AomeiBR
==================== Files in the root of some directories =======
2012-07-20 11:10 - 2014-09-06 21:30 - 0030208 ____C () E:\Documents and Settings\Spartan\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
Some files in TEMP:
====================
E:\Documents and Settings\Spartan\Local Settings\Temp\dllnt_dump.dll
E:\Documents and Settings\Spartan\Local Settings\Temp\i4jdel0.exe
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
E:\WINDOWS\explorer.exe => File is digitally signed
E:\WINDOWS\system32\winlogon.exe => File is digitally signed
E:\WINDOWS\system32\svchost.exe => File is digitally signed
E:\WINDOWS\system32\services.exe => File is digitally signed
E:\WINDOWS\system32\User32.dll => File is digitally signed
E:\WINDOWS\system32\userinit.exe => File is digitally signed
E:\WINDOWS\system32\rpcss.dll => File is digitally signed
E:\WINDOWS\system32\dnsapi.dll => File is digitally signed
E:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
==================== End of FRST.txt ============================
Can you help. My avast anti virus does not update automatically and I have noticed PC keeps saying there is low disk space even though there is 1tb free space on my hard drive. I ran malware bytes and it detected a program called antidust.exe which I cant remove.
Recently my computer has also been cutting out and rebooting. I have posted the logs below to see if there is anyway I can remove the virus and get my computer back to normal
Here are the FRST logs:-
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:18-10-2015
Ran by Spartan (administrator) on SPARTACUS (18-10-2015 19:16:38)
Running from C:\
Loaded Profiles: Spartan (Available Profiles: Spartan)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) Language: English (United States)
Internet Explorer Version 6 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AVAST Software) E:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AOMEI Tech Co., Ltd.) E:\Program Files\AOMEI Backupper Standard Edition 2.0.2\ABService.exe
(Apple Inc.) E:\Program Files\Bonjour\mDNSResponder.exe
(Nero AG) C:\Program Files\HSMServiceEntry.exe
(Oracle Corporation) E:\Program Files\Java\jre7\bin\jqs.exe
() C:\Program Files\HTC Sync\adb.exe
(NVIDIA Corporation) E:\WINDOWS\system32\nvsvc32.exe
() E:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
() E:\Program Files\Subsonic\subsonic-service.exe
() E:\Program Files\Subsonic\subsonic-service.exe
(SigmaTel, Inc.) E:\WINDOWS\stsystra.exe
(AVAST Software) E:\Program Files\AVAST Software\Avast\AvastUI.exe
() E:\Program Files\Subsonic\subsonic-agent.exe
(Microsoft Corporation) E:\WINDOWS\system32\wbem\unsecapp.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SigmatelSysTrayApp] => E:\WINDOWS\stsystra.exe [282624 2006-07-27] (SigmaTel, Inc.)
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE E:\WINDOWS\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [nwiz] => nwiz.exe /install
HKLM\...\Run: [NvMediaCenter] => RUNDLL32.EXE E:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
HKLM\...\Run: [AvastUI.exe] => E:\Program Files\AVAST Software\Avast\AvastUI.exe [6134544 2015-10-02] (AVAST Software)
HKLM\...\Run: [BCSSync] => C:\Office14\BCSSync.exe [91520 2010-01-21] (Microsoft Corporation)
HKLM\...\Run: [Adobe ARM] => E:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [998104 2015-07-07] (Adobe Systems Incorporated)
HKU\S-1-5-21-1078081533-1659004503-725345543-1003\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] => "E:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
HKU\S-1-5-21-1078081533-1659004503-725345543-1003\...\Run: [DAEMON Tools Lite] => E:\Program Files\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-1078081533-1659004503-725345543-1003\...\Run: [GoogleDriveSync] => E:\Program Files\Google\Drive\googledrivesync.exe [22568208 2015-09-11] (Google)
HKU\S-1-5-21-1078081533-1659004503-725345543-1003\...\MountPoints2: {0d924b42-2949-11e4-a776-000acd196d62} - H:\autorun.exe
HKU\S-1-5-21-1078081533-1659004503-725345543-1003\...\MountPoints2: {117050c1-6fbe-11e4-b77f-000acd196d62} - G:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-1078081533-1659004503-725345543-1003\...\MountPoints2: {70c33dc7-35ee-11e5-8536-02352a040d7c} - K:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-1078081533-1659004503-725345543-1003\...\MountPoints2: {8e292342-463c-11e4-a66e-000acd196d62} - F:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-1078081533-1659004503-725345543-1003\...\MountPoints2: {e2833743-4a70-11e4-a7a7-000acd196d62} - K:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-1078081533-1659004503-725345543-1003\...\MountPoints2: {e2833745-4a70-11e4-a7a7-000acd196d62} - K:\HTC_Sync_Manager_PC.exe
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => E:\Program Files\Google\Drive\googledrivesync32.dll [2015-09-11] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => E:\Program Files\Google\Drive\googledrivesync32.dll [2015-09-11] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => E:\Program Files\Google\Drive\googledrivesync32.dll [2015-09-11] (Google)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => E:\Program Files\AVAST Software\Avast\ashShell.dll [2015-10-02] (AVAST Software)
ShellIconOverlayIdentifiers: [Groove Explorer Icon Overlay 1 (GFS Unread Stub)] -> {99FD978C-D287-4F50-827F-B2C658EDA8E7} => C:\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [Groove Explorer Icon Overlay 2 (GFS Stub)] -> {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} => C:\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)] -> {920E6DB1-9907-4370-B3A0-BAFC03D81399} => C:\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [Groove Explorer Icon Overlay 3 (GFS Folder)] -> {16F3DD56-1AF5-4347-846D-7C10C4192619} => C:\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [Groove Explorer Icon Overlay 4 (GFS Unread Mark)] -> {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} => C:\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation)
Startup: E:\Documents and Settings\All Users\Start Menu\Programs\Startup\Plex.lnk [2013-05-12]
ShortcutTarget: Plex.lnk -> E:\Program Files\Plex\Plex Media Center\Plex.exe (No File)
Startup: E:\Documents and Settings\All Users\Start Menu\Programs\Startup\Subsonic.lnk [2013-05-11]
ShortcutTarget: Subsonic.lnk -> E:\Program Files\Subsonic\subsonic-agent.exe ()
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Winsock: Catalog5 04 E:\Program Files\Bonjour\mdnsNSP.dll [152864 2010-10-07] (Apple Inc.)
Hosts: Hosts file not detected in the default directory
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{4C30C0C2-C813-4332-BD76-ED8A21061772}: [NameServer] 192.168.0.1
Tcpip\..\Interfaces\{7375FB1F-F5B3-4D7F-96FD-146750802B92}: [DhcpNameServer] 192.168.0.1
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
URLSearchHook: HKU\S-1-5-21-1078081533-1659004503-725345543-1003 - Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - E:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)
BHO: BitComet Helper -> {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} -> C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll [2013-11-29] (BitComet)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> E:\Program Files\Java\jre7\bin\ssv.dll [2014-10-18] (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> E:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-10-18] (Oracle Corporation)
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> E:\WINDOWS\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll [2014-09-09] ()
FF Plugin: @java.com/DTPlugin,version=10.71.2 -> E:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-10-18] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.71.2 -> E:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-10-18] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> E:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Office14\NPSPWRAP.DLL [2010-01-10] (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> E:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> E:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-18] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> E:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-18] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> E:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> E:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> E:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: Adobe Reader -> E:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - E:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - E:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2013-02-11] [not signed]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - E:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - E:\Program Files\AVAST Software\Avast\WebRep\FF [2014-07-07] [not signed]
Chrome:
=======
CHR HomePage: Default -> hxxp://www.trovi.com/?gd=&ctid=CT3323924&octid=EB_ORIGINAL_CTID&ISID=MACBA25C6-6D57-4FFA-8F88-9B3E66A87213&SearchSource=55&CUI=&UM=6&UP=SP9BDA504E-851E-4E1F-BC5C-F26C898B87B9&SSPV=
CHR StartupUrls: Default -> "hxxp://search.conduit.com/?ctid=CT3325290&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=5&UP=SP9BDA504E-851E-4E1F-BC5C-F26C898B87B9&SSPV=","hxxp://search.conduit.com/?ctid=CT3325290&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=5&UP=SP9BC0CE04-ABAF-4544-98E9-149FDA8EA4C0&SSPV=","hxxp://websearch.exitingsearch.info/?pid=2644&r=2014/03/22&hid=7143877000232757666&lg=EN&cc=GB&unqvl=50","hxxp://search.conduit.com/?ctid=CT3325290&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=5&UP=SPC0E83CDB-49D3-495A-833C-DCDF59A2424D&SSPV=","hxxp://www.msn.com/?pc=AV01","hxxp://search.conduit.com/?ctid=CT3325290&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=5&UP=SP6B6F3D42-F44F-4D92-8DAF-929D8489F182&SSPV=","hxxps://uk.yahoo.com/?fr=hp-avast&type=avastbcl"
CHR Profile: E:\Documents and Settings\Spartan\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - E:\Documents and Settings\Spartan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-07-08]
CHR Extension: (Google Drive) - E:\Documents and Settings\Spartan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-08]
CHR Extension: (Google Voice Search Hotword (Beta)) - E:\Documents and Settings\Spartan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-07-29]
CHR Extension: (WOT: Web of Trust, Website Reputation Ratings) - E:\Documents and Settings\Spartan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2015-07-29]
CHR Extension: (YouTube) - E:\Documents and Settings\Spartan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-07-08]
CHR Extension: (Google Search) - E:\Documents and Settings\Spartan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-07-08]
CHR Extension: (Google Docs Offline) - E:\Documents and Settings\Spartan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-17]
CHR Extension: (Avast Online Security) - E:\Documents and Settings\Spartan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-07-08]
CHR Extension: (Chrome Hotword Shared Module) - E:\Documents and Settings\Spartan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-07-24]
CHR Extension: (Application Launcher for Drive (by Google)) - E:\Documents and Settings\Spartan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2014-11-08]
CHR Extension: (Chrome Web Store Payments) - E:\Documents and Settings\Spartan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-08]
CHR Extension: (Gmail) - E:\Documents and Settings\Spartan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-07-08]
CHR HKLM\...\Chrome\Extension: [dhigneefebkcagnpnpbibganpmfgebnk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - E:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-07-29]
CHR HKU\S-1-5-21-1078081533-1659004503-725345543-1003\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 avast! Antivirus; E:\Program Files\AVAST Software\Avast\AvastSvc.exe [146600 2015-10-02] (AVAST Software)
R2 Backupper Service; E:\Program Files\AOMEI Backupper Standard Edition 2.0.2\ABService.exe [29912 2014-08-21] (AOMEI Tech Co., Ltd.)
R2 HTCMonitorService; C:\Program Files\HSMServiceEntry.exe [87368 2014-06-27] (Nero AG)
R2 JavaQuickStarterService; E:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-10-18] (Oracle Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
S3 Microsoft SharePoint Workspace Audit Service; C:\Office14\GROOVE.EXE [30963576 2010-01-21] (Microsoft Corporation)
R2 PassThru Service; E:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2013-10-17] () [File not signed]
R2 Subsonic; E:\Program Files\Subsonic\subsonic-service.exe [259584 2013-04-17] () [File not signed]
S3 WmdmPmSN; C:\WINDOWS\system32\mspmsnsv.dll [X]
S3 WsDrvInst; C:\Program Files\Dr.Fone for Android\DriverInstall.exe [X]
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R0 ambakdrv; E:\WINDOWS\System32\ambakdrv.sys [26424 2014-08-19] () [File not signed]
R1 AmdK8; E:\WINDOWS\System32\DRIVERS\AmdK8.sys [36864 2006-07-02] (Advanced Micro Devices)
R2 ammntdrv; E:\WINDOWS\system32\ammntdrv.sys [129720 2014-08-19] () [File not signed]
R2 amwrtdrv; E:\WINDOWS\system32\amwrtdrv.sys [14392 2014-08-19] () [File not signed]
R2 aswHwid; E:\WINDOWS\system32\drivers\aswHwid.sys [24016 2015-10-02] (AVAST Software)
R2 aswMonFlt; E:\WINDOWS\system32\drivers\aswMonFlt.sys [76000 2015-10-02] (AVAST Software)
R1 aswRdr; E:\WINDOWS\system32\drivers\aswRdr.sys [55200 2015-10-02] (AVAST Software)
R0 aswRvrt; E:\WINDOWS\system32\Drivers\aswRvrt.sys [49776 2015-10-02] (AVAST Software)
R1 aswSnx; E:\WINDOWS\system32\drivers\aswSnx.sys [789296 2015-10-02] (AVAST Software)
R1 aswSP; E:\WINDOWS\system32\drivers\aswSP.sys [434184 2015-10-02] (AVAST Software)
R3 aswStmXP; E:\WINDOWS\system32\drivers\aswStmXP.sys [157888 2015-10-02] (AVAST Software)
S3 aswTdi; E:\WINDOWS\system32\drivers\aswTdi.sys [57888 2015-10-02] (AVAST Software)
R0 aswVmm; E:\WINDOWS\system32\Drivers\aswVmm.sys [208664 2015-10-02] (AVAST Software)
R1 dtsoftbus01; E:\WINDOWS\System32\DRIVERS\dtsoftbus01.sys [243128 2014-08-21] (Disc Soft Ltd)
R1 mbamchameleon; E:\WINDOWS\system32\drivers\mbamchameleon.sys [121560 2015-10-18] (Malwarebytes)
R3 MBAMProtector; E:\WINDOWS\system32\drivers\mbam.sys [23256 2015-06-18] (Malwarebytes Corporation)
R0 nvata; E:\WINDOWS\System32\DRIVERS\nvata.sys [105472 2007-08-25] (NVIDIA Corporation)
S3 qcserxp; E:\WINDOWS\System32\DRIVERS\qcserxp.sys [103424 2009-01-24] (QUALCOMM Incorporated)
S3 rtl8139; E:\WINDOWS\System32\DRIVERS\RTL8139.SYS [20992 2008-04-13] (Realtek Semiconductor Corporation)
R3 serenum; E:\WINDOWS\System32\DRIVERS\nuvserenum.sys [17920 2014-01-12] (Windows (R) Win 7 DDK provider)
R3 Serial; E:\WINDOWS\System32\DRIVERS\nuvserial.sys [76288 2014-01-12] (Nuvoton Technology Corp.)
R0 sptd; E:\WINDOWS\System32\Drivers\sptd.sys [320120 2014-07-24] (Duplex Secure Ltd.)
R3 STHDA; E:\WINDOWS\System32\drivers\sthda.sys [1171464 2006-07-27] (SigmaTel, Inc.)
S4 IntelIde; no ImagePath
S3 lmimirr; system32\DRIVERS\lmimirr.sys [X]
U3 a4yy8xcs; no ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-10-18 19:16 - 2015-10-18 19:16 - 00000000 ____D E:\FRST
2015-10-18 18:59 - 2015-10-18 19:00 - 00000000 ___SD E:\ComboFix
2015-10-18 18:59 - 2011-06-26 07:45 - 00256000 _____ E:\WINDOWS\PEV.exe
2015-10-18 18:59 - 2010-11-07 18:20 - 00208896 _____ E:\WINDOWS\MBR.exe
2015-10-18 18:59 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) E:\WINDOWS\NIRCMD.exe
2015-10-18 18:59 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) E:\WINDOWS\SWREG.exe
2015-10-18 18:59 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) E:\WINDOWS\SWSC.exe
2015-10-18 18:59 - 2000-08-31 01:00 - 00212480 _____ (SteelWerX) E:\WINDOWS\SWXCACLS.exe
2015-10-18 18:59 - 2000-08-31 01:00 - 00098816 _____ E:\WINDOWS\sed.exe
2015-10-18 18:59 - 2000-08-31 01:00 - 00080412 _____ E:\WINDOWS\grep.exe
2015-10-18 18:59 - 2000-08-31 01:00 - 00068096 _____ E:\WINDOWS\zip.exe
2015-10-18 18:58 - 2015-10-18 18:59 - 00000000 ____D E:\Qoobox
2015-10-18 18:58 - 2015-10-18 18:58 - 05636101 ____R (Swearware) E:\Documents and Settings\Spartan\Desktop\ComboFix.exe
2015-10-18 18:58 - 2015-10-18 18:58 - 00000000 ____D E:\WINDOWS\erdnt
2015-10-18 18:55 - 2015-10-18 18:57 - 00000000 ____D E:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
2015-10-18 18:54 - 2015-10-18 18:57 - 00000000 ____D E:\Documents and Settings\Spartan\Desktop\mbar
2015-10-18 18:54 - 2015-10-18 18:54 - 16563352 _____ (Malwarebytes Corp.) E:\Documents and Settings\Spartan\Desktop\mbar-1.09.3.1001.exe
2015-10-18 18:44 - 2015-10-18 18:53 - 00000000 ____D E:\Documents and Settings\All Users\Application Data\RogueKiller
2015-10-18 18:44 - 2015-10-18 18:44 - 18832456 _____ E:\Documents and Settings\Spartan\Desktop\RogueKiller.exe
2015-10-18 18:44 - 2015-10-18 18:44 - 00035064 _____ E:\WINDOWS\system32\Drivers\TrueSight.sys
2015-10-14 13:09 - 2015-10-14 13:09 - 00000000 ___HD E:\WINDOWS\PIF
2015-10-02 10:22 - 2015-10-02 10:21 - 00313472 _____ (AVAST Software) E:\WINDOWS\system32\aswBoot.exe
2015-10-02 10:21 - 2015-10-02 10:21 - 00043112 _____ (AVAST Software) E:\WINDOWS\avastSS.scr
2015-09-21 15:20 - 2015-09-21 15:20 - 00000000 ____D E:\Documents and Settings\Spartan\Application Data\HMYGSetting
2015-09-21 15:18 - 2015-09-21 15:18 - 00000000 ____D E:\Program Files\Common Files\Wondershare
2015-09-21 15:18 - 2015-09-21 15:18 - 00000000 ____D E:\Documents and Settings\Spartan\Local Settings\Application Data\Wondershare
2015-09-21 15:17 - 2015-09-23 01:47 - 00000000 ___HD E:\Program Files\DrFoneAndroid_Temp
2015-09-21 15:17 - 2015-09-21 15:20 - 00000000 ____D E:\Documents and Settings\All Users\Application Data\Wondershare
2015-09-21 15:17 - 2015-09-21 15:17 - 00000000 ____D E:\Documents and Settings\Spartan\Application Data\Wondershare
2015-09-18 19:11 - 2015-09-18 19:11 - 00001024 ____H E:\SYSTAG.BIN
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-10-18 19:16 - 2014-10-02 21:33 - 00000000 ____D E:\Documents and Settings\Spartan\Local Settings\Temp
2015-10-18 19:00 - 2012-07-20 11:06 - 00032566 _____ E:\WINDOWS\SchedLgU.Txt
2015-10-18 19:00 - 2012-07-20 11:06 - 00000006 ____H E:\WINDOWS\Tasks\SA.DAT
2015-10-18 18:55 - 2014-10-12 01:14 - 00170200 ____C (Malwarebytes) E:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-10-18 18:55 - 2014-07-07 02:13 - 00121560 _____ (Malwarebytes) E:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-10-18 18:45 - 2012-07-20 11:44 - 00592924 ____C E:\WINDOWS\system32\PerfStringBackup.INI
2015-10-18 18:42 - 2015-08-20 04:08 - 00000000 ____D E:\Documents and Settings\Spartan\Local Settings\Application Data\HTC MediaHub
2015-10-18 18:41 - 2014-07-08 22:28 - 00000882 _____ E:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-10-18 18:41 - 2014-07-07 02:09 - 00000364 ____H E:\WINDOWS\Tasks\avast! Emergency Update.job
2015-10-18 18:41 - 2012-07-20 11:47 - 00000159 ____C E:\WINDOWS\wiadebug.log
2015-10-18 18:41 - 2012-07-20 11:47 - 00000050 ____C E:\WINDOWS\wiaservc.log
2015-10-18 18:41 - 2012-07-20 11:24 - 00081409 ____C E:\WINDOWS\system32\nvapps.xml
2015-10-18 18:40 - 2012-07-20 11:24 - 00000000 ____D E:\WINDOWS\nview
2015-10-18 18:40 - 2012-07-20 11:07 - 00000178 __SHC E:\Documents and Settings\Spartan\ntuser.ini
2015-10-18 18:40 - 2012-07-20 11:07 - 00000000 ____D E:\Documents and Settings\Spartan
2015-10-18 18:40 - 2012-07-20 10:57 - 02067330 ____C E:\WINDOWS\WindowsUpdate.log
2015-10-18 18:28 - 2014-07-07 02:36 - 00065536 _____ E:\WINDOWS\system32\config\OAlerts.evt
2015-10-18 18:28 - 2001-10-05 01:16 - 00002206 ____C E:\WINDOWS\system32\wpa.dbl
2015-10-18 18:22 - 2014-07-08 22:28 - 00000886 _____ E:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-10-18 12:54 - 2015-02-19 14:05 - 00000410 _____ E:\WINDOWS\brwmark.ini
2015-10-14 14:45 - 2014-07-09 18:39 - 00000000 ____D E:\Documents and Settings\Spartan\Application Data\vlc
2015-10-14 13:09 - 2015-07-29 13:34 - 00629269 _____ E:\WINDOWS\setupapi.log
2015-10-09 01:52 - 2012-07-20 11:06 - 00000000 ____D E:\Documents and Settings\LocalService\Local Settings\Temp
2015-10-06 16:11 - 2015-08-05 17:22 - 00000000 ____D E:\Documents and Settings\Spartan\My Documents\Outlook Files
2015-10-05 01:25 - 2014-10-05 19:28 - 00000000 ____D E:\Documents and Settings\All Users\Start Menu\Programs\Google Drive
2015-10-05 01:25 - 2014-10-05 18:46 - 00001767 _____ E:\Documents and Settings\All Users\Desktop\Google Slides.lnk
2015-10-05 01:25 - 2014-10-05 18:46 - 00001765 _____ E:\Documents and Settings\All Users\Desktop\Google Sheets.lnk
2015-10-05 01:25 - 2014-10-05 18:46 - 00001755 _____ E:\Documents and Settings\All Users\Desktop\Google Docs.lnk
2015-10-02 10:22 - 2015-07-29 13:34 - 00157888 _____ (AVAST Software) E:\WINDOWS\system32\Drivers\aswStmXP.sys
2015-10-02 10:22 - 2014-09-30 07:29 - 00175362 ____C E:\WINDOWS\Wdf01009Inst.log
2015-10-02 10:22 - 2014-07-07 02:48 - 00024016 _____ (AVAST Software) E:\WINDOWS\system32\Drivers\aswHwid.sys
2015-10-02 10:22 - 2014-07-07 02:09 - 00434184 _____ (AVAST Software) E:\WINDOWS\system32\Drivers\aswSP.sys
2015-10-02 10:22 - 2014-07-07 02:09 - 00208664 _____ (AVAST Software) E:\WINDOWS\system32\Drivers\aswVmm.sys
2015-10-02 10:22 - 2014-07-07 02:09 - 00076000 _____ (AVAST Software) E:\WINDOWS\system32\Drivers\aswMonFlt.sys
2015-10-02 10:22 - 2014-07-07 02:09 - 00057888 _____ (AVAST Software) E:\WINDOWS\system32\Drivers\aswTdi.sys
2015-10-02 10:22 - 2014-07-07 02:09 - 00055200 _____ (AVAST Software) E:\WINDOWS\system32\Drivers\aswRdr.sys
2015-10-02 10:22 - 2014-07-07 02:09 - 00049776 _____ (AVAST Software) E:\WINDOWS\system32\Drivers\aswRvrt.sys
2015-10-02 10:21 - 2014-07-07 02:09 - 00789296 _____ (AVAST Software) E:\WINDOWS\system32\Drivers\aswSnx.sys
2015-09-29 00:23 - 2014-07-08 22:31 - 00001813 _____ E:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
2015-09-23 01:43 - 2013-11-05 18:36 - 00028118 _____ E:\WINDOWS\setupact.log
2015-09-22 23:11 - 2014-07-07 02:14 - 00000000 ____D E:\Documents and Settings\Spartan\Application Data\BitComet
2015-09-22 21:55 - 2014-09-30 07:22 - 00000000 ____D E:\Documents and Settings\Spartan\Local Settings\Application Data\Downloaded Installations
2015-09-19 19:50 - 2012-07-20 11:22 - 00000000 ____D E:\Documents and Settings\Spartan\Local Settings\Application Data\Google
2015-09-18 19:11 - 2014-09-12 13:59 - 00000082 ____C E:\WINDOWS\system32\winsevr.dat
2015-09-18 19:11 - 2014-09-12 13:59 - 00000000 ____D E:\Program Files\AOMEI Backupper Standard Edition 2.0.2
2015-09-18 19:11 - 2014-09-12 13:59 - 00000000 ____D E:\Documents and Settings\All Users\Application Data\AomeiBR
==================== Files in the root of some directories =======
2012-07-20 11:10 - 2014-09-06 21:30 - 0030208 ____C () E:\Documents and Settings\Spartan\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
Some files in TEMP:
====================
E:\Documents and Settings\Spartan\Local Settings\Temp\dllnt_dump.dll
E:\Documents and Settings\Spartan\Local Settings\Temp\i4jdel0.exe
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
E:\WINDOWS\explorer.exe => File is digitally signed
E:\WINDOWS\system32\winlogon.exe => File is digitally signed
E:\WINDOWS\system32\svchost.exe => File is digitally signed
E:\WINDOWS\system32\services.exe => File is digitally signed
E:\WINDOWS\system32\User32.dll => File is digitally signed
E:\WINDOWS\system32\userinit.exe => File is digitally signed
E:\WINDOWS\system32\rpcss.dll => File is digitally signed
E:\WINDOWS\system32\dnsapi.dll => File is digitally signed
E:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
==================== End of FRST.txt ============================