Hi thanks for any help, getting redirects sometimes, avira and mbam find nothing, logs below
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01
Ran by rogerpc (administrator) on ROGER (02-04-2016 12:09:56)
Running from C:\Users\rogerpc\Desktop
Loaded Profiles: rogerpc & (Available Profiles: rogerpc)
Platform: Windows 8.1 (X64) Language: English (United Kingdom)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe
(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
() C:\Program Files (x86)\3 Mobile Broadband\3Connect\BecHelperService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
() C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\ProgramData\MobileBrServ\mbbService.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(Toshiba Corporation) C:\Program Files\Toshiba\Teco\TecoService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TPHM\TPCHSrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Teco\TecoResident.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Hotkey\TCrdMain_Win8.exe
() C:\Windows\SysWOW64\UMonit64.exe
() C:\Program Files (x86)\3G Hostless Modem\3G Hostless Modem\CheckNDISPort_df.exe
() C:\Program Files (x86)\3G Hostless Modem\3G Hostless Modem\CancelAutoPlay_df.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TPHM\TPCHWMsg.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
() C:\Program Files (x86)\3G Hostless Modem\3G Hostless Modem\ShowTip.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [894048 2013-01-11] (Conexant Systems, Inc.)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1647616 2012-06-13] (Conexant Systems, Inc.)
HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [178016 2013-08-21] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [354144 2013-08-13] (TOSHIBA Corporation)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2556768 2013-08-17] (TOSHIBA Corporation)
HKLM\...\Run: [TSSSrv] => C:\Program Files (x86)\TOSHIBA\System Setting\TSSSrv.exe [296520 2013-09-11] (TOSHIBA Corporation)
HKLM-x32\...\Run: [TSVU] => c:\Program Files\TOSHIBA\TOSHIBA Smart View Utility\TosSmartViewLauncher.exe [516512 2013-07-23] (TOSHIBA)
HKLM-x32\...\Run: [CheckNDISPortf0acf7] => C:\Program Files (x86)\3G Hostless Modem\3G Hostless Modem\CheckNDISPort_df.exe [464640 2013-10-12] ()
HKLM-x32\...\Run: [CancelAutoPlay_df] => C:\Program Files (x86)\3G Hostless Modem\3G Hostless Modem\CancelAutoPlay_df.exe [446720 2013-10-12] ()
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [66328 2016-01-27] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [807392 2016-02-22] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-339079225-1289120480-1685784122-1001\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2014-10-25] (Google Inc.)
HKU\S-1-5-21-339079225-1289120480-1685784122-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8619224 2016-01-15] (Piriform Ltd)
HKU\S-1-5-21-339079225-1289120480-1685784122-1001\...\MountPoints2: E - "E:\AutoRun.exe"
HKU\S-1-5-21-339079225-1289120480-1685784122-1001\...\MountPoints2: {221fe663-b66d-11e5-82bc-001e101fd047} - "E:\AutoRun.exe"
HKU\S-1-5-21-339079225-1289120480-1685784122-1001\...\MountPoints2: {6f7c2a9f-45ae-11e4-8297-582c80139263} - "E:\AutoRun.exe"
HKU\S-1-5-21-339079225-1289120480-1685784122-1001\...\MountPoints2: {6f7c2b5a-45ae-11e4-8297-582c80139263} - "E:\AutoRun.exe"
HKU\S-1-5-21-339079225-1289120480-1685784122-1001\...\MountPoints2: {6f7c2c17-45ae-11e4-8297-582c80139263} - "E:\AutoRun.exe"
HKU\S-1-5-21-339079225-1289120480-1685784122-1001\...\MountPoints2: {8a645bf7-ade1-11e4-829d-582c80139263} - "E:\AutoRun.exe"
HKU\S-1-5-21-339079225-1289120480-1685784122-1001\...\MountPoints2: {8a6469d2-ade1-11e4-829d-582c80139263} - "E:\AutoRun.exe"
HKU\S-1-5-21-339079225-1289120480-1685784122-1001\...\MountPoints2: {8a646b3a-ade1-11e4-829d-582c80139263} - "E:\AutoRun.exe"
HKU\S-1-5-21-339079225-1289120480-1685784122-1001\...\MountPoints2: {97a7647e-92fc-11e3-8263-001e101f82e3} - "E:\AutoRun.exe"
HKU\S-1-5-21-339079225-1289120480-1685784122-1001\...\MountPoints2: {bdcfca8e-90a2-11e3-825c-40f02f3e7359} - "E:\AutoRun.exe"
HKU\S-1-5-21-339079225-1289120480-1685784122-1001\...\MountPoints2: {bdcfcbf1-90a2-11e3-825c-40f02f3e7359} - "E:\AutoRun.exe"
HKU\S-1-5-21-339079225-1289120480-1685784122-1001\...\MountPoints2: {bdcfd082-90a2-11e3-825c-001e101f6c84} - "E:\AutoRun.exe"
HKU\S-1-5-21-339079225-1289120480-1685784122-1001\...\MountPoints2: {e6c3b297-eb43-11e4-82a3-001e101fd9e1} - "E:\AutoRun.exe"
HKU\S-1-5-21-339079225-1289120480-1685784122-1001\...\MountPoints2: {fabfc2d0-917f-11e3-825e-40f02f3e7359} - "E:\AutoRun.exe"
HKU\S-1-5-21-339079225-1289120480-1685784122-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2014-10-25] (Google Inc.)
HKU\S-1-5-21-339079225-1289120480-1685784122-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8619224 2016-01-15] (Piriform Ltd)
HKU\S-1-5-21-339079225-1289120480-1685784122-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: E - "E:\AutoRun.exe"
HKU\S-1-5-21-339079225-1289120480-1685784122-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {221fe663-b66d-11e5-82bc-001e101fd047} - "E:\AutoRun.exe"
HKU\S-1-5-21-339079225-1289120480-1685784122-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {6f7c2a9f-45ae-11e4-8297-582c80139263} - "E:\AutoRun.exe"
HKU\S-1-5-21-339079225-1289120480-1685784122-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {6f7c2b5a-45ae-11e4-8297-582c80139263} - "E:\AutoRun.exe"
HKU\S-1-5-21-339079225-1289120480-1685784122-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {6f7c2c17-45ae-11e4-8297-582c80139263} - "E:\AutoRun.exe"
HKU\S-1-5-21-339079225-1289120480-1685784122-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {8a645bf7-ade1-11e4-829d-582c80139263} - "E:\AutoRun.exe"
HKU\S-1-5-21-339079225-1289120480-1685784122-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {8a6469d2-ade1-11e4-829d-582c80139263} - "E:\AutoRun.exe"
HKU\S-1-5-21-339079225-1289120480-1685784122-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {8a646b3a-ade1-11e4-829d-582c80139263} - "E:\AutoRun.exe"
HKU\S-1-5-21-339079225-1289120480-1685784122-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {97a7647e-92fc-11e3-8263-001e101f82e3} - "E:\AutoRun.exe"
HKU\S-1-5-21-339079225-1289120480-1685784122-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {bdcfca8e-90a2-11e3-825c-40f02f3e7359} - "E:\AutoRun.exe"
HKU\S-1-5-21-339079225-1289120480-1685784122-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {bdcfcbf1-90a2-11e3-825c-40f02f3e7359} - "E:\AutoRun.exe"
HKU\S-1-5-21-339079225-1289120480-1685784122-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {bdcfd082-90a2-11e3-825c-001e101f6c84} - "E:\AutoRun.exe"
HKU\S-1-5-21-339079225-1289120480-1685784122-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {e6c3b297-eb43-11e4-82a3-001e101fd9e1} - "E:\AutoRun.exe"
HKU\S-1-5-21-339079225-1289120480-1685784122-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {fabfc2d0-917f-11e3-825e-40f02f3e7359} - "E:\AutoRun.exe"
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{2E2EC4D4-2719-4099-B059-94AD70F72BB4}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{8324DF83-F34B-41F2-BA42-E032C960C654}: [DhcpNameServer] 172.16.15.254
Tcpip\..\Interfaces\{CAED3B9B-681E-4A00-85C0-914A85AC53FB}: [DhcpNameServer] 40.41.1.201 40.41.1.203
Internet Explorer:
==================
HKU\S-1-5-21-339079225-1289120480-1685784122-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba13.msn.com/?pc=TEJB
HKU\S-1-5-21-339079225-1289120480-1685784122-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://toshiba.eu/symbaloo_c
HKU\S-1-5-21-339079225-1289120480-1685784122-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba13.msn.com/?pc=TEJB
HKU\S-1-5-21-339079225-1289120480-1685784122-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://toshiba.eu/symbaloo_c
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-339079225-1289120480-1685784122-1001 -> {6A9023C7-F04A-4D4F-9750-E2859B5A71FD} URL =
SearchScopes: HKU\S-1-5-21-339079225-1289120480-1685784122-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {6A9023C7-F04A-4D4F-9750-E2859B5A71FD} URL =
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2016-03-15] (Microsoft Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-12-21] (Google Inc.)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2016-03-15] (Microsoft Corporation)
BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll [2015-09-22] (Eyeo GmbH)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-12-21] (Google Inc.)
BHO-x32: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll [2015-09-22] (Eyeo GmbH)
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-12-21] (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-12-21] (Google Inc.)
Toolbar: HKU\S-1-5-21-339079225-1289120480-1685784122-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-12-21] (Google Inc.)
Toolbar: HKU\S-1-5-21-339079225-1289120480-1685784122-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-12-21] (Google Inc.)
DPF: HKLM-x32 {0E5F0222-96B9-11D3-8997-00104BD12D94} hxxp://www.pcpitstop.com/betapit/PCPitStop.CAB
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
FireFox:
========
FF ProfilePath: C:\Users\rogerpc\AppData\Roaming\Mozilla\Firefox\Profiles\1jc0vun5.default-1454828238013
FF Homepage: hxxps://www.google.co.uk/?gws_rd=ssl
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_197.dll [2016-03-26] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_197.dll [2016-03-26] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-03] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-03] (Intel Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-02-09] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-10] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-10] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF Extension: Tabs on Bottom (Australis) - C:\Users\rogerpc\AppData\Roaming\Mozilla\Firefox\Profiles\1jc0vun5.default-1454828238013\Extensions\jid1-OesGFwaQGIBASw@jetpack.xpi [2016-02-07]
FF Extension: Adblock Plus - C:\Users\rogerpc\AppData\Roaming\Mozilla\Firefox\Profiles\1jc0vun5.default-1454828238013\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-02-24]
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi [2016-03-19] [not signed]
Chrome:
=======
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\rogerpc\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\rogerpc\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-02-08]
CHR Extension: (Google Docs) - C:\Users\rogerpc\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-02-08]
CHR Extension: (Google Drive) - C:\Users\rogerpc\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-02-08]
CHR Extension: (YouTube) - C:\Users\rogerpc\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-02-08]
CHR Extension: (Google Search) - C:\Users\rogerpc\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-02-08]
CHR Extension: (Google Sheets) - C:\Users\rogerpc\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-02-08]
CHR Extension: (Google Docs Offline) - C:\Users\rogerpc\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-02-08]
CHR Extension: (Avast Online Security) - C:\Users\rogerpc\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-02-08]
CHR Extension: (Chrome Web Store Payments) - C:\Users\rogerpc\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-02-08]
CHR Extension: (Gmail) - C:\Users\rogerpc\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-02-08]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [955736 2016-02-22] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [466504 2016-02-22] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [466504 2016-02-22] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1424880 2016-02-22] (Avira Operations GmbH & Co. KG)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [312448 2013-08-22] (Windows (R) Win 7 DDK provider) [File not signed]
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [260456 2016-01-27] (Avira Operations GmbH & Co. KG)
R2 BecHelperService; C:\Program Files (x86)\3 Mobile Broadband\3Connect\BecHelperService.exe [1737464 2010-01-28] ()
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2828016 2016-02-09] (Microsoft Corporation)
R2 dts_apo_service; C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe [19792 2013-09-10] ()
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-09-03] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-03] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
R2 Mobile Broadband HL Service; C:\ProgramData\MobileBrServ\mbbservice.exe [233344 2012-06-28] ()
S3 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [116088 2013-07-18] (Toshiba Europe GmbH)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3858944 2013-10-24] (Qualcomm Atheros Communications, Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [128664 2016-02-22] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [137952 2016-02-22] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [35488 2016-02-22] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [68936 2016-02-22] (Avira Operations GmbH & Co. KG)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
S3 ewusbnet; C:\Windows\system32\DRIVERS\ewusbnet.sys [256000 2010-12-22] (Huawei Technologies Co., Ltd.)
U5 GeneStor; C:\Windows\System32\Drivers\GeneStor.sys [105704 2013-08-16] (GenesysLogic)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-04-02] (Malwarebytes)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [65408 2016-03-10] (Malwarebytes Corporation)
S2 mdvrmng; C:\Windows\SysWOW64\drivers\mdvrmng.sys [10240 2010-01-28] () [File not signed]
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-03] (Intel Corporation)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [34544 2014-08-06] (Synaptics Incorporated)
R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [32624 2013-08-19] (Windows (R) Win 7 DDK provider)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 wdf_usbserials; C:\Windows\system32\DRIVERS\usb2serials.sys [82944 2012-12-14] (MBB)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
S3 wmbclass; C:\Windows\system32\DRIVERS\wmbclass.sys [268288 2013-11-01] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-04-02 12:09 - 2016-04-02 12:10 - 00023469 _____ C:\Users\rogerpc\Desktop\FRST.txt
2016-04-02 12:09 - 2016-04-02 12:09 - 02374144 _____ (Farbar) C:\Users\rogerpc\Desktop\FRST64.exe
2016-04-02 12:09 - 2016-04-02 12:09 - 00000000 ____D C:\FRST
2016-03-24 01:54 - 2016-03-24 01:54 - 00000000 ____D C:\Users\rogerpc\AppData\Local\AviraSpeedup
2016-03-24 01:54 - 2016-03-24 01:54 - 00000000 ____D C:\Users\rogerpc\AppData\Local\Avira
2016-03-24 01:23 - 2016-03-24 01:23 - 00000000 ____D C:\Users\rogerpc\AppData\Roaming\Avira
2016-03-24 01:21 - 2016-02-22 17:44 - 00137952 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2016-03-24 01:21 - 2016-02-22 17:44 - 00128664 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2016-03-24 01:21 - 2016-02-22 17:44 - 00068936 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2016-03-24 01:21 - 2016-02-22 17:44 - 00035488 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2016-03-24 01:15 - 2016-03-24 02:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2016-03-24 01:15 - 2016-03-24 01:21 - 00000000 ____D C:\Program Files (x86)\Avira
2016-03-24 01:15 - 2016-03-24 01:15 - 00001193 _____ C:\Users\Public\Desktop\Avira Launcher.lnk
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-04-02 12:02 - 2014-10-25 11:14 - 00000918 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-04-02 11:25 - 2014-02-08 10:35 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-339079225-1289120480-1685784122-1001
2016-04-02 11:05 - 2016-02-07 08:24 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-04-02 11:04 - 2016-02-07 08:23 - 00001085 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-04-02 11:04 - 2016-02-07 08:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-04-02 11:04 - 2016-02-07 08:23 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-04-02 08:14 - 2014-10-25 11:14 - 00000914 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-03-29 20:39 - 2014-10-25 10:48 - 00000000 ____D C:\Users\rogerpc\AppData\LocalLow\Adblock Plus for IE
2016-03-28 21:27 - 2013-08-22 14:36 - 00000000 ____D C:\Windows\Inf
2016-03-27 08:11 - 2013-09-10 02:34 - 00863592 _____ C:\Windows\system32\PerfStringBackup.INI
2016-03-24 02:31 - 2013-08-22 15:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-03-24 02:30 - 2013-08-22 15:44 - 00483336 _____ C:\Windows\system32\FNTCACHE.DAT
2016-03-24 02:30 - 2013-08-22 14:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2016-03-24 01:21 - 2014-02-16 12:35 - 00000000 ____D C:\ProgramData\Avira
2016-03-24 01:14 - 2013-12-24 03:16 - 00000000 ____D C:\ProgramData\Package Cache
2016-03-24 00:56 - 2016-02-12 16:08 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-03-24 00:56 - 2014-02-16 13:41 - 00000000 ____D C:\ProgramData\AVAST Software
2016-03-24 00:56 - 2014-02-08 10:48 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-03-20 10:39 - 2014-02-08 13:31 - 00000000 ____D C:\Users\rogerpc\AppData\Roaming\WildTangent
2016-03-20 10:39 - 2013-12-24 03:51 - 00000000 ____D C:\Program Files (x86)\TOSHIBA Games
2016-03-20 10:39 - 2013-12-24 03:26 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2016-03-20 10:39 - 2013-12-24 03:26 - 00000000 ____D C:\ProgramData\WildTangent
2016-03-18 08:27 - 2014-02-15 11:07 - 00001214 _____ C:\Users\rogerpc\Documents\bet.txt
2016-03-17 05:04 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\system32\NDF
2016-03-15 00:04 - 2013-08-22 16:36 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-03-15 00:03 - 2014-02-08 16:58 - 00000000 ____D C:\Program Files\Microsoft Office 15
2016-03-10 14:09 - 2016-02-07 08:23 - 00065408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-03-10 14:08 - 2016-02-07 08:23 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-03-10 14:08 - 2016-02-07 08:23 - 00027008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-03-08 22:24 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\LiveKernelReports
2016-03-08 22:07 - 2015-06-21 17:46 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
Some files in TEMP:
====================
C:\Users\rogerpc\AppData\Local\Temp\avgnt.exe
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2016-04-02 08:38
==================== End of FRST.txt ============================
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01
Ran by rogerpc (administrator) on ROGER (02-04-2016 12:09:56)
Running from C:\Users\rogerpc\Desktop
Loaded Profiles: rogerpc & (Available Profiles: rogerpc)
Platform: Windows 8.1 (X64) Language: English (United Kingdom)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe
(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
() C:\Program Files (x86)\3 Mobile Broadband\3Connect\BecHelperService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
() C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\ProgramData\MobileBrServ\mbbService.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(Toshiba Corporation) C:\Program Files\Toshiba\Teco\TecoService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TPHM\TPCHSrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Teco\TecoResident.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Hotkey\TCrdMain_Win8.exe
() C:\Windows\SysWOW64\UMonit64.exe
() C:\Program Files (x86)\3G Hostless Modem\3G Hostless Modem\CheckNDISPort_df.exe
() C:\Program Files (x86)\3G Hostless Modem\3G Hostless Modem\CancelAutoPlay_df.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TPHM\TPCHWMsg.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
() C:\Program Files (x86)\3G Hostless Modem\3G Hostless Modem\ShowTip.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [894048 2013-01-11] (Conexant Systems, Inc.)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1647616 2012-06-13] (Conexant Systems, Inc.)
HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [178016 2013-08-21] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [354144 2013-08-13] (TOSHIBA Corporation)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2556768 2013-08-17] (TOSHIBA Corporation)
HKLM\...\Run: [TSSSrv] => C:\Program Files (x86)\TOSHIBA\System Setting\TSSSrv.exe [296520 2013-09-11] (TOSHIBA Corporation)
HKLM-x32\...\Run: [TSVU] => c:\Program Files\TOSHIBA\TOSHIBA Smart View Utility\TosSmartViewLauncher.exe [516512 2013-07-23] (TOSHIBA)
HKLM-x32\...\Run: [CheckNDISPortf0acf7] => C:\Program Files (x86)\3G Hostless Modem\3G Hostless Modem\CheckNDISPort_df.exe [464640 2013-10-12] ()
HKLM-x32\...\Run: [CancelAutoPlay_df] => C:\Program Files (x86)\3G Hostless Modem\3G Hostless Modem\CancelAutoPlay_df.exe [446720 2013-10-12] ()
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [66328 2016-01-27] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [807392 2016-02-22] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-339079225-1289120480-1685784122-1001\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2014-10-25] (Google Inc.)
HKU\S-1-5-21-339079225-1289120480-1685784122-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8619224 2016-01-15] (Piriform Ltd)
HKU\S-1-5-21-339079225-1289120480-1685784122-1001\...\MountPoints2: E - "E:\AutoRun.exe"
HKU\S-1-5-21-339079225-1289120480-1685784122-1001\...\MountPoints2: {221fe663-b66d-11e5-82bc-001e101fd047} - "E:\AutoRun.exe"
HKU\S-1-5-21-339079225-1289120480-1685784122-1001\...\MountPoints2: {6f7c2a9f-45ae-11e4-8297-582c80139263} - "E:\AutoRun.exe"
HKU\S-1-5-21-339079225-1289120480-1685784122-1001\...\MountPoints2: {6f7c2b5a-45ae-11e4-8297-582c80139263} - "E:\AutoRun.exe"
HKU\S-1-5-21-339079225-1289120480-1685784122-1001\...\MountPoints2: {6f7c2c17-45ae-11e4-8297-582c80139263} - "E:\AutoRun.exe"
HKU\S-1-5-21-339079225-1289120480-1685784122-1001\...\MountPoints2: {8a645bf7-ade1-11e4-829d-582c80139263} - "E:\AutoRun.exe"
HKU\S-1-5-21-339079225-1289120480-1685784122-1001\...\MountPoints2: {8a6469d2-ade1-11e4-829d-582c80139263} - "E:\AutoRun.exe"
HKU\S-1-5-21-339079225-1289120480-1685784122-1001\...\MountPoints2: {8a646b3a-ade1-11e4-829d-582c80139263} - "E:\AutoRun.exe"
HKU\S-1-5-21-339079225-1289120480-1685784122-1001\...\MountPoints2: {97a7647e-92fc-11e3-8263-001e101f82e3} - "E:\AutoRun.exe"
HKU\S-1-5-21-339079225-1289120480-1685784122-1001\...\MountPoints2: {bdcfca8e-90a2-11e3-825c-40f02f3e7359} - "E:\AutoRun.exe"
HKU\S-1-5-21-339079225-1289120480-1685784122-1001\...\MountPoints2: {bdcfcbf1-90a2-11e3-825c-40f02f3e7359} - "E:\AutoRun.exe"
HKU\S-1-5-21-339079225-1289120480-1685784122-1001\...\MountPoints2: {bdcfd082-90a2-11e3-825c-001e101f6c84} - "E:\AutoRun.exe"
HKU\S-1-5-21-339079225-1289120480-1685784122-1001\...\MountPoints2: {e6c3b297-eb43-11e4-82a3-001e101fd9e1} - "E:\AutoRun.exe"
HKU\S-1-5-21-339079225-1289120480-1685784122-1001\...\MountPoints2: {fabfc2d0-917f-11e3-825e-40f02f3e7359} - "E:\AutoRun.exe"
HKU\S-1-5-21-339079225-1289120480-1685784122-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2014-10-25] (Google Inc.)
HKU\S-1-5-21-339079225-1289120480-1685784122-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8619224 2016-01-15] (Piriform Ltd)
HKU\S-1-5-21-339079225-1289120480-1685784122-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: E - "E:\AutoRun.exe"
HKU\S-1-5-21-339079225-1289120480-1685784122-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {221fe663-b66d-11e5-82bc-001e101fd047} - "E:\AutoRun.exe"
HKU\S-1-5-21-339079225-1289120480-1685784122-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {6f7c2a9f-45ae-11e4-8297-582c80139263} - "E:\AutoRun.exe"
HKU\S-1-5-21-339079225-1289120480-1685784122-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {6f7c2b5a-45ae-11e4-8297-582c80139263} - "E:\AutoRun.exe"
HKU\S-1-5-21-339079225-1289120480-1685784122-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {6f7c2c17-45ae-11e4-8297-582c80139263} - "E:\AutoRun.exe"
HKU\S-1-5-21-339079225-1289120480-1685784122-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {8a645bf7-ade1-11e4-829d-582c80139263} - "E:\AutoRun.exe"
HKU\S-1-5-21-339079225-1289120480-1685784122-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {8a6469d2-ade1-11e4-829d-582c80139263} - "E:\AutoRun.exe"
HKU\S-1-5-21-339079225-1289120480-1685784122-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {8a646b3a-ade1-11e4-829d-582c80139263} - "E:\AutoRun.exe"
HKU\S-1-5-21-339079225-1289120480-1685784122-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {97a7647e-92fc-11e3-8263-001e101f82e3} - "E:\AutoRun.exe"
HKU\S-1-5-21-339079225-1289120480-1685784122-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {bdcfca8e-90a2-11e3-825c-40f02f3e7359} - "E:\AutoRun.exe"
HKU\S-1-5-21-339079225-1289120480-1685784122-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {bdcfcbf1-90a2-11e3-825c-40f02f3e7359} - "E:\AutoRun.exe"
HKU\S-1-5-21-339079225-1289120480-1685784122-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {bdcfd082-90a2-11e3-825c-001e101f6c84} - "E:\AutoRun.exe"
HKU\S-1-5-21-339079225-1289120480-1685784122-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {e6c3b297-eb43-11e4-82a3-001e101fd9e1} - "E:\AutoRun.exe"
HKU\S-1-5-21-339079225-1289120480-1685784122-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {fabfc2d0-917f-11e3-825e-40f02f3e7359} - "E:\AutoRun.exe"
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{2E2EC4D4-2719-4099-B059-94AD70F72BB4}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{8324DF83-F34B-41F2-BA42-E032C960C654}: [DhcpNameServer] 172.16.15.254
Tcpip\..\Interfaces\{CAED3B9B-681E-4A00-85C0-914A85AC53FB}: [DhcpNameServer] 40.41.1.201 40.41.1.203
Internet Explorer:
==================
HKU\S-1-5-21-339079225-1289120480-1685784122-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba13.msn.com/?pc=TEJB
HKU\S-1-5-21-339079225-1289120480-1685784122-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://toshiba.eu/symbaloo_c
HKU\S-1-5-21-339079225-1289120480-1685784122-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba13.msn.com/?pc=TEJB
HKU\S-1-5-21-339079225-1289120480-1685784122-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://toshiba.eu/symbaloo_c
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-339079225-1289120480-1685784122-1001 -> {6A9023C7-F04A-4D4F-9750-E2859B5A71FD} URL =
SearchScopes: HKU\S-1-5-21-339079225-1289120480-1685784122-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {6A9023C7-F04A-4D4F-9750-E2859B5A71FD} URL =
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2016-03-15] (Microsoft Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-12-21] (Google Inc.)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2016-03-15] (Microsoft Corporation)
BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll [2015-09-22] (Eyeo GmbH)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-12-21] (Google Inc.)
BHO-x32: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll [2015-09-22] (Eyeo GmbH)
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-12-21] (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-12-21] (Google Inc.)
Toolbar: HKU\S-1-5-21-339079225-1289120480-1685784122-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-12-21] (Google Inc.)
Toolbar: HKU\S-1-5-21-339079225-1289120480-1685784122-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-12-21] (Google Inc.)
DPF: HKLM-x32 {0E5F0222-96B9-11D3-8997-00104BD12D94} hxxp://www.pcpitstop.com/betapit/PCPitStop.CAB
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
FireFox:
========
FF ProfilePath: C:\Users\rogerpc\AppData\Roaming\Mozilla\Firefox\Profiles\1jc0vun5.default-1454828238013
FF Homepage: hxxps://www.google.co.uk/?gws_rd=ssl
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_197.dll [2016-03-26] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_197.dll [2016-03-26] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-03] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-03] (Intel Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-02-09] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-10] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-10] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF Extension: Tabs on Bottom (Australis) - C:\Users\rogerpc\AppData\Roaming\Mozilla\Firefox\Profiles\1jc0vun5.default-1454828238013\Extensions\jid1-OesGFwaQGIBASw@jetpack.xpi [2016-02-07]
FF Extension: Adblock Plus - C:\Users\rogerpc\AppData\Roaming\Mozilla\Firefox\Profiles\1jc0vun5.default-1454828238013\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-02-24]
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi [2016-03-19] [not signed]
Chrome:
=======
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\rogerpc\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\rogerpc\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-02-08]
CHR Extension: (Google Docs) - C:\Users\rogerpc\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-02-08]
CHR Extension: (Google Drive) - C:\Users\rogerpc\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-02-08]
CHR Extension: (YouTube) - C:\Users\rogerpc\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-02-08]
CHR Extension: (Google Search) - C:\Users\rogerpc\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-02-08]
CHR Extension: (Google Sheets) - C:\Users\rogerpc\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-02-08]
CHR Extension: (Google Docs Offline) - C:\Users\rogerpc\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-02-08]
CHR Extension: (Avast Online Security) - C:\Users\rogerpc\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-02-08]
CHR Extension: (Chrome Web Store Payments) - C:\Users\rogerpc\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-02-08]
CHR Extension: (Gmail) - C:\Users\rogerpc\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-02-08]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [955736 2016-02-22] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [466504 2016-02-22] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [466504 2016-02-22] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1424880 2016-02-22] (Avira Operations GmbH & Co. KG)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [312448 2013-08-22] (Windows (R) Win 7 DDK provider) [File not signed]
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [260456 2016-01-27] (Avira Operations GmbH & Co. KG)
R2 BecHelperService; C:\Program Files (x86)\3 Mobile Broadband\3Connect\BecHelperService.exe [1737464 2010-01-28] ()
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2828016 2016-02-09] (Microsoft Corporation)
R2 dts_apo_service; C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe [19792 2013-09-10] ()
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-09-03] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-03] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
R2 Mobile Broadband HL Service; C:\ProgramData\MobileBrServ\mbbservice.exe [233344 2012-06-28] ()
S3 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [116088 2013-07-18] (Toshiba Europe GmbH)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3858944 2013-10-24] (Qualcomm Atheros Communications, Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [128664 2016-02-22] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [137952 2016-02-22] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [35488 2016-02-22] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [68936 2016-02-22] (Avira Operations GmbH & Co. KG)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
S3 ewusbnet; C:\Windows\system32\DRIVERS\ewusbnet.sys [256000 2010-12-22] (Huawei Technologies Co., Ltd.)
U5 GeneStor; C:\Windows\System32\Drivers\GeneStor.sys [105704 2013-08-16] (GenesysLogic)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-04-02] (Malwarebytes)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [65408 2016-03-10] (Malwarebytes Corporation)
S2 mdvrmng; C:\Windows\SysWOW64\drivers\mdvrmng.sys [10240 2010-01-28] () [File not signed]
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-03] (Intel Corporation)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [34544 2014-08-06] (Synaptics Incorporated)
R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [32624 2013-08-19] (Windows (R) Win 7 DDK provider)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 wdf_usbserials; C:\Windows\system32\DRIVERS\usb2serials.sys [82944 2012-12-14] (MBB)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
S3 wmbclass; C:\Windows\system32\DRIVERS\wmbclass.sys [268288 2013-11-01] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-04-02 12:09 - 2016-04-02 12:10 - 00023469 _____ C:\Users\rogerpc\Desktop\FRST.txt
2016-04-02 12:09 - 2016-04-02 12:09 - 02374144 _____ (Farbar) C:\Users\rogerpc\Desktop\FRST64.exe
2016-04-02 12:09 - 2016-04-02 12:09 - 00000000 ____D C:\FRST
2016-03-24 01:54 - 2016-03-24 01:54 - 00000000 ____D C:\Users\rogerpc\AppData\Local\AviraSpeedup
2016-03-24 01:54 - 2016-03-24 01:54 - 00000000 ____D C:\Users\rogerpc\AppData\Local\Avira
2016-03-24 01:23 - 2016-03-24 01:23 - 00000000 ____D C:\Users\rogerpc\AppData\Roaming\Avira
2016-03-24 01:21 - 2016-02-22 17:44 - 00137952 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2016-03-24 01:21 - 2016-02-22 17:44 - 00128664 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2016-03-24 01:21 - 2016-02-22 17:44 - 00068936 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2016-03-24 01:21 - 2016-02-22 17:44 - 00035488 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2016-03-24 01:15 - 2016-03-24 02:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2016-03-24 01:15 - 2016-03-24 01:21 - 00000000 ____D C:\Program Files (x86)\Avira
2016-03-24 01:15 - 2016-03-24 01:15 - 00001193 _____ C:\Users\Public\Desktop\Avira Launcher.lnk
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-04-02 12:02 - 2014-10-25 11:14 - 00000918 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-04-02 11:25 - 2014-02-08 10:35 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-339079225-1289120480-1685784122-1001
2016-04-02 11:05 - 2016-02-07 08:24 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-04-02 11:04 - 2016-02-07 08:23 - 00001085 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-04-02 11:04 - 2016-02-07 08:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-04-02 11:04 - 2016-02-07 08:23 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-04-02 08:14 - 2014-10-25 11:14 - 00000914 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-03-29 20:39 - 2014-10-25 10:48 - 00000000 ____D C:\Users\rogerpc\AppData\LocalLow\Adblock Plus for IE
2016-03-28 21:27 - 2013-08-22 14:36 - 00000000 ____D C:\Windows\Inf
2016-03-27 08:11 - 2013-09-10 02:34 - 00863592 _____ C:\Windows\system32\PerfStringBackup.INI
2016-03-24 02:31 - 2013-08-22 15:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-03-24 02:30 - 2013-08-22 15:44 - 00483336 _____ C:\Windows\system32\FNTCACHE.DAT
2016-03-24 02:30 - 2013-08-22 14:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2016-03-24 01:21 - 2014-02-16 12:35 - 00000000 ____D C:\ProgramData\Avira
2016-03-24 01:14 - 2013-12-24 03:16 - 00000000 ____D C:\ProgramData\Package Cache
2016-03-24 00:56 - 2016-02-12 16:08 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-03-24 00:56 - 2014-02-16 13:41 - 00000000 ____D C:\ProgramData\AVAST Software
2016-03-24 00:56 - 2014-02-08 10:48 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-03-20 10:39 - 2014-02-08 13:31 - 00000000 ____D C:\Users\rogerpc\AppData\Roaming\WildTangent
2016-03-20 10:39 - 2013-12-24 03:51 - 00000000 ____D C:\Program Files (x86)\TOSHIBA Games
2016-03-20 10:39 - 2013-12-24 03:26 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2016-03-20 10:39 - 2013-12-24 03:26 - 00000000 ____D C:\ProgramData\WildTangent
2016-03-18 08:27 - 2014-02-15 11:07 - 00001214 _____ C:\Users\rogerpc\Documents\bet.txt
2016-03-17 05:04 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\system32\NDF
2016-03-15 00:04 - 2013-08-22 16:36 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-03-15 00:03 - 2014-02-08 16:58 - 00000000 ____D C:\Program Files\Microsoft Office 15
2016-03-10 14:09 - 2016-02-07 08:23 - 00065408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-03-10 14:08 - 2016-02-07 08:23 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-03-10 14:08 - 2016-02-07 08:23 - 00027008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-03-08 22:24 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\LiveKernelReports
2016-03-08 22:07 - 2015-06-21 17:46 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
Some files in TEMP:
====================
C:\Users\rogerpc\AppData\Local\Temp\avgnt.exe
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2016-04-02 08:38
==================== End of FRST.txt ============================