Inactive-A Occasional redirects

Status
Not open for further replies.
R

roger4444

Hi thanks for any help, getting redirects sometimes, avira and mbam find nothing, logs below

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01
Ran by rogerpc (administrator) on ROGER (02-04-2016 12:09:56)
Running from C:\Users\rogerpc\Desktop
Loaded Profiles: rogerpc & (Available Profiles: rogerpc)
Platform: Windows 8.1 (X64) Language: English (United Kingdom)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe
(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
() C:\Program Files (x86)\3 Mobile Broadband\3Connect\BecHelperService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
() C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\ProgramData\MobileBrServ\mbbService.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(Toshiba Corporation) C:\Program Files\Toshiba\Teco\TecoService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TPHM\TPCHSrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Teco\TecoResident.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Hotkey\TCrdMain_Win8.exe
() C:\Windows\SysWOW64\UMonit64.exe
() C:\Program Files (x86)\3G Hostless Modem\3G Hostless Modem\CheckNDISPort_df.exe
() C:\Program Files (x86)\3G Hostless Modem\3G Hostless Modem\CancelAutoPlay_df.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TPHM\TPCHWMsg.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
() C:\Program Files (x86)\3G Hostless Modem\3G Hostless Modem\ShowTip.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [] => [X]
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [894048 2013-01-11] (Conexant Systems, Inc.)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1647616 2012-06-13] (Conexant Systems, Inc.)
HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [178016 2013-08-21] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [354144 2013-08-13] (TOSHIBA Corporation)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2556768 2013-08-17] (TOSHIBA Corporation)
HKLM\...\Run: [TSSSrv] => C:\Program Files (x86)\TOSHIBA\System Setting\TSSSrv.exe [296520 2013-09-11] (TOSHIBA Corporation)
HKLM-x32\...\Run: [TSVU] => c:\Program Files\TOSHIBA\TOSHIBA Smart View Utility\TosSmartViewLauncher.exe [516512 2013-07-23] (TOSHIBA)
HKLM-x32\...\Run: [CheckNDISPortf0acf7] => C:\Program Files (x86)\3G Hostless Modem\3G Hostless Modem\CheckNDISPort_df.exe [464640 2013-10-12] ()
HKLM-x32\...\Run: [CancelAutoPlay_df] => C:\Program Files (x86)\3G Hostless Modem\3G Hostless Modem\CancelAutoPlay_df.exe [446720 2013-10-12] ()
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [66328 2016-01-27] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [807392 2016-02-22] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-339079225-1289120480-1685784122-1001\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2014-10-25] (Google Inc.)
HKU\S-1-5-21-339079225-1289120480-1685784122-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8619224 2016-01-15] (Piriform Ltd)
HKU\S-1-5-21-339079225-1289120480-1685784122-1001\...\MountPoints2: E - "E:\AutoRun.exe"
HKU\S-1-5-21-339079225-1289120480-1685784122-1001\...\MountPoints2: {221fe663-b66d-11e5-82bc-001e101fd047} - "E:\AutoRun.exe"
HKU\S-1-5-21-339079225-1289120480-1685784122-1001\...\MountPoints2: {6f7c2a9f-45ae-11e4-8297-582c80139263} - "E:\AutoRun.exe"
HKU\S-1-5-21-339079225-1289120480-1685784122-1001\...\MountPoints2: {6f7c2b5a-45ae-11e4-8297-582c80139263} - "E:\AutoRun.exe"
HKU\S-1-5-21-339079225-1289120480-1685784122-1001\...\MountPoints2: {6f7c2c17-45ae-11e4-8297-582c80139263} - "E:\AutoRun.exe"
HKU\S-1-5-21-339079225-1289120480-1685784122-1001\...\MountPoints2: {8a645bf7-ade1-11e4-829d-582c80139263} - "E:\AutoRun.exe"
HKU\S-1-5-21-339079225-1289120480-1685784122-1001\...\MountPoints2: {8a6469d2-ade1-11e4-829d-582c80139263} - "E:\AutoRun.exe"
HKU\S-1-5-21-339079225-1289120480-1685784122-1001\...\MountPoints2: {8a646b3a-ade1-11e4-829d-582c80139263} - "E:\AutoRun.exe"
HKU\S-1-5-21-339079225-1289120480-1685784122-1001\...\MountPoints2: {97a7647e-92fc-11e3-8263-001e101f82e3} - "E:\AutoRun.exe"
HKU\S-1-5-21-339079225-1289120480-1685784122-1001\...\MountPoints2: {bdcfca8e-90a2-11e3-825c-40f02f3e7359} - "E:\AutoRun.exe"
HKU\S-1-5-21-339079225-1289120480-1685784122-1001\...\MountPoints2: {bdcfcbf1-90a2-11e3-825c-40f02f3e7359} - "E:\AutoRun.exe"
HKU\S-1-5-21-339079225-1289120480-1685784122-1001\...\MountPoints2: {bdcfd082-90a2-11e3-825c-001e101f6c84} - "E:\AutoRun.exe"
HKU\S-1-5-21-339079225-1289120480-1685784122-1001\...\MountPoints2: {e6c3b297-eb43-11e4-82a3-001e101fd9e1} - "E:\AutoRun.exe"
HKU\S-1-5-21-339079225-1289120480-1685784122-1001\...\MountPoints2: {fabfc2d0-917f-11e3-825e-40f02f3e7359} - "E:\AutoRun.exe"
HKU\S-1-5-21-339079225-1289120480-1685784122-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2014-10-25] (Google Inc.)
HKU\S-1-5-21-339079225-1289120480-1685784122-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8619224 2016-01-15] (Piriform Ltd)
HKU\S-1-5-21-339079225-1289120480-1685784122-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: E - "E:\AutoRun.exe"
HKU\S-1-5-21-339079225-1289120480-1685784122-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {221fe663-b66d-11e5-82bc-001e101fd047} - "E:\AutoRun.exe"
HKU\S-1-5-21-339079225-1289120480-1685784122-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {6f7c2a9f-45ae-11e4-8297-582c80139263} - "E:\AutoRun.exe"
HKU\S-1-5-21-339079225-1289120480-1685784122-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {6f7c2b5a-45ae-11e4-8297-582c80139263} - "E:\AutoRun.exe"
HKU\S-1-5-21-339079225-1289120480-1685784122-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {6f7c2c17-45ae-11e4-8297-582c80139263} - "E:\AutoRun.exe"
HKU\S-1-5-21-339079225-1289120480-1685784122-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {8a645bf7-ade1-11e4-829d-582c80139263} - "E:\AutoRun.exe"
HKU\S-1-5-21-339079225-1289120480-1685784122-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {8a6469d2-ade1-11e4-829d-582c80139263} - "E:\AutoRun.exe"
HKU\S-1-5-21-339079225-1289120480-1685784122-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {8a646b3a-ade1-11e4-829d-582c80139263} - "E:\AutoRun.exe"
HKU\S-1-5-21-339079225-1289120480-1685784122-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {97a7647e-92fc-11e3-8263-001e101f82e3} - "E:\AutoRun.exe"
HKU\S-1-5-21-339079225-1289120480-1685784122-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {bdcfca8e-90a2-11e3-825c-40f02f3e7359} - "E:\AutoRun.exe"
HKU\S-1-5-21-339079225-1289120480-1685784122-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {bdcfcbf1-90a2-11e3-825c-40f02f3e7359} - "E:\AutoRun.exe"
HKU\S-1-5-21-339079225-1289120480-1685784122-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {bdcfd082-90a2-11e3-825c-001e101f6c84} - "E:\AutoRun.exe"
HKU\S-1-5-21-339079225-1289120480-1685784122-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {e6c3b297-eb43-11e4-82a3-001e101fd9e1} - "E:\AutoRun.exe"
HKU\S-1-5-21-339079225-1289120480-1685784122-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {fabfc2d0-917f-11e3-825e-40f02f3e7359} - "E:\AutoRun.exe"
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{2E2EC4D4-2719-4099-B059-94AD70F72BB4}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{8324DF83-F34B-41F2-BA42-E032C960C654}: [DhcpNameServer] 172.16.15.254
Tcpip\..\Interfaces\{CAED3B9B-681E-4A00-85C0-914A85AC53FB}: [DhcpNameServer] 40.41.1.201 40.41.1.203

Internet Explorer:
==================
HKU\S-1-5-21-339079225-1289120480-1685784122-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba13.msn.com/?pc=TEJB
HKU\S-1-5-21-339079225-1289120480-1685784122-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://toshiba.eu/symbaloo_c
HKU\S-1-5-21-339079225-1289120480-1685784122-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba13.msn.com/?pc=TEJB
HKU\S-1-5-21-339079225-1289120480-1685784122-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://toshiba.eu/symbaloo_c
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-339079225-1289120480-1685784122-1001 -> {6A9023C7-F04A-4D4F-9750-E2859B5A71FD} URL =
SearchScopes: HKU\S-1-5-21-339079225-1289120480-1685784122-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {6A9023C7-F04A-4D4F-9750-E2859B5A71FD} URL =
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2016-03-15] (Microsoft Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-12-21] (Google Inc.)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2016-03-15] (Microsoft Corporation)
BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll [2015-09-22] (Eyeo GmbH)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-12-21] (Google Inc.)
BHO-x32: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll [2015-09-22] (Eyeo GmbH)
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-12-21] (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-12-21] (Google Inc.)
Toolbar: HKU\S-1-5-21-339079225-1289120480-1685784122-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-12-21] (Google Inc.)
Toolbar: HKU\S-1-5-21-339079225-1289120480-1685784122-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-12-21] (Google Inc.)
DPF: HKLM-x32 {0E5F0222-96B9-11D3-8997-00104BD12D94} hxxp://www.pcpitstop.com/betapit/PCPitStop.CAB
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\rogerpc\AppData\Roaming\Mozilla\Firefox\Profiles\1jc0vun5.default-1454828238013
FF Homepage: hxxps://www.google.co.uk/?gws_rd=ssl
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_197.dll [2016-03-26] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_197.dll [2016-03-26] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-03] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-03] (Intel Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-02-09] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-10] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-10] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF Extension: Tabs on Bottom (Australis) - C:\Users\rogerpc\AppData\Roaming\Mozilla\Firefox\Profiles\1jc0vun5.default-1454828238013\Extensions\jid1-OesGFwaQGIBASw@jetpack.xpi [2016-02-07]
FF Extension: Adblock Plus - C:\Users\rogerpc\AppData\Roaming\Mozilla\Firefox\Profiles\1jc0vun5.default-1454828238013\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-02-24]
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi [2016-03-19] [not signed]

Chrome:
=======
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\rogerpc\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\rogerpc\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-02-08]
CHR Extension: (Google Docs) - C:\Users\rogerpc\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-02-08]
CHR Extension: (Google Drive) - C:\Users\rogerpc\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-02-08]
CHR Extension: (YouTube) - C:\Users\rogerpc\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-02-08]
CHR Extension: (Google Search) - C:\Users\rogerpc\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-02-08]
CHR Extension: (Google Sheets) - C:\Users\rogerpc\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-02-08]
CHR Extension: (Google Docs Offline) - C:\Users\rogerpc\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-02-08]
CHR Extension: (Avast Online Security) - C:\Users\rogerpc\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-02-08]
CHR Extension: (Chrome Web Store Payments) - C:\Users\rogerpc\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-02-08]
CHR Extension: (Gmail) - C:\Users\rogerpc\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-02-08]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [955736 2016-02-22] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [466504 2016-02-22] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [466504 2016-02-22] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1424880 2016-02-22] (Avira Operations GmbH & Co. KG)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [312448 2013-08-22] (Windows (R) Win 7 DDK provider) [File not signed]
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [260456 2016-01-27] (Avira Operations GmbH & Co. KG)
R2 BecHelperService; C:\Program Files (x86)\3 Mobile Broadband\3Connect\BecHelperService.exe [1737464 2010-01-28] ()
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2828016 2016-02-09] (Microsoft Corporation)
R2 dts_apo_service; C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe [19792 2013-09-10] ()
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-09-03] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-03] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
R2 Mobile Broadband HL Service; C:\ProgramData\MobileBrServ\mbbservice.exe [233344 2012-06-28] ()
S3 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [116088 2013-07-18] (Toshiba Europe GmbH)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3858944 2013-10-24] (Qualcomm Atheros Communications, Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [128664 2016-02-22] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [137952 2016-02-22] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [35488 2016-02-22] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [68936 2016-02-22] (Avira Operations GmbH & Co. KG)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
S3 ewusbnet; C:\Windows\system32\DRIVERS\ewusbnet.sys [256000 2010-12-22] (Huawei Technologies Co., Ltd.)
U5 GeneStor; C:\Windows\System32\Drivers\GeneStor.sys [105704 2013-08-16] (GenesysLogic)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-04-02] (Malwarebytes)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [65408 2016-03-10] (Malwarebytes Corporation)
S2 mdvrmng; C:\Windows\SysWOW64\drivers\mdvrmng.sys [10240 2010-01-28] () [File not signed]
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-03] (Intel Corporation)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [34544 2014-08-06] (Synaptics Incorporated)
R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [32624 2013-08-19] (Windows (R) Win 7 DDK provider)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 wdf_usbserials; C:\Windows\system32\DRIVERS\usb2serials.sys [82944 2012-12-14] (MBB)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
S3 wmbclass; C:\Windows\system32\DRIVERS\wmbclass.sys [268288 2013-11-01] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-04-02 12:09 - 2016-04-02 12:10 - 00023469 _____ C:\Users\rogerpc\Desktop\FRST.txt
2016-04-02 12:09 - 2016-04-02 12:09 - 02374144 _____ (Farbar) C:\Users\rogerpc\Desktop\FRST64.exe
2016-04-02 12:09 - 2016-04-02 12:09 - 00000000 ____D C:\FRST
2016-03-24 01:54 - 2016-03-24 01:54 - 00000000 ____D C:\Users\rogerpc\AppData\Local\AviraSpeedup
2016-03-24 01:54 - 2016-03-24 01:54 - 00000000 ____D C:\Users\rogerpc\AppData\Local\Avira
2016-03-24 01:23 - 2016-03-24 01:23 - 00000000 ____D C:\Users\rogerpc\AppData\Roaming\Avira
2016-03-24 01:21 - 2016-02-22 17:44 - 00137952 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2016-03-24 01:21 - 2016-02-22 17:44 - 00128664 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2016-03-24 01:21 - 2016-02-22 17:44 - 00068936 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2016-03-24 01:21 - 2016-02-22 17:44 - 00035488 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2016-03-24 01:15 - 2016-03-24 02:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2016-03-24 01:15 - 2016-03-24 01:21 - 00000000 ____D C:\Program Files (x86)\Avira
2016-03-24 01:15 - 2016-03-24 01:15 - 00001193 _____ C:\Users\Public\Desktop\Avira Launcher.lnk

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-04-02 12:02 - 2014-10-25 11:14 - 00000918 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-04-02 11:25 - 2014-02-08 10:35 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-339079225-1289120480-1685784122-1001
2016-04-02 11:05 - 2016-02-07 08:24 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-04-02 11:04 - 2016-02-07 08:23 - 00001085 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-04-02 11:04 - 2016-02-07 08:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-04-02 11:04 - 2016-02-07 08:23 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-04-02 08:14 - 2014-10-25 11:14 - 00000914 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-03-29 20:39 - 2014-10-25 10:48 - 00000000 ____D C:\Users\rogerpc\AppData\LocalLow\Adblock Plus for IE
2016-03-28 21:27 - 2013-08-22 14:36 - 00000000 ____D C:\Windows\Inf
2016-03-27 08:11 - 2013-09-10 02:34 - 00863592 _____ C:\Windows\system32\PerfStringBackup.INI
2016-03-24 02:31 - 2013-08-22 15:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-03-24 02:30 - 2013-08-22 15:44 - 00483336 _____ C:\Windows\system32\FNTCACHE.DAT
2016-03-24 02:30 - 2013-08-22 14:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2016-03-24 01:21 - 2014-02-16 12:35 - 00000000 ____D C:\ProgramData\Avira
2016-03-24 01:14 - 2013-12-24 03:16 - 00000000 ____D C:\ProgramData\Package Cache
2016-03-24 00:56 - 2016-02-12 16:08 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-03-24 00:56 - 2014-02-16 13:41 - 00000000 ____D C:\ProgramData\AVAST Software
2016-03-24 00:56 - 2014-02-08 10:48 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-03-20 10:39 - 2014-02-08 13:31 - 00000000 ____D C:\Users\rogerpc\AppData\Roaming\WildTangent
2016-03-20 10:39 - 2013-12-24 03:51 - 00000000 ____D C:\Program Files (x86)\TOSHIBA Games
2016-03-20 10:39 - 2013-12-24 03:26 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2016-03-20 10:39 - 2013-12-24 03:26 - 00000000 ____D C:\ProgramData\WildTangent
2016-03-18 08:27 - 2014-02-15 11:07 - 00001214 _____ C:\Users\rogerpc\Documents\bet.txt
2016-03-17 05:04 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\system32\NDF
2016-03-15 00:04 - 2013-08-22 16:36 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-03-15 00:03 - 2014-02-08 16:58 - 00000000 ____D C:\Program Files\Microsoft Office 15
2016-03-10 14:09 - 2016-02-07 08:23 - 00065408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-03-10 14:08 - 2016-02-07 08:23 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-03-10 14:08 - 2016-02-07 08:23 - 00027008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-03-08 22:24 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\LiveKernelReports
2016-03-08 22:07 - 2015-06-21 17:46 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk

Some files in TEMP:
====================
C:\Users\rogerpc\AppData\Local\Temp\avgnt.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-04-02 08:38

==================== End of FRST.txt ============================
 
Welcome aboard

Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

============================

I still need Addition.txt log from FRST.
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
Ran by rogerpc (2016-04-02 12:10:25)
Running from C:\Users\rogerpc\Desktop
Windows 8.1 (X64) (2014-02-08 09:29:12)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-339079225-1289120480-1685784122-500 - Administrator - Disabled)
Guest (S-1-5-21-339079225-1289120480-1685784122-501 - Limited - Disabled)
rogerpc (S-1-5-21-339079225-1289120480-1685784122-1001 - Administrator - Enabled) => C:\Users\rogerpc

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

3Connect (HKLM-x32\...\{A899DA1F-D626-401C-8651-F2921E3B4CB3}) (Version: 3.0.0 - 3 Mobile Broadband)
3G Hostless Modem (HKLM-x32\...\{AEFF9E60-3E93-41EE-9895-311F7D1C5FFD}) (Version: 1.0.0.2 - ZTE Corporation)
Adblock Plus for IE (32-bit and 64-bit) (HKLM\...\{0F347A49-E36C-4639-8D2E-003AD408B8B2}) (Version: 1.5 - Eyeo GmbH)
Adblock Plus for IE (HKLM-x32\...\{fd97d1e2-368a-4cd9-af63-8eeff938044a}) (Version: 1.1 - )
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.010.20060 - Adobe Systems Incorporated)
Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.197 - Adobe Systems Incorporated)
Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Atheros)
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.16.282 - Avira Operations GmbH & Co. KG)
Avira Launcher (HKLM-x32\...\{3b87484e-d70b-4b4f-ad59-2ae89571e2cf}) (Version: 1.1.56.9119 - Avira Operations GmbH & Co. KG)
Avira Launcher (x32 Version: 1.1.56.9119 - Avira Operations GmbH & Co. KG) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.14 - Piriform)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.65.2.0 - Conexant)
DTS Sound (HKLM-x32\...\{2DFA9084-CEB3-4A48-B9F7-9038FEF1B8F4}) (Version: 1.01.2700 - DTS, Inc.)
Genesys USB Mass Storage Device (HKLM-x32\...\{959B7F35-2819-40C5-A0CD-3C53B5FCC935}) (Version: 4.3.0.8 - Genesys Logic)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.7210.1528 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
Huawei modem (HKLM-x32\...\Huawei Modems) (Version: - )
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.14.1724 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3282 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.2.1000 - Intel Corporation)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4805.1003 - Microsoft Corporation)
Microsoft SkyDrive (HKU\S-1-5-21-339079225-1289120480-1685784122-1001\...\SkyDriveSetup.exe) (Version: 16.4.6013.0910 - Microsoft Corporation)
Microsoft SkyDrive (HKU\S-1-5-21-339079225-1289120480-1685784122-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\SkyDriveSetup.exe) (Version: 16.4.6013.0910 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Preview Redistributable (x64) - 12.0.20617 (HKLM-x32\...\{448652c1-f5f3-4230-98c6-68c10c88b1fb}) (Version: 12.0.20617.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Preview Redistributable (x86) - 12.0.20617 (HKLM-x32\...\{1f407217-9aec-4146-8504-e64ac959c534}) (Version: 12.0.20617.1 - Microsoft Corporation)
Mobile Broadband HL Service (HKLM-x32\...\Mobile Broadband HL Service) (Version: 22.001.16.00.03 - Huawei Technologies Co.,Ltd)
Mozilla Firefox 45.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 45.0.1 (x86 en-US)) (Version: 45.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 45.0.1.5918 - Mozilla)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4805.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4805.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4805.1003 - Microsoft Corporation) Hidden
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.300 - Qualcomm Atheros)
Qualcomm Atheros Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.21 - Qualcomm Atheros Inc.)
RICOH_Media_Driver_v2.22.18.01 (HKLM-x32\...\{FE041B02-234C-4AAA-9511-80DF6482A458}) (Version: 2.22.18.01 - RICOH)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.10.51 - Synaptics Incorporated)
TOSHIBA Addendum (HKLM-x32\...\{CE0374A6-B204-4336-8293-63FBB1DADBF4}) (Version: 1.00 - TOSHIBA)
TOSHIBA Desktop Assist (HKLM\...\{95CCACF0-010D-45F0-82BF-858643D8BC02}) (Version: 1.02.01.6407 - Toshiba Corporation)
TOSHIBA Display Utility (HKLM\...\{84FA4D2D-4273-4C66-BD3D-ADD3FE48DFA2}) (Version: 1.1.5.0 - Toshiba Corporation)
TOSHIBA eco Utility (HKLM\...\{5944B9D4-3C2A-48DE-931E-26B31714A2F7}) (Version: 2.2.0.6404 - Toshiba Corporation)
TOSHIBA Function Key (HKLM\...\{16562A90-71BC-41A0-B890-D91B0C267120}) (Version: 1.1.0001.6403 - Toshiba Corporation)
TOSHIBA Gesture Controller (HKLM-x32\...\{D2484156-5F50-46CA-994A-3EC35F891950}) (Version: 4.0.110.0 - Toshiba Corporation)
TOSHIBA Manuals (HKLM-x32\...\{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}) (Version: 10.10 - TOSHIBA)
TOSHIBA Password Utility (HKLM-x32\...\InstallShield_{26BB68BB-CF93-4A12-BC6D-A3B6F53AC8D9}) (Version: 5.0.1.0 - Toshiba Corporation)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.9.09.6400 - Toshiba Corporation)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 3.1.02.55065006 - Toshiba Corporation)
TOSHIBA Service Station (HKLM\...\{FBFCEEA5-96EA-4C8E-9262-43CBBEBAE413}) (Version: 2.6.8 - Toshiba Corporation)
TOSHIBA System Driver (HKLM-x32\...\{1E6A96A1-2BAB-43EF-8087-30437593C66C}) (Version: 1.00.0030 - Toshiba Corporation)
TOSHIBA System Settings (HKLM-x32\...\{05A55927-DB9B-4E26-BA44-828EBFF829F0}) (Version: 1.1.2.32001 - Toshiba Corporation)
Toshiba TEMPRO (HKLM-x32\...\{F76F5214-83A8-4030-80C9-1EF57391D72A}) (Version: 4.5.0 - Toshiba Europe GmbH)
TOSHIBA VIDEO PLAYER (HKLM\...\{FF07604E-C860-40E9-A230-E37FA41F103A}) (Version: 5.3.27.102 - Toshiba Corporation)
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
ZTE DC GeneralSale Driver 1.0.0.2 (HKLM-x32\...\{D440D7E5-8815-49D9-8403-7915EA1A6FEF}_is1) (Version: - ZTE)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {13CF83C0-E2FA-43A8-A636-0C0C28C3B104} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-02-09] (Microsoft Corporation)
Task: {1DBDD7A3-8371-4E97-8B21-49952A7BB930} - System32\Tasks\Resolution+ Setting Task => C:\Program Files\Toshiba\TOSHIBA Smart View Utility\Plugins\ResolutionPlus\TosRegPermissionChg.exe [2013-08-28] (TODO: <Company name>)
Task: {1E9DD254-FB7E-4F25-A62B-882108973E0E} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-01-15] (Piriform Ltd)
Task: {47068F63-572D-4345-82BD-41DA2F978E87} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-14] (Adobe Systems Incorporated)
Task: {4A038C54-0009-4794-9A49-EEA041FD5311} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {789D0ECD-125C-41FC-A652-2D89E8B239DE} - System32\Tasks\Toshiba\CommonNotifier => C:\Program Files (x86)\Toshiba TEMPRO\Toshiba.Tempro.UI.CommonNotifier.exe [2013-07-18] (Toshiba Europe GmbH)
Task: {79591E48-1D1F-4096-98A2-83783936C307} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2016-03-15] (Microsoft Corporation)
Task: {7B0EE303-91DC-4A44-956A-7DFE2143140C} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-03-05] (AVAST Software)
Task: {8F9E1E09-01DB-41D1-AF5F-71FCB8F8CD61} - System32\Tasks\TOSHIBA\Service Station => C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe [2013-07-31] (TOSHIBA Corporation)
Task: {96745D0F-C6BE-4A2E-943C-BEC333FDDEBA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {9C000915-EBDC-4611-A094-CC9BC0B713C0} - System32\Tasks\UMonitor Task => C:\Windows\SysWOW64\UMonit64.exe [2013-08-28] ()
Task: {B48794C1-3541-458F-9A0E-ED06D24334CC} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2014-08-06] (Synaptics Incorporated)
Task: {DCDB8A30-1ACC-4DA7-8B78-D55C0035CB5C} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-02-09] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2014-02-08 10:41 - 2010-01-28 14:47 - 01737464 _____ () C:\Program Files (x86)\3 Mobile Broadband\3Connect\BecHelperService.exe
2014-03-12 00:37 - 2015-10-13 05:34 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2013-09-10 13:54 - 2013-09-10 13:54 - 00019792 _____ () C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe
2014-02-11 11:55 - 2012-06-28 07:19 - 00233344 _____ () C:\ProgramData\MobileBrServ\mbbservice.exe
2015-10-29 01:01 - 2015-09-01 17:04 - 08901184 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2012-07-18 19:38 - 2012-07-18 19:38 - 00020904 _____ () C:\Program Files\TOSHIBA\Hotkey\SmoothView.dll
2013-12-24 03:11 - 2013-08-28 16:08 - 00053248 _____ () C:\Windows\SysWOW64\UMonit64.exe
2016-01-09 03:37 - 2013-10-12 12:14 - 00464640 _____ () C:\Program Files (x86)\3G Hostless Modem\3G Hostless Modem\CheckNDISPort_df.exe
2016-01-09 03:37 - 2013-10-12 12:14 - 00446720 _____ () C:\Program Files (x86)\3G Hostless Modem\3G Hostless Modem\CancelAutoPlay_df.exe
2016-01-09 03:37 - 2013-10-15 20:57 - 00512256 _____ () C:\Program Files (x86)\3G Hostless Modem\3G Hostless Modem\ShowTip.exe
2013-12-24 02:55 - 2013-09-03 15:53 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-339079225-1289120480-1685784122-1001\...\driversupport.com -> hxxp://apps.driversupport.com
IE trusted site: HKU\S-1-5-21-339079225-1289120480-1685784122-1001\...\driversupport.com -> hxxps://apps.driversupport.com
IE trusted site: HKU\S-1-5-21-339079225-1289120480-1685784122-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\driversupport.com -> hxxp://apps.driversupport.com
IE trusted site: HKU\S-1-5-21-339079225-1289120480-1685784122-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\driversupport.com -> hxxps://apps.driversupport.com

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-339079225-1289120480-1685784122-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Toshiba\Standard.jpg
HKU\S-1-5-21-339079225-1289120480-1685784122-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Toshiba\Standard.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AdobeARMservice => 2
HKLM\...\StartupApproved\Run: => "Persistence"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{B3520534-3077-434D-B154-C801D2991ED1}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe
FirewallRules: [{F133DB4C-353E-450D-AE7C-A90C04D40D52}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe
FirewallRules: [{B0909C75-2485-42AD-A065-45B45F5F4061}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
FirewallRules: [{7B2FA539-41FD-4416-B2CA-6E9E97249755}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
FirewallRules: [{2BF79293-134D-4487-8770-285849E61E21}] => (Allow) C:\Users\rogerpc\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{83ADAE3D-64EA-4CA7-92DC-73D5D01DF75F}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{9393B129-3BC1-43C2-835A-92BB08191F23}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{5AFBD892-E91D-4D0F-8608-3B0B3564367B}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{FB572776-1CD3-44C5-B34E-81340AD46183}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{E5DDF424-70AC-4404-A5A8-46A6AC403877}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{7B7BE190-FDD5-4F38-BE4B-222A39173344}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{C71FCE27-554B-43F8-9F57-2317FE5AC547}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{EB9A02D1-B938-40E2-8AC1-8143C03CB690}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{42C76DEA-E0D1-4856-82D9-6AC25582B122}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Restore Points =========================

15-03-2016 11:59:56 Scheduled Checkpoint
24-03-2016 01:16:48 Avira System Speedup 2.1.13
24-03-2016 02:00:31 Avira System Speedup Optimization
01-04-2016 08:54:31 Scheduled Checkpoint

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (04/02/2016 10:24:52 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073415161

Error: (04/01/2016 10:24:51 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073415161

Error: (03/31/2016 10:24:52 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073415161

Error: (03/30/2016 01:02:18 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073415161

Error: (03/29/2016 01:50:32 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073415161

Error: (03/28/2016 10:24:52 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073415161

Error: (03/28/2016 02:59:32 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Avira.ServiceHost.exe, version: 1.1.56.9119, time stamp: 0x56a8ea7a
Faulting module name: KERNELBASE.dll, version: 6.3.9600.18202, time stamp: 0x569e72bb
Exception code: 0xe0434352
Fault offset: 0x00015b68
Faulting process ID: 0xa30
Faulting application start time: 0xAvira.ServiceHost.exe0
Faulting application path: Avira.ServiceHost.exe1
Faulting module path: Avira.ServiceHost.exe2
Report ID: Avira.ServiceHost.exe3
Faulting package full name: Avira.ServiceHost.exe4
Faulting package-relative application ID: Avira.ServiceHost.exe5

Error: (03/28/2016 02:59:31 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: Avira.ServiceHost.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.OutOfMemoryException
Stack:
at System.Threading.TimerQueue.ChangeAppDomainTimer(AppDomainTimerSafeHandle, UInt32)
at System.Threading.TimerQueue.EnsureAppDomainTimerFiresBy(UInt32)
at System.Threading.TimerQueue.FireNextTimers()
at System.Threading.TimerQueue.AppDomainTimerCallback()

Error: (03/27/2016 10:24:52 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073415161

Error: (03/26/2016 11:24:51 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073415161


System errors:
=============
Error: (04/02/2016 11:26:30 AM) (Source: DCOM) (EventID: 10010) (User: roger)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (04/02/2016 11:26:00 AM) (Source: DCOM) (EventID: 10010) (User: roger)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (04/02/2016 10:41:24 AM) (Source: DCOM) (EventID: 10010) (User: roger)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (04/02/2016 10:40:50 AM) (Source: DCOM) (EventID: 10010) (User: roger)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (04/02/2016 08:53:06 AM) (Source: DCOM) (EventID: 10010) (User: roger)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (04/02/2016 08:52:34 AM) (Source: DCOM) (EventID: 10010) (User: roger)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (04/02/2016 08:39:42 AM) (Source: DCOM) (EventID: 10010) (User: roger)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (04/02/2016 08:39:12 AM) (Source: DCOM) (EventID: 10010) (User: roger)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (04/01/2016 10:03:51 AM) (Source: DCOM) (EventID: 10010) (User: roger)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (04/01/2016 10:03:21 AM) (Source: DCOM) (EventID: 10010) (User: roger)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i3-3110M CPU @ 2.40GHz
Percentage of memory in use: 27%
Total physical RAM: 8083.27 MB
Available physical RAM: 5851.72 MB
Total Virtual: 10099.27 MB
Available Virtual: 6868.21 MB

==================== Drives ================================

Drive c: (TI31202100A) (Fixed) (Total:920.65 GB) (Free:876.37 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt ============================
 
redtarget.gif
Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2
  • Close all the running programs
  • Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
  • Otherwise just double-click on RogueKiller.exe
  • Pre-scan will start. Let it finish.
  • Click on SCAN button.
  • Wait until the Status box shows Scan Finished
  • Click on Delete.
  • Wait until the Status box shows Deleting Finished.
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • RKreport.txt could also be found on your desktop.
  • If more than one log is produced post all logs.
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again
redtarget.gif
Please download Malwarebytes Anti-Malware (MBAM) to your desktop.
NOTE. If you already have MBAM 2.0 installed scroll down.
  • Double-click mbam-setup-2.0.0.1000.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
  • Launch Malwarebytes Anti-Malware
  • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
If you already have MBAM 2.0 installed:
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
How to get logs:
(Export log to save as txt)
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the Scan Log which shows the Date and time of the scan just performed.
  • Click 'Export'.
  • Click 'Text file (*.txt)'
  • In the Save File dialog box which appears, click on Desktop.
  • In the File name: box type a name for your scan log.
  • A message box named 'File Saved' should appear stating "Your file has been successfully exported".
  • Click Ok
  • Attach that saved log to your next reply.
(Copy to clipboard for pasting into forum replies or tickets)
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the Scan Log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.
redtarget.gif
Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
redtarget.gif
Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
 
Malwarebytes found nothing

RogueKiller V12.0.3.0 [Mar 21 2016] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/software/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 8.1 (6.3.9600) 64 bits version
Started in : Normal mode
User : rogerpc [Administrator]
Started from : C:\Users\rogerpc\Desktop\RogueKiller.exe
Mode : Scan -- Date : 04/04/2016 15:34:03

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 8 ¤¤¤
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-339079225-1289120480-1685784122-1001\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://toshiba13.msn.com/?pc=TEJB -> Found
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-339079225-1289120480-1685784122-1001\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://toshiba13.msn.com/?pc=TEJB -> Found
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-339079225-1289120480-1685784122-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://toshiba13.msn.com/?pc=TEJB -> Found
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-339079225-1289120480-1685784122-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://toshiba13.msn.com/?pc=TEJB -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{8324DF83-F34B-41F2-BA42-E032C960C654} | DhcpNameServer : 172.16.15.254 ([X]) -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{CAED3B9B-681E-4A00-85C0-914A85AC53FB} | DhcpNameServer : 40.41.1.201 40.41.1.203 ([-][X]) -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{8324DF83-F34B-41F2-BA42-E032C960C654} | DhcpNameServer : 172.16.15.254 ([X]) -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{CAED3B9B-681E-4A00-85C0-914A85AC53FB} | DhcpNameServer : 40.41.1.201 40.41.1.203 ([-][X]) -> Found

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Not loaded [0x20]) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: TOSHIBA MQ01ABD100 +++++
--- User ---
[MBR] a84dd93b5b19931ceaddbccc47850486
[BSP] df4f83c1f72e36823a12b0dfc7617313 : Empty MBR Code
Partition table:
0 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 2048 | Size: 1024 MB
1 - [MAN-MOUNT] Basic data partition | Offset (sectors): 2099200 | Size: 100 MB
2 - [MAN-MOUNT] Basic data partition | Offset (sectors): 2304000 | Size: 128 MB
3 - Basic data partition | Offset (sectors): 2566144 | Size: 942741 MB
4 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 1933299712 | Size: 9875 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: ZTE MMC Storage USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )






~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.4 (03.14.2016)
Operating System: Windows 8.1 x64
Ran by rogerpc (Administrator) on 04/04/2016 at 16:34:49.58
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 7

Successfully deleted: C:\Users\rogerpc\AppData\Local\drivertoolkit (Folder)
Successfully deleted: C:\Windows\prefetch\DRIVERSHQ.DRIVERDETECTIVE.CLI-9C0EE8EC.pf (File)
Successfully deleted: C:\Windows\prefetch\DRIVERTOOLKITINSTALLER.TMP-4E66D68C.pf (File)
Successfully deleted: C:\Windows\prefetch\GOOGLETOOLBARMANAGER_8CA8B414-D855646C.pf (File)
Successfully deleted: C:\Windows\prefetch\GOOGLETOOLBARMANAGER_A6282D74-32661EF9.pf (File)
Successfully deleted: C:\Windows\prefetch\GOOGLETOOLBARNOTIFIER.EXE-B25C45A8.pf (File)
Successfully deleted: C:\Windows\prefetch\GOOGLETOOLBARUSER_32.EXE-992C17DF.pf (File)



Registry: 3

Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A9023C7-F04A-4D4F-9750-E2859B5A71FD} (Registry Key)
Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} (Registry Key)
Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} (Registry Key)




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 04/04/2016 at 16:36:30.41
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




# AdwCleaner v5.108 - Logfile created 04/04/2016 at 16:31:56
# Updated 30/03/2016 by Xplode
# Database : 2016-04-03.2 [Server]
# Operating system : Windows 8.1 (x64)
# Username : rogerpc - ROGER
# Running from : C:\Users\rogerpc\Desktop\adwcleaner_5.108.exe
# Option : Scan
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****

Folder Found : C:\Users\rogerpc\AppData\Local\DriverToolkit

***** [ Files ] *****


***** [ DLL ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

Key Found : HKLM\SOFTWARE\Classes\protector_dll.Protector
Key Found : HKLM\SOFTWARE\Classes\protector_dll.Protector.1
Key Found : HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib
Key Found : HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib.1
Key Found : HKCU\Software\DriverToolkit
Key Found : HKU\S-1-5-21-339079225-1289120480-1685784122-1001\Software\DriverToolkit
Key Found : HKU\S-1-5-21-339079225-1289120480-1685784122-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\DriverToolkit
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\akamaihd.net
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\zvsuhljiha-a.akamaihd.net

***** [ Web browsers ] *****

[C:\Users\rogerpc\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : uk.ask.com

*************************

C:\AdwCleaner\AdwCleaner[S1].txt - [1463 bytes] - [04/04/2016 16:31:56]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1536 bytes] ##########
 
This topic is marked as abandoned and closed due to inactivity.

This member will NOT be eligible to receive any more help in malware removal forum.
 
Status
Not open for further replies.

Similar threads

uber_beetle
Infected with fake ad pop-ups - posting FRST and Addition
Replies
12
Views
829
uber_beetle
uber_beetle
wshknwntlprtmn
  • Locked
Inactive Not sure what's going on here....
Replies
12
Views
2K
Broni
Broni
E
Solved Svchost.exe launching multiple iexplore.exe - unknown cause
Replies
23
Views
3K
Broni
Broni

Latest posts

Back