Solved Win32 malware virus help

[JstaDrmer]

My anti virus has detected a malware virus which is in my virus chest (Avast) I'm so totally not tech savvy.. Can someone help me? I'm running Windows 8.1

 

[Broni]

Welcome aboard

Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

Please, observe following rules:

• Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
• If you're stuck, or you're not sure about certain step, always ask before doing anything else.
• Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
• Never run more than one scan at a time.
• Keep updating me regarding your computer behavior, good, or bad.
• The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
• If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
• I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

 

[JstaDrmer]

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20-08-2017
Ran by jstadrmer (administrator) on DONNAS (01-09-2017 13:07:36)
Running from C:\Users\jstadrmer\Desktop
Loaded Profiles: jstadrmer (Available Profiles: jstadrmer)
Platform: Windows 8.1 (Update) (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(HP Inc.) C:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe
(Intel(R) Corporation) C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(AVAST Software s.r.o.) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
(WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.18384_none_fa1d93c39b41b41a\TiWorker.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9181696 2016-12-23] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1483264 2016-12-23] (Realtek Semiconductor)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [239856 2017-08-31] (AVAST Software)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe [657424 2016-01-11] (HP Inc.)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKU\S-1-5-21-3784584723-1383416702-3227458746-1001\...\Policies\Explorer: [NolowDiskSpaceChecks] 1
HKU\S-1-5-21-3784584723-1383416702-3227458746-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Bubbles.scr [788480 2014-10-28] (Microsoft Corporation)
HKU\S-1-5-18\...\Run: [Power2GoExpress8] => C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe [1728952 2015-06-22] (CyberLink Corp.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 208.180.42.68 208.180.42.100
Tcpip\..\Interfaces\{2EA581E0-C648-49CE-8DC1-180DF68C2B55}: [DhcpNameServer] 208.180.42.68 208.180.42.100
Tcpip\..\Interfaces\{7691DFD3-241B-4987-A4A6-9DC6F984835B}: [DhcpNameServer] 208.180.42.68 208.180.42.100

Internet Explorer:
==================
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPNOT14/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT14/1
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPNOT14/1
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT14/1
HKU\S-1-5-21-3784584723-1383416702-3227458746-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yahoo.com/
HKU\S-1-5-21-3784584723-1383416702-3227458746-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT14/1
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {EE28A1CD-6476-478D-AC30-456837B1888E} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2017-08-31] (AVAST Software)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2017-08-31] (AVAST Software)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2014-04-04] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)

FireFox:
========
FF ProfilePath: C:\Users\jstadrmer\AppData\Roaming\Mozilla\Firefox\Profiles\iwye3jv9.default-1477071995893 [2017-09-01]
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\iwye3jv9.default-1477071995893 -> Yahoo
FF Homepage: Mozilla\Firefox\Profiles\iwye3jv9.default-1477071995893 -> www.yahoo.com
FF Extension: (Avast SafePrice) - C:\Users\jstadrmer\AppData\Roaming\Mozilla\Firefox\Profiles\iwye3jv9.default-1477071995893\Extensions\sp@avast.com.xpi [2017-08-24]
FF Extension: (Avast Online Security) - C:\Users\jstadrmer\AppData\Roaming\Mozilla\Firefox\Profiles\iwye3jv9.default-1477071995893\Extensions\wrc@avast.com.xpi [2017-08-17]
FF HKLM-x32\...\Firefox\Extensions: [firefox@bho.com] - C:\Program Files\Hewlett-Packard\SimplePass\FFBHOExt => not found
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_26_0_0_151.dll [2017-08-10] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_26_0_0_151.dll [2017-08-10] ()
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2016-03-24] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2016-03-24] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2016-03-24] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2016-03-24] (Foxit Corporation)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2013-08-05] ()

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fidikogfgleiaefnjbmnjaplmgknppkg] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7452288 2017-08-31] (AVAST Software s.r.o.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [275208 2017-08-31] (AVAST Software)
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-04-24] (WildTangent)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [321896 2017-07-06] (HP Inc.)
R2 HPWMISVC; C:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe [606224 2016-01-11] (HP Inc.)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [318568 2015-08-18] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [733696 2013-07-02] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [822232 2013-07-02] (Intel(R) Corporation)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [389896 2014-04-14] ()
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [322560 2016-12-23] (Realtek Semiconductor)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [258152 2016-12-01] (Synaptics Incorporated)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 aswbidsdriver; C:\Windows\system32\drivers\aswbidsdrivera.sys [320528 2017-08-31] (AVAST Software s.r.o.)
R0 aswbidsh; C:\Windows\system32\drivers\aswbidsha.sys [198976 2017-08-31] (AVAST Software s.r.o.)
R0 aswblog; C:\Windows\system32\drivers\aswbloga.sys [343296 2017-08-31] (AVAST Software s.r.o.)
R0 aswbuniv; C:\Windows\system32\drivers\aswbuniva.sys [57736 2017-08-31] (AVAST Software s.r.o.)
S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [47016 2017-08-31] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [41832 2017-08-31] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [147784 2017-08-31] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [110376 2017-08-31] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\drivers\aswRvrt.sys [84416 2017-08-31] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1016384 2017-08-31] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [590880 2017-08-31] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [199312 2017-08-31] (AVAST Software)
R0 aswVmm; C:\Windows\system32\drivers\aswVmm.sys [361336 2017-08-31] (AVAST Software)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [100624 2015-06-08] (CyberLink)
R3 GPIO; C:\Windows\System32\drivers\iaiogpioe.sys [31232 2015-08-17] (Intel Corporation)
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [26528 2015-08-17] (REALiX(tm))
R0 MBI; C:\Windows\System32\drivers\MBI.sys [29464 2014-01-23] (Intel Corporation)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [328920 2016-12-01] (Realtek Semiconductor Corp.)
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [6393856 2016-12-29] (Realtek Semiconductor Corporation )
S3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [33448 2015-08-17] (Synaptics Incorporated)
R3 TXEIx64; C:\Windows\System32\drivers\TXEIx64.sys [88592 2014-01-15] (Intel Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 wdm_usb; C:\Windows\system32\DRIVERS\usb2ser.sys [159936 2016-08-16] (MBB)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
S3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [31656 2016-12-01] (HP)
R3 WirelessButtonDriver64; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [31656 2016-12-01] (HP)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-09-01 13:07 - 2017-09-01 13:08 - 000013075 _____ C:\Users\jstadrmer\Desktop\FRST.txt
2017-09-01 13:07 - 2017-09-01 13:07 - 000000000 ____D C:\FRST
2017-09-01 13:04 - 2017-09-01 13:04 - 002395648 _____ (Farbar) C:\Users\jstadrmer\Desktop\FRST64.exe
2017-09-01 12:59 - 2017-09-01 12:59 - 000000000 ____D C:\ProgramData\SWCUTemp
2017-08-31 12:49 - 2017-08-31 12:49 - 000003888 _____ C:\Windows\System32\Tasks\SafeZone scheduled Autoupdate 1458769468
2017-08-31 12:49 - 2017-08-31 12:49 - 000001072 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
2017-08-31 12:47 - 2017-08-31 12:47 - 000003914 _____ C:\Windows\System32\Tasks\Avast Emergency Update
2017-08-31 12:47 - 2017-08-31 12:46 - 000590880 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2017-08-31 12:47 - 2017-08-31 12:46 - 000361336 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2017-08-31 12:47 - 2017-08-31 12:46 - 000199312 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2017-08-31 12:47 - 2017-08-31 12:46 - 000147784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2017-08-31 12:47 - 2017-08-31 12:46 - 000110376 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2017-08-31 12:47 - 2017-08-31 12:46 - 000084416 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2017-08-31 12:47 - 2017-08-31 12:46 - 000047016 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2017-08-31 12:47 - 2017-08-31 12:45 - 001016384 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2017-08-31 12:47 - 2017-08-31 12:45 - 000343296 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbloga.sys
2017-08-31 12:47 - 2017-08-31 12:45 - 000320528 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsdrivera.sys
2017-08-31 12:47 - 2017-08-31 12:45 - 000198976 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsha.sys
2017-08-31 12:47 - 2017-08-31 12:45 - 000057736 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbuniva.sys
2017-08-31 12:47 - 2017-08-31 12:45 - 000041832 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2017-08-31 12:46 - 2017-08-31 12:46 - 000401488 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2017-08-29 18:46 - 2017-08-31 12:49 - 000000362 _____ C:\Windows\Tasks\HPCeeScheduleForjstadrmer.job
2017-08-29 18:46 - 2017-08-29 18:46 - 000003184 _____ C:\Windows\System32\Tasks\HPCeeScheduleForjstadrmer
2017-08-12 02:48 - 2017-08-12 04:42 - 000000000 ____D C:\Program Files\Mozilla Firefox
2017-08-12 02:46 - 2017-08-12 02:46 - 047607360 _____ (Mozilla) C:\Users\jstadrmer\Desktop\Firefox Setup 52.3.0esr.exe
2017-08-11 14:07 - 2017-08-31 01:48 - 000001879 _____ C:\Users\jstadrmer\Desktop\Snapshot_20170811.lnk

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-09-01 12:58 - 2016-11-18 05:21 - 000000000 ____D C:\Users\jstadrmer\AppData\LocalLow\Mozilla
2017-08-31 19:08 - 2016-02-13 00:43 - 000000410 _____ C:\Windows\Tasks\update-S-1-5-21-3784584723-1383416702-3227458746-1001.job
2017-08-31 18:55 - 2015-08-16 22:42 - 000000000 ____D C:\Users\jstadrmer\Documents\Youcam
2017-08-31 14:46 - 2015-08-16 18:46 - 000003600 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3784584723-1383416702-3227458746-1001
2017-08-31 13:27 - 2016-02-13 00:43 - 000000410 _____ C:\Windows\Tasks\update-sys.job
2017-08-31 12:55 - 2014-03-18 05:53 - 000956540 _____ C:\Windows\system32\PerfStringBackup.INI
2017-08-31 12:55 - 2013-08-22 09:36 - 000000000 ____D C:\Windows\Inf
2017-08-31 12:49 - 2013-08-22 10:45 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2017-08-31 12:48 - 2013-08-22 09:25 - 000262144 ___SH C:\Windows\system32\config\BBI
2017-08-25 17:45 - 2015-11-02 16:53 - 000192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-08-22 13:40 - 2015-08-16 22:40 - 000000000 ____D C:\Users\jstadrmer
2017-08-21 21:40 - 2016-09-24 03:37 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-08-21 21:40 - 2015-08-16 19:22 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-08-20 13:12 - 2013-08-22 11:36 - 000000000 ____D C:\Windows\AppReadiness
2017-08-12 04:42 - 2015-08-16 19:22 - 000000949 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2017-08-10 14:52 - 2013-08-22 11:36 - 000000000 ____D C:\Windows\system32\NDF
2017-08-10 14:23 - 2015-08-16 23:01 - 000000000 ____D C:\Users\jstadrmer\AppData\Local\Adobe
2017-08-10 14:22 - 2016-11-30 19:25 - 000004288 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-08-10 14:22 - 2013-08-22 11:36 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2017-08-10 14:22 - 2013-08-22 11:36 - 000000000 ____D C:\Windows\system32\Macromed
2017-08-09 16:13 - 2013-08-22 11:36 - 000000000 ___HD C:\Program Files\WindowsApps
2017-08-06 18:14 - 2016-10-27 13:06 - 000000000 ___RD C:\Users\jstadrmer\Desktop\Mp3s2
2017-08-05 15:30 - 2013-08-22 11:20 - 000000000 ____D C:\Windows\CbsTemp
2017-08-04 06:32 - 2016-12-14 02:23 - 000000000 ____D C:\Users\jstadrmer\Desktop\New folder
2017-08-03 05:06 - 2017-07-23 01:29 - 000000000 ____D C:\Users\jstadrmer\Desktop\Mp3s1
2017-08-03 04:09 - 2017-05-21 19:46 - 000000000 ____D C:\Users\jstadrmer\ACDC
2017-08-03 03:36 - 2016-02-13 00:43 - 000000059 _____ C:\Users\jstadrmer\AppData\Local\UserProducts.xml
2017-08-03 03:36 - 2016-02-13 00:43 - 000000000 ____D C:\Program Files (x86)\Skillbrains

==================== Files in the root of some directories =======

2016-01-06 20:29 - 2016-01-06 20:29 - 000164625 _____ () C:\Users\jstadrmer\AppData\Local\ars.cache
2016-01-06 20:29 - 2016-01-06 20:29 - 000410995 _____ () C:\Users\jstadrmer\AppData\Local\census.cache
2016-01-06 20:18 - 2016-01-06 20:18 - 000000036 _____ () C:\Users\jstadrmer\AppData\Local\housecall.guid.cache
2016-01-06 20:24 - 2016-01-06 20:24 - 000000010 _____ () C:\Users\jstadrmer\AppData\Local\sponge.last.runtime.cache
2016-02-13 00:43 - 2016-02-13 00:43 - 000000003 _____ () C:\Users\jstadrmer\AppData\Local\updater.log
2016-02-13 00:43 - 2017-08-03 03:36 - 000000059 _____ () C:\Users\jstadrmer\AppData\Local\UserProducts.xml

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-08-25 17:20

==================== End of FRST.txt ============================

 

[JstaDrmer]

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-08-2017
Ran by jstadrmer (01-09-2017 13:09:28)
Running from C:\Users\jstadrmer\Desktop
Windows 8.1 (Update) (X64) (2015-08-17 02:40:08)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3784584723-1383416702-3227458746-500 - Administrator - Disabled)
Guest (S-1-5-21-3784584723-1383416702-3227458746-501 - Limited - Disabled)
jstadrmer (S-1-5-21-3784584723-1383416702-3227458746-1001 - Administrator - Enabled) => C:\Users\jstadrmer

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

4 Elements II (HKLM-x32\...\WTA-4010521f-da94-41ea-96e0-226fc728ad13) (Version: 2.2.0.98 - WildTangent) Hidden
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Flash Player 26 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 26.0.0.151 - Adobe Systems Incorporated)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 17.6.2310 - AVAST Software)
Azkend 2: The World Beneath (HKLM-x32\...\WTA-9ff0d3cb-8a58-4f3c-a5a9-c0d2302fdb83) (Version: 2.2.0.98 - WildTangent) Hidden
Barn Yarn Collector's Edition (HKLM-x32\...\WTA-ff7d180c-2a88-47d7-8b94-68b9afe70c46) (Version: 3.0.2.48 - WildTangent) Hidden
Bejeweled 3 (HKLM-x32\...\WTA-9e8b8ab3-43ed-4187-875b-45d6565f971f) (Version: 3.0.2.59 - WildTangent) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Build-a-lot Mysteries (HKLM-x32\...\WTA-1083ab8d-f44d-414a-976e-c40459fe38db) (Version: 3.0.2.51 - WildTangent) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.26 - Piriform)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
Curse at Twilight (HKLM-x32\...\WTA-849bee52-8b97-4723-a26d-93d1db049c4b) (Version: 3.0.2.51 - WildTangent) Hidden
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.9.4928 - CyberLink Corp.)
Cyberlink PhotoDirector (HKLM\...\{5A454EC5-217A-42a5-8CE1-2DDEC4E70E01}) (Version: 5.0.5.6618 - CyberLink Corp.) Hidden
Cyberlink PhotoDirector (HKLM-x32\...\InstallShield_{5A454EC5-217A-42a5-8CE1-2DDEC4E70E01}) (Version: 5.0.5.6618 - CyberLink Corp.)
CyberLink Power Media Player 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.6.5104 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.10.5422 - CyberLink Corp.)
CyberLink PowerDirector 12 (HKLM\...\{E1646825-D391-42A0-93AA-27FA810DA093}) (Version: 12.0.3.3812 - CyberLink Corp.) Hidden
CyberLink PowerDirector 12 (HKLM-x32\...\InstallShield_{E1646825-D391-42A0-93AA-27FA810DA093}) (Version: 12.0.3.3812 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 5.0.6.5011 - CyberLink Corp.)
Delicious - Emily's Wonder Wedding Premium Edition (HKLM-x32\...\WTA-3508ec38-167c-45e5-915c-ea8618746272) (Version: 3.0.2.48 - WildTangent) Hidden
DisableMSDefender (HKLM\...\{74FE39A0-FB76-47CD-84BA-91E2BBB17EF2}) (Version: 1.0.0 - Hewlett-Packard Company) Hidden
DummyInstaller (HKLM-x32\...\{E2210743-20C9-48E3-BA03-B1E39772E662}) (Version: 1.0.0 - Microsoft)
Energy Star (HKLM\...\{465CA2B6-98AF-4E77-BE22-A908C34BB9EC}) (Version: 1.0.9 - Hewlett-Packard Company)
Evernote v. 5.3 (HKLM-x32\...\{E461B1AC-BC3C-11E3-B5B8-00163E98E7D6}) (Version: 5.3.0.3360 - Evernote Corp.)
Farm Frenzy (HKLM-x32\...\WTA-98d91570-1d26-4169-a8dd-9ea79691b674) (Version: 3.0.2.59 - WildTangent) Hidden
Farmington Tales 2 - Winter Crop (HKLM-x32\...\WTA-32e5984c-b8cf-477d-baed-69a46839ae8b) (Version: 3.0.2.59 - WildTangent) Hidden
Fishdom 3: Collector's Edition (HKLM-x32\...\WTA-7f66346d-e857-417f-aff3-233fa969fb97) (Version: 3.0.2.38 - WildTangent) Hidden
Fort Defense (HKLM-x32\...\WTA-a7061a97-2552-4575-a0db-ef86adb069f6) (Version: 3.0.2.51 - WildTangent) Hidden
Foxit PhantomPDF (HKLM-x32\...\{C996973D-FCC1-4362-80D8-5305CBEA995E}) (Version: 7.0.313.1030 - Foxit Software Inc.)
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.21.123 - Google Inc.) Hidden
Governor of Poker 2 Premium Edition (HKLM-x32\...\WTA-8cc72dca-5c50-45fc-a627-a64047886b04) (Version: 3.0.2.59 - WildTangent) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (HKLM-x32\...\{6F340107-F9AA-47C6-B54C-C3A19F11553F}) (Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP Documentation (HKLM-x32\...\{90CE78B2-4F84-4BE8-B55C-ED85759C8445}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.7745.4851 - Hewlett-Packard)
HP SimplePass (HKLM-x32\...\InstallShield_{314FAD12-F785-4471-BCE8-AB506642B9A1}) (Version: 8.01.46 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{61EB474B-67A6-47F4-B1B7-386851BAB3D0}) (Version: 8.4.19.3 - Hewlett-Packard Company)
HP Support Solutions Framework (HKLM-x32\...\{F6A11738-3EE4-4573-AEA5-6CD5D491C167}) (Version: 12.7.27.15 - Hewlett-Packard Company)
HP System Event Utility (HKLM-x32\...\{025C1573-2F1D-46AF-BAB8-594EBF56A889}) (Version: 1.4.11 - HP Inc.)
HP Utility Center (HKLM\...\{E8F2076D-1885-4A0F-83D8-77B1F9D384CE}) (Version: 2.5.2 - Hewlett-Packard Company)
HP Wireless Button Driver (HKLM-x32\...\{EFA01423-3857-468C-B7B6-F30AA08E50BC}) (Version: 1.1.5.1 - Hewlett-Packard)
Inst5675 (HKLM\...\{2DE6247C-7077-451B-8BA7-FFD1A2ABBB47}) (Version: 8.01.46 - Softex Inc.) Hidden
Inst5676 (HKLM\...\{878F6913-7421-4713-97F7-0A736EE2A188}) (Version: 8.01.46 - Softex Inc.) Hidden
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3958 - Intel Corporation)
Intel(R) Sideband Fabric Device Driver (HKLM-x32\...\C5A8BC6E-723A-4C0F-96E1-C426D1A4BCA9) (Version: 1.70.305.16316 - Intel Corporation)
Intel(R) Trusted Execution Engine (HKLM\...\{176E2755-0A17-42C6-88E2-192AB2131278}) (Version: 1.0.0.1064 - Intel Corporation)
Jewel Match 3 (HKLM-x32\...\WTA-3bd509d1-9cb9-414c-af37-c8b914a59b5c) (Version: 3.0.2.59 - WildTangent) Hidden
Joining Hands 2 (HKLM-x32\...\WTA-4754ab20-3101-4c46-8990-1fe4177874e9) (Version: 3.0.2.51 - WildTangent) Hidden
Jo's Dream Organic Coffee 2 (HKLM-x32\...\WTA-25babab5-5be2-4119-86d8-39d8ee03b1e9) (Version: 3.0.2.59 - WildTangent) Hidden
Lost in Reefs 2 (HKLM-x32\...\WTA-82ad941e-7fba-4f6f-b10c-9d7b3d5ea4ce) (Version: 3.0.2.51 - WildTangent) Hidden
LUXOR Evolved (HKLM-x32\...\WTA-efad52be-479c-4b9c-9e35-e4c000dfc6a6) (Version: 2.2.0.98 - WildTangent) Hidden
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 52.3.0 ESR (x64 en-US) (HKLM\...\Mozilla Firefox 52.3.0 ESR (x64 en-US)) (Version: 52.3.0 - Mozilla)
Mozilla Firefox 55.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 55.0.1 (x86 en-US)) (Version: 55.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 52.3.0 - Mozilla)
Mystery P.I. - Curious Case of Counterfeit Cove (HKLM-x32\...\WTA-d5cc983c-71f5-4571-9c03-2b9ce6fbfe06) (Version: 3.0.2.59 - WildTangent) Hidden
Peggle Nights (HKLM-x32\...\WTA-f81dc5f6-8b6e-46d4-a88c-ddf1da7df770) (Version: 2.2.0.98 - WildTangent) Hidden
Penguins! (HKLM-x32\...\WTA-294269e4-b1ac-40b7-b6b5-d956aa057634) (Version: 3.0.2.59 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (HKLM-x32\...\WTA-4915060b-20b3-4a67-b34c-9321865c25fe) (Version: 3.0.2.51 - WildTangent) Hidden
Polar Bowler 1st Frame (HKLM-x32\...\WTA-e491b000-ec06-4b66-8d75-01e17a2729fb) (Version: 3.0.2.59 - WildTangent) Hidden
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10586.29092 - Realtek Semiconduct Corp.)
Realtek Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 8.35.716.2014 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8004 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{A5107464-AA9B-4177-8129-5FF2F42DD322}) (Version: 1.0.0.33 - REALTEK Semiconductor Corp.)
Roads of Rome 3 (HKLM-x32\...\WTA-14d2e9a1-491f-4cca-a5af-8e8b4b38a29a) (Version: 2.2.0.98 - WildTangent) Hidden
SafeZone Stable 4.58.2552.909 (HKLM-x32\...\SafeZone 4.58.2552.909) (Version: 4.58.2552.909 - Avast Software) Hidden
Solitaire Mystery Four Seasons (HKLM-x32\...\WTA-b9de33e5-bf16-4d79-8a4e-39912c87e282) (Version: 3.0.2.51 - WildTangent) Hidden
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.3.11.37 - Synaptics Incorporated)
Update Installer for WildTangent Games App (HKLM-x32\...\{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App) (Version: - WildTangent) Hidden
Viking Saga (HKLM-x32\...\WTA-eabbdfa0-2d34-4eb7-b189-bb91aecb2cff) (Version: 3.0.2.48 - WildTangent) Hidden
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App for HP (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp) (Version: 4.0.11.9 - WildTangent) Hidden
Youda Jewel Shop (HKLM-x32\...\WTA-d618ce9d-84e9-454d-8df2-27dc4a95327f) (Version: 3.0.2.51 - WildTangent) Hidden

==================== Custom CLSID (Whitelisted): ==========================

 

[Broni]

The second log is incomplete.

 

[JstaDrmer]

Broni, I'm having trouble posting the Addition log.. It keeps saying error.. spam-like or something. I'm not sure what to do now.

 

[JstaDrmer]

Your content can not be submitted. This is likely because your content is spam-like or contains inappropriate elements. Please change your content or try again later. If you still have problems, please contact an administrator. <--- Is the message I get when I try to post.

 

[Broni]

Attach it.

 

[JstaDrmer]

Here is the attachment Broni.. Thank you

 

[Broni]

Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2

• Close all the running programs
• Double click on downloaded setup.exe file to install the program.
• Click on Start Scan button.
• Click on another Start Scan button.
• Wait until the Status box shows Scan Finished
• Click on Remove Selected.
• Wait until the Status box shows Deleting Finished.
• Click on Report and copy/paste the content of the Notepad into your next reply.
• RKreport.txt could also be found on your desktop.
• If more than one log is produced post all logs.

Please download Malwarebytes to your desktop.

• Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program.
• Then click Finish.
• Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.
• If another update of the definitions is available, it will be implemented before the rest of the scanning procedure.
• When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
• Restart your computer when prompted to do so.
• The Scan log is available throughout History ->Application logs. Please post it contents in your next reply.

Please download AdwCleaner by Xplode and save to your Desktop.

• Double click on AdwCleaner.exe to run the tool.
  Vista/Windows 7/8 users right-click and select Run As Administrator
• The tool will start to update the database if one is required.
• Click on the Scan button.
• AdwCleaner will begin...be patient as the scan may take some time to complete.
• After the scan has finished, click on the Logfile button.
• A window will open which lists the logs of your scans.
• Click on the Scan tab.
• Double-click the most recent scan which will be at the top of the list....the log will appear.
• Review the results...see note below
• After reviewing the log, click on the Clean button.
• Press OK when asked to close all programs and follow the onscreen prompts.
• Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
• After rebooting, a logfile report (AdwCleaner[CX].txt) will open automatically (where the largest value of X represents the most recent report).
• To open a Cleaning log, launch AdwareClearer, click on the Logfile button, click on the Cleaning tab and double-click the log at the top of the list.
• Copy and paste the contents of AdwCleaner[CX].txt in your next reply.
• A copy of all logfiles are saved to C:\AdwCleaner.

-- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name or entry that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on and uncheck any items you want to keep.

Please download Junkware Removal Tool to your desktop.

• Shut down your protection software now to avoid potential conflicts.
• Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
• The tool will open and start scanning your system.
• Please be patient as this can take a while to complete depending on your system's specifications.
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• Post the contents of JRT.txt into your next message.

 

[JstaDrmer]

RogueKiller V12.11.12.0 (x64) [Aug 28 2017] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : https://forum.adlice.com
Website : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 8.1 (6.3.9600) 64 bits version
Started in : Normal mode
User : jstadrmer [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Scan -- Date : 09/02/2017 16:06:52 (Duration : 00:47:05)
Switches : -refid

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 0 ¤¤¤

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: HGST HTS545050A7E680 +++++
--- User ---
[MBR] c7f52685143032abe802391d0e611ba3
[BSP] 9228d8a77582526302a77fed98ae30de : Empty MBR Code
Partition table:
0 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 2048 | Size: 650 MB
1 - [MAN-MOUNT] EFI system partition | Offset (sectors): 1333248 | Size: 260 MB
2 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 1865728 | Size: 128 MB
3 - Basic data partition | Offset (sectors): 2127872 | Size: 452288 MB
4 - [SYSTEM] Basic data partition | Offset (sectors): 928413696 | Size: 23608 MB
User = LL1 ... OK
User = LL2 ... OK

 

[JstaDrmer]

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 9/2/2017
Scan Time: 5:14 PM
Logfile: Malwarebytes.txt
Administrator: Yes

Version: 2.2.1.1043
Malware Database: v2017.09.02.07
Rootkit Database: v2017.08.02.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 8.1
CPU: x64
File System: NTFS
User: jstadrmer

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 269640
Time Elapsed: 40 min, 54 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

 

[JstaDrmer]

It's not letting me post the AdwCleaner txt.. same message as before.

 

[Broni]

Attach it.

 

[JstaDrmer]

Ok.. Sorry it takes me awhile Broni

 

[JstaDrmer]

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.4 (07.09.2017)
Operating System: Windows 8.1 x64
Ran by jstadrmer (Administrator) on Sat 09/02/2017 at 20:12:04.14
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 7

Successfully deleted: C:\ProgramData\productdata (Folder)
Successfully deleted: C:\Users\jstadrmer\AppData\Roaming\productdata (Folder)
Successfully deleted: C:\Windows\system32\Tasks\Driver Booster SkipUAC (jstadrmer) (Task)
Successfully deleted: C:\Windows\system32\Tasks\update-S-1-5-21-3784584723-1383416702-3227458746-1001 (Task)
Successfully deleted: C:\Windows\system32\Tasks\update-sys (Task)
Successfully deleted: C:\Windows\Tasks\update-S-1-5-21-3784584723-1383416702-3227458746-1001.job (Task)
Successfully deleted: C:\Windows\Tasks\update-sys.job (Task)

user_pref(extensions.ascsurfingprotectionnew@iobit.com.sdk.baseURI, resource://ascsurfingprotectionnew-at-iobit-dot-com/);
user_pref(extensions.ascsurfingprotectionnew@iobit.com.sdk.domain, ascsurfingprotectionnew-at-iobit-dot-com);
user_pref(extensions.ascsurfingprotectionnew@iobit.com.sdk.load.reason, startup);
user_pref(extensions.ascsurfingprotectionnew@iobit.com.sdk.rootURI, jar:file:///C:/Users/jstadrmer/AppData/Roaming/Mozilla/Firefox/Profiles/iwye3jv9.default-1477071995893/e
user_pref(extensions.ascsurfingprotectionnew@iobit.com.sdk.version, 2.1.3);



Registry: 1

Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{EE28A1CD-6476-478D-AC30-456837B1888E} (Registry Key)




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 09/02/2017 at 20:14:09.98
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

[Broni]

Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.

• Double click to run it.
• Make sure you checkmark Addition.txt box.
• Press Scan button.
• Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.

 

[JstaDrmer]

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20-08-2017
Ran by jstadrmer (administrator) on DONNAS (02-09-2017 21:21:07)
Running from C:\Users\jstadrmer\Desktop
Loaded Profiles: jstadrmer (Available Profiles: jstadrmer)
Platform: Windows 8.1 (Update) (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(HP Inc.) C:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe
(Intel(R) Corporation) C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(AVAST Software s.r.o.) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9181696 2016-12-23] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1483264 2016-12-23] (Realtek Semiconductor)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [239856 2017-08-31] (AVAST Software)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe [657424 2016-01-11] (HP Inc.)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKU\S-1-5-21-3784584723-1383416702-3227458746-1001\...\Policies\Explorer: [NolowDiskSpaceChecks] 1
HKU\S-1-5-21-3784584723-1383416702-3227458746-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Bubbles.scr [788480 2014-10-28] (Microsoft Corporation)
HKU\S-1-5-18\...\Run: [Power2GoExpress8] => C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe [1728952 2015-06-22] (CyberLink Corp.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 208.180.42.68 208.180.42.100
Tcpip\..\Interfaces\{2EA581E0-C648-49CE-8DC1-180DF68C2B55}: [DhcpNameServer] 208.180.42.68 208.180.42.100
Tcpip\..\Interfaces\{7691DFD3-241B-4987-A4A6-9DC6F984835B}: [DhcpNameServer] 208.180.42.68 208.180.42.100

Internet Explorer:
==================
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPNOT14/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT14/1
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPNOT14/1
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT14/1
HKU\S-1-5-21-3784584723-1383416702-3227458746-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yahoo.com/
HKU\S-1-5-21-3784584723-1383416702-3227458746-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT14/1
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2017-08-31] (AVAST Software)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2017-08-31] (AVAST Software)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2014-04-04] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)

FireFox:
========
FF ProfilePath: C:\Users\jstadrmer\AppData\Roaming\Mozilla\Firefox\Profiles\iwye3jv9.default-1477071995893 [2017-09-02]
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\iwye3jv9.default-1477071995893 -> Yahoo
FF Homepage: Mozilla\Firefox\Profiles\iwye3jv9.default-1477071995893 -> www.yahoo.com
FF Extension: (Avast SafePrice) - C:\Users\jstadrmer\AppData\Roaming\Mozilla\Firefox\Profiles\iwye3jv9.default-1477071995893\Extensions\sp@avast.com.xpi [2017-08-24]
FF Extension: (Avast Online Security) - C:\Users\jstadrmer\AppData\Roaming\Mozilla\Firefox\Profiles\iwye3jv9.default-1477071995893\Extensions\wrc@avast.com.xpi [2017-08-17]
FF HKLM-x32\...\Firefox\Extensions: [firefox@bho.com] - C:\Program Files\Hewlett-Packard\SimplePass\FFBHOExt => not found
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_26_0_0_151.dll [2017-08-10] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_26_0_0_151.dll [2017-08-10] ()
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2016-03-24] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2016-03-24] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2016-03-24] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2016-03-24] (Foxit Corporation)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2013-08-05] ()

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fidikogfgleiaefnjbmnjaplmgknppkg] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7452288 2017-08-31] (AVAST Software s.r.o.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [275208 2017-08-31] (AVAST Software)
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-04-24] (WildTangent)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [321896 2017-07-06] (HP Inc.)
R2 HPWMISVC; C:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe [606224 2016-01-11] (HP Inc.)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [318568 2015-08-18] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [733696 2013-07-02] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [822232 2013-07-02] (Intel(R) Corporation)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [389896 2014-04-14] ()
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [322560 2016-12-23] (Realtek Semiconductor)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [258152 2016-12-01] (Synaptics Incorporated)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 aswbidsdriver; C:\Windows\system32\drivers\aswbidsdrivera.sys [320528 2017-08-31] (AVAST Software s.r.o.)
R0 aswbidsh; C:\Windows\system32\drivers\aswbidsha.sys [198976 2017-08-31] (AVAST Software s.r.o.)
R0 aswblog; C:\Windows\system32\drivers\aswbloga.sys [343296 2017-08-31] (AVAST Software s.r.o.)
R0 aswbuniv; C:\Windows\system32\drivers\aswbuniva.sys [57736 2017-08-31] (AVAST Software s.r.o.)
S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [47016 2017-08-31] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [41832 2017-08-31] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [147784 2017-08-31] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [110376 2017-08-31] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\drivers\aswRvrt.sys [84416 2017-08-31] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1016384 2017-08-31] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [590880 2017-08-31] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [199312 2017-08-31] (AVAST Software)
R0 aswVmm; C:\Windows\system32\drivers\aswVmm.sys [361336 2017-08-31] (AVAST Software)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [100624 2015-06-08] (CyberLink)
R3 GPIO; C:\Windows\System32\drivers\iaiogpioe.sys [31232 2015-08-17] (Intel Corporation)
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [26528 2015-08-17] (REALiX(tm))
R0 MBI; C:\Windows\System32\drivers\MBI.sys [29464 2014-01-23] (Intel Corporation)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [328920 2016-12-01] (Realtek Semiconductor Corp.)
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [6393856 2016-12-29] (Realtek Semiconductor Corporation )
S3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [33448 2015-08-17] (Synaptics Incorporated)
R3 TXEIx64; C:\Windows\System32\drivers\TXEIx64.sys [88592 2014-01-15] (Intel Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 wdm_usb; C:\Windows\system32\DRIVERS\usb2ser.sys [159936 2016-08-16] (MBB)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
S3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [31656 2016-12-01] (HP)
R3 WirelessButtonDriver64; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [31656 2016-12-01] (HP)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-09-02 20:14 - 2017-09-02 20:14 - 000001835 _____ C:\Users\jstadrmer\Desktop\JRT.txt
2017-09-02 19:39 - 2017-09-02 19:39 - 000002578 _____ C:\Users\jstadrmer\Desktop\AdwCleaner[C0].txt
2017-09-02 18:52 - 2017-09-02 18:52 - 001790024 _____ (Malwarebytes) C:\Users\jstadrmer\Desktop\JRT.exe
2017-09-02 18:26 - 2017-09-02 18:26 - 008182736 _____ C:\Users\jstadrmer\Desktop\adwcleaner_7.0.2.1.exe
2017-09-02 18:24 - 2017-09-02 19:38 - 000000000 ____D C:\AdwCleaner
2017-09-02 18:21 - 2017-09-02 18:21 - 000001050 _____ C:\Users\jstadrmer\Desktop\Malwarebytes.txt
2017-09-02 16:06 - 2017-09-02 16:06 - 000028272 _____ C:\Windows\system32\Drivers\TrueSight.sys
2017-09-02 16:05 - 2017-09-02 17:11 - 000000000 ____D C:\ProgramData\RogueKiller
2017-09-02 16:05 - 2017-09-02 16:05 - 000000883 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2017-09-02 16:05 - 2017-09-02 16:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2017-09-02 16:05 - 2017-09-02 16:05 - 000000000 ____D C:\Program Files\RogueKiller
2017-09-02 16:00 - 2017-09-02 16:00 - 008182736 _____ (Malwarebytes) C:\Users\jstadrmer\Desktop\AdwCleaner.exe
2017-09-02 15:58 - 2017-09-02 15:58 - 035783232 _____ (Adlice Software ) C:\Users\jstadrmer\Desktop\RogueKiller_setup_ref3.exe
2017-09-01 13:09 - 2017-09-01 13:10 - 000033076 _____ C:\Users\jstadrmer\Desktop\Addition.txt
2017-09-01 13:07 - 2017-09-02 21:21 - 000012733 _____ C:\Users\jstadrmer\Desktop\FRST.txt
2017-09-01 13:07 - 2017-09-02 21:21 - 000000000 ____D C:\FRST
2017-09-01 13:04 - 2017-09-01 13:04 - 002395648 _____ (Farbar) C:\Users\jstadrmer\Desktop\FRST64.exe
2017-09-01 12:59 - 2017-09-01 12:59 - 000000000 ____D C:\ProgramData\SWCUTemp
2017-08-31 12:49 - 2017-08-31 12:49 - 000003888 _____ C:\Windows\System32\Tasks\SafeZone scheduled Autoupdate 1458769468
2017-08-31 12:49 - 2017-08-31 12:49 - 000001072 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
2017-08-31 12:47 - 2017-08-31 12:47 - 000003914 _____ C:\Windows\System32\Tasks\Avast Emergency Update
2017-08-31 12:47 - 2017-08-31 12:46 - 000590880 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2017-08-31 12:47 - 2017-08-31 12:46 - 000361336 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2017-08-31 12:47 - 2017-08-31 12:46 - 000199312 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2017-08-31 12:47 - 2017-08-31 12:46 - 000147784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2017-08-31 12:47 - 2017-08-31 12:46 - 000110376 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2017-08-31 12:47 - 2017-08-31 12:46 - 000084416 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2017-08-31 12:47 - 2017-08-31 12:46 - 000047016 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2017-08-31 12:47 - 2017-08-31 12:45 - 001016384 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2017-08-31 12:47 - 2017-08-31 12:45 - 000343296 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbloga.sys
2017-08-31 12:47 - 2017-08-31 12:45 - 000320528 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsdrivera.sys
2017-08-31 12:47 - 2017-08-31 12:45 - 000198976 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsha.sys
2017-08-31 12:47 - 2017-08-31 12:45 - 000057736 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbuniva.sys
2017-08-31 12:47 - 2017-08-31 12:45 - 000041832 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2017-08-31 12:46 - 2017-08-31 12:46 - 000401488 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2017-08-29 18:46 - 2017-09-02 18:46 - 000003184 _____ C:\Windows\System32\Tasks\HPCeeScheduleForjstadrmer
2017-08-29 18:46 - 2017-09-02 18:46 - 000000362 _____ C:\Windows\Tasks\HPCeeScheduleForjstadrmer.job
2017-08-12 02:48 - 2017-08-12 04:42 - 000000000 ____D C:\Program Files\Mozilla Firefox
2017-08-12 02:46 - 2017-08-12 02:46 - 047607360 _____ (Mozilla) C:\Users\jstadrmer\Desktop\Firefox Setup 52.3.0esr.exe
2017-08-11 14:07 - 2017-08-31 01:48 - 000001879 _____ C:\Users\jstadrmer\Desktop\Snapshot_20170811.lnk

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-09-02 21:17 - 2016-11-18 05:21 - 000000000 ____D C:\Users\jstadrmer\AppData\LocalLow\Mozilla
2017-09-02 21:14 - 2015-08-16 22:42 - 000000000 ____D C:\Users\jstadrmer\Documents\Youcam
2017-09-02 19:09 - 2015-08-16 18:46 - 000003600 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3784584723-1383416702-3227458746-1001
2017-09-02 18:45 - 2014-03-18 05:53 - 000956540 _____ C:\Windows\system32\PerfStringBackup.INI
2017-09-02 18:45 - 2013-08-22 09:36 - 000000000 ____D C:\Windows\Inf
2017-09-02 18:37 - 2013-08-22 10:45 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2017-09-02 18:37 - 2013-08-22 09:25 - 000262144 ___SH C:\Windows\system32\config\BBI
2017-09-02 18:36 - 2015-08-17 04:32 - 000000000 ____D C:\Users\jstadrmer\AppData\LocalLow\IObit
2017-09-02 18:36 - 2015-08-17 04:30 - 000000000 ____D C:\Users\jstadrmer\AppData\Roaming\IObit
2017-09-02 18:36 - 2015-08-17 04:29 - 000000000 ____D C:\ProgramData\IObit
2017-09-02 17:14 - 2015-11-02 16:53 - 000192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-09-02 16:53 - 2013-08-22 11:36 - 000000000 ___HD C:\Windows\system32\GroupPolicy
2017-08-22 13:40 - 2015-08-16 22:40 - 000000000 ____D C:\Users\jstadrmer
2017-08-21 21:40 - 2016-09-24 03:37 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-08-21 21:40 - 2015-08-16 19:22 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-08-20 13:12 - 2013-08-22 11:36 - 000000000 ____D C:\Windows\AppReadiness
2017-08-12 04:42 - 2015-08-16 19:22 - 000000949 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2017-08-10 14:52 - 2013-08-22 11:36 - 000000000 ____D C:\Windows\system32\NDF
2017-08-10 14:23 - 2015-08-16 23:01 - 000000000 ____D C:\Users\jstadrmer\AppData\Local\Adobe
2017-08-10 14:22 - 2016-11-30 19:25 - 000004288 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-08-10 14:22 - 2013-08-22 11:36 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2017-08-10 14:22 - 2013-08-22 11:36 - 000000000 ____D C:\Windows\system32\Macromed
2017-08-09 16:13 - 2013-08-22 11:36 - 000000000 ___HD C:\Program Files\WindowsApps
2017-08-06 18:14 - 2016-10-27 13:06 - 000000000 ___RD C:\Users\jstadrmer\Desktop\Mp3s2
2017-08-05 15:30 - 2013-08-22 11:20 - 000000000 ____D C:\Windows\CbsTemp
2017-08-04 06:32 - 2016-12-14 02:23 - 000000000 ____D C:\Users\jstadrmer\Desktop\New folder
2017-08-03 05:06 - 2017-07-23 01:29 - 000000000 ____D C:\Users\jstadrmer\Desktop\Mp3s1
2017-08-03 04:09 - 2017-05-21 19:46 - 000000000 ____D C:\Users\jstadrmer\ACDC
2017-08-03 03:36 - 2016-02-13 00:43 - 000000059 _____ C:\Users\jstadrmer\AppData\Local\UserProducts.xml
2017-08-03 03:36 - 2016-02-13 00:43 - 000000000 ____D C:\Program Files (x86)\Skillbrains

==================== Files in the root of some directories =======

2016-01-06 20:29 - 2016-01-06 20:29 - 000164625 _____ () C:\Users\jstadrmer\AppData\Local\ars.cache
2016-01-06 20:29 - 2016-01-06 20:29 - 000410995 _____ () C:\Users\jstadrmer\AppData\Local\census.cache
2016-01-06 20:18 - 2016-01-06 20:18 - 000000036 _____ () C:\Users\jstadrmer\AppData\Local\housecall.guid.cache
2016-01-06 20:24 - 2016-01-06 20:24 - 000000010 _____ () C:\Users\jstadrmer\AppData\Local\sponge.last.runtime.cache
2016-02-13 00:43 - 2016-02-13 00:43 - 000000003 _____ () C:\Users\jstadrmer\AppData\Local\updater.log
2016-02-13 00:43 - 2017-08-03 03:36 - 000000059 _____ () C:\Users\jstadrmer\AppData\Local\UserProducts.xml

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-08-25 17:20

==================== End of FRST.txt ============================

 

[JstaDrmer]

Broni, I will attach the txt for Additions.txt because it won't let me post again.

 

[JstaDrmer]

The Additions.txt

 

[Broni]

Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

[JstaDrmer]

I have to attach the results again as it won't let me post.

 

[Broni]

Last scans....

Download Security Check from here or here and save it to your Desktop.

• Double-click SecurityCheck.exe
• Follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run

Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
Make sure the following options are checked:

• Internet Services
• Windows Firewall
• System Restore
• Security Center
• Windows Update
• Windows Defender
• Other Services

Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.

Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe

• Double click on TFC.exe to run the program.
• Click on Start button to begin cleaning process.
• TFC will close all running programs, and it may ask you to restart computer.

Download Sophos Free Virus Removal Tool and save it to your desktop.

• Double click the icon and select Run
• Click Next
• Select I accept the terms in this license agreement, then click Next twice
• Click Install
• Click Finish to launch the program
• Once the virus database has been updated click Start Scanning
• If any threats are found click Details, then View log file... (bottom left hand corner)
• Copy and paste the results in your reply
• Close the Notepad document, close the Threat Details screen, then click Start cleanup
• Click Exit to close the program

 

[JstaDrmer]

Results of screen317's Security Check version 1.014 --- 12/23/15
x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Avast Antivirus
Windows Defender
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Adobe Flash Player 26.0.0.151
Mozilla Firefox (55.0.1)
````````Process Check: objlist.exe by Laurent````````
Intel TXE Components TCS AvastSvc.exe -?-
AVAST Software Avast AvastUI.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````

 

[JstaDrmer]

Farbar Service Scanner Version: 27-01-2016
Ran by jstadrmer (administrator) on 03-09-2017 at 19:38:27
Running from "C:\Users\jstadrmer\Desktop"
Microsoft Windows 8.1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Policy:
========================


Action Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend: ""%ProgramFiles%\Windows Defender\MsMpEng.exe"".


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MsMpEng.exe => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed


**** End of log ****