[kaps0511]

Hi,

My avast keeps on notifying me with the tag URL:MAL,

this happens even when both firefox and chrome are not running.

I ran a scan with FRST and it gave the following log:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-08-2014
Ran by Kapil (administrator) on KAPIL-LAPTOP on 04-08-2014 22:31:11
Running from C:\Users\Kapil\Desktop\New folder (4)
Platform: Windows 8.1 (X64) OS Language: English (United Kingdom)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingc...can-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingc...can-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Trusteer Ltd.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
() C:\Program Files (x86)\TOSHIBA\Password Utility\GFNEXSrv.exe
(IObit) C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
(Fork Ltd.) C:\Prey\platform\windows\cronsvc.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Trusteer Ltd.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Trusteer Ltd.) C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportInjService_x64.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
() C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoResident.exe
(SRS Labs, Inc.) C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe
(Facebook Inc.) C:\Users\Kapil\AppData\Local\Facebook\Update\FacebookUpdate.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files (x86)\DFX\DFX.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files (x86)\DFX\Universal\Apps\DfxSharedApp32.exe
() C:\Program Files (x86)\DFX\Universal\Apps\DfxSharedApp64.exe
() C:\Program Files (x86)\DFX\Universal\Apps\dfxItunesSong.exe
(IObit) C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
(Toshiba Europe GmbH) C:\Program Files (x86)\Toshiba TEMPRO\Toshiba.Tempro.UI.CommonNotifier.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13196432 2012-09-25] (Realtek Semiconductor)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2611112 2012-09-04] ()
HKLM\...\Run: [TODDMain] => C:\Program Files (x86)\TOSHIBA\System Setting\TODDMain.exe [213136 2012-08-04] ()
HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [169896 2012-08-13] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [356776 2012-07-11] (TOSHIBA Corporation)
HKLM\...\Run: [SRS Premium Sound HD] => C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe [2170784 2012-08-19] (SRS Labs, Inc.)
HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-08-01] (Intel Corporation)
HKLM-x32\...\Run: [TPUReg] => C:\Program Files (x86)\TOSHIBA\Password Utility\TosPU.exe [7148032 2012-10-31] (Pegatron Corporation)
HKLM-x32\...\Run: [TPUReg(x86)] => "C:\Program Files\TOSHIBA\Password Utility\TosPU.exe" /Retimes
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-08-01] (AVAST Software)
HKLM-x32\...\Run: [DFX] => C:\Program Files (x86)\DFX\DFX.exe [1274840 2013-12-24] ()
HKLM-x32\...\Run: [IObit Malware Fighter] => C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe [1601856 2014-06-23] (IObit)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2386906494-3172876625-2459396632-1001\...\Run: [Facebook Update] => C:\Users\Kapil\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-11-05] (Facebook Inc.)
HKU\S-1-5-21-2386906494-3172876625-2459396632-1001\...\Run: [GoogleChromeAutoLaunch_B7441394D1253E362664A5E81D9C6B4B] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [860488 2014-06-05] (Google Inc.)
HKU\S-1-5-21-2386906494-3172876625-2459396632-1001\...\Run: [Google Update] => "C:\Users\Kapil\AppData\Local\Google\Update\GoogleUpdate.exe" /c
HKU\S-1-5-21-2386906494-3172876625-2459396632-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21446272 2014-05-08] (Skype Technologies S.A.)
HKU\S-1-5-21-2386906494-3172876625-2459396632-1001\...\Run: [BlackBerryLink.exe] => "C:\Program Files (x86)\Research In Motion\BlackBerry Link\BlackBerryLink.exe" /minimize
HKU\S-1-5-21-2386906494-3172876625-2459396632-1001\...\Run: [SearchProtection] => "C:\Users\Kapil\AppData\Roaming\Search Protection\SearchProtection.EXE" /autostart
HKU\S-1-5-21-2386906494-3172876625-2459396632-1001\...\Run: [Browser Extensions] => "C:\Users\Kapil\AppData\Roaming\Browser Extensions\CouponsHelper.exe"
HKU\S-1-5-21-2386906494-3172876625-2459396632-1001\...\Policies\system: [DisableChangePassword] 0
HKU\S-1-5-21-2386906494-3172876625-2459396632-1001\...\MountPoints2: {0cb84240-f66b-11e3-bec4-a8e3eee727dc} - "D:\HTC_Sync_Manager_PC.exe"
HKU\S-1-5-21-2386906494-3172876625-2459396632-1001\...\MountPoints2: {1a0b56cb-39b2-11e3-be8e-2016d8eca69e} - "D:\laucher.exe"
AppInit_DLLs: C:\Program Files => C:\Program Files [0 2014-07-04] ()
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://uk.search.ya...p={searchTerms}
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://uk.yahoo.com...t&type=avastbcl
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = https://uk.yahoo.com...t&type=avastbcl
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = https://uk.search.ya...p={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Bar = https://uk.yahoo.com...t&type=avastbcl
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM - {5FD353DA-920A-402A-A545-75F860B29945} URL = http://www.bing.com/...E10TR&pc=MATMJS
SearchScopes: HKLM-x32 - {5FD353DA-920A-402A-A545-75F860B29945} URL = http://www.bing.com/...E10TR&pc=MATMJS
SearchScopes: HKLM-x32 - {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://uk.search.ya...p={searchTerms}
SearchScopes: HKCU - {5FD353DA-920A-402A-A545-75F860B29945} URL =
SearchScopes: HKCU - {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://uk.search.ya...p={searchTerms}
SearchScopes: HKCU - {9F9AEAF9-0FD2-4668-B312-4D6DAE9B99BC} URL = http://uk.search.yah...p={searchTerms}
SearchScopes: HKCU - {F4DB8FCB-B603-45FC-86CA-17728C232EAA} URL = https://uk.search.ya...p={searchTerms}
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Ads Removal -> {9D974C8C-6D92-44FB-BEAF-B45A1C0CF17F} -> C:\Program Files (x86)\IObit\IObit Malware Fighter\adsremoval\IE\Adblock.dll (Adblock)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Kapil\AppData\Roaming\Mozilla\Firefox\Profiles\on6baj6b.default
FF DefaultSearchEngine: Yahoo!
FF SelectedSearchEngine: Yahoo!
FF Homepage: www.google.co.uk
FF Keyword.URL: https://uk.search.ya...&type=800236&p=
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll (Adobe Systems, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\Kapil\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Kapil\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Kapil\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Kapil\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF SearchPlugin: C:\Users\Kapil\AppData\Roaming\Mozilla\Firefox\Profiles\on6baj6b.default\searchplugins\yahoo_ff.xml
FF Extension: Ads Removal - C:\Users\Kapil\AppData\Roaming\Mozilla\Firefox\Profiles\on6baj6b.default\Extensions\[email protected] [2014-08-02]
FF Extension: Amazon Shopping Assistant by Spigot - C:\Users\Kapil\AppData\Roaming\Mozilla\Firefox\Profiles\on6baj6b.default\Extensions\[email protected] [2014-08-02]
FF Extension: Ebay Shopping Assistant by Spigot - C:\Users\Kapil\AppData\Roaming\Mozilla\Firefox\Profiles\on6baj6b.default\Extensions\[email protected] [2014-08-02]
FF Extension: Slick Savings - C:\Users\Kapil\AppData\Roaming\Mozilla\Firefox\Profiles\on6baj6b.default\Extensions\[email protected] [2014-08-02]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-07-25]
FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\McAfee\MSK
FF StartMenuInternet: FIREFOX.EXE - firefox.exe

Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR DefaultSearchKeyword: yahoo.com search
CHR DefaultSearchProvider: Yahoo
CHR DefaultSearchURL: https://uk.search.ya...p={searchTerms}
CHR DefaultNewTabURL:
CHR Extension: (Google Docs) - C:\Users\Kapil\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-11-22]
CHR Extension: (Google Drive) - C:\Users\Kapil\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-11-22]
CHR Extension: (YouTube) - C:\Users\Kapil\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-11-22]
CHR Extension: (Adblock Plus) - C:\Users\Kapil\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2013-11-22]
CHR Extension: (Google Search) - C:\Users\Kapil\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-11-22]
CHR Extension: (save uon) - C:\Users\Kapil\AppData\Local\Google\Chrome\User Data\Default\Extensions\egkikogkacicajhoiplaibfeiijlgjjh [2014-07-01]
CHR Extension: (Keep Me) - C:\Users\Kapil\AppData\Local\Google\Chrome\User Data\Default\Extensions\faminaibgiklngmfpfbhmokfmnglamcm [2014-07-01]
CHR Extension: (AdBlock) - C:\Users\Kapil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-11-22]
CHR Extension: (avast! Online Security) - C:\Users\Kapil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-08-01]
CHR Extension: (Truck Wars) - C:\Users\Kapil\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgbgalpinpdaaldlkloajaaiiahmfomk [2013-11-22]
CHR Extension: (World Weather) - C:\Users\Kapil\AppData\Local\Google\Chrome\User Data\Default\Extensions\jefnaahehlimdapgicdacbgklnedgoje [2013-11-22]
CHR Extension: (Cargo Bridge) - C:\Users\Kapil\AppData\Local\Google\Chrome\User Data\Default\Extensions\keembkgclppcbilkekfgpobhldjjhpmn [2013-11-22]
CHR Extension: (Little Alchemy) - C:\Users\Kapil\AppData\Local\Google\Chrome\User Data\Default\Extensions\knkapnclbofjjgicpkfoagdjohlfjhpd [2013-11-22]
CHR Extension: (Traffic Talent) - C:\Users\Kapil\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfgegdofhghiobhllaniipmplkbligpi [2013-11-22]
CHR Extension: (Top Eleven) - C:\Users\Kapil\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljphpjlafmmdmegmfbkacafhbegjfkkn [2013-11-22]
CHR Extension: (Google I/O: input/output) - C:\Users\Kapil\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbmphclbekipaojhpbkbofoioffecilh [2013-11-22]
CHR Extension: (Hangouts) - C:\Users\Kapil\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2013-12-15]
CHR Extension: (Google Wallet) - C:\Users\Kapil\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-22]
CHR Extension: (Burger Shop 2) - C:\Users\Kapil\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiahdjilmlekhacfggeipddaklcbiljf [2013-11-22]
CHR Extension: (Gmail) - C:\Users\Kapil\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-11-22]
CHR Extension: (save uon) - C:\Users\Kapil\AppData\Local\Google\Chrome\User Data\Default\Extensions\egkikogkacicajhoiplaibfeiijlgjjh\2.14 [2014-07-01]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-08-01]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-08-01] (AVAST Software)
R2 CronService; C:\Prey\platform\windows\cronsvc.exe [23552 2013-05-08] (Fork Ltd.) [File not signed]
R2 GFNEXSrv; C:\Program Files (x86)\TOSHIBA\Password Utility\GFNEXSrv.exe [156672 2011-10-13] () [File not signed]
R2 IMFservice; C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [342336 2014-05-15] (IObit)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [1886488 2014-07-10] (Trusteer Ltd.)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [201360 2012-08-31] (Realtek Semiconductor)
S3 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [114656 2012-09-25] (Toshiba Europe GmbH)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-24] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-24] (Microsoft Corporation)
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-08-01] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-08-01] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-08-01] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-08-01] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-08-01] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-08-01] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-08-01] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-08-01] ()
S3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R3 DFX11_1; C:\Windows\system32\drivers\dfx11_1x64.sys [28008 2012-12-13] (Windows ® Win 7 DDK provider)
R3 FileMonitor; C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [23048 2013-03-23] (IObit)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [122584 2014-08-04] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2014-05-12] (Malwarebytes Corporation)
S3 pbfilter; C:\Program Files\PeerBlock\pbfilter.sys [22600 2014-01-14] ()
R2 PEGAGFN; C:\Program Files (x86)\TOSHIBA\Password Utility\PEGAGFN.sys [14344 2009-09-11] (PEGATRON)
R1 RapportCerberus_69875; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_69875.sys [631128 2014-08-01] ()
R1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [299736 2014-07-10] (Trusteer Ltd.)
S3 RapportHades64; C:\Windows\System32\Drivers\RapportHades64.sys [288440 2014-07-10] (Trusteer Ltd.)
S3 RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [358616 2014-07-10] (Trusteer Ltd.)
S3 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [414296 2014-07-10] (Trusteer Ltd.)
R3 RegFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys [34848 2013-11-19] (IObit.com)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [79872 2013-12-02] (BlackBerry Limited)
S3 rimvndis; C:\Windows\System32\Drivers\rimvndis6_AMD64.sys [17920 2014-05-07] (Research in Motion Limited)
S3 RimVSerPort; C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Research in Motion Ltd)
R3 RtkBtFilter; C:\Windows\system32\DRIVERS\RtkBtfilter.sys [24208 2012-07-11] (Realtek Microelectronics)
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [1936088 2013-07-31] (Realtek Semiconductor Corporation                           )
R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [28632 2012-07-31] (Windows ® Win 7 DDK provider)
U3 TrueSight; C:\Windows\SysWOW64\drivers\TrueSight.sys [29160 2014-08-01] ()
R3 UrlFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys [23016 2013-11-19] (IObit.com)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-24] (Microsoft Corporation)
S3 SmbDrvI; \SystemRoot\system32\DRIVERS\Smb_driver_Intel.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-04 22:18 - 2014-08-04 22:31 - 00000000 ____D () C:\FRST
2014-08-04 22:17 - 2014-08-04 22:31 - 00000000 ____D () C:\Users\Kapil\Desktop\New folder (4)
2014-08-04 22:02 - 2014-08-04 22:03 - 01016261 _____ (Thisisu) C:\Users\Kapil\Downloads\JRT.exe
2014-08-04 22:02 - 2014-08-04 22:02 - 01361309 _____ () C:\Users\Kapil\Downloads\AdwCleaner.exe
2014-08-02 01:22 - 2014-08-04 22:11 - 00000000 ____D () C:\ProgramData\IObit
2014-08-02 01:22 - 2014-08-02 01:22 - 00001164 _____ () C:\Users\Public\Desktop\IObit Malware Fighter.lnk
2014-08-02 01:22 - 2014-08-02 01:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Malware Fighter
2014-08-02 01:21 - 2014-08-02 01:21 - 00000000 ____D () C:\Users\Kapil\AppData\Roaming\IObit
2014-08-02 01:21 - 2014-08-02 01:21 - 00000000 ____D () C:\Program Files (x86)\IObit
2014-08-02 01:20 - 2014-08-02 01:20 - 26163624 _____ (IObit ) C:\Users\Kapil\Downloads\IObit-Malware-Figher-Setup.exe
2014-08-01 23:55 - 2014-08-01 23:55 - 00000000 _____ () C:\Recovery.txt
2014-08-01 23:15 - 2014-08-01 23:15 - 01707144 _____ () C:\Users\Kapil\Downloads\Adaware_Installer.exe
2014-08-01 23:15 - 2014-08-01 23:15 - 00000000 ____D () C:\ProgramData\Lavasoft
2014-08-01 22:40 - 2014-08-01 22:40 - 00029160 _____ () C:\WINDOWS\SysWOW64\Drivers\TrueSight.sys
2014-08-01 22:40 - 2014-08-01 22:40 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-08-01 22:40 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\WINDOWS\SysWOW64\sqlite3.dll
2014-08-01 22:39 - 2014-08-01 22:39 - 04806744 _____ () C:\Users\Kapil\Downloads\RogueKiller(1).exe
2014-08-01 22:39 - 2014-08-01 22:39 - 01361309 _____ () C:\Users\Kapil\Downloads\adwcleaner_3.302.exe
2014-08-01 22:38 - 2014-08-01 22:38 - 00854390 _____ () C:\Users\Kapil\Downloads\SecurityCheck.exe
2014-08-01 22:25 - 2014-08-01 22:26 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Kapil\Downloads\tdskiller.exe
2014-08-01 22:25 - 2014-08-01 22:25 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Kapil\Downloads\mbam-setup-2.0.2.1012.exe
2014-08-01 22:25 - 2014-08-01 22:25 - 04806744 _____ () C:\Users\Kapil\Downloads\RogueKiller.exe
2014-08-01 22:24 - 2014-08-01 22:25 - 00001205 _____ () C:\Users\Kapil\Downloads\FixNCR.reg
2014-08-01 21:59 - 2014-08-01 21:59 - 00092008 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2014-08-01 21:59 - 2014-08-01 21:59 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2014-08-01 21:59 - 2014-08-01 21:59 - 00029208 _____ () C:\WINDOWS\system32\Drivers\aswHwid.sys
2014-07-28 01:07 - 2014-07-28 01:07 - 00000000 ____D () C:\Users\Kapil\Downloads\TNA Impact Wrestling HDTV 2014-07-24 720p H264 AVCHD-SC-SDH
2014-07-28 01:07 - 2014-07-28 01:07 - 00000000 ____D () C:\Users\Kapil\Downloads\TNA Impact Wrestling 2014 07 24 HDTV x264 DX-TV -={SPARROW}=-
2014-07-23 21:40 - 2014-07-23 21:40 - 06098848 _____ (EaseUS ) C:\Users\Kapil\Downloads\drw_trial.exe
2014-07-23 21:40 - 2014-07-23 21:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EaseUS Data Recovery Wizard 8.0
2014-07-23 21:40 - 2014-07-23 21:40 - 00000000 ____D () C:\Program Files (x86)\EaseUS
2014-07-22 21:38 - 2014-07-22 21:38 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-11 03:28 - 2014-07-11 03:28 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2014-07-10 21:59 - 2014-04-14 04:29 - 01018880 _____ (Microsoft Corporation) C:\WINDOWS\system32\termsrv.dll
2014-07-10 21:23 - 2014-06-19 02:39 - 23464448 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-07-10 21:23 - 2014-06-19 01:48 - 02768384 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-07-10 21:23 - 2014-06-19 01:16 - 17276416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-07-10 21:23 - 2014-06-19 01:09 - 00452608 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2014-07-10 21:23 - 2014-06-19 00:51 - 05721088 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-07-10 21:23 - 2014-06-19 00:50 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-07-10 21:23 - 2014-06-19 00:48 - 00292864 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2014-07-10 21:23 - 2014-06-19 00:46 - 00250880 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-07-10 21:23 - 2014-06-19 00:39 - 00608768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-07-10 21:23 - 2014-06-19 00:33 - 00631808 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-07-10 21:23 - 2014-06-19 00:32 - 02179072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-07-10 21:23 - 2014-06-19 00:27 - 02040832 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-07-10 21:23 - 2014-06-19 00:12 - 00367616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2014-07-10 21:23 - 2014-06-18 23:59 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-07-10 21:23 - 2014-06-18 23:58 - 02266112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-07-10 21:23 - 2014-06-18 23:58 - 00239616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2014-07-10 21:23 - 2014-06-18 23:57 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2014-07-10 21:23 - 2014-06-18 23:52 - 04254720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-07-10 21:23 - 2014-06-18 23:51 - 13527040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-07-10 21:23 - 2014-06-18 23:49 - 00526336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-07-10 21:23 - 2014-06-18 23:45 - 01964544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-07-10 21:23 - 2014-06-18 23:35 - 11742208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-07-10 21:23 - 2014-06-18 23:34 - 01393664 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-07-10 21:23 - 2014-06-18 23:15 - 00846336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-07-10 21:23 - 2014-06-18 23:13 - 01791488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-07-10 21:23 - 2014-06-18 23:09 - 01139200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-07-10 21:23 - 2014-06-18 23:07 - 00704512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-07-10 21:23 - 2014-06-16 23:26 - 00779264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\osk.exe
2014-07-10 21:23 - 2014-06-16 23:24 - 00834048 _____ (Microsoft Corporation) C:\WINDOWS\system32\osk.exe
2014-07-10 21:23 - 2014-06-06 15:20 - 04190720 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2014-07-10 21:23 - 2014-05-30 04:03 - 00563200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2014-07-10 21:23 - 2014-05-29 13:02 - 00565576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2014-07-10 21:23 - 2014-05-29 08:55 - 00735232 _____ (Microsoft Corporation) C:\WINDOWS\system32\adtschema.dll
2014-07-10 21:23 - 2014-05-29 07:40 - 00735232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\adtschema.dll
2014-07-10 21:23 - 2014-05-29 07:37 - 00436224 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2014-07-10 21:23 - 2014-05-29 06:34 - 00318976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2014-07-10 21:23 - 2014-05-29 06:27 - 01417216 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2014-07-10 21:22 - 2014-06-30 23:45 - 00688128 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2014-07-10 21:22 - 2014-06-28 08:48 - 00527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2014-07-10 21:22 - 2014-06-28 08:07 - 00385536 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2014-07-10 21:22 - 2014-06-06 14:04 - 00586240 _____ (Microsoft Corporation) C:\WINDOWS\system32\qedit.dll
2014-07-10 21:22 - 2014-06-06 13:18 - 00488960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qedit.dll
2014-07-10 21:22 - 2014-05-31 11:07 - 00054776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2014-07-10 21:22 - 2014-05-31 11:06 - 00555736 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2014-07-10 21:22 - 2014-05-31 04:40 - 13287936 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2014-07-10 21:22 - 2014-05-31 04:30 - 11792384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2014-07-10 21:22 - 2014-05-31 04:12 - 00249344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-07-10 21:22 - 2014-05-31 04:06 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2014-07-10 21:22 - 2014-05-31 04:03 - 00827392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2014-07-10 21:22 - 2014-05-31 04:01 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-07-10 21:22 - 2014-05-31 03:56 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2014-07-10 21:22 - 2014-05-31 03:54 - 00666624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2014-07-10 21:22 - 2014-05-31 03:48 - 03463680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2014-07-10 21:22 - 2014-05-31 03:37 - 01054208 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2014-07-10 21:22 - 2014-05-31 03:36 - 00923136 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2014-07-10 21:22 - 2014-05-31 03:35 - 00828928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2014-07-10 21:22 - 2014-05-31 03:32 - 00756224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2014-07-10 21:17 - 2014-07-10 21:17 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSReset.exe
2014-07-06 20:31 - 2014-07-06 20:31 - 00000000 ____D () C:\Users\Kapil\Downloads\Zlatan Ibrahimovic, I am Zlatan epub [dovah]
2014-07-06 20:07 - 2014-07-06 20:07 - 00000000 ____D () C:\Users\Kapil\Downloads\I Think Therefore I Play by Andrea Pirlo

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-04 22:31 - 2014-08-04 22:18 - 00000000 ____D () C:\FRST
2014-08-04 22:31 - 2014-08-04 22:17 - 00000000 ____D () C:\Users\Kapil\Desktop\New folder (4)
2014-08-04 22:26 - 2014-01-15 16:29 - 02059919 _____ () C:\WINDOWS\WindowsUpdate.log
2014-08-04 22:26 - 2013-11-24 07:14 - 00000000 ____D () C:\Users\Kapil\AppData\Roaming\Skype
2014-08-04 22:22 - 2013-11-22 23:16 - 00000918 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-04 22:22 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-08-04 22:16 - 2014-01-17 17:00 - 00003942 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{E9920FAA-8CA4-4057-9759-F44F65954C94}
2014-08-04 22:11 - 2014-08-02 01:22 - 00000000 ____D () C:\ProgramData\IObit
2014-08-04 22:09 - 2013-11-14 05:34 - 00109488 _____ () C:\WINDOWS\PFRO.log
2014-08-04 22:08 - 2013-10-19 21:06 - 00000000 ____D () C:\AdwCleaner
2014-08-04 22:07 - 2013-12-15 22:32 - 00000934 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2386906494-3172876625-2459396632-1001UA.job
2014-08-04 22:03 - 2014-08-04 22:02 - 01016261 _____ (Thisisu) C:\Users\Kapil\Downloads\JRT.exe
2014-08-04 22:02 - 2014-08-04 22:02 - 01361309 _____ () C:\Users\Kapil\Downloads\AdwCleaner.exe
2014-08-04 22:02 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-08-04 22:02 - 2013-07-25 21:20 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-08-04 22:00 - 2014-07-04 17:57 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-08-04 22:00 - 2013-11-14 13:45 - 00863592 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-08-04 21:58 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-08-02 02:57 - 2013-11-22 23:16 - 00000922 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-02 02:05 - 2013-07-25 20:47 - 00003600 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2386906494-3172876625-2459396632-1001
2014-08-02 01:22 - 2014-08-02 01:22 - 00001164 _____ () C:\Users\Public\Desktop\IObit Malware Fighter.lnk
2014-08-02 01:22 - 2014-08-02 01:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Malware Fighter
2014-08-02 01:21 - 2014-08-02 01:21 - 00000000 ____D () C:\Users\Kapil\AppData\Roaming\IObit
2014-08-02 01:21 - 2014-08-02 01:21 - 00000000 ____D () C:\Program Files (x86)\IObit
2014-08-02 01:20 - 2014-08-02 01:20 - 26163624 _____ (IObit ) C:\Users\Kapil\Downloads\IObit-Malware-Figher-Setup.exe
2014-08-02 00:52 - 2013-11-05 19:47 - 00000954 _____ () C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-2386906494-3172876625-2459396632-1001UA.job
2014-08-01 23:55 - 2014-08-01 23:55 - 00000000 _____ () C:\Recovery.txt
2014-08-01 23:15 - 2014-08-01 23:15 - 01707144 _____ () C:\Users\Kapil\Downloads\Adaware_Installer.exe
2014-08-01 23:15 - 2014-08-01 23:15 - 00000000 ____D () C:\ProgramData\Lavasoft
2014-08-01 22:54 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2014-08-01 22:44 - 2013-10-10 01:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trusteer Endpoint Protection
2014-08-01 22:42 - 2013-07-25 20:47 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-08-01 22:40 - 2014-08-01 22:40 - 00029160 _____ () C:\WINDOWS\SysWOW64\Drivers\TrueSight.sys
2014-08-01 22:40 - 2014-08-01 22:40 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-08-01 22:39 - 2014-08-01 22:39 - 04806744 _____ () C:\Users\Kapil\Downloads\RogueKiller(1).exe
2014-08-01 22:39 - 2014-08-01 22:39 - 01361309 _____ () C:\Users\Kapil\Downloads\adwcleaner_3.302.exe
2014-08-01 22:38 - 2014-08-01 22:38 - 00854390 _____ () C:\Users\Kapil\Downloads\SecurityCheck.exe
2014-08-01 22:33 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2014-08-01 22:26 - 2014-08-01 22:25 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Kapil\Downloads\tdskiller.exe
2014-08-01 22:25 - 2014-08-01 22:25 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Kapil\Downloads\mbam-setup-2.0.2.1012.exe
2014-08-01 22:25 - 2014-08-01 22:25 - 04806744 _____ () C:\Users\Kapil\Downloads\RogueKiller.exe
2014-08-01 22:25 - 2014-08-01 22:24 - 00001205 _____ () C:\Users\Kapil\Downloads\FixNCR.reg
2014-08-01 21:59 - 2014-08-01 21:59 - 00092008 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2014-08-01 21:59 - 2014-08-01 21:59 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2014-08-01 21:59 - 2014-08-01 21:59 - 00029208 _____ () C:\WINDOWS\system32\Drivers\aswHwid.sys
2014-08-01 21:59 - 2013-07-25 21:00 - 01041168 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2014-08-01 21:59 - 2013-07-25 21:00 - 00427360 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsp.sys
2014-08-01 21:59 - 2013-07-25 21:00 - 00307344 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2014-08-01 21:59 - 2013-07-25 21:00 - 00224896 _____ () C:\WINDOWS\system32\Drivers\aswVmm.sys
2014-08-01 21:59 - 2013-07-25 21:00 - 00093568 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2014-08-01 21:59 - 2013-07-25 21:00 - 00079184 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2014-08-01 21:59 - 2013-07-25 21:00 - 00065776 _____ () C:\WINDOWS\system32\Drivers\aswRvrt.sys
2014-08-01 21:59 - 2013-07-25 21:00 - 00003924 _____ () C:\WINDOWS\System32\Tasks\avast! Emergency Update
2014-08-01 21:59 - 2013-07-25 21:00 - 00001993 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-07-28 19:07 - 2013-12-15 22:32 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2386906494-3172876625-2459396632-1001Core.job
2014-07-28 02:40 - 2013-12-21 19:08 - 00000000 ____D () C:\Program Files\PeerBlock
2014-07-28 01:11 - 2013-08-08 22:37 - 00000000 ____D () C:\Users\Kapil\AppData\Roaming\uTorrent
2014-07-28 01:07 - 2014-07-28 01:07 - 00000000 ____D () C:\Users\Kapil\Downloads\TNA Impact Wrestling HDTV 2014-07-24 720p H264 AVCHD-SC-SDH
2014-07-28 01:07 - 2014-07-28 01:07 - 00000000 ____D () C:\Users\Kapil\Downloads\TNA Impact Wrestling 2014 07 24 HDTV x264 DX-TV -={SPARROW}=-
2014-07-23 22:00 - 2013-08-22 15:46 - 00309192 _____ () C:\WINDOWS\setupact.log
2014-07-23 21:40 - 2014-07-23 21:40 - 06098848 _____ (EaseUS ) C:\Users\Kapil\Downloads\drw_trial.exe
2014-07-23 21:40 - 2014-07-23 21:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EaseUS Data Recovery Wizard 8.0
2014-07-23 21:40 - 2014-07-23 21:40 - 00000000 ____D () C:\Program Files (x86)\EaseUS
2014-07-22 21:38 - 2014-07-22 21:38 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-21 21:16 - 2013-08-14 00:21 - 00000000 ___HD () C:\Users\Kapil\Documents\333
2014-07-17 18:52 - 2013-11-05 19:47 - 00000932 _____ () C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-2386906494-3172876625-2459396632-1001Core.job
2014-07-11 22:41 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-07-11 19:35 - 2013-08-22 15:44 - 00473432 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-07-11 03:28 - 2014-07-11 03:28 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2014-07-11 03:28 - 2013-08-22 16:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2014-07-11 03:28 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-07-11 03:28 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-07-11 03:28 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\WinStore
2014-07-10 22:03 - 2013-08-12 20:01 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-07-10 22:03 - 2013-08-08 03:01 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-07-10 22:03 - 2012-07-26 08:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-07-10 22:01 - 2013-07-28 19:30 - 96441528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-07-10 22:00 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\en-GB
2014-07-10 21:59 - 2013-11-14 13:29 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-10 21:17 - 2014-07-10 21:17 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSReset.exe
2014-07-10 19:23 - 2013-07-28 19:35 - 00358616 _____ (Trusteer Ltd.) C:\WINDOWS\system32\Drivers\RapportKE64.sys
2014-07-10 19:23 - 2013-07-28 19:35 - 00288440 _____ (Trusteer Ltd.) C:\WINDOWS\system32\Drivers\RapportHades64.sys
2014-07-08 19:03 - 2013-07-25 21:20 - 00003718 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2014-07-06 20:31 - 2014-07-06 20:31 - 00000000 ____D () C:\Users\Kapil\Downloads\Zlatan Ibrahimovic, I am Zlatan epub [dovah]
2014-07-06 20:07 - 2014-07-06 20:07 - 00000000 ____D () C:\Users\Kapil\Downloads\I Think Therefore I Play by Andrea Pirlo

Some content of TEMP:
====================
C:\Users\Kapil\AppData\Local\Temp\Quarantine.exe
C:\Users\Kapil\AppData\Local\Temp\Risweb32.exe
C:\Users\Kapil\AppData\Local\Temp\SearchProtectionSetup.exe
C:\Users\Kapil\AppData\Local\Temp\Tsu49390E26.dll
C:\Users\Kapil\AppData\Local\Temp\_is81BF.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-08-02 00:30

==================== End Of Log ============================

 

I've tried almost everything I know

[Advertisements]

Hi there, on completion of this fix could you run FRST again and check the additions this time as I will need to see that

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:
 

HKU\S-1-5-21-2386906494-3172876625-2459396632-1001\...\Run: [SearchProtection] => "C:\Users\Kapil\AppData\Roaming\Search Protection\SearchProtection.EXE" /autostart
HKU\S-1-5-21-2386906494-3172876625-2459396632-1001\...\Run: [Browser Extensions] => "C:\Users\Kapil\AppData\Roaming\Browser Extensions\CouponsHelper.exe"
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
FF Extension: Amazon Shopping Assistant by Spigot - C:\Users\Kapil\AppData\Roaming\Mozilla\Firefox\Profiles\on6baj6b.default\Extensions\[email protected] [2014-08-02]
FF Extension: Ebay Shopping Assistant by Spigot - C:\Users\Kapil\AppData\Roaming\Mozilla\Firefox\Profiles\on6baj6b.default\Extensions\[email protected] [2014-08-02]
FF Extension: Slick Savings - C:\Users\Kapil\AppData\Roaming\Mozilla\Firefox\Profiles\on6baj6b.default\Extensions\[email protected] [2014-08-02]
CHR Extension: (save uon) - C:\Users\Kapil\AppData\Local\Google\Chrome\User Data\Default\Extensions\egkikogkacicajhoiplaibfeiijlgjjh [2014-07-01]
CHR Extension: (Keep Me) - C:\Users\Kapil\AppData\Local\Google\Chrome\User Data\Default\Extensions\faminaibgiklngmfpfbhmokfmnglamcm [2014-07-01]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
C:\Users\Kapil\AppData\Local\Temp\SearchProtectionSetup.exe
CMD: bitsadmin /reset /allusers
CMD: DEL %TEMP%\*.* /F /S /Q
CMD: RD /S /Q %TEMP%
REBOOT:

Save this as fixlist.txt, in the same location as FRST.exe
Run FRST and press Fix
On completion a log will be generated please post that

THEN

• Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
• Select additions at the bottom
• Press Scan button.
  
• It will produce a log called FRST.txt in the same directory the tool is run from.
• Please attach both logs generated.

[Essexboy]

Hi there, on completion of this fix could you run FRST again and check the additions this time as I will need to see that

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:
 

HKU\S-1-5-21-2386906494-3172876625-2459396632-1001\...\Run: [SearchProtection] => "C:\Users\Kapil\AppData\Roaming\Search Protection\SearchProtection.EXE" /autostart
HKU\S-1-5-21-2386906494-3172876625-2459396632-1001\...\Run: [Browser Extensions] => "C:\Users\Kapil\AppData\Roaming\Browser Extensions\CouponsHelper.exe"
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
FF Extension: Amazon Shopping Assistant by Spigot - C:\Users\Kapil\AppData\Roaming\Mozilla\Firefox\Profiles\on6baj6b.default\Extensions\[email protected] [2014-08-02]
FF Extension: Ebay Shopping Assistant by Spigot - C:\Users\Kapil\AppData\Roaming\Mozilla\Firefox\Profiles\on6baj6b.default\Extensions\[email protected] [2014-08-02]
FF Extension: Slick Savings - C:\Users\Kapil\AppData\Roaming\Mozilla\Firefox\Profiles\on6baj6b.default\Extensions\[email protected] [2014-08-02]
CHR Extension: (save uon) - C:\Users\Kapil\AppData\Local\Google\Chrome\User Data\Default\Extensions\egkikogkacicajhoiplaibfeiijlgjjh [2014-07-01]
CHR Extension: (Keep Me) - C:\Users\Kapil\AppData\Local\Google\Chrome\User Data\Default\Extensions\faminaibgiklngmfpfbhmokfmnglamcm [2014-07-01]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
C:\Users\Kapil\AppData\Local\Temp\SearchProtectionSetup.exe
CMD: bitsadmin /reset /allusers
CMD: DEL %TEMP%\*.* /F /S /Q
CMD: RD /S /Q %TEMP%
REBOOT:

Save this as fixlist.txt, in the same location as FRST.exe
Run FRST and press Fix
On completion a log will be generated please post that

THEN

• Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
• Select additions at the bottom
• Press Scan button.
  
• It will produce a log called FRST.txt in the same directory the tool is run from.
• Please attach both logs generated.

[kaps0511]

Hi Essexboy,

Thanks for the reply,

 

I've attached beneath all logs generated.

Usually I would get an instant url:mal notification after logging in but so far nothing has popped up

Could you please let me know if everything is good to go now, or if more changes will need to be made.

 

Thanks again!

Attached Files

•  Fixlog.txt   59.9KB   506 downloads
•  FRST.txt   43.15KB   168 downloads
•  Addition.txt   38.8KB   235 downloads

[Essexboy]

I see you already have AdwCleaner on the system however, ensure that you have the latest version

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:
 

AppInit_DLLs: C:\Program Files => C:\Program Files [0 2014-07-04] ()
SearchScopes: HKCU - {5FD353DA-920A-402A-A545-75F860B29945} URL =
CMD: bitsadmin /reset /allusers
CMD: DEL %TEMP%\*.* /F /S /Q
CMD: RD /S /Q %TEMP%
REBOOT:

Save this as fixlist.txt, in the same location as FRST.exe
Run FRST and press Fix
On completion a log will be generated please post that

THEN

Please download AdwCleaner by Xplode onto your desktop.

• Close all open programs and internet browsers.
• Double click on AdwCleaner.exe to run the tool.
• Click on Scan.
• After the scan is complete click on "Clean"
• Confirm each time with Ok.
• Your computer will be rebooted automatically. A text file will open after the restart.
• Please post the content of that logfile with your next answer.
• You can find the logfile at C:\AdwCleaner[S1].txt as well.

[kaps0511]

Hey,

I ran the fixlist and have uploaded the fixlog from FRST

however adwcleaner would not let me 'clean', i would get an error, have you any idea how to allow it to let me clean. I did manage to get a log after the scan however, i have uploaded that.

 

 

Attached Files

•  AdwCleanerR8.txt   1.95KB   168 downloads
•  Fixlog.txt   1.96KB   421 downloads

[Essexboy]

No real problem with that as nothing was left behind

 

How is the computer behaving now ?

[kaps0511]

woohoo, thats great news!

 

no more notifications as of yet, you have fixed it!!!

Thanks!! :D:D

[Essexboy]

In that case methinks I will send you on your merry way

Subject to no further problems

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Download and run Delfix



Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

CryptoPrevent install this programme to lock down and prevent crypto ransome ware



Malwarebytes.

Update and run weekly to keep your system clean


It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To learn more about how to protect yourself while on the internet read this little guide Best security practices Keep safe

[Essexboy]

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.