Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works

msfeedssych.exe quarantreined by Avast

  • Please log in to reply



    New Member

  • Member
  • Pip
  • 3 posts


With yesterdays MS Security Updates installed, about 3 or 4 minutes after reboot (i already checked and wrote down the new Windows version and went to the Steam - games - Beta forum), Avast asked to quaranteine C:\Windows\System32\msfeedssynch.exe. I desided to quarantein it. [Edit] IDP.Generic is the Avast/AVG name. [endEdit]
I had Avast fullscan run in the early hours (CET) and this morning i had Avast scan at reboot with definitions specified to this type of scan installed. Both scans turned up clean.

As i could not find anything on the file with MS search i asked Support. A Human Support member told me msfeedssynch.exe is not a MS program.
Stuck with Avast freeware now because i can't spare money while the MS Support member told me i would have to pay to continue their clean/repair service. Hence my post here.

MS Edge is defective for about a week, originally hanging on a PDF file it closes after about a minute. Screen stays blank white. I cleaned browser history from Edge itself, from Internet Settings and with Ccleaner and since then Edge keeps hanging & auto-closing the same way on the page https://go.microsoft.../?linkid=848964
Edge installer download from within IE or FireFox doesn't work, that just opens the defective Edge browser in stead of giving me an installer to repair with.
I did not yet have time to look any further into the matter of Edge not working. Latter weeks i had (still have) a bussy schedule from morning into the evening.

Bussy schedule is for various new activities including Email trafic so there's a meriad of possible sources. Most likely is a website where i became editor for my region. At first opening of my account here was a verification mail that turned out to be from a spamming dating site in stead of from the National Webmaster for that site. Note, they already were looking for another webhost, this is problem "nr 669" there.

I forgot to make a screenshot of the PDF upon which Edge froze so i do not know for sure which of my new activities the PDF stems from, for i got multiple PDFs (and other textfiles) for 3 of these new activities.

Thank you for your time.


[Edit] Note, Select All to copy/paste FRST results here doesn't quite work, it's to much for 1 post. Besides it's to much to copy/paste manually. Therefore i attached the FRST files. Below is just a first part of FRST


Scanresultaten van Farbar Recovery Scan Tool (FRST) (x64) Versie: 14.03.2018
Gestart door aReebok 1 (Beheerder) op DESKTOP-I7B6B4D (11-04-2018 11:05:15)
Gestart vanaf C:\Users\Artemis\Desktop
Geladen Profielen: aReebok 1 & Artemis (Beschikbare Profielen: defaultuser0 & aReebok 1 & Artemis)
Platform: Windows 10 Home Versie 1709 16299.371 (X64) Taal: Nederlands (Nederland)
Internet Explorer Versie 11 (Standaardbrowser: Edge)
Boot Modus: Normal
Handleiding voor Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processen (gefilterd) =================

(Als een item is opgenomen in de fixlist, zal het proces worden gesloten. Het bestand zal niet worden verplaatst.)

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
() C:\Program Files\Intel Driver and Support Assistant\SUR\SurSvc.exe
(Foxit Software Inc.) C:\Program Files (x86)\FOXIT SOFTWARE\FOXIT READER\FoxitConnectedPDFService.exe
(Intel) C:\Program Files (x86)\Intel Driver and Support Assistant\DSAService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\\GoogleCrashHandler64.exe
(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Nullsoft, Inc.) C:\Program Files (x86)\Winamp\winampa.exe
(Intel) C:\Program Files (x86)\Intel Driver and Support Assistant\DSATray.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Register (gefilterd) ===========================

(Als een item is opgenomen in de fixlist, zal het registeritem worden teruggezet naar de standaardwaarden of verwijderd. Het bestand zal niet worden verplaatst.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Corporation)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [242392 2018-04-03] (AVAST Software)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [298296 2018-03-25] (Apple Inc.)
HKLM-x32\...\Run: [WinampAgent] => C:\Program Files (x86)\Winamp\winampa.exe [85600 2013-12-13] (Nullsoft, Inc.)
HKLM-x32\...\Run: [DSATray] => C:\Program Files (x86)\Intel Driver and Support Assistant\DsaTray.exe [131360 2017-09-18] (Intel)
HKU\S-1-5-21-2964729503-820140785-3468877071-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3199776 2018-04-07] (Valve Corporation)
HKU\S-1-5-21-2964729503-820140785-3468877071-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2018-03-18] (Apple Inc.)
HKU\S-1-5-21-2964729503-820140785-3468877071-1001\...\RunOnce: [iCloud] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloud.exe [67384 2018-03-18] (Apple Inc.)

==================== Internet (gefilterd) ====================

(Als een item is opgenomen in de fixlist, als het een registry item is wordt verwijderd of hersteld naar de standaard.)

Tcpip\Parameters: [DhcpNameServer]
Tcpip\..\Interfaces\{f2a027f7-5140-4e47-b731-13b464d7bf91}: [DhcpNameServer]

Internet Explorer:
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
DPF: HKLM-x32 {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1523394195186

FF DefaultProfile: u4g4rumm.default
FF ProfilePath: C:\Users\aReebok 1\AppData\Roaming\Mozilla\Firefox\Profiles\u4g4rumm.default [2018-04-03]
FF Extension: (Avast Online Security) - C:\Users\aReebok 1\AppData\Roaming\Mozilla\Firefox\Profiles\u4g4rumm.default\Extensions\[email protected] [2017-11-19]
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\Program Files\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2018-02-27] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2018-02-27] (VideoLAN)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2017-12-01] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2017-12-01] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2017-12-01] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2017-12-01] (Foxit Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\Program Files (x86)\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2018-03-16] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2018-03-16] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin HKU\S-1-5-21-2964729503-820140785-3468877071-1002: SkypePlugin -> C:\Users\Artemis\AppData\Local\SkypePlugin\\npGatewayNpapi.dll [2017-04-18] (Skype Technologies S.A.)
FF Plugin HKU\S-1-5-21-2964729503-820140785-3468877071-1002: SkypePlugin64 -> C:\Users\Artemis\AppData\Local\SkypePlugin\\npGatewayNpapi-x64.dll [2017-04-18] (Skype Technologies S.A.)

CHR HomePage: Default -> hxxp://www.google.com
CHR Profile: C:\Users\aReebok 1\AppData\Local\Google\Chrome\User Data\Default [2018-02-14]
CHR Extension: (Slides) - C:\Users\aReebok 1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-11-08]
CHR Extension: (Docs) - C:\Users\aReebok 1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-11-08]
CHR Extension: (Google Drive) - C:\Users\aReebok 1\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-06-02]
CHR Extension: (IBM Security Rapport) - C:\Users\aReebok 1\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjllphbppobebmjpjcijfbakobcheof [2018-02-14]
CHR Extension: (YouTube) - C:\Users\aReebok 1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-06-02]
CHR Extension: (Sheets) - C:\Users\aReebok 1\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-11-08]
CHR Extension: (Google Docs Offline) - C:\Users\aReebok 1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-11-08]
CHR Extension: (Avast Online Security) - C:\Users\aReebok 1\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2018-02-14]
CHR Extension: (Chrome Web Store Payments) - C:\Users\aReebok 1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-11-08]
CHR Extension: (Gmail) - C:\Users\aReebok 1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-06-02]
CHR Extension: (Chrome Media Router) - C:\Users\aReebok 1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-02-14]
CHR HKU\S-1-5-21-2964729503-820140785-3468877071-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bbjllphbppobebmjpjcijfbakobcheof] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-2964729503-820140785-3468877071-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bbjllphbppobebmjpjcijfbakobcheof] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx

==================== Services (gefilterd) ====================

(Als een item is opgenomen in de fixlist, wordt het uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2018-03-14] (Apple Inc.)
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7603408 2018-04-03] (AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [313640 2018-04-03] (AVAST Software)
R2 DSAService; C:\Program Files (x86)\Intel Driver and Support Assistant\DSAService.exe [22816 2017-09-18] (Intel)
S2 ESRV_SVC_QUEENCREEK; C:\Program Files\Intel\SUR\QUEENCREEK\esrv_svc.exe [824592 2017-03-07] ()
R2 FoxitReaderService; C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\FoxitConnectedPDFService.exe [1659456 2017-12-11] (Foxit Software Inc.)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [522688 2018-03-14] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [522688 2018-03-14] (NVIDIA Corporation)
R2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [5243208 2018-03-11] (IBM Corp.)
R2 SystemUsageReportSvc_QUEENCREEK; C:\Program Files\Intel Driver and Support Assistant\SUR\SurSvc.exe [157456 2017-03-07] ()
S2 USER_ESRV_SVC_QUEENCREEK; C:\Program Files\Intel\SUR\QUEENCREEK\esrv_svc.exe [824592 2017-03-07] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [355304 2017-09-29] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [105944 2017-09-29] (Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
R2 NvTelemetryContainer; "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\plugins" -r

===================== Drivers (gefilterd) ======================

(Als een item is opgenomen in de fixlist, wordt het uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.)

R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [196640 2018-04-03] (AVAST Software)
R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdrivera.sys [227504 2018-03-15] (AVAST Software)
R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsha.sys [199440 2018-03-15] (AVAST Software)
R0 aswblog; C:\WINDOWS\System32\drivers\aswbloga.sys [343752 2018-03-15] (AVAST Software)
R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniva.sys [57680 2018-03-15] (AVAST Software)
R1 aswHdsKe; C:\WINDOWS\System32\drivers\aswHdsKe.sys [227784 2018-04-03] (AVAST Software)
S3 aswHwid; C:\WINDOWS\System32\drivers\aswHwid.sys [46968 2018-04-03] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [147224 2018-04-03] (AVAST Software)
R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [111352 2018-04-03] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [84368 2018-04-03] (AVAST Software)
R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [1026696 2018-04-03] (AVAST Software)
R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [460520 2018-04-03] (AVAST Software)
R2 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [205976 2018-04-03] (AVAST Software)
R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [380528 2018-04-03] (AVAST Software)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_95d88c9d04436846\nvlddmkm.sys [17526688 2018-03-16] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [31168 2018-03-14] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [59240 2017-12-15] (NVIDIA Corporation)
R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [58816 2018-03-16] (NVIDIA Corporation)
R1 RapportAegle64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportAegle64.sys [482600 2018-03-11] (IBM Corp.)
R1 RapportCerberus_1908115; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_1908115.sys [1628776 2018-03-26] (IBM Corp.)
R1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [695592 2018-03-11] (IBM Corp.)
R0 RapportHades64; C:\WINDOWS\System32\Drivers\RapportHades64.sys [331240 2018-03-11] (IBM Corp.)
R0 RapportKE64; C:\WINDOWS\System32\Drivers\RapportKE64.sys [590824 2018-03-11] (IBM Corp.)
R1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [736488 2018-03-11] (IBM Corp.)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [604160 2017-09-29] (Realtek )
S3 semav6msr64; C:\WINDOWS\system32\drivers\semav6msr64.sys [21984 2016-10-18] ()
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44608 2017-09-29] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [309144 2017-09-29] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [119192 2017-09-29] (Microsoft Corporation)


Attached Files

Edited by Kabottebouter, 11 April 2018 - 08:31 AM.

  • 0




    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts

IDP.Generic is the name (Avast & AVG) of the malware. Sorry, i had that originally included in the title but since the FRST files were to large for the post i changed the title too hastedly when i wrote the post anew.


Folders with recently downloaded PDFs came up clean in subsequent scans with Avast.

  • 0



    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts

Windows Updates before the detection :

kb4093110, Security Update for Adobe Flash Player ;

kb4093112 Cumulative Updatefor Windows 10

kb980830 Monthly Tool for RemovaL of Malicious Software


At Facebook where i didn't log in for a while, from 5 friend requests 2 were from RL friends, 3 accounts removed for they spam from sexdate services. These could be unrelated, or perhaps my FBpassword could be keylogged from logging in to NVIDIA via FB.

  • 0

Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP