Unread postby Tigerseal » January 3rd, 2018, 8:02 am

Hi, thanks for allowing me onto this forum.

Plugged my underwater camera into a public computer's USB port on an island in Thailand.

Next time I plugged it into my personal laptop/tablet, noticed a suspicious message - '???? hasn't yet opened' or something equivalent.

Immediately ran avast smart scan but it showed nothing. Now the cam doesn't work, laptop is slower and its avast has 6 new fields available to search for ????

(un)Surprisingly the search returns no infection results.

Pretty sure my android phone's infected too cos it runs avast.

Please delete my former incomplete post.

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 02.01.2018
Ran by Rob (administrator) on DESKTOP-20C104O (03-01-2018 18:55:25)
Running from C:\Users\Rob\Downloads
Loaded Profiles: Rob (Available Profiles: Rob)
Platform: Microsoft Windows 10 Home Single Language Version 1511 10586.1106 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\IntelCpHeciSvc.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyLpmService.exe
() C:\Program Files\REALTEK\REALTEK Bluetooth\BTDevMgr.exe
(Intel Corporation) C:\Windows\System32\DptfParticipantProcessorService.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyCriticalService.exe
(Acer Incorporated) C:\Program Files\Acer\AOP Framework\CCDMonitorService.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\aswidsagent.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Acer Cloud Technology) C:\Program Files\Acer\AOP Framework\acer\ccd.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(SweetLabs, Inc) C:\Users\Rob\AppData\Local\Host App Service\Engine\HostAppServiceUpdater.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyLpmServiceHelper.exe
() C:\OEM\FixLockkeyAP\InputDetect.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Acer Incorporated) C:\Program Files\Acer\AOP Framework\BackgroundAgent.exe
(Acer) C:\Program Files\Acer\Acer Portal\AcerPortal.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
() C:\Program Files\Acer\Care Center\ACCStd.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\NetworkUXBroker.exe
() C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.17062.12911.0_x86__8wekyb3d8bbwe\Video.UI.exe
(Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows10Upgrade\Windows10UpgraderApp.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [DptfPolicyLpmServiceHelper] => C:\Windows\system32\DptfPolicyLpmServiceHelper.exe [113664 2015-06-24] (Intel Corporation)
HKLM\...\Run: [InputDetect] => C:\oem\FixLockkeyAP\InputDetect.exe [47616 2015-07-02] ()
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [253344 2017-11-26] (AVAST Software)
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKU\S-1-5-21-4275039916-1012894010-1994300426-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [7619288 2017-05-20] (Piriform Ltd)
HKU\S-1-5-21-4275039916-1012894010-1994300426-1001\...\RunOnce: [Uninstall 17.3.7076.1026] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Rob\AppData\Local\Microsoft\OneDrive\17.3.7076.1026"
HKU\S-1-5-21-4275039916-1012894010-1994300426-1001\...\RunOnce: [Uninstall 17.3.7131.1115] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Rob\AppData\Local\Microsoft\OneDrive\17.3.7131.1115"

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer]
Tcpip\..\Interfaces\{0ab5771e-60e1-4eee-8f4e-9218467937c4}: [DhcpNameServer]
Tcpip\..\Interfaces\{d65f3886-e7d5-496d-9ddf-59b5bfcd1c9e}: [DhcpNameServer]

Internet Explorer:
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?bcutc=sp-006
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?bcutc=sp-006&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-4275039916-1012894010-1994300426-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?bcutc=sp-006&q={searchTerms}
SearchScopes: HKLM -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?bcutc=sp-006&q={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?bcutc=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-4275039916-1012894010-1994300426-1001 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?bcutc=sp-006&q={searchTerms}
BHO: No Name -> {0ddcea2a-7b00-4349-8acb-af7ba6da251f} -> No File

FF DefaultProfile: 94l08nht.default
FF ProfilePath: C:\Users\Rob\AppData\Roaming\Mozilla\Firefox\Profiles\94l08nht.default [2018-01-03]
FF Homepage: Mozilla\Firefox\Profiles\94l08nht.default -> hxxps://www.google.com/?bcutc=sp-006
FF NewTab: Mozilla\Firefox\Profiles\94l08nht.default -> about:newtab
FF Extension: (Amazon Assistant for Firefox) - C:\Users\Rob\AppData\Roaming\Mozilla\Firefox\Profiles\94l08nht.default\Extensions\abb-acer@amazon.com [2017-02-18] [Legacy]
FF Extension: (Dashlane) - C:\Users\Rob\AppData\Roaming\Mozilla\Firefox\Profiles\94l08nht.default\Extensions\jetpack-extension@dashlane.com.xpi [2017-01-05] [Legacy]
FF Extension: (English (US) Language Pack) - C:\Users\Rob\AppData\Roaming\Mozilla\Firefox\Profiles\94l08nht.default\Extensions\langpack-en-US@firefox.mozilla.org.xpi [2017-03-22] [Legacy]
FF Extension: (Mozilla Partner Defaults) - C:\Users\Rob\AppData\Roaming\Mozilla\Firefox\Profiles\94l08nht.default\Extensions\partnerdefaults@mozilla.com [2017-02-18] [Legacy]
FF SearchPlugin: C:\Users\Rob\AppData\Roaming\Mozilla\Firefox\Profiles\94l08nht.default\searchplugins\google-avast.xml [2017-03-15]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_25_0_0_127.dll [2017-03-30] ()
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-11-05] (Adobe Systems Inc.)

CHR Profile: C:\Users\Rob\AppData\Local\Google\Chrome\User Data\Default [2018-01-03]
CHR Extension: (Google Slides) - C:\Users\Rob\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-01-28]
CHR Extension: (Google Docs) - C:\Users\Rob\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-01-28]
CHR Extension: (Google Drive) - C:\Users\Rob\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-01-28]
CHR Extension: (YouTube) - C:\Users\Rob\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-01-28]
CHR Extension: (Avast SafePrice) - C:\Users\Rob\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2017-06-28]
CHR Extension: (Google Sheets) - C:\Users\Rob\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-01-28]
CHR Extension: (Google Docs Offline) - C:\Users\Rob\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-01-28]
CHR Extension: (Avast Online Security) - C:\Users\Rob\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2017-06-28]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Rob\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-15]
CHR Extension: (Gmail) - C:\Users\Rob\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-01-28]
CHR Extension: (Chrome Media Router) - C:\Users\Rob\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-06-28]
CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [5904136 2017-11-26] (AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [281416 2017-11-26] (AVAST Software)
R2 BTDevManager; C:\Program Files\REALTEK\REALTEK Bluetooth\BTDevMgr.exe [144600 2015-05-29] ()
R2 CCDMonitorService; C:\Program Files\Acer\AOP Framework\CCDMonitorService.exe [2278616 2017-03-20] (Acer Incorporated)
R3 cphs; C:\Windows\system32\IntelCpHeciSvc.exe [299488 2016-05-03] (Intel Corporation)
S2 Dashlane Upgrade Service; C:\Program Files\Dashlane\Upgrade\DashlaneUpgradeService.exe [83992 2017-08-23] (Dashlane, Inc.)
R2 DptfParticipantProcessorService; C:\Windows\system32\DptfParticipantProcessorService.exe [118792 2015-06-24] (Intel Corporation)
R2 DptfPolicyCriticalService; C:\Windows\system32\DptfPolicyCriticalService.exe [115712 2015-06-24] (Intel Corporation)
R2 DptfPolicyLpmService; C:\Windows\system32\DptfPolicyLpmService.exe [125952 2015-06-24] (Intel Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [292832 2016-05-03] (Intel Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [280376 2015-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23264 2017-09-05] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [157176 2017-11-26] (AVAST Software)
R1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdriverx.sys [255616 2017-11-26] (AVAST Software s.r.o.)
R0 aswbidsh; C:\Windows\System32\drivers\aswbidshx.sys [157408 2017-11-26] (AVAST Software s.r.o.)
R0 aswblog; C:\Windows\System32\drivers\aswblogx.sys [276728 2017-11-26] (AVAST Software s.r.o.)
R0 aswbuniv; C:\Windows\System32\drivers\aswbunivx.sys [50376 2017-11-26] (AVAST Software s.r.o.)
S3 aswHwid; C:\Windows\System32\drivers\aswHwid.sys [42848 2017-11-26] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [31064 2017-04-06] (AVAST Software)
R2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [124952 2017-11-26] (AVAST Software)
R1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [99560 2017-11-26] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [70864 2017-11-26] (AVAST Software)
R1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [783136 2017-11-26] (AVAST Software)
R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [388760 2017-11-26] (AVAST Software)
R2 aswStm; C:\Windows\System32\drivers\aswStm.sys [150848 2017-11-26] (AVAST Software)
R0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [298360 2017-11-26] (AVAST Software)
S3 AX88179; C:\Windows\System32\drivers\ax88179_178a.sys [60928 2015-10-30] (ASIX Electronics Corp.)
S3 AX88772; C:\Windows\System32\drivers\ax88772.sys [95744 2015-10-30] (ASIX Electronics Corp.)
S3 BCMSDH43XX; C:\Windows\system32\DRIVERS\bcmdhd63.sys [297472 2015-10-30] (Broadcom Corp)
R3 BthMini; C:\Windows\System32\drivers\BTHMINI.sys [23040 2015-10-30] (Microsoft Corporation)
R3 camera; C:\Windows\system32\DRIVERS\iacamera32.sys [697360 2015-07-09] (Intel(R) Corporation)
R3 dcdbas; C:\Windows\System32\drivers\dcdbas32.sys [26624 2009-07-23] (Dell Inc.)
R3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus.sys [109184 2016-09-05] (Samsung Electronics Co., Ltd.)
R3 DptfDevProc; C:\Windows\system32\DRIVERS\DptfDevProc.sys [203264 2015-06-24] (Intel Corporation)
R3 DptfManager; C:\Windows\system32\DRIVERS\DptfManager.sys [467968 2015-06-24] (Intel Corporation)
R3 GPIO; C:\Windows\System32\drivers\iaiogpioe.sys [34176 2015-06-10] (Intel Corporation)
R3 GpioVirtual; C:\Windows\System32\drivers\iaiogpiovirtual.sys [27496 2015-06-10] (Intel Corporation)
R3 iaioi2c; C:\Windows\System32\drivers\iaioi2ce.sys [57360 2015-06-18] (Intel Corporation)
R3 iaiouart; C:\Windows\System32\drivers\iaiouart.sys [98560 2015-06-10] (Intel Corporation)
R3 IDTP9145; C:\Windows\System32\drivers\IDTP9145.sys [40960 2015-07-20] (Intel Corporation)
S3 intaud_WaveExtensible; C:\Windows\system32\drivers\intelaud.sys [44016 2015-12-02] (Intel Corporation)
R3 IntelSST; C:\Windows\system32\drivers\isstrtc.sys [277256 2015-06-13] (Intel(R) Corporation)
R3 iwdbus; C:\Windows\System32\drivers\iwdbus.sys [35320 2015-12-02] (Intel Corporation)
R0 MBI; C:\Windows\System32\drivers\MBI.sys [33792 2015-06-16] (Intel Corporation)
R3 rtii2sac; C:\Windows\system32\DRIVERS\rtii2sac.sys [208624 2015-06-12] (Realtek Semiconductor Corp.)
R3 RtkUart; C:\Windows\System32\drivers\RtkUart.sys [544000 2015-05-22] (Realtek Semiconductor Corporation)
R3 RtlWlans; C:\Windows\system32\DRIVERS\rtwlans.sys [5667304 2017-06-07] (Realtek Semiconductor Corporation )
S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [147072 2016-09-05] (Samsung Electronics Co., Ltd.)
R3 TXEI; C:\Windows\System32\drivers\TXEI.sys [84520 2015-05-27] (Intel Corporation)
R3 unicam; C:\Windows\System32\drivers\ov2680.sys [82960 2015-07-10] (Intel(R) Corporation)
S3 USBAAPL; C:\Windows\System32\Drivers\usbaapl.sys [45056 2016-03-28] (Apple, Inc.) [File not signed]
R3 usbrndis6; C:\Windows\System32\drivers\usb80236.sys [16384 2015-10-30] (Microsoft Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [37400 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [246104 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [98648 2015-10-30] (Microsoft Corporation)
S3 wmbclass; C:\Windows\System32\drivers\wmbclass.sys [250368 2015-10-30] (Microsoft Corporation)
R3 WUDFWpdMtp; C:\Windows\system32\DRIVERS\WUDFRd.sys [163328 2015-10-30] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-01-03 18:55 - 2018-01-03 18:56 - 000016427 ____C C:\Users\Rob\Downloads\FRST.txt
2018-01-03 18:54 - 2018-01-03 18:55 - 000000000 ____D C:\FRST
2018-01-03 18:50 - 2018-01-03 18:53 - 001753600 ____C (Farbar) C:\Users\Rob\Downloads\FRST.exe
2018-01-03 18:20 - 2018-01-03 18:20 - 000000811 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows 10 Update Assistant.lnk
2018-01-03 18:20 - 2018-01-03 18:20 - 000000799 ____C C:\Users\Rob\Desktop\Windows 10 Update Assistant.lnk
2018-01-03 18:19 - 2018-01-03 18:44 - 000000000 ____D C:\Windows10Upgrade
2018-01-03 11:36 - 2018-01-03 11:36 - 000001605 ____C C:\Users\Rob\Desktop\Microsoft Edge.lnk
2017-12-06 23:03 - 2017-12-06 23:03 - 000000000 ____D C:\Windows\UpdateAssistant

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-01-03 18:28 - 2017-08-05 22:48 - 000879220 ____C C:\Windows\system32\PerfStringBackup.INI
2018-01-03 18:28 - 2015-10-30 12:47 - 000000000 ___DC C:\Windows\INF
2018-01-03 18:15 - 2016-04-29 08:48 - 000000000 ____D C:\Windows\system32\SleepStudy
2018-01-03 16:02 - 2017-01-30 12:50 - 000000000 ____D C:\Windows\system32\MRT
2018-01-03 15:59 - 2015-10-30 12:48 - 000000000 ___DC C:\Windows\AppReadiness
2018-01-03 15:58 - 2017-10-15 12:00 - 130448288 ____C (Microsoft Corporation) C:\Windows\system32\MRT-KB890830.exe
2018-01-03 15:58 - 2017-01-28 10:51 - 000000000 ___DC C:\Users\Rob\AppData\Local\Packages
2018-01-03 15:58 - 2015-10-30 12:48 - 000000000 ___HD C:\Program Files\WindowsApps
2018-01-03 15:57 - 2017-01-30 12:50 - 130448288 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2018-01-03 15:56 - 2017-08-05 22:50 - 000000000 ____D C:\Program Files\rempl
2018-01-03 15:56 - 2017-07-15 17:40 - 000000000 ___DC C:\Program Files\UNP
2018-01-03 15:54 - 2017-01-28 10:56 - 000000000 __RDC C:\Users\Rob\OneDrive
2018-01-03 15:53 - 2016-10-07 12:22 - 000000000 ____D C:\Program Files\Amazon
2018-01-03 15:48 - 2017-02-16 22:22 - 000000000 ___DC C:\Users\Rob\AppData\Roaming\Apple Computer
2018-01-03 15:48 - 2017-02-16 19:49 - 000000000 ____D C:\Program Files\Common Files\Apple
2018-01-03 12:39 - 2017-01-30 12:34 - 000000000 ___DC C:\Users\Rob\AppData\Local\CrashDumps
2018-01-03 11:43 - 2017-01-28 10:43 - 000000000 ___DC C:\Users\Rob\AppData\Local\Host App Service
2018-01-03 11:34 - 2017-01-28 10:51 - 000000000 _SHDC C:\Users\Rob\IntelGraphicsProfiles
2017-12-14 00:19 - 2015-10-30 12:48 - 000000000 ____D C:\Windows\system32\NDF

Some files in TEMP:
2018-01-03 11:36 - 2018-01-03 11:39 - 047106968 ____C (SweetLabs,Inc.) C:\Users\Rob\AppData\Local\Temp\octC1E0.tmp.exe
2018-01-03 11:43 - 2018-01-03 18:43 - 006242320 ____C (Microsoft Corporation) C:\Users\Rob\AppData\Local\Temp\Windows10Upgrade.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-04-29 08:47

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 02.01.2018
Ran by Rob (03-01-2018 18:57:22)
Running from C:\Users\Rob\Downloads
Microsoft Windows 10 Home Single Language Version 1511 10586.1106 (X86) (2017-01-28 03:40:23)
Boot Mode: Normal

==================== Accounts: =============================

Administrator (S-1-5-21-4275039916-1012894010-1994300426-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-4275039916-1012894010-1994300426-503 - Limited - Disabled)
Guest (S-1-5-21-4275039916-1012894010-1994300426-501 - Limited - Disabled)
Rob (S-1-5-21-4275039916-1012894010-1994300426-1001 - Administrator - Enabled) => C:\Users\Rob

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

abPhoto (HKLM\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 4.00.2001.1 - Acer Incorporated)
Acer Care Center (HKLM\...\{1AF41E84-3408-499A-8C93-8891F0612719}) (Version: 2.00.3029 - Acer Incorporated)
Acer Configuration Manager (HKLM\...\{414D554E-4453-454E-0201-000000016258}) (Version: 2.1.16258 - Acer)
Acer Portal (HKLM\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 3.12.2006 - Acer Incorporated)
ActivInspire Core Resources (ENU) v1 (HKLM\...\{FCD243AC-C4FF-48B5-AE57-7B91EDD2EE90}) (Version: 1.6.3 - Promethean)
ActivInspire Help (GBR) v2 (HKLM\...\{4770FF35-E30C-4532-B142-DFB1380B77C9}) (Version: 2.0.0 - Promethean)
ActivInspire HWR Resources (ENU) v1 (HKLM\...\{3D8C96C4-CEB6-4B97-BA4C-9BB7DF083224}) (Version: 1.7.1 - Promethean)
ActivInspire v2 (HKLM\...\{80FD4FE1-89A4-408F-9EE3-57B916AA345C}) (Version: 2.9.66777 - Promethean)
Adobe Acrobat Reader DC (HKLM\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.009.20050 - Adobe Systems Incorporated)
Adobe Flash Player 25 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: - Adobe Systems Incorporated)
AOP Framework (HKLM\...\{4A37A114-702F-4055-A4B6-16571D4A5353}) (Version: 3.25.2001.0 - Acer Incorporated)
App Explorer (HKU\S-1-5-21-4275039916-1012894010-1994300426-1001\...\Host App Service) (Version: - SweetLabs)
Apple Software Update (HKLM\...\{52D87F32-70E4-4348-8148-C0B9F35B1314}) (Version: - Apple Inc.)
Avast Free Antivirus (HKLM\...\Avast Antivirus) (Version: 17.8.2318 - AVAST Software)
CCleaner (HKLM\...\CCleaner) (Version: 5.30 - Piriform)
Cisco EAP-FAST Module (HKLM\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
Dashlane Upgrade Service (HKLM\...\Dashlane Upgrade Service) (Version: - Dashlane, Inc.)
Intel(R) Processor Graphics (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: - Intel Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
OpenOffice 4.1.3 (HKLM\...\{EEA30AEB-8BA7-465B-85D4-098BB99733E7}) (Version: 4.13.9783 - Apache Software Foundation)
REALTEK Bluetooth (HKLM\...\{192979A0-37F4-4703-B1BB-62052142CE44}) (Version: - REALTEK Semiconductor Corp.) Hidden
REALTEK Bluetooth (HKLM\...\InstallShield_{192979A0-37F4-4703-B1BB-62052142CE44}) (Version: - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM\...\{33AABC60-A52F-41FF-B2B9-17321240CD5}) (Version: 1.00.0282 - REALTEK Semiconductor Corp.)
SafeZone Stable 4.58.2552.909 (HKLM\...\SafeZone 4.58.2552.909) (Version: 4.58.2552.909 - Avast Software) Hidden
Specialty Course Instructor Guides - Deutsch (German) (HKLM\...\{DDE85DF9-8A54-4525-8C55-81E975F89094}) (Version: 1.00.0000 - PADI)
Specialty Course Instructor Guides - English (HKLM\...\{6CCB3DA7-9797-46E5-989A-86B972AC5095}) (Version: 1.00.0000 - PADI)
Specialty Course Instructor Guides - Français (French) (HKLM\...\{9169E405-6842-498B-9EFA-F1BC1B759A2B}) (Version: 1.00.0000 - PADI)
Specialty Course Instructor Guides - Italiano (Italian) (HKLM\...\{D5179D03-DCBC-4FB2-9C9C-993EC27E7113}) (Version: 1.00.0000 - PADI)
UpdateAssistant (HKLM\...\{B7AFAF92-D1C8-49A0-B34A-B5DAF9C9D5C6}) (Version: - Microsoft Corporation) Hidden
VLC media player (HKLM\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Windows 10 Update Assistant (HKLM\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22334 - Microsoft Corporation)
Windows Driver Package - Kionix (WUDFRd) Sensor (07/30/2015 (HKLM\...\382C168E514F6CE64FDCF21159DD6ECEC5449121) (Version: 07/30/2015 - Kionix)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-4275039916-1012894010-1994300426-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\Rob\AppData\Local\Microsoft\OneDrive\17.3.7131.1115\FileSyncShell.dll => No File
CustomCLSID: HKU\S-1-5-21-4275039916-1012894010-1994300426-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\Rob\AppData\Local\Microsoft\OneDrive\17.3.7131.1115\FileSyncShell.dll => No File
CustomCLSID: HKU\S-1-5-21-4275039916-1012894010-1994300426-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-4275039916-1012894010-1994300426-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\Rob\AppData\Local\Microsoft\OneDrive\17.3.7131.1115\FileSyncShell.dll => No File
ShellIconOverlayIdentifiers: [ ACloudSynced] -> {5CCE71FA-9F61-4F24-9CD1-98D819B40D68} => C:\Program Files\Acer\shellext\Win32\shellext_win.dll [2017-10-02] (Acer Incorporated)
ShellIconOverlayIdentifiers: [ ACloudSyncing] -> {C1E1456F-C2D8-4C96-870D-35F1E13941EE} => C:\Program Files\Acer\shellext\Win32\shellext_win.dll [2017-10-02] (Acer Incorporated)
ShellIconOverlayIdentifiers: [ ACloudToBeSynced] -> {307523FA-DDC0-4068-983F-2A6B34627744} => C:\Program Files\Acer\shellext\Win32\shellext_win.dll [2017-10-02] (Acer Incorporated)
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2017-11-26] (AVAST Software)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2017-11-26] (AVAST Software)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2017-11-26] (AVAST Software)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\Windows\system32\igfxDTCM.dll [2016-05-03] (Intel Corporation)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2017-11-26] (AVAST Software)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {14ABC15F-193D-4570-B7F5-EBE7A7EFF7D9} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe
Task: {20FEECA9-C82E-4AD2-A372-0689F8EABC26} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2017-03-30] (Adobe Systems Incorporated)
Task: {25C6FC70-5456-4515-9242-81EB1293647E} - System32\Tasks\AcerCloud => C:\Program Files\Acer\Acer Portal\AcerPortal.exe [2017-10-02] (Acer)
Task: {3C813A19-B2C2-4011-B94D-771A2F225884} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-09-27] (Adobe Systems Incorporated)
Task: {41179EFD-079F-4423-B7E2-DE8D7F30F52A} - System32\Tasks\ACC => C:\Program Files\Acer\Care Center\LiveUpdateChecker.exe [2017-05-24] ()
Task: {510F9981-5CFB-42B7-9256-1C77AAFE65CE} - System32\Tasks\Software Update Application => C:\ProgramData\OEM\UpgradeTool\ListCheck.exe [2016-01-21] (Acer Incorporated)
Task: {567859F0-3034-4CC5-AED0-D708E747FFD5} - System32\Tasks\AcerCMUpdateTask2.1.16258 => C:\Program Files\Acer\Amundsen\2.1.16258\AWC.exe
Task: {5CFA93F7-A3C1-4DC5-B19E-F30F07BCD055} - System32\Tasks\BacKGroundAgent => C:\Program Files\Acer\AOP Framework\BackgroundAgent.exe [2017-03-20] (Acer Incorporated)
Task: {6BCDC9BF-729D-4B26-9E5F-174E548F3002} - System32\Tasks\SafeZone scheduled Autoupdate 1487601418 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2017-08-04] (Avast Software)
Task: {A5145477-A386-4311-9DE0-8904D6F03B69} - System32\Tasks\CareCenter\iCloudServices_Reg_HKCURun_S-1-5-21-4275039916-1012894010-1994300426-1001 => C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
Task: {AB9B95AD-9904-49CE-984A-A38EBDAE49BA} - System32\Tasks\DashlaneUpgradeCheck => net [Argument = start "Dashlane Upgrade Service"]
Task: {B3E92182-10CF-4198-9119-E413585593C7} - System32\Tasks\ACCAgent => C:\Program Files\Acer\Care Center\LiveUpdateAgent.exe [2016-01-21] ()
Task: {B4321643-7D7B-484D-8A10-0A1ACBF8AFCB} - System32\Tasks\App Explorer => C:\Users\Rob\AppData\Local\Host App Service\Engine\HostAppServiceUpdater.exe [2017-12-06] (SweetLabs, Inc) <==== ATTENTION
Task: {D0BEF5BA-20D3-434B-A2A8-3860C780EA71} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2017-11-26] (AVAST Software)
Task: {E05F5AF5-607D-4A81-822F-5DC10EDA28BE} - System32\Tasks\ACCBackgroundApplication => C:\Program Files\Acer\Care Center\ACCStd.exe [2017-05-24] ()
Task: {F4B2B78F-4B89-49DB-997D-6C6FCEEE44BF} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2017-02-14] (Apple Inc.)
Task: {FBCFCD99-9DD9-4514-871B-0EEA14989585} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-05-20] (Piriform Ltd)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\Public\Desktop\Agoda.lnk -> C:\ProgramData\OEM_Agoda\StartURL.exe () -> hxxp://www.agoda.com/th-th?cid=1630096

==================== Loaded Modules (Whitelisted) ==============

2016-10-07 12:16 - 2015-05-29 01:06 - 000144600 _____ () C:\Program Files\REALTEK\REALTEK Bluetooth\BTDevMgr.exe
2015-10-30 12:44 - 2015-10-30 12:44 - 000149504 _____ () C:\Windows\SYSTEM32\ism32k.dll
2017-09-22 02:40 - 2017-09-05 14:19 - 001862008 _____ () C:\Windows\system32\CoreUIComponents.dll
2016-04-29 09:05 - 2015-05-09 00:41 - 000090368 _____ () C:\Program Files\Acer\clear.fi plug-in\Clearfishellext.dll
2017-11-26 21:24 - 2017-11-26 21:24 - 000059040 _____ () C:\Program Files\AVAST Software\Avast\module_lifetime.dll
2016-02-13 18:58 - 2016-02-13 18:58 - 000070656 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2017-01-30 12:27 - 2016-07-01 10:31 - 000316416 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2017-03-15 09:41 - 2017-03-04 10:21 - 005340672 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-03-15 09:41 - 2017-03-04 10:18 - 000471552 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-09-22 02:40 - 2017-09-05 10:32 - 002366976 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-09-22 02:40 - 2017-09-05 10:35 - 002656768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-10-07 12:37 - 2015-07-02 15:58 - 000047616 _____ () C:\OEM\FixLockkeyAP\InputDetect.exe
2017-11-26 21:24 - 2017-11-26 21:24 - 000167096 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2017-11-26 21:25 - 2017-11-26 21:25 - 067109376 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2017-11-26 21:24 - 2017-11-26 21:24 - 000237808 _____ () C:\Program Files\AVAST Software\Avast\event_routing_rpc.dll
2017-11-26 21:24 - 2017-11-26 21:24 - 000244584 _____ () C:\Program Files\AVAST Software\Avast\tasks_core.dll
2017-11-26 21:24 - 2017-11-26 21:24 - 000235816 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll
2018-01-03 11:39 - 2018-01-03 11:39 - 005767312 _____ () C:\Program Files\AVAST Software\Avast\defs\18010202\algo.dll
2017-09-22 15:14 - 2017-09-22 15:14 - 000202528 _____ () C:\Program Files\Acer\abPhoto\curllib.dll
2017-09-22 15:17 - 2017-09-22 15:17 - 000654072 _____ () C:\Program Files\Acer\abPhoto\sqlite3.dll
2017-09-22 15:17 - 2017-09-22 15:17 - 000641312 _____ () C:\Program Files\Acer\abPhoto\tag.dll
2017-09-22 15:16 - 2017-09-22 15:16 - 000119072 _____ () C:\Program Files\Acer\abPhoto\OpenLDAP.dll
2017-11-27 21:20 - 2017-11-27 21:20 - 000015064 _____ () C:\Windows\assembly\GAC_MSIL\MyService\\MyService.dll
2017-03-20 14:24 - 2017-03-20 14:24 - 000013016 _____ () C:\Program Files\Acer\AOP Framework\ServiceInterface.dll
2017-03-20 14:21 - 2017-03-20 14:21 - 000277856 _____ () C:\Program Files\Acer\AOP Framework\libcurl.dll
2017-10-02 14:56 - 2017-10-02 14:56 - 000202456 _____ () C:\Program Files\Acer\Acer Portal\curllib.dll
2017-10-02 14:56 - 2017-10-02 14:56 - 000119000 _____ () C:\Program Files\Acer\Acer Portal\OpenLDAP.dll
2017-01-29 15:56 - 2017-01-29 15:57 - 000144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2017-01-29 15:56 - 2017-01-29 15:57 - 000141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2017-01-29 15:56 - 2017-01-29 15:58 - 022284800 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkyWrap.dll
2017-05-24 20:13 - 2017-05-24 20:13 - 004645168 _____ () C:\Program Files\Acer\Care Center\ACCStd.exe
2017-07-21 19:49 - 2017-07-21 19:49 - 014625792 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.17062.12911.0_x86__8wekyb3d8bbwe\Video.UI.exe
2017-07-21 19:49 - 2017-07-21 19:49 - 006479872 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.17062.12911.0_x86__8wekyb3d8bbwe\EntCommon.dll
2017-07-15 17:02 - 2017-07-15 17:14 - 002849192 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.17062.12911.0_x86__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iaioi2ce.sys => ""="Driver"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\.DEFAULT\...\amazon.cn -> hxxps://amazon.cn
IE trusted site: HKU\.DEFAULT\...\amazon.com -> amazon.com

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-10-30 12:48 - 2015-10-30 12:47 - 000000824 _____ C:\Windows\system32\Drivers\etc\hosts

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-4275039916-1012894010-1994300426-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Rob\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackground\{43359653-5ee1-4a6e-abf5-7e03100da1d2}.JPG
DNS Servers:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{82352A62-8149-43B0-8D5D-BFA38684429B}] => (Allow) C:\Program Files\Acer\AOP Framework\acer\ccd.exe
FirewallRules: [{9821E879-67BC-4013-A2FC-17BED2F0B6FB}] => (Allow) C:\Program Files\Acer\AOP Framework\acer\ccd.exe
FirewallRules: [{BF7E755C-817E-46A3-BA44-055B2968912C}] => (Allow) C:\Program Files\Acer\abPhoto\DMCDaemon.exe
FirewallRules: [{7ABAB0AD-F744-46BA-9953-F8A4470668D5}] => (Allow) C:\Program Files\Acer\abPhoto\DMCDaemon.exe
FirewallRules: [{8CACD061-A74C-446C-A8B9-57133DD8277C}] => (Allow) C:\Program Files\Acer\abPhoto\WindowsUpnp.exe
FirewallRules: [{14F8F78A-35BB-4F38-8D91-43FF566C1760}] => (Allow) C:\Program Files\Acer\abPhoto\WindowsUpnp.exe
FirewallRules: [{A44EBB13-E232-4CC1-8636-F7904D2785C1}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.607_0\SZBrowser.exe
FirewallRules: [{23E2FA2E-8241-49BB-A214-442D730CE648}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\4.58.2552.909\SZBrowser.exe

==================== Restore Points =========================

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
Error: (01/03/2018 05:47:00 PM) (Source: ESENT) (EventID: 104) (User: )
Description: svchost (1360) SRUJet: The database engine stopped the instance (0) with error (-1092).

Internal Timing Sequence: [1] 0.000, [2] 0.000, [3] 0.000, [4] 0.000, [5] 0.000, [6] 0.110, [7] 0.000, [8] 0.000, [9] 0.000, [10] 0.000, [11] 0.000, [12] 0.000, [13] 0.000, [14] 0.000, [15] 0.000.

Error: (01/03/2018 05:25:00 PM) (Source: ESENT) (EventID: 492) (User: )
Description: svchost (1360) SRUJet: The logfile sequence in "C:\Windows\system32\SRU\" has been halted due to a fatal error. No further updates are possible for the databases that use this logfile sequence. Please correct the problem and restart or restore from backup.

Error: (01/03/2018 05:25:00 PM) (Source: ESENT) (EventID: 471) (User: )
Description: svchost (1360) SRUJet: Unable to rollback operation #473 on database C:\Windows\system32\SRU\SRUDB.dat. Error: -529. All future database updates will be rejected.

Error: (01/03/2018 05:25:00 PM) (Source: ESENT) (EventID: 418) (User: )
Description: svchost (1360) SRUJet: Error -529 (0xfffffdef) occurred while opening a newly-created logfile C:\Windows\system32\SRU\SRU.log.

Error: (01/03/2018 05:25:00 PM) (Source: ESENT) (EventID: 413) (User: )
Description: svchost (1360) SRUJet: Unable to create a new logfile because the database cannot write to the log drive. The drive may be read-only, out of disk space, misconfigured, or corrupted. Error -529.

Error: (01/03/2018 05:04:06 PM) (Source: ESENT) (EventID: 454) (User: )
Description: wuaueng.dll (1156) SUS20ClientDataStore: Database recovery/restore failed with unexpected error -510.

Error: (01/03/2018 05:04:06 PM) (Source: ESENT) (EventID: 492) (User: )
Description: wuaueng.dll (1156) SUS20ClientDataStore: The logfile sequence in "C:\Windows\SoftwareDistribution\DataStore\Logs\" has been halted due to a fatal error. No further updates are possible for the databases that use this logfile sequence. Please correct the problem and restart or restore from backup.

Error: (01/03/2018 05:04:06 PM) (Source: ESENT) (EventID: 418) (User: )
Description: wuaueng.dll (1156) SUS20ClientDataStore: Error -529 (0xfffffdef) occurred while opening a newly-created logfile C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log.

Error: (01/03/2018 05:04:06 PM) (Source: ESENT) (EventID: 413) (User: )
Description: wuaueng.dll (1156) SUS20ClientDataStore: Unable to create a new logfile because the database cannot write to the log drive. The drive may be read-only, out of disk space, misconfigured, or corrupted. Error -529.

Error: (01/03/2018 05:04:06 PM) (Source: ESENT) (EventID: 482) (User: )
Description: wuaueng.dll (1156) SUS20ClientDataStore: An attempt to write to the file "C:\Windows\SoftwareDistribution\DataStore\Logs\edbtmp.log" at offset 1310720 (0x0000000000140000) for 0 (0x00000000) bytes failed after 0.000 seconds with system error 112 (0x00000070): "There is not enough space on the disk. ". The write operation will fail with error -1808 (0xfffff8f0). If this error persists then the file may be damaged and may need to be restored from a previous backup.

System errors:
Error: (01/03/2018 06:18:17 PM) (Source: disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR12.

Error: (01/03/2018 06:18:17 PM) (Source: disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR12.

Error: (01/03/2018 06:18:17 PM) (Source: disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR12.

Error: (01/03/2018 06:18:17 PM) (Source: disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR12.

Error: (01/03/2018 06:18:17 PM) (Source: disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR12.

Error: (01/03/2018 05:49:00 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WSearch service.

Error: (01/03/2018 03:58:35 PM) (Source: volsnap) (EventID: 35) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage failed to grow.

Error: (01/03/2018 03:56:52 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80240020: Feature update to Windows 10, version 1709.

Error: (01/03/2018 03:56:43 PM) (Source: volsnap) (EventID: 35) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage failed to grow.

Error: (01/03/2018 03:54:38 PM) (Source: volsnap) (EventID: 35) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage failed to grow.

Date: 2017-11-26 21:01:50.751
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-11-19 10:45:47.200
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-09-25 07:09:42.408
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-09-24 20:04:34.836
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-09-24 19:33:47.084
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-09-22 02:22:50.336
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-08-22 10:41:39.309
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-08-16 20:05:09.446
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-08-16 15:53:45.255
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-08-16 15:48:47.244
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: Intel(R) Atom(TM) CPU Z3735F @ 1.33GHz
Percentage of memory in use: 90%
Total physical RAM: 1986.93 MB
Available physical RAM: 196.88 MB
Total Virtual: 4612.68 MB
Available Virtual: 1481.68 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:28.01 GB) (Free:1.02 GB) NTFS
Drive e: (Data) (Fixed) (Total:465.76 GB) (Free:417.06 GB) NTFS

==================== MBR & Partition Table ==================

Disk: 0 (Size: 29.1 GB) (Disk ID: 6CBCB939)

Partition: GPT.

Disk: 1 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: B17188E1)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================
Re: Avast ???? suspicious msg mkII

Unread postby mAL_rEm018 » January 8th, 2018, 5:16 pm

Hello Tigerseal,

My apologies for the delay in getting to your topic. If you still need help, please post a frest set of FRST logs..

  • Right-click on FRST64.exe and select Run as administrator.
  • The tool might update. Please allow it to do so.
  • Select Scan.
  • When the scan is over two windows will open, FRST.txt and Addition.txt.
  • Please post the contents of both logs in your next reply.

If you don't require help anymore, I would be grateful if you could let me know, so that I can close this topic.

Posts: 2692
Joined: November 11th, 2013, 6:26 pm
Location: Saint-Petersburg, Russia

Re: Avast ???? suspicious msg mkII

Unread postby mAL_rEm018 » January 11th, 2018, 9:38 pm

Due to a lack of response, this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.
