Avast has been sending a message that a file in my Western Digital folder is bad. I say yes to delete and it recommends a full boot scan. There was also something about a rootkit in the message. I did the boot scan and didn’t show any problems. Then a little while later I get the same Avast message about a bad file.

I ran AdwCleaner and this is the log, Please advise as to what my next step should be, I didn’t select CLEAN on the AdwCleaner yet

AdwCleaner v3.006 - Report created 08/10/2013 at 11:53:37

Updated 01/10/2013 by Xplode

Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)

Username : Melissa - MELISSA-PC

Running from : C:\Users\Melissa\Documents\adwcleaner.exe

Option : Scan

***** [ Services ] *****

***** [ Files / Folders ] *****

File Found : C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml
Folder Found : C:\Users\Melissa\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Folder Found C:\Program Files (x86)\AVG Secure Search
Folder Found C:\Program Files (x86)\Common Files\AVG Secure Search
Folder Found C:\ProgramData\AVG Secure Search
Folder Found C:\Users\Melissa\AppData\Local\AVG Secure Search
Folder Found C:\Users\Melissa\AppData\LocalLow\AVG Secure Search
Folder Found C:\Users\Melissa\AppData\Roaming\pdfforge

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Found : HKCU\Software\AVG Secure Search
Key Found : HKCU\Software\IGearSettings
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKCU\Software\YahooPartnerToolbar
Key Found : [x64] HKCU\Software\AVG Secure Search
Key Found : [x64] HKCU\Software\IGearSettings
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : [x64] HKCU\Software\YahooPartnerToolbar
Key Found : HKLM\Software\AVG Secure Search
Key Found : HKLM\Software\AVG Security Toolbar
Key Found : HKLM\SOFTWARE\Classes\AppID{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Found : HKLM\SOFTWARE\Classes\AppID{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Found : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Found : HKLM\SOFTWARE\Classes\CLSID{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\CLSID{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Found : HKLM\SOFTWARE\Classes\CLSID{94496571-6AC5-4836-82D5-D46260C44B17}
Key Found : HKLM\SOFTWARE\Classes\CLSID{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\SOFTWARE\Classes\CLSID{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Found : HKLM\SOFTWARE\Classes\CLSID{BC9FD17D-30F6-4464-9E53-596A90AFF023}
Key Found : HKLM\SOFTWARE\Classes\CLSID{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Found : HKLM\SOFTWARE\Classes\CLSID{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Found : HKLM\SOFTWARE\Classes\CLSID{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Classes\CLSID{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Classes\Interface{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\Interface{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\Interface{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Found : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Key Found : HKLM\SOFTWARE\Classes\S
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Found : HKLM\SOFTWARE\Classes\TypeLib{13ABD093-D46F-40DF-A608-47E162EC799D}
Key Found : HKLM\SOFTWARE\Classes\TypeLib{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Found : HKLM\SOFTWARE\Classes\TypeLib{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKLM\SOFTWARE\Classes\TypeLib{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
Key Found : HKLM\SOFTWARE\MozillaPlugins@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy{F25AF245-4A81-40DC-92F9-E9021F207706}
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]

***** [ Browsers ] *****

-\ Internet Explorer v10.0.9200.16686

-\ Mozilla Firefox v24.0 (en-US)

[ File : C:\Users\Melissa\AppData\Roaming\Mozilla\Firefox\Profiles\m5bctxuu.default\prefs.js ]

Line Found : user_pref(“avg.install.installDirPath”, “C:\ProgramData\AVG Secure Search\11.1.0.12”);
Line Found : user_pref(“keyword.URL”, "hxxp://isearch.avg.com/search?cid={7AA4F1BF-C4CC-4A86-974A-CA1BDE7AE1C9}&mid=9f032a4fa92b4b8d962608a2e329d6c9-524a06f8de403a3de46443fcc4e208ae9faf917c&lang=en&ds=hk011&pr=sa&[…]

-\ Google Chrome v30.0.1599.69

[ File : C:\Users\Melissa\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Found : urls_to_restore_on_startup

AdwCleaner[R0].txt - [6979 octets] - [08/10/2013 11:44:28]
AdwCleaner[R1].txt - [6863 octets] - [08/10/2013 11:53:37]

########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [6923 octets] ##########

Please rerun AdwCleaner and press Clean that time to remove this.

Then can you attach a screenshot of the warning if possible?

If you want a check by an malware expert and follow this guide and attach the logs. http://forum.avast.com/index.php?topic=53253.0

Under the answer box is an option to attach the files (Attachments and other options) please use this to attach the logs.

Attaching Screen capture of error.

Ran AdwCleaner and ran Clean.

I also ran Malwarebytes, didn’t find anything.
Ran OTL and I’ll include the logs here. Did not run Clean up on this one, should I?

Thank you for any help.

Please wait for an malware remover which will give you further instructions.

It can take some time till one arrives.

Magna86 is notified.

He will help you.

Thank You!

running OTL clean up will remove the program, so dont do that …yet.

Hi,
Regarding tho the first image…
Windows Services running under name “WDDMService” is related to Western Digital mounts as a virtual CD (every time the drive is mounted). Detections is FP.

Regarding the second image, whatever Avast detects, it suggest for preforming boot time scan because then, avast is the most powerfull.

AdwCleaner has just faund some adware related files. Nothing too important.

Multiple Antivirus Programs
=> OTL tells me you are running AVG and AVAST AV.

Running - more than one - antivirus program is not recommended because:

[*]They can conflict with each other.
[*]Report the other antivirus software as malicious.
[*]Antivirus programs use an enormous amount of computer’s resources… actively scanning your computer.
[*]Can cause your computer to become unstable…run slowly and even, in rare cases, BSOD crash…etc
I strongly suggest you uninstall one of them. Which one, is your decision.

Next download related removal tool, run it to remove posible leftovers.
http://singularlabs.com/uninstallers/security-software/

Default URL for IE and Chrome are set for search.comcast.net. You can set back to default using browser settings.

Posted logs doesn’t show traces of malware activities. You may run additional check for junk removal ( help for AdwCleaner ) using JRT tool.

http://imageshack.us/a/img841/7292/thisisujrt.gif
Please download Junkware Removal Tool to your desktop.

[]Shut down your protection software now to avoid potential conflicts.
[]Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select “Run as Administrator”.
[]The tool will open and start scanning your system.
[]Please be patient as this can take a while to complete depending on your system’s specifications.
[*]On completion, a log (JRT.txt) is saved to your desktop and will automatically open.

You may use OTL’s CleanUp! button to remove all used tools.
You will be asked to reboot the machine to finish the cleanup process, choose Yes.
After the reboot all the tools we used should be gone.
Note: Some more recently created tools may not yet be removed by OTL. Feel free to manually delete any tools it leaves behind.

=======================================

This is not the case for me. This is a job for the avast team. It is necessary to report the detection as FP or wait for someone from the avast team for review.

Cheers.

Thanks for the reply… but I don’t know what the acronym FP is? Please clarify.

False positive, a file which is clean but reported as malware

Thanks again!