Jump to content

dominoman

Members
  • Posts

    17
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Thanks. A couple of days ago I uninstalled Google Drive, as I noticed that whenever that was scanning files was when the AVG Virus checker alert came up. Do you think there may be a connection there? I haven't had any virus alert since I uninstalled Google Drive.
  2. OK. Thanks. I will do that. Are you able to recommend an alternative to AVG, ideally cheap or free? I uninstalled Google Chrome and Firefox entirely a couple of days ago and the same Virus warnings still appear.
  3. Thanks. I've been thinking back to the time when I got the virus to see if there is anything I installed or did that could have caused it. The only software I ran around that time was a McAfee "patch" to allow me to upgrade to Windows 10, as it was hanging with a white screen. I found the patch on a Microsoft forum and it looked genuine and came from the real McAfee site, but I now think perhaps it wasn't, because the person posting it has been posting it many times on many different places. That makes me suspicious. The thing I installed was from a forum here: http://answers.microsoft.com/en-us/windows/forum/windows_10-win_upgrade/get-windows-10-window-is-blank/17f4dbec-f6a5-460a-87fe-870c9354f80a?auth=1 I followed this post: That reply has been posted many times now, with identical text. Do you think this could be the source of the problem?
  4. Hi - The virus message came back, around 20 mins after I did the full reset of all the browsers. I wasn't even using a browser at the time. I've now uninstalled Chrome and Firefox so am just left with Microsoft Edge, which I never normally use.
  5. Thanks. I've done all that. Will watch and see over the next couple of days.
  6. Oh no. It's still there even after that fix. Ten minutes later this appeared:
  7. Hi - I ran it again (with Admin access) and this time it did seem to run through lots of actions, and at the end it asked for a reboot (which I did). This is the new log file: Fix result of Farbar Recovery Scan Tool (x64) Version:30-11-2015Ran by Mike (2015-11-30 22:44:43) Run:2Running from G:\Mike\DownloadsLoaded Profiles: Mike & Eli & Mcx1-MIKE-HP (Available Profiles: Mike & Eli & Mcx1-MIKE-HP & DefaultAppPool)Boot Mode: Normal============================================== fixlist content:*****************StartCreateRestorePoint:CloseProcesses:HKU\S-1-5-21-722469699-1757417711-2172558454-1007\...\Winlogon: [shell] C:\Windows\eHome\McrMgr.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnkBootExecute: autocheck autochk * sdnclean64.exeHosts:HKU\S-1-5-21-722469699-1757417711-2172558454-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.goldstart.co.uk/adv/goldAndSilver.htmHKU\S-1-5-21-722469699-1757417711-2172558454-1003\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPDSK/2HKU\S-1-5-21-722469699-1757417711-2172558454-1003\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ieHKU\S-1-5-21-722469699-1757417711-2172558454-1007\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPDSK/2HKU\S-1-5-21-722469699-1757417711-2172558454-1007\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://g.uk.msn.com/HPDSK/2HKU\S-1-5-21-722469699-1757417711-2172558454-1007\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPDSK/2SearchScopes: HKLM -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPDTDFSearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDFSearchScopes: HKLM -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}SearchScopes: HKLM -> {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = hxxp://rover.ebay.com/rover/1/710-111095-2958-0/4?satitle={searchTerms}&mfe=DesktopsSearchScopes: HKLM -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBoxSearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDFSearchScopes: HKLM-x32 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}SearchScopes: HKLM-x32 -> {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = hxxp://rover.ebay.com/rover/1/710-111095-2958-0/4?satitle={searchTerms}&mfe=DesktopsSearchScopes: HKLM-x32 -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBoxSearchScopes: HKU\S-1-5-21-722469699-1757417711-2172558454-1001 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = SearchScopes: HKU\S-1-5-21-722469699-1757417711-2172558454-1003 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = SearchScopes: HKU\S-1-5-21-722469699-1757417711-2172558454-1003 -> {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = SearchScopes: HKU\S-1-5-21-722469699-1757417711-2172558454-1003 -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-02-06] (Oracle Corporation)BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-06] (Oracle Corporation)CHR StartupUrls: Default -> "hxxp://www.gumtree.com/search?property_type=house&seller_type=private&min_beds=3&max_beds=&min_price=370%2C000&max_price=600%2C000&q=&search_location=South+East+London&category=local-property-for-sale&search_scope=title","hxxps://www.google.co.uk/webhp?source=search_app&gws_rd=cr","hxxp://www.google.com/"C:\Users\Eli\AppData\Local\Temp\avguirn_0861469464.exeC:\Users\Mike\AppData\Local\Temp\avguirn_081216781173.exeC:\Users\Mike\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpcagg_a.dllC:\Users\Mike\AppData\Local\Temp\SkypeSetup.exeC:\Users\Mike\AppData\Local\Temp\sqlite3.dllEmptyTemp:CMD: bitsadmin /reset /allusersEmptyTemp:Reboot: ***************** Restore point was successfully created.Processes closed successfully.HKU\S-1-5-21-722469699-1757417711-2172558454-1007\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => value not found."C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk" => not found.hklm\System\CurrentControlSet\Control\Session Manager\\BootExecute => value restored successfullyC:\Windows\System32\Drivers\etc\hosts => moved successfullyHosts restored successfully.HKU\S-1-5-21-722469699-1757417711-2172558454-1001\Software\Microsoft\Internet Explorer\Main\\Secondary Start Pages => value removed successfullyHKU\S-1-5-21-722469699-1757417711-2172558454-1003\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfullyHKU\S-1-5-21-722469699-1757417711-2172558454-1003\Software\Microsoft\Internet Explorer\Main\\Search Bar => value removed successfullyHKU\S-1-5-21-722469699-1757417711-2172558454-1007\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfullyHKU\S-1-5-21-722469699-1757417711-2172558454-1007\Software\Microsoft\Internet Explorer\Main\\First Home Page => value removed successfullyHKU\S-1-5-21-722469699-1757417711-2172558454-1007\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}" => key removed successfullyHKCR\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827} => key not found. "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}" => key removed successfullyHKCR\CLSID\{b7fca997-d0fb-4fe0-8afd-255e89cf9671} => key not found. "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}" => key removed successfullyHKCR\CLSID\{d43b3890-80c7-4010-a95d-1e77b5924dc3} => key not found. "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{d944bb61-2e34-4dbf-a683-47e505c587dc}" => key removed successfullyHKCR\CLSID\{d944bb61-2e34-4dbf-a683-47e505c587dc} => key not found. "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}" => key removed successfullyHKCR\CLSID\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43} => key not found. "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}" => key removed successfullyHKCR\Wow6432Node\CLSID\{b7fca997-d0fb-4fe0-8afd-255e89cf9671} => key not found. "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}" => key removed successfullyHKCR\Wow6432Node\CLSID\{d43b3890-80c7-4010-a95d-1e77b5924dc3} => key not found. "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{d944bb61-2e34-4dbf-a683-47e505c587dc}" => key removed successfullyHKCR\Wow6432Node\CLSID\{d944bb61-2e34-4dbf-a683-47e505c587dc} => key not found. "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}" => key removed successfullyHKCR\Wow6432Node\CLSID\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43} => key not found. HKU\S-1-5-21-722469699-1757417711-2172558454-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully"HKU\S-1-5-21-722469699-1757417711-2172558454-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}" => key removed successfullyHKCR\CLSID\{d43b3890-80c7-4010-a95d-1e77b5924dc3} => key not found. "HKU\S-1-5-21-722469699-1757417711-2172558454-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{d944bb61-2e34-4dbf-a683-47e505c587dc}" => key removed successfullyHKCR\CLSID\{d944bb61-2e34-4dbf-a683-47e505c587dc} => key not found. "HKU\S-1-5-21-722469699-1757417711-2172558454-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}" => key removed successfullyHKCR\CLSID\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43} => key not found. "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}" => key removed successfully"HKCR\Wow6432Node\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}" => key removed successfully"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => key removed successfully"HKCR\Wow6432Node\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => key removed successfullyChrome StartupUrls => removed successfullyC:\Users\Eli\AppData\Local\Temp\avguirn_0861469464.exe => moved successfullyC:\Users\Mike\AppData\Local\Temp\avguirn_081216781173.exe => moved successfully"C:\Users\Mike\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpcagg_a.dll" => not found.C:\Users\Mike\AppData\Local\Temp\SkypeSetup.exe => moved successfullyC:\Users\Mike\AppData\Local\Temp\sqlite3.dll => moved successfully ========= bitsadmin /reset /allusers ========= BITSADMIN version 3.0 [ 7.8.10240 ]BITS administration utility.© Copyright 2000-2006 Microsoft Corp. BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets. Unable to cancel {72817C85-C68C-4B5F-97E9-54BB24743D5F}.{937ECB49-D32E-4B0C-AC53-51C74C52833E} canceled.1 out of 2 jobs canceled. ========= End of CMD: ========= EmptyTemp: => 3.7 GB temporary data Removed. The system needed a reboot. ==== End of Fixlog 22:49:27 ====
  8. Thanks! I ran that script. I waited a while and the PC didn't reboot. This is the Fixlog.txt file: Fix result of Farbar Recovery Scan Tool (x64) Version:30-11-2015Ran by Mike (2015-11-30 22:35:53) Run:1Running from G:\Mike\DocumentsLoaded Profiles: Mike & Eli & Mcx1-MIKE-HP (Available Profiles: Mike & Eli & Mcx1-MIKE-HP & DefaultAppPool)Boot Mode: Normal============================================== fixlist content:*****************StartCreateRestorePoint:CloseProcesses:HKU\S-1-5-21-722469699-1757417711-2172558454-1007\...\Winlogon: [shell] C:\Windows\eHome\McrMgr.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnkBootExecute: autocheck autochk * sdnclean64.exeHosts:HKU\S-1-5-21-722469699-1757417711-2172558454-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.goldstart.co.uk/adv/goldAndSilver.htmHKU\S-1-5-21-722469699-1757417711-2172558454-1003\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPDSK/2HKU\S-1-5-21-722469699-1757417711-2172558454-1003\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ieHKU\S-1-5-21-722469699-1757417711-2172558454-1007\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPDSK/2HKU\S-1-5-21-722469699-1757417711-2172558454-1007\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://g.uk.msn.com/HPDSK/2HKU\S-1-5-21-722469699-1757417711-2172558454-1007\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPDSK/2SearchScopes: HKLM -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPDTDFSearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDFSearchScopes: HKLM -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}SearchScopes: HKLM -> {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = hxxp://rover.ebay.com/rover/1/710-111095-2958-0/4?satitle={searchTerms}&mfe=DesktopsSearchScopes: HKLM -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBoxSearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDFSearchScopes: HKLM-x32 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}SearchScopes: HKLM-x32 -> {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = hxxp://rover.ebay.com/rover/1/710-111095-2958-0/4?satitle={searchTerms}&mfe=DesktopsSearchScopes: HKLM-x32 -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBoxSearchScopes: HKU\S-1-5-21-722469699-1757417711-2172558454-1001 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = SearchScopes: HKU\S-1-5-21-722469699-1757417711-2172558454-1003 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = SearchScopes: HKU\S-1-5-21-722469699-1757417711-2172558454-1003 -> {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = SearchScopes: HKU\S-1-5-21-722469699-1757417711-2172558454-1003 -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-02-06] (Oracle Corporation)BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-06] (Oracle Corporation)CHR StartupUrls: Default -> "hxxp://www.gumtree.com/search?property_type=house&seller_type=private&min_beds=3&max_beds=&min_price=370%2C000&max_price=600%2C000&q=&search_location=South+East+London&category=local-property-for-sale&search_scope=title","hxxps://www.google.co.uk/webhp?source=search_app&gws_rd=cr","hxxp://www.google.com/"C:\Users\Eli\AppData\Local\Temp\avguirn_0861469464.exeC:\Users\Mike\AppData\Local\Temp\avguirn_081216781173.exeC:\Users\Mike\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpcagg_a.dllC:\Users\Mike\AppData\Local\Temp\SkypeSetup.exeC:\Users\Mike\AppData\Local\Temp\sqlite3.dllEmptyTemp:CMD: bitsadmin /reset /allusersEmptyTemp:Reboot: ***************** Restore point was successfully created.Processes closed successfully.HKU\S-1-5-21-722469699-1757417711-2172558454-1007\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => value removed successfullyC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk => moved successfullyhklm\System\CurrentControlSet\Control\Session Manager\\BootExecute => value restored successfullyC:\Windows\System32\Drivers\etc\hosts => moved successfullyHosts restored successfully.
  9. ESET.txt C:\Users\Mike\Google Drive\MySites\BankingGlossary\index.php PHP/Kryptik.AB trojanC:\Users\Mike\Google Drive\MySites\casino-choices\addlink.php PHP/Obfuscated.F potentially unwanted applicationC:\Users\Mike\Google Drive\MySites\casino-choices\admin.php PHP/Obfuscated.F potentially unwanted applicationC:\Users\Mike\Google Drive\MySites\firstpokertips\SiteForUpload\links\addlink.php PHP/Obfuscated.F potentially unwanted applicationC:\Users\Mike\Google Drive\MySites\firstpokertips\SiteForUpload\links\admin.php PHP/Obfuscated.F potentially unwanted applicationC:\Users\Mike\Google Drive\MySites\firstpokertips\SiteForUpload\links\links.php PHP/Obfuscated.F potentially unwanted applicationC:\Users\Mike\Google Drive\MySites\football\arsenal\wp-content\upd.php PHP/Agent.NAI trojanC:\Users\Mike\Google Drive\MySites\football\chelsea\addlink.php PHP/Obfuscated.F potentially unwanted applicationC:\Users\Mike\Google Drive\MySites\football\chelsea\admin.php PHP/Obfuscated.F potentially unwanted applicationC:\Users\Mike\Google Drive\MySites\football\chelsea\wp-content\themes\suffusion\index.php PHP/Kryptik.AB trojanC:\Users\Mike\Google Drive\MySites\GoldStart\SiteForUpload\wp-content\themes\suffusion\index.php PHP/Kryptik.AB trojanC:\Users\Mike\Google Drive\MySites\LinkMan Original files v 1.7 Powered By removed\addlink.php PHP/Obfuscated.F potentially unwanted applicationC:\Users\Mike\Google Drive\MySites\LinkMan Original files v 1.7 Powered By removed\admin.php PHP/Obfuscated.F potentially unwanted applicationC:\Users\Mike\Google Drive\MySites\mayer-roulette-strategy\Site for Upload\links\addlink.php PHP/Obfuscated.F potentially unwanted applicationC:\Users\Mike\Google Drive\MySites\mayer-roulette-strategy\Site for Upload\links\admin.php PHP/Obfuscated.F potentially unwanted applicationC:\Users\Mike\Google Drive\MySites\playhard\SiteForUpload\links\addlink.php PHP/Obfuscated.F potentially unwanted applicationC:\Users\Mike\Google Drive\MySites\playhard\SiteForUpload\links\admin.php PHP/Obfuscated.F potentially unwanted applicationC:\Users\Mike\Google Drive\MySites\playhard\SiteForUpload\links-old\admin.php PHP/Obfuscated.F potentially unwanted applicationC:\Users\Mike\Google Drive\MySites\playhard\SiteForUpload\links-old\LinkMan Original files v 1.7 Powered By removed\addlink.php PHP/Obfuscated.F potentially unwanted applicationC:\Users\Mike\Google Drive\MySites\universitygirls\Site for upload\index.php.txt PHP/Kryptik.AB trojanG:\Mike\Downloads\uTorrent_3-4-2-build-38913.exe a variant of Win32/OpenCandy.A potentially unsafe applicationG:\Mike\Music\annes 30th\Best of Hawaiian Music\Brandneue Musik legal, schnell und gratis downloaden.url LNK/Agent.CH trojanG:\Mike\Music\Usher - Here I Stand (2008)\07-usher-prayer_for_you_(interlude).mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan FRST.txtScan result of Farbar Recovery Scan Tool (FRST) (x64) Version:28-11-2015Ran by Mike (administrator) on MIKE-HP (29-11-2015 10:35:17)Running from G:\Mike\DownloadsLoaded Profiles: Mike & Eli & Mcx1-MIKE-HP (Available Profiles: Mike & Eli & Mcx1-MIKE-HP & DefaultAppPool)Platform: Windows 10 Home (X64) Language: English (United States)Internet Explorer Version 11 (Default browser: Edge)Boot Mode: NormalTutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe(AMD) C:\Windows\System32\atiesrxx.exe(AMD) C:\Windows\System32\atieclxx.exe(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgwdsvcx.exe(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe(Ralink Technology, Corp.) C:\Program Files (x86)\Ralink\Common\RaRegistry.exe(Ralink Technology, Corp.) C:\Program Files (x86)\Ralink\Common\RaRegistry64.exe(Microsoft Corporation) C:\Windows\System32\mqsvc.exe(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportInjService_x64.exe(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.15\GoogleCrashHandler.exe(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.15\GoogleCrashHandler64.exe(Microsoft Corporation) C:\Windows\System32\Speech_OneCore\Common\SpeechRuntime.exe(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportInjService_x64.exe(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe(Logitech, Inc.) C:\Program Files\Common Files\logishrd\KHAL3\KHALMNPR.exe(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.226\SSScheduler.exe(Mozy, Inc.) C:\Program Files\MozyHome\mozystat.exe(Dropbox, Inc.) C:\Users\Mike\AppData\Roaming\Dropbox\bin\Dropbox.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe(Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe() C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe() C:\Program Files (x86)\Common Files\logishrd\LQCVFX\COCIManager.exe(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\Receiver\Receiver.exe(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\redirector.exe(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\SelfServicePlugin\SelfServicePlugin.exe(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgui.exe(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe(Mozy, Inc.) C:\Program Files\MozyHome\mozybackup.exe(Mozy, Inc.) C:\Program Files\MozyHome\mozybackup.exe(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\ActionUriServer.exe(ESET) C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineScannerApp.exe(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgidsagent.exe(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgcsrva.exe(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgemca.exe(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgnsa.exe(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgrsa.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\SelfServicePlugin\SelfService.exe(Farbar) G:\Mike\Downloads\FRST64 (1).exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3100440 2014-05-19] (Logitech, Inc.)HKLM-x32\...\Run: [startCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-08-21] (Advanced Micro Devices, Inc.)HKLM-x32\...\Run: [Magic Desktop for HP notification] => C:\ProgramData\Easybits Magic Desktop for HP\mdhpSUN.exe [1258504 2013-12-27] (Easybits)HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [205336 2011-11-11] (Logitech Inc.)HKLM-x32\...\Run: [HP Remote Solution] => %ProgramFiles%\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exeHKLM-x32\...\Run: [bCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)HKLM-x32\...\Run: [AdobeCS4ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [611712 2008-08-14] (Adobe Systems Incorporated)HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [518496 2015-06-24] (Citrix Systems, Inc.)HKLM-x32\...\Run: [Redirector] => C:\Program Files (x86)\Citrix\ICA Client\redirector.exe [231776 2015-06-24] (Citrix Systems, Inc.)HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguix.exe [1136552 2015-11-12] (AVG Technologies CZ, s.r.o.)HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\Av\avgui.exe [3826600 2015-10-30] (AVG Technologies CZ, s.r.o.)Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)Winlogon\Notify\ScCertProp: wlnotify.dll [X]HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1HKU\S-1-5-21-722469699-1757417711-2172558454-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22568216 2015-10-12] (Google)HKU\S-1-5-21-722469699-1757417711-2172558454-1001\...\Run: [Dropbox Update] => C:\Users\Mike\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-19] (Dropbox, Inc.)HKU\S-1-5-21-722469699-1757417711-2172558454-1001\...\Run: [skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [48138880 2015-10-14] (Skype Technologies S.A.)HKU\S-1-5-21-722469699-1757417711-2172558454-1001\...\Run: [spybotPostWindows10UpgradeReInstall] => "C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe"HKU\S-1-5-21-722469699-1757417711-2172558454-1001\...\Run: [GoogleChromeAutoLaunch_A9A28D217F0AF6C0AE66A9006030A09A] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [811848 2015-11-07] (Google Inc.)HKU\S-1-5-21-722469699-1757417711-2172558454-1001\...\Policies\system: [DisableLockWorkstation] 0HKU\S-1-5-21-722469699-1757417711-2172558454-1001\...\Policies\system: [DisableChangePassword] 0HKU\S-1-5-21-722469699-1757417711-2172558454-1001\...\MountPoints2: {0cf0d44f-6b0c-11e0-b704-806e6f6e6963} - "E:\Install Navigator.exe" HKU\S-1-5-21-722469699-1757417711-2172558454-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [31232 2015-07-10] (Microsoft Corporation)HKU\S-1-5-21-722469699-1757417711-2172558454-1003\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22568216 2015-10-12] (Google)HKU\S-1-5-21-722469699-1757417711-2172558454-1007\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [517632 2015-07-10] (Microsoft Corporation)HKU\S-1-5-21-722469699-1757417711-2172558454-1007\...\Winlogon: [shell] C:\Windows\eHome\McrMgr.exe <==== ATTENTIONShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-10-12] (Google)ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-10-12] (Google)ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-10-12] (Google)ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mike\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-11-04] (Dropbox, Inc.)ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mike\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-11-04] (Dropbox, Inc.)ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mike\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-11-04] (Dropbox, Inc.)ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mike\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-11-04] (Dropbox, Inc.)ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => No FileShellIconOverlayIdentifiers: [mozy] -> {b32a6748-f273-4546-b60a-3c5adc239de5} => C:\Program Files\MozyHome\mozyshell.dll [2015-02-02] (Mozy, Inc.)ShellIconOverlayIdentifiers: [mozy2] -> {747E722C-CB46-4a9d-BDFE-192AAD5099B1} => C:\Program Files\MozyHome\mozyshell.dll [2015-02-02] (Mozy, Inc.)ShellIconOverlayIdentifiers: [mozy3] -> {EE6F5A00-7898-40f7-AB77-51FF9D6DEB20} => C:\Program Files\MozyHome\mozyshell.dll [2015-02-02] (Mozy, Inc.)ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mike\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.)ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mike\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.)ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mike\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.)Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2015-11-08]ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.226\SSScheduler.exe (McAfee, Inc.)Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\MozyHome Status.lnk [2015-07-12]ShortcutTarget: MozyHome Status.lnk -> C:\Program Files\MozyHome\mozystat.exe (Mozy, Inc.)Startup: C:\Users\Mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-11-15]ShortcutTarget: Dropbox.lnk -> C:\Users\Mike\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)BootExecute: autocheck autochk * sdnclean64.exe ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txtTcpip\Parameters: [DhcpNameServer] 192.168.0.1Tcpip\..\Interfaces\{18b82321-0b0c-4748-a585-cb06f8448ee8}: [DhcpNameServer] 192.168.0.1 Internet Explorer:==================HKU\S-1-5-21-722469699-1757417711-2172558454-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.goldstart.co.uk/adv/goldAndSilver.htmHKU\S-1-5-21-722469699-1757417711-2172558454-1003\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPDSK/2HKU\S-1-5-21-722469699-1757417711-2172558454-1003\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ieHKU\S-1-5-21-722469699-1757417711-2172558454-1007\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPDSK/2HKU\S-1-5-21-722469699-1757417711-2172558454-1007\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://g.uk.msn.com/HPDSK/2HKU\S-1-5-21-722469699-1757417711-2172558454-1007\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPDSK/2SearchScopes: HKLM -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPDTDFSearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDFSearchScopes: HKLM -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}SearchScopes: HKLM -> {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = hxxp://rover.ebay.com/rover/1/710-111095-2958-0/4?satitle={searchTerms}&mfe=DesktopsSearchScopes: HKLM -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBoxSearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDFSearchScopes: HKLM-x32 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}SearchScopes: HKLM-x32 -> {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = hxxp://rover.ebay.com/rover/1/710-111095-2958-0/4?satitle={searchTerms}&mfe=DesktopsSearchScopes: HKLM-x32 -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBoxSearchScopes: HKU\S-1-5-21-722469699-1757417711-2172558454-1001 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = SearchScopes: HKU\S-1-5-21-722469699-1757417711-2172558454-1003 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = SearchScopes: HKU\S-1-5-21-722469699-1757417711-2172558454-1003 -> {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = SearchScopes: HKU\S-1-5-21-722469699-1757417711-2172558454-1003 -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll [2012-02-13] (Advanced Micro Devices)BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2014-05-19] (Logitech, Inc.)BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll => No FileBHO-x32: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll [2012-02-13] (Advanced Micro Devices)BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-02-06] (Oracle Corporation)BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2014-05-19] (Logitech, Inc.)BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-06] (Oracle Corporation)BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2015-10-19] (Hewlett-Packard Company)Toolbar: HKU\S-1-5-21-722469699-1757417711-2172558454-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No FileToolbar: HKU\S-1-5-21-722469699-1757417711-2172558454-1001 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No FileToolbar: HKU\S-1-5-21-722469699-1757417711-2172558454-1003 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No FileToolbar: HKU\S-1-5-21-722469699-1757417711-2172558454-1003 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No FileDPF: HKLM-x32 {4871A87A-BFDD-4106-8153-FFDE2BAC2967} hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.0.cabDPF: HKLM-x32 {A2505C6C-6F17-456F-89D2-4301FBDC6EC7} hxxps://remote-uk-tc.rbc.com/nortel_cacheable/iewiper.cabDPF: HKLM-x32 {ACDB1787-986D-434D-9857-2172CDB2108D} hxxps://remote-uk-th.rbc.com/nortel_cacheable/punblock.cabHandler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - No FileFilter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-06-24] (Citrix Systems, Inc.)Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-06-24] (Citrix Systems, Inc.)Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-06-24] (Citrix Systems, Inc.)Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-06-24] (Citrix Systems, Inc.)Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-06-24] (Citrix Systems, Inc.)Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-06-24] (Citrix Systems, Inc.)Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-06-24] (Citrix Systems, Inc.)Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-06-24] (Citrix Systems, Inc.)Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-06-24] (Citrix Systems, Inc.)Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-06-24] (Citrix Systems, Inc.)Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-06-24] (Citrix Systems, Inc.)Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-06-24] (Citrix Systems, Inc.)Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-06-24] (Citrix Systems, Inc.)Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-06-24] (Citrix Systems, Inc.)Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-06-24] (Citrix Systems, Inc.)Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-06-24] (Citrix Systems, Inc.)Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-07] (Advanced Micro Devices)Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-07] (Advanced Micro Devices)Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-07] (Advanced Micro Devices)Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-07] (Advanced Micro Devices) FireFox:========FF ProfilePath: C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\stkwv5cl.defaultFF Homepage: hxxp://www.evertonlatest.co.uk/wp-admin/index.phphxxp://www.investorwords.co.uk/wp-admin/hxxp://www.cutthedebt.co.uk/wp-admin/index.phphxxp://www.blackburnlatest.co.uk/wp-admin/index.phphxxp://www.stokelatest.co.uk/wp-admin/hxxp://www.swansealatest.co.uk/wp-admin/hxxp://www.wolveslatest.co.uk/wp-admin/index.phphxxp://www.wiganlatest.co.uk/wp-admin/index.phphxxp://www.qprlatest.co.uk/wp-admin/hxxp://www.englandfootballlatest.co.uk/wp-admin/index.phphxxp://www.norwichlatest.co.uk/wp-admin/index.phphxxp://www.westbromlatest.co.uk/wp-admin/index.phphxxp://www.sunderlandlatest.co.uk/wp-admin/index.phpFF Session Restore: -> is enabled.FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll [2015-06-24] (Citrix Systems, Inc.)FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-06-06] (Google, Inc.)FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-06] (Oracle Corporation)FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-06] (Oracle Corporation)FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-09-23] (Microsoft Corporation)FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-18] (Google Inc.)FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-18] (Google Inc.)FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\CCMSDK.dll [2011-04-25] (Citrix Systems, Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\cgpcfg.dll [2011-04-25] (Citrix Systems, Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\CgpCore.dll [2011-04-25] (Citrix Systems, Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\confmgr.dll [2011-04-25] (Citrix Systems, Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\ctxlogging.dll [2011-04-25] (Citrix Systems, Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\ctxmui.dll [2011-04-25] (Citrix Systems, Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\icafile.dll [2011-04-25] (Citrix Systems, Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\icalogon.dll [2011-04-25] (Citrix Systems, Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npicaN.dll [2011-04-25] ()FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFFICE.DLL [2007-03-22] (Microsoft Corporation)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\sslsdk_b.dll [2011-04-25] (Citrix Systems, Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\TcpPServ.dll [2011-04-25] (Citrix Systems, Inc.)FF Extension: Page Speed - C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\stkwv5cl.default\extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97} [2012-09-23] [not signed]FF Extension: Property Bee - C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\stkwv5cl.default\extensions\{da8bd68d-8e90-41cd-8345-a71b294e72e6}.xpi [2013-05-12] [not signed]FF Extension: Greasemonkey - C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\stkwv5cl.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2013-09-05] [not signed]FF Extension: YSlow - C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\stkwv5cl.default\extensions\yslow@yahoo-inc.com.xpi [2014-12-22] [not signed]FF Extension: Flash and Video Download - C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\stkwv5cl.default\extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a} [2014-12-22] [not signed]FF Extension: No Name - C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\stkwv5cl.default\Extensions\firebug@software.joehewitt.com.xpi [2015-07-04] [not signed]FF Extension: No Name - C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\stkwv5cl.default\Extensions\wagerlogic.xpi [2010-02-02] [not signed]FF Extension: Microsoft .NET Framework Assistant - C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\stkwv5cl.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011-08-21] [not signed]FF Extension: Google Toolbar for Firefox - C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\stkwv5cl.default\Extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2011-08-21] [not signed]FF Extension: DownThemAll! - C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\stkwv5cl.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2015-07-04]FF Extension: OnlyWire - C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\stkwv5cl.default\Extensions\{e26ba8db-a646-a44e-997c-2fafeadb50f2} [2011-08-21] [not signed]FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExtFF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2014-11-29] [not signed] Chrome: =======CHR HomePage: Default -> hxxp://www.google.com/CHR StartupUrls: Default -> "hxxp://www.gumtree.com/search?property_type=house&seller_type=private&min_beds=3&max_beds=&min_price=370%2C000&max_price=600%2C000&q=&search_location=South+East+London&category=local-property-for-sale&search_scope=title","hxxps://www.google.co.uk/webhp?source=search_app&gws_rd=cr","hxxp://www.google.com/"CHR Session Restore: Default -> is enabled.CHR Profile: C:\Users\Mike\AppData\Local\Google\Chrome\User Data\DefaultCHR Extension: (Google Drive) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-27]CHR Extension: (YouTube) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-17]CHR Extension: (Google Search) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]CHR Extension: (MightyText - SMS from PC & Text from Computer) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkfhfaphfkopdgpbfkebjfcblcafcmpi [2015-10-17]CHR Extension: (Gmail Offline) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejidjjhkpiempkbhmpbfngldlkglhimk [2015-10-17]CHR Extension: (Video Downloader professional) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\elicpjhcidhpjomhibiffojpinpmmpil [2015-11-28]CHR Extension: (ARC Welder) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\emfinbmielocnlhgmfkkmkngdoccbadn [2015-11-27]CHR Extension: (Chrome Remote Desktop) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2015-11-08]CHR Extension: (Financial News) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gfcekbbpdkhlfomdhopicfopkkedfcam [2015-10-17]CHR Extension: (Google Docs Offline) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-18]CHR Extension: (Pin It Button) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2015-11-28]CHR Extension: (ARC Welder) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfaihdlpglflfgpfjcifdjdjcckigekc [2015-11-28]CHR Extension: (Chrome Web Store Payments) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-10-17]CHR Extension: (Gmail) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-10-17]CHR HKU\S-1-5-21-722469699-1757417711-2172558454-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bbjllphbppobebmjpjcijfbakobcheof] - hxxps://clients2.google.com/service/update2/crxCHR HKU\S-1-5-21-722469699-1757417711-2172558454-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crxCHR HKU\S-1-5-21-722469699-1757417711-2172558454-1003\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bbjllphbppobebmjpjcijfbakobcheof] - hxxps://clients2.google.com/service/update2/crxCHR HKU\S-1-5-21-722469699-1757417711-2172558454-1003\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2015-08-21] (Advanced Micro Devices, Inc.) [File not signed]S3 AvgAMPS; C:\Program Files (x86)\AVG\Av\avgamps.exe [595376 2015-10-30] (AVG Technologies CZ, s.r.o.)R2 AVGIDSAgent; C:\Program Files (x86)\AVG\Av\avgidsagent.exe [3815648 2015-10-30] (AVG Technologies CZ, s.r.o.)R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1046952 2015-11-12] (AVG Technologies CZ, s.r.o.)R2 avgwd; C:\Program Files (x86)\AVG\Av\avgwdsvcx.exe [579776 2015-10-30] (AVG Technologies CZ, s.r.o.)R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [25800 2015-09-28] (Hewlett-Packard Company)S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.226\McCHSvc.exe [289256 2015-10-30] (McAfee, Inc.)R2 mozybackup; C:\Program Files\MozyHome\mozybackup.exe [54040 2011-08-04] (Mozy, Inc.)R2 RalinkRegistryWriter; C:\Program Files (x86)\Ralink\Common\RaRegistry.exe [372736 2012-07-04] (Ralink Technology, Corp.) [File not signed]R2 RalinkRegistryWriter64; C:\Program Files (x86)\Ralink\Common\RaRegistry64.exe [447488 2012-07-04] (Ralink Technology, Corp.) [File not signed]S2 RaMediaServer; C:\Program Files (x86)\Ralink\Common\RaMediaServer.exe [1859584 2012-07-04] (Ralink) [File not signed]R2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2255128 2015-11-12] (IBM Corp.)S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation)S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation) ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AODDriver4.3; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWT6.sys [102912 2015-05-28] (Advanced Micro Devices)S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [23152 2015-09-09] (AVG Technologies CZ, s.r.o.)R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [197040 2015-08-10] (AVG Technologies CZ, s.r.o.)R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [313776 2015-10-19] (AVG Technologies CZ, s.r.o.)R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [298416 2015-08-20] (AVG Technologies CZ, s.r.o.)R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [284080 2015-10-21] (AVG Technologies CZ, s.r.o.)R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [398256 2015-08-14] (AVG Technologies CZ, s.r.o.)R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [255408 2015-10-21] (AVG Technologies CZ, s.r.o.)R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [42416 2015-08-10] (AVG Technologies CZ, s.r.o.)R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [306608 2015-10-08] (AVG Technologies CZ, s.r.o.)S3 FsUsbExDisk; C:\Windows\SysWOW64\FsUsbExDisk.SYS [37344 2013-02-05] () [File not signed]R3 hcwD3bda; C:\Windows\system32\DRIVERS\hcwD3bda64.sys [121344 2011-10-26] (Mirics)R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2015-11-29] (Malwarebytes)S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)R1 mozyFilter; C:\Windows\System32\DRIVERS\mozy.sys [67808 2013-05-21] (Mozy, Inc.)R3 netr28x; C:\Windows\system32\DRIVERS\netr28x.sys [2554528 2015-06-12] (MediaTek Inc.)R1 RapportCerberus_1507076; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_1507076.sys [959416 2015-11-24] (IBM Corp.)R1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [500184 2015-11-12] (IBM Corp.)R0 RapportHades64; C:\Windows\System32\Drivers\RapportHades64.sys [139896 2015-11-12] (IBM Corp.)R0 RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [394584 2015-11-12] (IBM Corp.)R1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [489272 2015-11-12] (IBM Corp.)S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)S3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [31744 2009-01-09] (Research in Motion Ltd)R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [587264 2015-06-18] (Realtek )S3 S3XXx64; C:\Windows\system32\DRIVERS\S3XXx64.sys [73856 2015-02-17] (Identiv)S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] ()U5 usbfilter; C:\Windows\System32\Drivers\usbfilter.sys [38456 2009-12-22] (Advanced Micro Devices)S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation)S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation)S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation)U3 idsvc; no ImagePathS3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]U3 wpcsvc; no ImagePath ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-11-29 10:32 - 2015-11-29 10:32 - 00016148 _____ C:\Windows\system32\MIKE-HP_Mike_HistoryPrediction.bin2015-11-29 00:13 - 2015-11-29 00:13 - 00000000 ____D C:\Program Files (x86)\ESET2015-11-29 00:10 - 2015-11-29 00:10 - 00000000 ___HD C:\OneDriveTemp2015-11-28 23:32 - 2015-11-28 23:32 - 00016148 _____ C:\Windows\system32\MIKE-HP_Eli_HistoryPrediction.bin2015-11-28 20:31 - 2015-11-28 23:31 - 00000000 ____D C:\AdwCleaner2015-11-28 19:35 - 2015-11-28 19:35 - 00003429 _____ C:\Users\Mike\Desktop\JRT.txt2015-11-28 19:16 - 2015-11-28 19:16 - 01547237 _____ C:\Users\Eli\Downloads\cotizaciónFotografíayVideoEli (2).pdf2015-11-28 11:42 - 2015-11-28 11:57 - 00000000 ___RD C:\Users\Eli\Google Drive2015-11-28 11:42 - 2015-11-28 11:42 - 00001795 _____ C:\Users\Eli\Desktop\Google Drive.lnk2015-11-24 19:55 - 2015-11-24 19:55 - 00000000 ___HD C:\$AVG2015-11-24 19:55 - 2015-11-24 19:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG2015-11-24 19:53 - 2015-11-24 19:53 - 00000950 _____ C:\Users\Public\Desktop\AVG.lnk2015-11-24 19:53 - 2015-11-24 19:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG Zen2015-11-23 23:15 - 2015-11-23 23:15 - 00000000 ____D C:\Windows\ERDNT2015-11-23 23:14 - 2015-11-23 23:14 - 00000995 _____ C:\Users\Mike\Desktop\NTREGOPT.lnk2015-11-23 23:14 - 2015-11-23 23:14 - 00000976 _____ C:\Users\Mike\Desktop\ERUNT.lnk2015-11-23 23:14 - 2015-11-23 23:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT2015-11-23 23:14 - 2015-11-23 23:14 - 00000000 ____D C:\Program Files (x86)\ERUNT2015-11-23 23:13 - 2015-11-23 23:13 - 00003764 _____ C:\Users\Mike\Desktop\Rkill.txt2015-11-18 20:37 - 2015-11-29 10:35 - 00000000 ____D C:\FRST2015-11-18 20:02 - 2015-11-18 20:02 - 00003184 _____ C:\Windows\System32\Tasks\{BC444172-5895-4D29-9FAE-38C92D256289}2015-11-17 18:20 - 2015-11-17 18:21 - 23493437 _____ C:\Users\Eli\Downloads\fwdboda.zip2015-11-17 17:13 - 2015-11-17 17:13 - 00000000 ____D C:\Users\Eli\AppData\Local\CEF2015-11-17 17:12 - 2015-11-17 17:12 - 02756350 _____ C:\Users\Eli\Downloads\Archivos adjuntos_20151117.zip2015-11-17 16:42 - 2015-11-17 16:42 - 01547237 _____ C:\Users\Eli\Downloads\cotizaciónFotografíayVideoEli (1).pdf2015-11-16 22:24 - 2015-11-24 19:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trusteer Endpoint Protection2015-11-16 22:24 - 2015-11-16 22:24 - 00000000 ____D C:\Program Files (x86)\Trusteer2015-11-16 22:24 - 2015-11-12 01:32 - 00394584 _____ (IBM Corp.) C:\Windows\system32\Drivers\RapportKE64.sys2015-11-16 22:24 - 2015-11-12 01:32 - 00139896 _____ (IBM Corp.) C:\Windows\system32\Drivers\RapportHades64.sys2015-11-16 22:22 - 2015-11-16 22:23 - 00436504 _____ (IBM Corp.) C:\Users\Eli\Downloads\RapportSetup (3).exe2015-11-16 22:16 - 2015-11-16 22:16 - 00000000 ____D C:\Windows\LastGood.Tmp2015-11-16 22:15 - 2015-11-16 22:15 - 01083880 _____ (Gemalto) C:\Windows\SysWOW64\axaltocm.dll2015-11-16 22:13 - 2015-11-16 22:23 - 00436504 _____ (IBM Corp.) C:\Users\Eli\Downloads\RapportSetup (1).exe2015-11-16 22:13 - 2015-11-16 22:14 - 00436504 _____ (IBM Corp.) C:\Users\Eli\Downloads\RapportSetup (2).exe2015-11-15 11:17 - 2015-11-15 11:17 - 00000000 ____D C:\Users\Mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox2015-11-11 22:53 - 2015-11-29 00:10 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys2015-11-11 22:53 - 2015-11-11 22:53 - 00001173 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2015-11-11 22:53 - 2015-11-11 22:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware2015-11-11 22:52 - 2015-11-11 22:52 - 00000000 ____D C:\ProgramData\Malwarebytes2015-11-11 22:52 - 2015-11-11 22:52 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware2015-11-11 22:52 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys2015-11-11 22:52 - 2015-10-05 09:50 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys2015-11-11 22:52 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys2015-11-10 21:14 - 2015-11-05 05:13 - 00577888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys2015-11-10 21:14 - 2015-11-05 05:06 - 03621248 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll2015-11-10 21:14 - 2015-11-05 04:24 - 02878512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll2015-11-10 21:14 - 2015-11-05 04:20 - 21873664 _____ (Microsoft Corporation) C:\Windows\system32\edgehtml.dll2015-11-10 21:14 - 2015-11-05 04:18 - 24597504 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll2015-11-10 21:14 - 2015-11-05 04:18 - 03248128 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.dll2015-11-10 21:14 - 2015-11-05 04:10 - 02987520 _____ (Microsoft Corporation) C:\Windows\system32\esent.dll2015-11-10 21:14 - 2015-11-05 04:03 - 02180608 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentServer.dll2015-11-10 21:14 - 2015-11-05 03:59 - 02675200 _____ (Microsoft Corporation) C:\Windows\system32\Windows.StateRepository.dll2015-11-10 21:14 - 2015-11-05 03:58 - 00627712 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.dll2015-11-10 21:14 - 2015-11-05 03:56 - 01795072 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentExtensions.dll2015-11-10 21:14 - 2015-11-05 03:47 - 19326464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll2015-11-10 21:14 - 2015-11-05 03:42 - 02647040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.dll2015-11-10 21:14 - 2015-11-05 03:35 - 18803712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\edgehtml.dll2015-11-10 21:14 - 2015-11-05 03:35 - 02639872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\esent.dll2015-11-10 21:14 - 2015-11-05 03:27 - 02049536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.StateRepository.dll2015-11-10 21:13 - 2015-11-05 05:15 - 08020832 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe2015-11-10 21:13 - 2015-11-05 05:15 - 00541024 _____ (Microsoft Corporation) C:\Windows\system32\mcupdate_GenuineIntel.dll2015-11-10 21:13 - 2015-11-05 05:14 - 00459104 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys2015-11-10 21:13 - 2015-11-05 05:11 - 01392480 _____ (Microsoft Corporation) C:\Windows\system32\LicenseManager.dll2015-11-10 21:13 - 2015-11-05 05:06 - 00966416 _____ (Microsoft Corporation) C:\Windows\system32\twinapi.appcore.dll2015-11-10 21:13 - 2015-11-05 05:01 - 00607408 _____ (Microsoft Corporation) C:\Windows\system32\fontdrvhost.exe2015-11-10 21:13 - 2015-11-05 04:56 - 01083072 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll2015-11-10 21:13 - 2015-11-05 04:56 - 00116064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys2015-11-10 21:13 - 2015-11-05 04:56 - 00025280 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe2015-11-10 21:13 - 2015-11-05 04:30 - 00961376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\LicenseManager.dll2015-11-10 21:13 - 2015-11-05 04:23 - 00762888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinapi.appcore.dll2015-11-10 21:13 - 2015-11-05 04:23 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\browserbroker.dll2015-11-10 21:13 - 2015-11-05 04:18 - 00539728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontdrvhost.exe2015-11-10 21:13 - 2015-11-05 04:17 - 02418688 _____ (Microsoft Corporation) C:\Windows\system32\MFMediaEngine.dll2015-11-10 21:13 - 2015-11-05 04:12 - 00515072 _____ (Microsoft Corporation) C:\Windows\system32\internetmail.dll2015-11-10 21:13 - 2015-11-05 04:11 - 00333312 _____ (Microsoft Corporation) C:\Windows\system32\MusUpdateHandlers.dll2015-11-10 21:13 - 2015-11-05 04:10 - 12504064 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll2015-11-10 21:13 - 2015-11-05 04:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll2015-11-10 21:13 - 2015-11-05 04:06 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Devices.Usb.dll2015-11-10 21:13 - 2015-11-05 04:05 - 01602560 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll2015-11-10 21:13 - 2015-11-05 04:05 - 00826880 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll2015-11-10 21:13 - 2015-11-05 04:03 - 01015808 _____ (Microsoft Corporation) C:\Windows\system32\RDXService.dll2015-11-10 21:13 - 2015-11-05 04:01 - 00949760 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll2015-11-10 21:13 - 2015-11-05 04:01 - 00713216 _____ (Microsoft Corporation) C:\Windows\system32\usermgr.dll2015-11-10 21:13 - 2015-11-05 04:01 - 00579072 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe2015-11-10 21:13 - 2015-11-05 03:59 - 03587072 _____ (Microsoft Corporation) C:\Windows\system32\win32kfull.sys2015-11-10 21:13 - 2015-11-05 03:58 - 01383936 _____ (Microsoft Corporation) C:\Windows\system32\win32kbase.sys2015-11-10 21:13 - 2015-11-05 03:55 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\dssvc.dll2015-11-10 21:13 - 2015-11-05 03:54 - 00502272 _____ (Microsoft Corporation) C:\Windows\system32\dlnashext.dll2015-11-10 21:13 - 2015-11-05 03:40 - 01918976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFMediaEngine.dll2015-11-10 21:13 - 2015-11-05 03:34 - 00311296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Devices.Usb.dll2015-11-10 21:13 - 2015-11-05 03:33 - 01380864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll2015-11-10 21:13 - 2015-11-05 03:33 - 00650240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll2015-11-10 21:13 - 2015-11-05 03:30 - 00767488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll2015-11-10 21:13 - 2015-11-05 03:28 - 11262976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll2015-11-10 21:13 - 2015-11-05 03:27 - 00464896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.dll2015-11-10 21:13 - 2015-11-05 03:23 - 00441344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dlnashext.dll2015-11-08 11:48 - 2015-11-08 11:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus2015-11-02 22:07 - 2015-11-02 22:07 - 00000000 ____D C:\Users\Mike\AppData\Roaming\KompoZer2015-11-02 22:06 - 2015-11-02 22:07 - 00000000 ____D C:\Program Files\KompoZer 0.7.102015-11-02 19:41 - 2015-11-02 19:41 - 00000000 ____D C:\Users\Eli\AppData\Roaming\WinRAR2015-11-02 19:40 - 2015-11-02 19:41 - 34633425 _____ C:\Users\Eli\Downloads\wetransfer-6956a2.zip2015-11-01 13:05 - 2015-11-01 13:05 - 00000162 ____H C:\Users\Eli\Desktop\~$mples fonts.odt2015-11-01 13:04 - 2015-11-01 13:05 - 00005122 _____ C:\Users\Eli\Desktop\samples fonts.odt ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-11-29 10:29 - 2015-06-19 23:11 - 00000914 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-722469699-1757417711-2172558454-1001UA.job2015-11-29 09:39 - 2011-08-22 21:08 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job2015-11-29 08:56 - 2011-08-22 17:26 - 00000000 ____D C:\ProgramData\MFAData2015-11-29 08:39 - 2011-08-22 21:08 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job2015-11-29 06:03 - 2015-09-22 21:50 - 00004148 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{5F0ED98D-7354-4A01-B294-54AB7450A24E}2015-11-29 00:37 - 2011-08-23 20:48 - 00000000 ____D C:\Users\Mike\AppData\Roaming\Skype2015-11-29 00:15 - 2015-09-20 17:27 - 01009666 _____ C:\Windows\system32\PerfStringBackup.INI2015-11-29 00:15 - 2015-07-30 22:40 - 00000000 ____D C:\Windows\INF2015-11-29 00:11 - 2012-07-07 12:24 - 00000000 ____D C:\Users\Mike\AppData\Roaming\Dropbox2015-11-29 00:10 - 2015-09-20 18:47 - 00000000 ___RD C:\Users\Mike\OneDrive2015-11-29 00:10 - 2012-05-31 21:21 - 00000000 ___RD C:\Users\Mike\Google Drive2015-11-29 00:09 - 2015-07-30 21:52 - 00000006 ____H C:\Windows\Tasks\SA.DAT2015-11-29 00:09 - 2015-07-10 09:05 - 00786432 ___SH C:\Windows\system32\config\BBI2015-11-28 20:29 - 2015-06-19 23:11 - 00000862 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-722469699-1757417711-2172558454-1001Core.job2015-11-28 19:27 - 2015-07-10 09:47 - 00000000 ____D C:\Windows2015-11-28 11:54 - 2015-07-30 22:42 - 00000000 ____D C:\Windows\AppReadiness2015-11-28 11:42 - 2015-09-20 17:28 - 00000000 ____D C:\Users\Eli2015-11-28 10:51 - 2015-10-17 17:21 - 00000000 ____D C:\Users\Mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps2015-11-28 10:50 - 2015-08-18 21:38 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk2015-11-28 10:48 - 2015-07-30 22:42 - 00000000 ___HD C:\Program Files\WindowsApps2015-11-27 23:11 - 2015-07-10 09:05 - 00032768 ___SH C:\Windows\system32\config\ELAM2015-11-24 19:56 - 2015-05-25 09:32 - 00000000 ____D C:\Users\Mike\AppData\Local\Avg2015-11-24 19:55 - 2015-08-30 12:26 - 00000000 ____D C:\ProgramData\AVG2015-11-24 19:55 - 2015-08-16 11:57 - 00000000 ____D C:\Program Files (x86)\AVG2015-11-24 19:55 - 2015-07-30 22:42 - 00000000 ___HD C:\Windows\ELAMBKUP2015-11-24 19:53 - 2015-10-27 09:32 - 00000000 ____D C:\Users\Mike\AppData\Local\AvgSetupLog2015-11-24 19:49 - 2015-09-20 17:28 - 00000000 ____D C:\Users\Mike2015-11-24 19:40 - 2015-04-01 21:26 - 00004146 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{4026B517-26E7-4767-8E9D-E443C9569FB9}2015-11-23 22:53 - 2011-08-22 17:37 - 00000000 ____D C:\Users\Mike\AppData\Roaming\uTorrent2015-11-22 10:33 - 2011-09-12 09:18 - 00005912 _____ C:\Windows\mozy.blk2015-11-22 10:33 - 2011-09-12 09:18 - 00000178 _____ C:\Windows\mozy.flt2015-11-18 20:20 - 2015-09-22 21:57 - 00144840 ____N C:\Windows\Minidump\111815-18906-01.dmp2015-11-18 20:20 - 2015-09-21 21:01 - 00000000 ____D C:\Windows\Minidump2015-11-18 20:20 - 2014-11-10 21:07 - 00000344 _____ C:\Windows\Tasks\HPCeeScheduleForMike.job2015-11-17 17:44 - 2011-08-24 06:50 - 00000000 ____D C:\Users\Eli\AppData\Roaming\Adobe2015-11-17 17:13 - 2011-08-24 06:50 - 00000000 ____D C:\Users\Eli\AppData\Local\Adobe2015-11-16 23:11 - 2014-11-10 21:07 - 00003232 _____ C:\Windows\System32\Tasks\HPCeeScheduleForMike2015-11-16 22:15 - 2015-04-07 07:15 - 01432040 _____ (Gemalto) C:\Windows\system32\axaltocm.dll2015-11-15 15:59 - 2011-08-22 20:55 - 00000000 ____D C:\Users\Mike\AppData\Local\AMD2015-11-15 12:33 - 2015-09-22 21:57 - 00154760 ____N C:\Windows\Minidump\111515-11875-01.dmp2015-11-15 12:11 - 2015-07-30 22:42 - 00000000 ____D C:\Windows\rescache2015-11-11 22:09 - 2015-09-17 23:29 - 00000000 ____D C:\Program Files (x86)\Belarc2015-11-11 22:06 - 2011-08-23 20:22 - 00000000 ____D C:\Program Files (x86)\Microsoft Games for Windows - LIVE2015-11-11 08:44 - 2015-07-30 22:42 - 00000000 ____D C:\Windows\SysWOW64\en-GB2015-11-11 08:44 - 2015-07-30 22:42 - 00000000 ____D C:\Windows\system32\en-GB2015-11-11 08:44 - 2015-07-30 22:42 - 00000000 ____D C:\Windows\system32\appraiser2015-11-10 22:44 - 2011-08-23 20:37 - 00000000 ____D C:\ProgramData\Microsoft Help2015-11-10 22:42 - 2015-07-30 22:25 - 00000000 ____D C:\Windows\CbsTemp2015-11-10 22:28 - 2013-08-19 17:16 - 00000000 ____D C:\Windows\system32\MRT2015-11-10 22:19 - 2011-08-22 18:48 - 145617392 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe2015-11-10 20:40 - 2015-10-17 17:18 - 00002262 _____ C:\Users\Public\Desktop\Google Chrome.lnk2015-11-08 12:05 - 2011-04-20 03:01 - 00000000 ____D C:\Windows\System32\Tasks\Hewlett-Packard2015-11-08 12:05 - 2011-04-20 02:52 - 00000000 ____D C:\ProgramData\Hewlett-Packard2015-11-08 12:04 - 2015-09-20 21:18 - 00000000 ____D C:\Users\Mike\AppData\Local\Comms2015-11-08 12:03 - 2015-09-20 18:41 - 00000000 ____D C:\Users\Mike\AppData\Local\Packages2015-11-08 11:50 - 2011-08-23 20:47 - 00000000 ____D C:\ProgramData\Skype2015-11-08 11:48 - 2015-10-18 18:35 - 00001981 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk2015-11-08 11:48 - 2015-10-18 18:35 - 00000000 ____D C:\Program Files\McAfee Security Scan2015-11-08 07:20 - 2015-05-25 09:32 - 00000000 ____D C:\Users\Eli\AppData\Local\Avg2015-11-04 20:54 - 2015-09-20 20:41 - 00002369 _____ C:\Users\Eli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk2015-11-04 20:54 - 2015-09-20 20:41 - 00000000 ___RD C:\Users\Eli\OneDrive2015-11-03 18:20 - 2015-07-30 22:43 - 00810488 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe2015-11-03 18:20 - 2015-07-30 22:43 - 00176632 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl2015-11-02 19:59 - 2015-09-20 18:47 - 00002372 _____ C:\Users\Mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk2015-10-31 16:59 - 2011-10-23 18:45 - 00000000 ____D C:\Users\Eli\AppData\Local\Hewlett-Packard2015-10-31 16:56 - 2015-08-18 21:38 - 00003972 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task ==================== Files in the root of some directories ======= 2015-02-06 10:56 - 2015-02-06 10:56 - 0000093 _____ () C:\Users\Mike\AppData\Roaming\ARCompanion.log2015-10-11 15:07 - 2015-10-11 15:07 - 0037837 _____ () C:\Users\Mike\AppData\Roaming\Comma Separated Values (Windows).ADR2011-09-12 09:20 - 2011-09-12 09:20 - 0001854 _____ () C:\Users\Mike\AppData\Roaming\GhostObjGAFix.xml2011-08-24 22:14 - 2015-02-10 20:28 - 0005159 _____ () C:\Users\Mike\AppData\Roaming\Rim.Desktop.Exception.log2011-08-22 16:32 - 2015-08-08 13:41 - 0002021 _____ () C:\Users\Mike\AppData\Roaming\Rim.Desktop.HttpServerSetup.log2011-08-24 22:14 - 2015-02-10 20:28 - 0005159 _____ () C:\Users\Mike\AppData\Roaming\Rim.DesktopHelper.Exception.log2011-08-24 22:15 - 2014-11-28 14:48 - 0059904 _____ () C:\Users\Mike\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini2013-12-30 19:25 - 2015-08-04 19:27 - 0000600 _____ () C:\Users\Mike\AppData\Local\PUTTY.RND2013-01-29 14:38 - 2013-01-29 14:38 - 0000008 ___SH () C:\Users\Mike\AppData\Local\systemCurUses2013-01-29 14:38 - 2013-01-29 14:38 - 0000006 ___SH () C:\Users\Mike\AppData\Local\systemHdID Some files in TEMP:====================C:\Users\Eli\AppData\Local\Temp\avguirn_0861469464.exeC:\Users\Mike\AppData\Local\Temp\avguirn_081216781173.exeC:\Users\Mike\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpcagg_a.dllC:\Users\Mike\AppData\Local\Temp\SkypeSetup.exeC:\Users\Mike\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signedC:\Windows\system32\wininit.exe => File is digitally signedC:\Windows\explorer.exe => File is digitally signedC:\Windows\SysWOW64\explorer.exe => File is digitally signedC:\Windows\system32\svchost.exe => File is digitally signedC:\Windows\SysWOW64\svchost.exe => File is digitally signedC:\Windows\system32\services.exe => File is digitally signedC:\Windows\system32\User32.dll => File is digitally signedC:\Windows\SysWOW64\User32.dll => File is digitally signedC:\Windows\system32\userinit.exe => File is digitally signedC:\Windows\SysWOW64\userinit.exe => File is digitally signedC:\Windows\system32\rpcss.dll => File is digitally signedC:\Windows\system32\dnsapi.dll => File is digitally signedC:\Windows\SysWOW64\dnsapi.dll => File is digitally signedC:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-11-21 23:58 ==================== End of FRST.txt ============================
  10. I've now run all those tests. Results of each one are: JRT.txt ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Junkware Removal Tool (JRT) by MalwarebytesVersion: 8.0.1 (11.24.2015)Operating System: Windows 10 Home x64 Ran by Mike (Administrator) on 28/11/2015 at 19:26:53.95~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ File System: 17 Successfully deleted: C:\ProgramData\Avg_Update_0615av (Folder) Successfully deleted: C:\ProgramData\Avg_Update_0715av (Folder) Successfully deleted: C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\elicpjhcidhpjomhibiffojpinpmmpil (Folder) Successfully deleted: C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic (Folder) Successfully deleted: C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\stkwv5cl.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}-trash (Folder) Successfully deleted: C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\stkwv5cl.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\defaults\custombuttons\google.com_blog_search.xml (File) Successfully deleted: C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\stkwv5cl.default\extensions\staged (Folder) Successfully deleted: C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\stkwv5cl.default\gm_scripts\accept_all_gift2\accept_all_gift2.user.js (File) Successfully deleted: C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\stkwv5cl.default\gm_scripts\facebook_auto_confirm_fr\facebook_auto_confirm_fr.user.js (File) Successfully deleted: C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\stkwv5cl.default\gm_scripts\facebook_mass_accept_req\facebook_mass_accept_req.user.js (File) Successfully deleted: C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\stkwv5cl.default\gm_scripts\twitter_page_follower\twitter_page_follower.user.js (File) Successfully deleted: C:\Windows\system32\Tasks\0615avUpdateInfo (Task)Successfully deleted: C:\Windows\system32\Tasks\0715avUpdateInfo (Task)Successfully deleted: C:\Windows\Tasks\0615avUpdateInfo.job (Task) Successfully deleted: C:\Windows\Tasks\0715avUpdateInfo.job (Task) Successfully deleted: C:\Windows\wininit.ini (File) Successfully deleted: C:\Program Files (x86)\myfree codec (Folder) Registry: 7 Successfully deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_A9A28D217F0AF6C0AE66A9006030A09A (Registry Value) Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\Search\\SearchAssistant (Registry Value) Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} (Registry Key)Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3} (Registry Key)Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{d944bb61-2e34-4dbf-a683-47e505c587dc} (Registry Key)Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43} (Registry Key)Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827} (Registry Key) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Scan was completed on 28/11/2015 at 19:35:54.19End of JRT log~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ AdwCleaner[C1].txt# AdwCleaner v5.022 - Logfile created 28/11/2015 at 23:31:17# Updated 22/11/2015 by Xplode# Database : 2015-11-22.2 [server]# Operating system : Windows 10 Home (x64)# Username : Mike - MIKE-HP# Running from : G:\Mike\Downloads\AdwCleaner.exe# Option : Cleaning# Support : http://toolslib.net/forum ***** [ Services ] ***** ***** [ Folders ] ***** [-] Folder Deleted : C:\Program Files (x86)\SoundSpectrum[-] Folder Deleted : C:\Users\Eli\AppData\Roaming\download Manager[-] Folder Deleted : C:\Users\Mike\AppData\Local\SoundSpectrum[-] Folder Deleted : C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\elicpjhcidhpjomhibiffojpinpmmpil[-] Folder Deleted : C:\Users\Mike\AppData\Roaming\SoundSpectrum ***** [ Files ] ***** [-] File Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\yahoo.xml[-] File Deleted : C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\elicpjhcidhpjomhibiffojpinpmmpil ***** [ DLLs ] ***** ***** [ Shortcuts ] ***** ***** [ Scheduled tasks ] ***** ***** [ Registry ] ***** [-] Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}[-] Key Deleted : HKCU\Software\AVG Nation toolbar[-] Key Deleted : HKCU\Software\Avg Secure Update[-] Key Deleted : HKLM\SOFTWARE\AVG Nation toolbar[-] Key Deleted : HKLM\SOFTWARE\AVG Secure Search[-] Key Deleted : HKLM\SOFTWARE\AVG Security Toolbar[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}[-] Key Deleted : HKU\.DEFAULT\Software\Avg Secure Update[-] Key Deleted : HKU\S-1-5-21-722469699-1757417711-2172558454-1003\Software\Myfree Codec ***** [ Web browsers ] ***** [-] [C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : elicpjhcidhpjomhibiffojpinpmmpil[-] [C:\Users\Eli\AppData\Local\Google\Chrome\User Data\Default\Web Data] [search Provider] Deleted : uk.ask.com[-] [C:\Users\Eli\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [startup_URLs] Deleted : hxxp://isearch.avg.com/?cid={5BC2AB19-70A9-4195-AA16-E765DFCA6081}&mid=f66e9650c44447d18fbbd1e9977c32be-6f23396fbdfe16aeee70e3099c8c6adf8f6d88d3〈=en&ds=AVG&pr=pr&d=2012-06-30 19:57:26&v=14.0.2.14&pid=avg&sg=&sap=hp ************************* :: "Tracing" keys removed:: Winsock settings cleared ########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [3000 bytes] ########## MalwareBytes Scan LogMalwarebytes Anti-Malwarewww.malwarebytes.org Scan, 29/11/2015 00:07, SYSTEM, MIKE-HP, Manual, Start:28/11/2015 23:37, Duration:26 min 19 sec, Threat Scan, Completed, 0 Malware Detections, 22 Non-Malware Detections, Error, 29/11/2015 00:09, SYSTEM, MIKE-HP, Protection, IsLicensed, 13, Protection, 29/11/2015 00:09, SYSTEM, MIKE-HP, Protection, Malware Protection, Stopping, Protection, 29/11/2015 00:09, SYSTEM, MIKE-HP, Protection, Malware Protection, Stopped, (end)
  11. I'll do all these steps tonight and post the results tomorrow. Thanks so much for your help!
  12. Aaargh. I spoke too soon. The virus is still there. See https://dl.dropboxusercontent.com/u/86577895/avg.png
  13. Thanks. I've now fully installed AVG, rebooted and reinstalled it. It didn't find anything, and so far, no warnings. It sometime took a day or two to set off all the virus warnings though so I don't know for sure yet if the problem is gone. I'll monitor it for a couple of days and report back.
  14. Many thanks for helping. I have read the instructions carefully and I understand. I've reattached the logs as requested. I will now work through steps 0, 1 and 2. Thanks. FRST.txt Addition.txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.