Jump to content

dominoman

Members
  • Posts

    17
  • Joined

  • Last visited

Everything posted by dominoman

  1. Thanks. A couple of days ago I uninstalled Google Drive, as I noticed that whenever that was scanning files was when the AVG Virus checker alert came up. Do you think there may be a connection there? I haven't had any virus alert since I uninstalled Google Drive.
  2. OK. Thanks. I will do that. Are you able to recommend an alternative to AVG, ideally cheap or free? I uninstalled Google Chrome and Firefox entirely a couple of days ago and the same Virus warnings still appear.
  3. Thanks. I've been thinking back to the time when I got the virus to see if there is anything I installed or did that could have caused it. The only software I ran around that time was a McAfee "patch" to allow me to upgrade to Windows 10, as it was hanging with a white screen. I found the patch on a Microsoft forum and it looked genuine and came from the real McAfee site, but I now think perhaps it wasn't, because the person posting it has been posting it many times on many different places. That makes me suspicious. The thing I installed was from a forum here: http://answers.microsoft.com/en-us/windows/forum/windows_10-win_upgrade/get-windows-10-window-is-blank/17f4dbec-f6a5-460a-87fe-870c9354f80a?auth=1 I followed this post: That reply has been posted many times now, with identical text. Do you think this could be the source of the problem?
  4. Hi - The virus message came back, around 20 mins after I did the full reset of all the browsers. I wasn't even using a browser at the time. I've now uninstalled Chrome and Firefox so am just left with Microsoft Edge, which I never normally use.
  5. Thanks. I've done all that. Will watch and see over the next couple of days.
  6. Oh no. It's still there even after that fix. Ten minutes later this appeared:
  7. Hi - I ran it again (with Admin access) and this time it did seem to run through lots of actions, and at the end it asked for a reboot (which I did). This is the new log file: Fix result of Farbar Recovery Scan Tool (x64) Version:30-11-2015Ran by Mike (2015-11-30 22:44:43) Run:2Running from G:\Mike\DownloadsLoaded Profiles: Mike & Eli & Mcx1-MIKE-HP (Available Profiles: Mike & Eli & Mcx1-MIKE-HP & DefaultAppPool)Boot Mode: Normal============================================== fixlist content:*****************StartCreateRestorePoint:CloseProcesses:HKU\S-1-5-21-722469699-1757417711-2172558454-1007\...\Winlogon: [shell] C:\Windows\eHome\McrMgr.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnkBootExecute: autocheck autochk * sdnclean64.exeHosts:HKU\S-1-5-21-722469699-1757417711-2172558454-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.goldstart.co.uk/adv/goldAndSilver.htmHKU\S-1-5-21-722469699-1757417711-2172558454-1003\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPDSK/2HKU\S-1-5-21-722469699-1757417711-2172558454-1003\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ieHKU\S-1-5-21-722469699-1757417711-2172558454-1007\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPDSK/2HKU\S-1-5-21-722469699-1757417711-2172558454-1007\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://g.uk.msn.com/HPDSK/2HKU\S-1-5-21-722469699-1757417711-2172558454-1007\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPDSK/2SearchScopes: HKLM -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPDTDFSearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDFSearchScopes: HKLM -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}SearchScopes: HKLM -> {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = hxxp://rover.ebay.com/rover/1/710-111095-2958-0/4?satitle={searchTerms}&mfe=DesktopsSearchScopes: HKLM -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBoxSearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDFSearchScopes: HKLM-x32 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}SearchScopes: HKLM-x32 -> {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = hxxp://rover.ebay.com/rover/1/710-111095-2958-0/4?satitle={searchTerms}&mfe=DesktopsSearchScopes: HKLM-x32 -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBoxSearchScopes: HKU\S-1-5-21-722469699-1757417711-2172558454-1001 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = SearchScopes: HKU\S-1-5-21-722469699-1757417711-2172558454-1003 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = SearchScopes: HKU\S-1-5-21-722469699-1757417711-2172558454-1003 -> {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = SearchScopes: HKU\S-1-5-21-722469699-1757417711-2172558454-1003 -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-02-06] (Oracle Corporation)BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-06] (Oracle Corporation)CHR StartupUrls: Default -> "hxxp://www.gumtree.com/search?property_type=house&seller_type=private&min_beds=3&max_beds=&min_price=370%2C000&max_price=600%2C000&q=&search_location=South+East+London&category=local-property-for-sale&search_scope=title","hxxps://www.google.co.uk/webhp?source=search_app&gws_rd=cr","hxxp://www.google.com/"C:\Users\Eli\AppData\Local\Temp\avguirn_0861469464.exeC:\Users\Mike\AppData\Local\Temp\avguirn_081216781173.exeC:\Users\Mike\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpcagg_a.dllC:\Users\Mike\AppData\Local\Temp\SkypeSetup.exeC:\Users\Mike\AppData\Local\Temp\sqlite3.dllEmptyTemp:CMD: bitsadmin /reset /allusersEmptyTemp:Reboot: ***************** Restore point was successfully created.Processes closed successfully.HKU\S-1-5-21-722469699-1757417711-2172558454-1007\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => value not found."C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk" => not found.hklm\System\CurrentControlSet\Control\Session Manager\\BootExecute => value restored successfullyC:\Windows\System32\Drivers\etc\hosts => moved successfullyHosts restored successfully.HKU\S-1-5-21-722469699-1757417711-2172558454-1001\Software\Microsoft\Internet Explorer\Main\\Secondary Start Pages => value removed successfullyHKU\S-1-5-21-722469699-1757417711-2172558454-1003\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfullyHKU\S-1-5-21-722469699-1757417711-2172558454-1003\Software\Microsoft\Internet Explorer\Main\\Search Bar => value removed successfullyHKU\S-1-5-21-722469699-1757417711-2172558454-1007\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfullyHKU\S-1-5-21-722469699-1757417711-2172558454-1007\Software\Microsoft\Internet Explorer\Main\\First Home Page => value removed successfullyHKU\S-1-5-21-722469699-1757417711-2172558454-1007\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}" => key removed successfullyHKCR\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827} => key not found. "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}" => key removed successfullyHKCR\CLSID\{b7fca997-d0fb-4fe0-8afd-255e89cf9671} => key not found. "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}" => key removed successfullyHKCR\CLSID\{d43b3890-80c7-4010-a95d-1e77b5924dc3} => key not found. "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{d944bb61-2e34-4dbf-a683-47e505c587dc}" => key removed successfullyHKCR\CLSID\{d944bb61-2e34-4dbf-a683-47e505c587dc} => key not found. "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}" => key removed successfullyHKCR\CLSID\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43} => key not found. "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}" => key removed successfullyHKCR\Wow6432Node\CLSID\{b7fca997-d0fb-4fe0-8afd-255e89cf9671} => key not found. "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}" => key removed successfullyHKCR\Wow6432Node\CLSID\{d43b3890-80c7-4010-a95d-1e77b5924dc3} => key not found. "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{d944bb61-2e34-4dbf-a683-47e505c587dc}" => key removed successfullyHKCR\Wow6432Node\CLSID\{d944bb61-2e34-4dbf-a683-47e505c587dc} => key not found. "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}" => key removed successfullyHKCR\Wow6432Node\CLSID\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43} => key not found. HKU\S-1-5-21-722469699-1757417711-2172558454-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully"HKU\S-1-5-21-722469699-1757417711-2172558454-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}" => key removed successfullyHKCR\CLSID\{d43b3890-80c7-4010-a95d-1e77b5924dc3} => key not found. "HKU\S-1-5-21-722469699-1757417711-2172558454-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{d944bb61-2e34-4dbf-a683-47e505c587dc}" => key removed successfullyHKCR\CLSID\{d944bb61-2e34-4dbf-a683-47e505c587dc} => key not found. "HKU\S-1-5-21-722469699-1757417711-2172558454-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}" => key removed successfullyHKCR\CLSID\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43} => key not found. "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}" => key removed successfully"HKCR\Wow6432Node\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}" => key removed successfully"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => key removed successfully"HKCR\Wow6432Node\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => key removed successfullyChrome StartupUrls => removed successfullyC:\Users\Eli\AppData\Local\Temp\avguirn_0861469464.exe => moved successfullyC:\Users\Mike\AppData\Local\Temp\avguirn_081216781173.exe => moved successfully"C:\Users\Mike\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpcagg_a.dll" => not found.C:\Users\Mike\AppData\Local\Temp\SkypeSetup.exe => moved successfullyC:\Users\Mike\AppData\Local\Temp\sqlite3.dll => moved successfully ========= bitsadmin /reset /allusers ========= BITSADMIN version 3.0 [ 7.8.10240 ]BITS administration utility.© Copyright 2000-2006 Microsoft Corp. BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets. Unable to cancel {72817C85-C68C-4B5F-97E9-54BB24743D5F}.{937ECB49-D32E-4B0C-AC53-51C74C52833E} canceled.1 out of 2 jobs canceled. ========= End of CMD: ========= EmptyTemp: => 3.7 GB temporary data Removed. The system needed a reboot. ==== End of Fixlog 22:49:27 ====
  8. Thanks! I ran that script. I waited a while and the PC didn't reboot. This is the Fixlog.txt file: Fix result of Farbar Recovery Scan Tool (x64) Version:30-11-2015Ran by Mike (2015-11-30 22:35:53) Run:1Running from G:\Mike\DocumentsLoaded Profiles: Mike & Eli & Mcx1-MIKE-HP (Available Profiles: Mike & Eli & Mcx1-MIKE-HP & DefaultAppPool)Boot Mode: Normal============================================== fixlist content:*****************StartCreateRestorePoint:CloseProcesses:HKU\S-1-5-21-722469699-1757417711-2172558454-1007\...\Winlogon: [shell] C:\Windows\eHome\McrMgr.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnkBootExecute: autocheck autochk * sdnclean64.exeHosts:HKU\S-1-5-21-722469699-1757417711-2172558454-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.goldstart.co.uk/adv/goldAndSilver.htmHKU\S-1-5-21-722469699-1757417711-2172558454-1003\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPDSK/2HKU\S-1-5-21-722469699-1757417711-2172558454-1003\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ieHKU\S-1-5-21-722469699-1757417711-2172558454-1007\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPDSK/2HKU\S-1-5-21-722469699-1757417711-2172558454-1007\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://g.uk.msn.com/HPDSK/2HKU\S-1-5-21-722469699-1757417711-2172558454-1007\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPDSK/2SearchScopes: HKLM -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPDTDFSearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDFSearchScopes: HKLM -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}SearchScopes: HKLM -> {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = hxxp://rover.ebay.com/rover/1/710-111095-2958-0/4?satitle={searchTerms}&mfe=DesktopsSearchScopes: HKLM -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBoxSearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDFSearchScopes: HKLM-x32 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}SearchScopes: HKLM-x32 -> {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = hxxp://rover.ebay.com/rover/1/710-111095-2958-0/4?satitle={searchTerms}&mfe=DesktopsSearchScopes: HKLM-x32 -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBoxSearchScopes: HKU\S-1-5-21-722469699-1757417711-2172558454-1001 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = SearchScopes: HKU\S-1-5-21-722469699-1757417711-2172558454-1003 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = SearchScopes: HKU\S-1-5-21-722469699-1757417711-2172558454-1003 -> {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = SearchScopes: HKU\S-1-5-21-722469699-1757417711-2172558454-1003 -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-02-06] (Oracle Corporation)BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-06] (Oracle Corporation)CHR StartupUrls: Default -> "hxxp://www.gumtree.com/search?property_type=house&seller_type=private&min_beds=3&max_beds=&min_price=370%2C000&max_price=600%2C000&q=&search_location=South+East+London&category=local-property-for-sale&search_scope=title","hxxps://www.google.co.uk/webhp?source=search_app&gws_rd=cr","hxxp://www.google.com/"C:\Users\Eli\AppData\Local\Temp\avguirn_0861469464.exeC:\Users\Mike\AppData\Local\Temp\avguirn_081216781173.exeC:\Users\Mike\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpcagg_a.dllC:\Users\Mike\AppData\Local\Temp\SkypeSetup.exeC:\Users\Mike\AppData\Local\Temp\sqlite3.dllEmptyTemp:CMD: bitsadmin /reset /allusersEmptyTemp:Reboot: ***************** Restore point was successfully created.Processes closed successfully.HKU\S-1-5-21-722469699-1757417711-2172558454-1007\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => value removed successfullyC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk => moved successfullyhklm\System\CurrentControlSet\Control\Session Manager\\BootExecute => value restored successfullyC:\Windows\System32\Drivers\etc\hosts => moved successfullyHosts restored successfully.
  9. ESET.txt C:\Users\Mike\Google Drive\MySites\BankingGlossary\index.php PHP/Kryptik.AB trojanC:\Users\Mike\Google Drive\MySites\casino-choices\addlink.php PHP/Obfuscated.F potentially unwanted applicationC:\Users\Mike\Google Drive\MySites\casino-choices\admin.php PHP/Obfuscated.F potentially unwanted applicationC:\Users\Mike\Google Drive\MySites\firstpokertips\SiteForUpload\links\addlink.php PHP/Obfuscated.F potentially unwanted applicationC:\Users\Mike\Google Drive\MySites\firstpokertips\SiteForUpload\links\admin.php PHP/Obfuscated.F potentially unwanted applicationC:\Users\Mike\Google Drive\MySites\firstpokertips\SiteForUpload\links\links.php PHP/Obfuscated.F potentially unwanted applicationC:\Users\Mike\Google Drive\MySites\football\arsenal\wp-content\upd.php PHP/Agent.NAI trojanC:\Users\Mike\Google Drive\MySites\football\chelsea\addlink.php PHP/Obfuscated.F potentially unwanted applicationC:\Users\Mike\Google Drive\MySites\football\chelsea\admin.php PHP/Obfuscated.F potentially unwanted applicationC:\Users\Mike\Google Drive\MySites\football\chelsea\wp-content\themes\suffusion\index.php PHP/Kryptik.AB trojanC:\Users\Mike\Google Drive\MySites\GoldStart\SiteForUpload\wp-content\themes\suffusion\index.php PHP/Kryptik.AB trojanC:\Users\Mike\Google Drive\MySites\LinkMan Original files v 1.7 Powered By removed\addlink.php PHP/Obfuscated.F potentially unwanted applicationC:\Users\Mike\Google Drive\MySites\LinkMan Original files v 1.7 Powered By removed\admin.php PHP/Obfuscated.F potentially unwanted applicationC:\Users\Mike\Google Drive\MySites\mayer-roulette-strategy\Site for Upload\links\addlink.php PHP/Obfuscated.F potentially unwanted applicationC:\Users\Mike\Google Drive\MySites\mayer-roulette-strategy\Site for Upload\links\admin.php PHP/Obfuscated.F potentially unwanted applicationC:\Users\Mike\Google Drive\MySites\playhard\SiteForUpload\links\addlink.php PHP/Obfuscated.F potentially unwanted applicationC:\Users\Mike\Google Drive\MySites\playhard\SiteForUpload\links\admin.php PHP/Obfuscated.F potentially unwanted applicationC:\Users\Mike\Google Drive\MySites\playhard\SiteForUpload\links-old\admin.php PHP/Obfuscated.F potentially unwanted applicationC:\Users\Mike\Google Drive\MySites\playhard\SiteForUpload\links-old\LinkMan Original files v 1.7 Powered By removed\addlink.php PHP/Obfuscated.F potentially unwanted applicationC:\Users\Mike\Google Drive\MySites\universitygirls\Site for upload\index.php.txt PHP/Kryptik.AB trojanG:\Mike\Downloads\uTorrent_3-4-2-build-38913.exe a variant of Win32/OpenCandy.A potentially unsafe applicationG:\Mike\Music\annes 30th\Best of Hawaiian Music\Brandneue Musik legal, schnell und gratis downloaden.url LNK/Agent.CH trojanG:\Mike\Music\Usher - Here I Stand (2008)\07-usher-prayer_for_you_(interlude).mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan FRST.txtScan result of Farbar Recovery Scan Tool (FRST) (x64) Version:28-11-2015Ran by Mike (administrator) on MIKE-HP (29-11-2015 10:35:17)Running from G:\Mike\DownloadsLoaded Profiles: Mike & Eli & Mcx1-MIKE-HP (Available Profiles: Mike & Eli & Mcx1-MIKE-HP & DefaultAppPool)Platform: Windows 10 Home (X64) Language: English (United States)Internet Explorer Version 11 (Default browser: Edge)Boot Mode: NormalTutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe(AMD) C:\Windows\System32\atiesrxx.exe(AMD) C:\Windows\System32\atieclxx.exe(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgwdsvcx.exe(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe(Ralink Technology, Corp.) C:\Program Files (x86)\Ralink\Common\RaRegistry.exe(Ralink Technology, Corp.) C:\Program Files (x86)\Ralink\Common\RaRegistry64.exe(Microsoft Corporation) C:\Windows\System32\mqsvc.exe(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportInjService_x64.exe(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.15\GoogleCrashHandler.exe(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.15\GoogleCrashHandler64.exe(Microsoft Corporation) C:\Windows\System32\Speech_OneCore\Common\SpeechRuntime.exe(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportInjService_x64.exe(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe(Logitech, Inc.) C:\Program Files\Common Files\logishrd\KHAL3\KHALMNPR.exe(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.226\SSScheduler.exe(Mozy, Inc.) C:\Program Files\MozyHome\mozystat.exe(Dropbox, Inc.) C:\Users\Mike\AppData\Roaming\Dropbox\bin\Dropbox.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe(Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe() C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe() C:\Program Files (x86)\Common Files\logishrd\LQCVFX\COCIManager.exe(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\Receiver\Receiver.exe(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\redirector.exe(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\SelfServicePlugin\SelfServicePlugin.exe(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgui.exe(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe(Mozy, Inc.) C:\Program Files\MozyHome\mozybackup.exe(Mozy, Inc.) C:\Program Files\MozyHome\mozybackup.exe(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\ActionUriServer.exe(ESET) C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineScannerApp.exe(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgidsagent.exe(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgcsrva.exe(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgemca.exe(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgnsa.exe(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgrsa.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\SelfServicePlugin\SelfService.exe(Farbar) G:\Mike\Downloads\FRST64 (1).exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3100440 2014-05-19] (Logitech, Inc.)HKLM-x32\...\Run: [startCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-08-21] (Advanced Micro Devices, Inc.)HKLM-x32\...\Run: [Magic Desktop for HP notification] => C:\ProgramData\Easybits Magic Desktop for HP\mdhpSUN.exe [1258504 2013-12-27] (Easybits)HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [205336 2011-11-11] (Logitech Inc.)HKLM-x32\...\Run: [HP Remote Solution] => %ProgramFiles%\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exeHKLM-x32\...\Run: [bCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)HKLM-x32\...\Run: [AdobeCS4ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [611712 2008-08-14] (Adobe Systems Incorporated)HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [518496 2015-06-24] (Citrix Systems, Inc.)HKLM-x32\...\Run: [Redirector] => C:\Program Files (x86)\Citrix\ICA Client\redirector.exe [231776 2015-06-24] (Citrix Systems, Inc.)HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguix.exe [1136552 2015-11-12] (AVG Technologies CZ, s.r.o.)HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\Av\avgui.exe [3826600 2015-10-30] (AVG Technologies CZ, s.r.o.)Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)Winlogon\Notify\ScCertProp: wlnotify.dll [X]HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1HKU\S-1-5-21-722469699-1757417711-2172558454-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22568216 2015-10-12] (Google)HKU\S-1-5-21-722469699-1757417711-2172558454-1001\...\Run: [Dropbox Update] => C:\Users\Mike\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-19] (Dropbox, Inc.)HKU\S-1-5-21-722469699-1757417711-2172558454-1001\...\Run: [skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [48138880 2015-10-14] (Skype Technologies S.A.)HKU\S-1-5-21-722469699-1757417711-2172558454-1001\...\Run: [spybotPostWindows10UpgradeReInstall] => "C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe"HKU\S-1-5-21-722469699-1757417711-2172558454-1001\...\Run: [GoogleChromeAutoLaunch_A9A28D217F0AF6C0AE66A9006030A09A] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [811848 2015-11-07] (Google Inc.)HKU\S-1-5-21-722469699-1757417711-2172558454-1001\...\Policies\system: [DisableLockWorkstation] 0HKU\S-1-5-21-722469699-1757417711-2172558454-1001\...\Policies\system: [DisableChangePassword] 0HKU\S-1-5-21-722469699-1757417711-2172558454-1001\...\MountPoints2: {0cf0d44f-6b0c-11e0-b704-806e6f6e6963} - "E:\Install Navigator.exe" HKU\S-1-5-21-722469699-1757417711-2172558454-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [31232 2015-07-10] (Microsoft Corporation)HKU\S-1-5-21-722469699-1757417711-2172558454-1003\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22568216 2015-10-12] (Google)HKU\S-1-5-21-722469699-1757417711-2172558454-1007\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [517632 2015-07-10] (Microsoft Corporation)HKU\S-1-5-21-722469699-1757417711-2172558454-1007\...\Winlogon: [shell] C:\Windows\eHome\McrMgr.exe <==== ATTENTIONShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-10-12] (Google)ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-10-12] (Google)ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-10-12] (Google)ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mike\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-11-04] (Dropbox, Inc.)ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mike\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-11-04] (Dropbox, Inc.)ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mike\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-11-04] (Dropbox, Inc.)ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mike\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-11-04] (Dropbox, Inc.)ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => No FileShellIconOverlayIdentifiers: [mozy] -> {b32a6748-f273-4546-b60a-3c5adc239de5} => C:\Program Files\MozyHome\mozyshell.dll [2015-02-02] (Mozy, Inc.)ShellIconOverlayIdentifiers: [mozy2] -> {747E722C-CB46-4a9d-BDFE-192AAD5099B1} => C:\Program Files\MozyHome\mozyshell.dll [2015-02-02] (Mozy, Inc.)ShellIconOverlayIdentifiers: [mozy3] -> {EE6F5A00-7898-40f7-AB77-51FF9D6DEB20} => C:\Program Files\MozyHome\mozyshell.dll [2015-02-02] (Mozy, Inc.)ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mike\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.)ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mike\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.)ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mike\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.)Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2015-11-08]ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.226\SSScheduler.exe (McAfee, Inc.)Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\MozyHome Status.lnk [2015-07-12]ShortcutTarget: MozyHome Status.lnk -> C:\Program Files\MozyHome\mozystat.exe (Mozy, Inc.)Startup: C:\Users\Mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-11-15]ShortcutTarget: Dropbox.lnk -> C:\Users\Mike\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)BootExecute: autocheck autochk * sdnclean64.exe ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txtTcpip\Parameters: [DhcpNameServer] 192.168.0.1Tcpip\..\Interfaces\{18b82321-0b0c-4748-a585-cb06f8448ee8}: [DhcpNameServer] 192.168.0.1 Internet Explorer:==================HKU\S-1-5-21-722469699-1757417711-2172558454-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.goldstart.co.uk/adv/goldAndSilver.htmHKU\S-1-5-21-722469699-1757417711-2172558454-1003\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPDSK/2HKU\S-1-5-21-722469699-1757417711-2172558454-1003\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ieHKU\S-1-5-21-722469699-1757417711-2172558454-1007\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPDSK/2HKU\S-1-5-21-722469699-1757417711-2172558454-1007\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://g.uk.msn.com/HPDSK/2HKU\S-1-5-21-722469699-1757417711-2172558454-1007\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPDSK/2SearchScopes: HKLM -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPDTDFSearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDFSearchScopes: HKLM -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}SearchScopes: HKLM -> {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = hxxp://rover.ebay.com/rover/1/710-111095-2958-0/4?satitle={searchTerms}&mfe=DesktopsSearchScopes: HKLM -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBoxSearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDFSearchScopes: HKLM-x32 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}SearchScopes: HKLM-x32 -> {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = hxxp://rover.ebay.com/rover/1/710-111095-2958-0/4?satitle={searchTerms}&mfe=DesktopsSearchScopes: HKLM-x32 -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBoxSearchScopes: HKU\S-1-5-21-722469699-1757417711-2172558454-1001 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = SearchScopes: HKU\S-1-5-21-722469699-1757417711-2172558454-1003 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = SearchScopes: HKU\S-1-5-21-722469699-1757417711-2172558454-1003 -> {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = SearchScopes: HKU\S-1-5-21-722469699-1757417711-2172558454-1003 -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll [2012-02-13] (Advanced Micro Devices)BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2014-05-19] (Logitech, Inc.)BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll => No FileBHO-x32: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll [2012-02-13] (Advanced Micro Devices)BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-02-06] (Oracle Corporation)BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2014-05-19] (Logitech, Inc.)BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-06] (Oracle Corporation)BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2015-10-19] (Hewlett-Packard Company)Toolbar: HKU\S-1-5-21-722469699-1757417711-2172558454-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No FileToolbar: HKU\S-1-5-21-722469699-1757417711-2172558454-1001 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No FileToolbar: HKU\S-1-5-21-722469699-1757417711-2172558454-1003 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No FileToolbar: HKU\S-1-5-21-722469699-1757417711-2172558454-1003 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No FileDPF: HKLM-x32 {4871A87A-BFDD-4106-8153-FFDE2BAC2967} hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.0.cabDPF: HKLM-x32 {A2505C6C-6F17-456F-89D2-4301FBDC6EC7} hxxps://remote-uk-tc.rbc.com/nortel_cacheable/iewiper.cabDPF: HKLM-x32 {ACDB1787-986D-434D-9857-2172CDB2108D} hxxps://remote-uk-th.rbc.com/nortel_cacheable/punblock.cabHandler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - No FileFilter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-06-24] (Citrix Systems, Inc.)Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-06-24] (Citrix Systems, Inc.)Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-06-24] (Citrix Systems, Inc.)Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-06-24] (Citrix Systems, Inc.)Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-06-24] (Citrix Systems, Inc.)Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-06-24] (Citrix Systems, Inc.)Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-06-24] (Citrix Systems, Inc.)Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-06-24] (Citrix Systems, Inc.)Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-06-24] (Citrix Systems, Inc.)Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-06-24] (Citrix Systems, Inc.)Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-06-24] (Citrix Systems, Inc.)Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-06-24] (Citrix Systems, Inc.)Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-06-24] (Citrix Systems, Inc.)Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-06-24] (Citrix Systems, Inc.)Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-06-24] (Citrix Systems, Inc.)Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-06-24] (Citrix Systems, Inc.)Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-07] (Advanced Micro Devices)Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-07] (Advanced Micro Devices)Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-07] (Advanced Micro Devices)Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-07] (Advanced Micro Devices) FireFox:========FF ProfilePath: C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\stkwv5cl.defaultFF Homepage: hxxp://www.evertonlatest.co.uk/wp-admin/index.phphxxp://www.investorwords.co.uk/wp-admin/hxxp://www.cutthedebt.co.uk/wp-admin/index.phphxxp://www.blackburnlatest.co.uk/wp-admin/index.phphxxp://www.stokelatest.co.uk/wp-admin/hxxp://www.swansealatest.co.uk/wp-admin/hxxp://www.wolveslatest.co.uk/wp-admin/index.phphxxp://www.wiganlatest.co.uk/wp-admin/index.phphxxp://www.qprlatest.co.uk/wp-admin/hxxp://www.englandfootballlatest.co.uk/wp-admin/index.phphxxp://www.norwichlatest.co.uk/wp-admin/index.phphxxp://www.westbromlatest.co.uk/wp-admin/index.phphxxp://www.sunderlandlatest.co.uk/wp-admin/index.phpFF Session Restore: -> is enabled.FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll [2015-06-24] (Citrix Systems, Inc.)FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-06-06] (Google, Inc.)FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-06] (Oracle Corporation)FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-06] (Oracle Corporation)FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-09-23] (Microsoft Corporation)FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-18] (Google Inc.)FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-18] (Google Inc.)FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\CCMSDK.dll [2011-04-25] (Citrix Systems, Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\cgpcfg.dll [2011-04-25] (Citrix Systems, Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\CgpCore.dll [2011-04-25] (Citrix Systems, Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\confmgr.dll [2011-04-25] (Citrix Systems, Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\ctxlogging.dll [2011-04-25] (Citrix Systems, Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\ctxmui.dll [2011-04-25] (Citrix Systems, Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\icafile.dll [2011-04-25] (Citrix Systems, Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\icalogon.dll [2011-04-25] (Citrix Systems, Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npicaN.dll [2011-04-25] ()FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFFICE.DLL [2007-03-22] (Microsoft Corporation)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\sslsdk_b.dll [2011-04-25] (Citrix Systems, Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\TcpPServ.dll [2011-04-25] (Citrix Systems, Inc.)FF Extension: Page Speed - C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\stkwv5cl.default\extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97} [2012-09-23] [not signed]FF Extension: Property Bee - C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\stkwv5cl.default\extensions\{da8bd68d-8e90-41cd-8345-a71b294e72e6}.xpi [2013-05-12] [not signed]FF Extension: Greasemonkey - C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\stkwv5cl.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2013-09-05] [not signed]FF Extension: YSlow - C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\stkwv5cl.default\extensions\yslow@yahoo-inc.com.xpi [2014-12-22] [not signed]FF Extension: Flash and Video Download - C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\stkwv5cl.default\extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a} [2014-12-22] [not signed]FF Extension: No Name - C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\stkwv5cl.default\Extensions\firebug@software.joehewitt.com.xpi [2015-07-04] [not signed]FF Extension: No Name - C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\stkwv5cl.default\Extensions\wagerlogic.xpi [2010-02-02] [not signed]FF Extension: Microsoft .NET Framework Assistant - C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\stkwv5cl.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011-08-21] [not signed]FF Extension: Google Toolbar for Firefox - C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\stkwv5cl.default\Extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2011-08-21] [not signed]FF Extension: DownThemAll! - C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\stkwv5cl.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2015-07-04]FF Extension: OnlyWire - C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\stkwv5cl.default\Extensions\{e26ba8db-a646-a44e-997c-2fafeadb50f2} [2011-08-21] [not signed]FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExtFF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2014-11-29] [not signed] Chrome: =======CHR HomePage: Default -> hxxp://www.google.com/CHR StartupUrls: Default -> "hxxp://www.gumtree.com/search?property_type=house&seller_type=private&min_beds=3&max_beds=&min_price=370%2C000&max_price=600%2C000&q=&search_location=South+East+London&category=local-property-for-sale&search_scope=title","hxxps://www.google.co.uk/webhp?source=search_app&gws_rd=cr","hxxp://www.google.com/"CHR Session Restore: Default -> is enabled.CHR Profile: C:\Users\Mike\AppData\Local\Google\Chrome\User Data\DefaultCHR Extension: (Google Drive) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-27]CHR Extension: (YouTube) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-17]CHR Extension: (Google Search) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]CHR Extension: (MightyText - SMS from PC & Text from Computer) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkfhfaphfkopdgpbfkebjfcblcafcmpi [2015-10-17]CHR Extension: (Gmail Offline) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejidjjhkpiempkbhmpbfngldlkglhimk [2015-10-17]CHR Extension: (Video Downloader professional) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\elicpjhcidhpjomhibiffojpinpmmpil [2015-11-28]CHR Extension: (ARC Welder) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\emfinbmielocnlhgmfkkmkngdoccbadn [2015-11-27]CHR Extension: (Chrome Remote Desktop) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2015-11-08]CHR Extension: (Financial News) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gfcekbbpdkhlfomdhopicfopkkedfcam [2015-10-17]CHR Extension: (Google Docs Offline) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-18]CHR Extension: (Pin It Button) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2015-11-28]CHR Extension: (ARC Welder) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfaihdlpglflfgpfjcifdjdjcckigekc [2015-11-28]CHR Extension: (Chrome Web Store Payments) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-10-17]CHR Extension: (Gmail) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-10-17]CHR HKU\S-1-5-21-722469699-1757417711-2172558454-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bbjllphbppobebmjpjcijfbakobcheof] - hxxps://clients2.google.com/service/update2/crxCHR HKU\S-1-5-21-722469699-1757417711-2172558454-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crxCHR HKU\S-1-5-21-722469699-1757417711-2172558454-1003\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bbjllphbppobebmjpjcijfbakobcheof] - hxxps://clients2.google.com/service/update2/crxCHR HKU\S-1-5-21-722469699-1757417711-2172558454-1003\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2015-08-21] (Advanced Micro Devices, Inc.) [File not signed]S3 AvgAMPS; C:\Program Files (x86)\AVG\Av\avgamps.exe [595376 2015-10-30] (AVG Technologies CZ, s.r.o.)R2 AVGIDSAgent; C:\Program Files (x86)\AVG\Av\avgidsagent.exe [3815648 2015-10-30] (AVG Technologies CZ, s.r.o.)R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1046952 2015-11-12] (AVG Technologies CZ, s.r.o.)R2 avgwd; C:\Program Files (x86)\AVG\Av\avgwdsvcx.exe [579776 2015-10-30] (AVG Technologies CZ, s.r.o.)R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [25800 2015-09-28] (Hewlett-Packard Company)S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.226\McCHSvc.exe [289256 2015-10-30] (McAfee, Inc.)R2 mozybackup; C:\Program Files\MozyHome\mozybackup.exe [54040 2011-08-04] (Mozy, Inc.)R2 RalinkRegistryWriter; C:\Program Files (x86)\Ralink\Common\RaRegistry.exe [372736 2012-07-04] (Ralink Technology, Corp.) [File not signed]R2 RalinkRegistryWriter64; C:\Program Files (x86)\Ralink\Common\RaRegistry64.exe [447488 2012-07-04] (Ralink Technology, Corp.) [File not signed]S2 RaMediaServer; C:\Program Files (x86)\Ralink\Common\RaMediaServer.exe [1859584 2012-07-04] (Ralink) [File not signed]R2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2255128 2015-11-12] (IBM Corp.)S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation)S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation) ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AODDriver4.3; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWT6.sys [102912 2015-05-28] (Advanced Micro Devices)S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [23152 2015-09-09] (AVG Technologies CZ, s.r.o.)R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [197040 2015-08-10] (AVG Technologies CZ, s.r.o.)R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [313776 2015-10-19] (AVG Technologies CZ, s.r.o.)R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [298416 2015-08-20] (AVG Technologies CZ, s.r.o.)R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [284080 2015-10-21] (AVG Technologies CZ, s.r.o.)R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [398256 2015-08-14] (AVG Technologies CZ, s.r.o.)R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [255408 2015-10-21] (AVG Technologies CZ, s.r.o.)R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [42416 2015-08-10] (AVG Technologies CZ, s.r.o.)R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [306608 2015-10-08] (AVG Technologies CZ, s.r.o.)S3 FsUsbExDisk; C:\Windows\SysWOW64\FsUsbExDisk.SYS [37344 2013-02-05] () [File not signed]R3 hcwD3bda; C:\Windows\system32\DRIVERS\hcwD3bda64.sys [121344 2011-10-26] (Mirics)R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2015-11-29] (Malwarebytes)S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)R1 mozyFilter; C:\Windows\System32\DRIVERS\mozy.sys [67808 2013-05-21] (Mozy, Inc.)R3 netr28x; C:\Windows\system32\DRIVERS\netr28x.sys [2554528 2015-06-12] (MediaTek Inc.)R1 RapportCerberus_1507076; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_1507076.sys [959416 2015-11-24] (IBM Corp.)R1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [500184 2015-11-12] (IBM Corp.)R0 RapportHades64; C:\Windows\System32\Drivers\RapportHades64.sys [139896 2015-11-12] (IBM Corp.)R0 RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [394584 2015-11-12] (IBM Corp.)R1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [489272 2015-11-12] (IBM Corp.)S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)S3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [31744 2009-01-09] (Research in Motion Ltd)R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [587264 2015-06-18] (Realtek )S3 S3XXx64; C:\Windows\system32\DRIVERS\S3XXx64.sys [73856 2015-02-17] (Identiv)S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] ()U5 usbfilter; C:\Windows\System32\Drivers\usbfilter.sys [38456 2009-12-22] (Advanced Micro Devices)S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation)S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation)S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation)U3 idsvc; no ImagePathS3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]U3 wpcsvc; no ImagePath ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-11-29 10:32 - 2015-11-29 10:32 - 00016148 _____ C:\Windows\system32\MIKE-HP_Mike_HistoryPrediction.bin2015-11-29 00:13 - 2015-11-29 00:13 - 00000000 ____D C:\Program Files (x86)\ESET2015-11-29 00:10 - 2015-11-29 00:10 - 00000000 ___HD C:\OneDriveTemp2015-11-28 23:32 - 2015-11-28 23:32 - 00016148 _____ C:\Windows\system32\MIKE-HP_Eli_HistoryPrediction.bin2015-11-28 20:31 - 2015-11-28 23:31 - 00000000 ____D C:\AdwCleaner2015-11-28 19:35 - 2015-11-28 19:35 - 00003429 _____ C:\Users\Mike\Desktop\JRT.txt2015-11-28 19:16 - 2015-11-28 19:16 - 01547237 _____ C:\Users\Eli\Downloads\cotizaciónFotografíayVideoEli (2).pdf2015-11-28 11:42 - 2015-11-28 11:57 - 00000000 ___RD C:\Users\Eli\Google Drive2015-11-28 11:42 - 2015-11-28 11:42 - 00001795 _____ C:\Users\Eli\Desktop\Google Drive.lnk2015-11-24 19:55 - 2015-11-24 19:55 - 00000000 ___HD C:\$AVG2015-11-24 19:55 - 2015-11-24 19:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG2015-11-24 19:53 - 2015-11-24 19:53 - 00000950 _____ C:\Users\Public\Desktop\AVG.lnk2015-11-24 19:53 - 2015-11-24 19:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG Zen2015-11-23 23:15 - 2015-11-23 23:15 - 00000000 ____D C:\Windows\ERDNT2015-11-23 23:14 - 2015-11-23 23:14 - 00000995 _____ C:\Users\Mike\Desktop\NTREGOPT.lnk2015-11-23 23:14 - 2015-11-23 23:14 - 00000976 _____ C:\Users\Mike\Desktop\ERUNT.lnk2015-11-23 23:14 - 2015-11-23 23:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT2015-11-23 23:14 - 2015-11-23 23:14 - 00000000 ____D C:\Program Files (x86)\ERUNT2015-11-23 23:13 - 2015-11-23 23:13 - 00003764 _____ C:\Users\Mike\Desktop\Rkill.txt2015-11-18 20:37 - 2015-11-29 10:35 - 00000000 ____D C:\FRST2015-11-18 20:02 - 2015-11-18 20:02 - 00003184 _____ C:\Windows\System32\Tasks\{BC444172-5895-4D29-9FAE-38C92D256289}2015-11-17 18:20 - 2015-11-17 18:21 - 23493437 _____ C:\Users\Eli\Downloads\fwdboda.zip2015-11-17 17:13 - 2015-11-17 17:13 - 00000000 ____D C:\Users\Eli\AppData\Local\CEF2015-11-17 17:12 - 2015-11-17 17:12 - 02756350 _____ C:\Users\Eli\Downloads\Archivos adjuntos_20151117.zip2015-11-17 16:42 - 2015-11-17 16:42 - 01547237 _____ C:\Users\Eli\Downloads\cotizaciónFotografíayVideoEli (1).pdf2015-11-16 22:24 - 2015-11-24 19:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trusteer Endpoint Protection2015-11-16 22:24 - 2015-11-16 22:24 - 00000000 ____D C:\Program Files (x86)\Trusteer2015-11-16 22:24 - 2015-11-12 01:32 - 00394584 _____ (IBM Corp.) C:\Windows\system32\Drivers\RapportKE64.sys2015-11-16 22:24 - 2015-11-12 01:32 - 00139896 _____ (IBM Corp.) C:\Windows\system32\Drivers\RapportHades64.sys2015-11-16 22:22 - 2015-11-16 22:23 - 00436504 _____ (IBM Corp.) C:\Users\Eli\Downloads\RapportSetup (3).exe2015-11-16 22:16 - 2015-11-16 22:16 - 00000000 ____D C:\Windows\LastGood.Tmp2015-11-16 22:15 - 2015-11-16 22:15 - 01083880 _____ (Gemalto) C:\Windows\SysWOW64\axaltocm.dll2015-11-16 22:13 - 2015-11-16 22:23 - 00436504 _____ (IBM Corp.) C:\Users\Eli\Downloads\RapportSetup (1).exe2015-11-16 22:13 - 2015-11-16 22:14 - 00436504 _____ (IBM Corp.) C:\Users\Eli\Downloads\RapportSetup (2).exe2015-11-15 11:17 - 2015-11-15 11:17 - 00000000 ____D C:\Users\Mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox2015-11-11 22:53 - 2015-11-29 00:10 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys2015-11-11 22:53 - 2015-11-11 22:53 - 00001173 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2015-11-11 22:53 - 2015-11-11 22:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware2015-11-11 22:52 - 2015-11-11 22:52 - 00000000 ____D C:\ProgramData\Malwarebytes2015-11-11 22:52 - 2015-11-11 22:52 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware2015-11-11 22:52 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys2015-11-11 22:52 - 2015-10-05 09:50 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys2015-11-11 22:52 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys2015-11-10 21:14 - 2015-11-05 05:13 - 00577888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys2015-11-10 21:14 - 2015-11-05 05:06 - 03621248 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll2015-11-10 21:14 - 2015-11-05 04:24 - 02878512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll2015-11-10 21:14 - 2015-11-05 04:20 - 21873664 _____ (Microsoft Corporation) C:\Windows\system32\edgehtml.dll2015-11-10 21:14 - 2015-11-05 04:18 - 24597504 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll2015-11-10 21:14 - 2015-11-05 04:18 - 03248128 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.dll2015-11-10 21:14 - 2015-11-05 04:10 - 02987520 _____ (Microsoft Corporation) C:\Windows\system32\esent.dll2015-11-10 21:14 - 2015-11-05 04:03 - 02180608 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentServer.dll2015-11-10 21:14 - 2015-11-05 03:59 - 02675200 _____ (Microsoft Corporation) C:\Windows\system32\Windows.StateRepository.dll2015-11-10 21:14 - 2015-11-05 03:58 - 00627712 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.dll2015-11-10 21:14 - 2015-11-05 03:56 - 01795072 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentExtensions.dll2015-11-10 21:14 - 2015-11-05 03:47 - 19326464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll2015-11-10 21:14 - 2015-11-05 03:42 - 02647040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.dll2015-11-10 21:14 - 2015-11-05 03:35 - 18803712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\edgehtml.dll2015-11-10 21:14 - 2015-11-05 03:35 - 02639872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\esent.dll2015-11-10 21:14 - 2015-11-05 03:27 - 02049536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.StateRepository.dll2015-11-10 21:13 - 2015-11-05 05:15 - 08020832 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe2015-11-10 21:13 - 2015-11-05 05:15 - 00541024 _____ (Microsoft Corporation) C:\Windows\system32\mcupdate_GenuineIntel.dll2015-11-10 21:13 - 2015-11-05 05:14 - 00459104 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys2015-11-10 21:13 - 2015-11-05 05:11 - 01392480 _____ (Microsoft Corporation) C:\Windows\system32\LicenseManager.dll2015-11-10 21:13 - 2015-11-05 05:06 - 00966416 _____ (Microsoft Corporation) C:\Windows\system32\twinapi.appcore.dll2015-11-10 21:13 - 2015-11-05 05:01 - 00607408 _____ (Microsoft Corporation) C:\Windows\system32\fontdrvhost.exe2015-11-10 21:13 - 2015-11-05 04:56 - 01083072 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll2015-11-10 21:13 - 2015-11-05 04:56 - 00116064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys2015-11-10 21:13 - 2015-11-05 04:56 - 00025280 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe2015-11-10 21:13 - 2015-11-05 04:30 - 00961376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\LicenseManager.dll2015-11-10 21:13 - 2015-11-05 04:23 - 00762888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinapi.appcore.dll2015-11-10 21:13 - 2015-11-05 04:23 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\browserbroker.dll2015-11-10 21:13 - 2015-11-05 04:18 - 00539728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontdrvhost.exe2015-11-10 21:13 - 2015-11-05 04:17 - 02418688 _____ (Microsoft Corporation) C:\Windows\system32\MFMediaEngine.dll2015-11-10 21:13 - 2015-11-05 04:12 - 00515072 _____ (Microsoft Corporation) C:\Windows\system32\internetmail.dll2015-11-10 21:13 - 2015-11-05 04:11 - 00333312 _____ (Microsoft Corporation) C:\Windows\system32\MusUpdateHandlers.dll2015-11-10 21:13 - 2015-11-05 04:10 - 12504064 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll2015-11-10 21:13 - 2015-11-05 04:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll2015-11-10 21:13 - 2015-11-05 04:06 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Devices.Usb.dll2015-11-10 21:13 - 2015-11-05 04:05 - 01602560 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll2015-11-10 21:13 - 2015-11-05 04:05 - 00826880 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll2015-11-10 21:13 - 2015-11-05 04:03 - 01015808 _____ (Microsoft Corporation) C:\Windows\system32\RDXService.dll2015-11-10 21:13 - 2015-11-05 04:01 - 00949760 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll2015-11-10 21:13 - 2015-11-05 04:01 - 00713216 _____ (Microsoft Corporation) C:\Windows\system32\usermgr.dll2015-11-10 21:13 - 2015-11-05 04:01 - 00579072 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe2015-11-10 21:13 - 2015-11-05 03:59 - 03587072 _____ (Microsoft Corporation) C:\Windows\system32\win32kfull.sys2015-11-10 21:13 - 2015-11-05 03:58 - 01383936 _____ (Microsoft Corporation) C:\Windows\system32\win32kbase.sys2015-11-10 21:13 - 2015-11-05 03:55 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\dssvc.dll2015-11-10 21:13 - 2015-11-05 03:54 - 00502272 _____ (Microsoft Corporation) C:\Windows\system32\dlnashext.dll2015-11-10 21:13 - 2015-11-05 03:40 - 01918976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFMediaEngine.dll2015-11-10 21:13 - 2015-11-05 03:34 - 00311296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Devices.Usb.dll2015-11-10 21:13 - 2015-11-05 03:33 - 01380864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll2015-11-10 21:13 - 2015-11-05 03:33 - 00650240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll2015-11-10 21:13 - 2015-11-05 03:30 - 00767488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll2015-11-10 21:13 - 2015-11-05 03:28 - 11262976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll2015-11-10 21:13 - 2015-11-05 03:27 - 00464896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.dll2015-11-10 21:13 - 2015-11-05 03:23 - 00441344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dlnashext.dll2015-11-08 11:48 - 2015-11-08 11:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus2015-11-02 22:07 - 2015-11-02 22:07 - 00000000 ____D C:\Users\Mike\AppData\Roaming\KompoZer2015-11-02 22:06 - 2015-11-02 22:07 - 00000000 ____D C:\Program Files\KompoZer 0.7.102015-11-02 19:41 - 2015-11-02 19:41 - 00000000 ____D C:\Users\Eli\AppData\Roaming\WinRAR2015-11-02 19:40 - 2015-11-02 19:41 - 34633425 _____ C:\Users\Eli\Downloads\wetransfer-6956a2.zip2015-11-01 13:05 - 2015-11-01 13:05 - 00000162 ____H C:\Users\Eli\Desktop\~$mples fonts.odt2015-11-01 13:04 - 2015-11-01 13:05 - 00005122 _____ C:\Users\Eli\Desktop\samples fonts.odt ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-11-29 10:29 - 2015-06-19 23:11 - 00000914 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-722469699-1757417711-2172558454-1001UA.job2015-11-29 09:39 - 2011-08-22 21:08 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job2015-11-29 08:56 - 2011-08-22 17:26 - 00000000 ____D C:\ProgramData\MFAData2015-11-29 08:39 - 2011-08-22 21:08 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job2015-11-29 06:03 - 2015-09-22 21:50 - 00004148 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{5F0ED98D-7354-4A01-B294-54AB7450A24E}2015-11-29 00:37 - 2011-08-23 20:48 - 00000000 ____D C:\Users\Mike\AppData\Roaming\Skype2015-11-29 00:15 - 2015-09-20 17:27 - 01009666 _____ C:\Windows\system32\PerfStringBackup.INI2015-11-29 00:15 - 2015-07-30 22:40 - 00000000 ____D C:\Windows\INF2015-11-29 00:11 - 2012-07-07 12:24 - 00000000 ____D C:\Users\Mike\AppData\Roaming\Dropbox2015-11-29 00:10 - 2015-09-20 18:47 - 00000000 ___RD C:\Users\Mike\OneDrive2015-11-29 00:10 - 2012-05-31 21:21 - 00000000 ___RD C:\Users\Mike\Google Drive2015-11-29 00:09 - 2015-07-30 21:52 - 00000006 ____H C:\Windows\Tasks\SA.DAT2015-11-29 00:09 - 2015-07-10 09:05 - 00786432 ___SH C:\Windows\system32\config\BBI2015-11-28 20:29 - 2015-06-19 23:11 - 00000862 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-722469699-1757417711-2172558454-1001Core.job2015-11-28 19:27 - 2015-07-10 09:47 - 00000000 ____D C:\Windows2015-11-28 11:54 - 2015-07-30 22:42 - 00000000 ____D C:\Windows\AppReadiness2015-11-28 11:42 - 2015-09-20 17:28 - 00000000 ____D C:\Users\Eli2015-11-28 10:51 - 2015-10-17 17:21 - 00000000 ____D C:\Users\Mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps2015-11-28 10:50 - 2015-08-18 21:38 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk2015-11-28 10:48 - 2015-07-30 22:42 - 00000000 ___HD C:\Program Files\WindowsApps2015-11-27 23:11 - 2015-07-10 09:05 - 00032768 ___SH C:\Windows\system32\config\ELAM2015-11-24 19:56 - 2015-05-25 09:32 - 00000000 ____D C:\Users\Mike\AppData\Local\Avg2015-11-24 19:55 - 2015-08-30 12:26 - 00000000 ____D C:\ProgramData\AVG2015-11-24 19:55 - 2015-08-16 11:57 - 00000000 ____D C:\Program Files (x86)\AVG2015-11-24 19:55 - 2015-07-30 22:42 - 00000000 ___HD C:\Windows\ELAMBKUP2015-11-24 19:53 - 2015-10-27 09:32 - 00000000 ____D C:\Users\Mike\AppData\Local\AvgSetupLog2015-11-24 19:49 - 2015-09-20 17:28 - 00000000 ____D C:\Users\Mike2015-11-24 19:40 - 2015-04-01 21:26 - 00004146 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{4026B517-26E7-4767-8E9D-E443C9569FB9}2015-11-23 22:53 - 2011-08-22 17:37 - 00000000 ____D C:\Users\Mike\AppData\Roaming\uTorrent2015-11-22 10:33 - 2011-09-12 09:18 - 00005912 _____ C:\Windows\mozy.blk2015-11-22 10:33 - 2011-09-12 09:18 - 00000178 _____ C:\Windows\mozy.flt2015-11-18 20:20 - 2015-09-22 21:57 - 00144840 ____N C:\Windows\Minidump\111815-18906-01.dmp2015-11-18 20:20 - 2015-09-21 21:01 - 00000000 ____D C:\Windows\Minidump2015-11-18 20:20 - 2014-11-10 21:07 - 00000344 _____ C:\Windows\Tasks\HPCeeScheduleForMike.job2015-11-17 17:44 - 2011-08-24 06:50 - 00000000 ____D C:\Users\Eli\AppData\Roaming\Adobe2015-11-17 17:13 - 2011-08-24 06:50 - 00000000 ____D C:\Users\Eli\AppData\Local\Adobe2015-11-16 23:11 - 2014-11-10 21:07 - 00003232 _____ C:\Windows\System32\Tasks\HPCeeScheduleForMike2015-11-16 22:15 - 2015-04-07 07:15 - 01432040 _____ (Gemalto) C:\Windows\system32\axaltocm.dll2015-11-15 15:59 - 2011-08-22 20:55 - 00000000 ____D C:\Users\Mike\AppData\Local\AMD2015-11-15 12:33 - 2015-09-22 21:57 - 00154760 ____N C:\Windows\Minidump\111515-11875-01.dmp2015-11-15 12:11 - 2015-07-30 22:42 - 00000000 ____D C:\Windows\rescache2015-11-11 22:09 - 2015-09-17 23:29 - 00000000 ____D C:\Program Files (x86)\Belarc2015-11-11 22:06 - 2011-08-23 20:22 - 00000000 ____D C:\Program Files (x86)\Microsoft Games for Windows - LIVE2015-11-11 08:44 - 2015-07-30 22:42 - 00000000 ____D C:\Windows\SysWOW64\en-GB2015-11-11 08:44 - 2015-07-30 22:42 - 00000000 ____D C:\Windows\system32\en-GB2015-11-11 08:44 - 2015-07-30 22:42 - 00000000 ____D C:\Windows\system32\appraiser2015-11-10 22:44 - 2011-08-23 20:37 - 00000000 ____D C:\ProgramData\Microsoft Help2015-11-10 22:42 - 2015-07-30 22:25 - 00000000 ____D C:\Windows\CbsTemp2015-11-10 22:28 - 2013-08-19 17:16 - 00000000 ____D C:\Windows\system32\MRT2015-11-10 22:19 - 2011-08-22 18:48 - 145617392 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe2015-11-10 20:40 - 2015-10-17 17:18 - 00002262 _____ C:\Users\Public\Desktop\Google Chrome.lnk2015-11-08 12:05 - 2011-04-20 03:01 - 00000000 ____D C:\Windows\System32\Tasks\Hewlett-Packard2015-11-08 12:05 - 2011-04-20 02:52 - 00000000 ____D C:\ProgramData\Hewlett-Packard2015-11-08 12:04 - 2015-09-20 21:18 - 00000000 ____D C:\Users\Mike\AppData\Local\Comms2015-11-08 12:03 - 2015-09-20 18:41 - 00000000 ____D C:\Users\Mike\AppData\Local\Packages2015-11-08 11:50 - 2011-08-23 20:47 - 00000000 ____D C:\ProgramData\Skype2015-11-08 11:48 - 2015-10-18 18:35 - 00001981 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk2015-11-08 11:48 - 2015-10-18 18:35 - 00000000 ____D C:\Program Files\McAfee Security Scan2015-11-08 07:20 - 2015-05-25 09:32 - 00000000 ____D C:\Users\Eli\AppData\Local\Avg2015-11-04 20:54 - 2015-09-20 20:41 - 00002369 _____ C:\Users\Eli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk2015-11-04 20:54 - 2015-09-20 20:41 - 00000000 ___RD C:\Users\Eli\OneDrive2015-11-03 18:20 - 2015-07-30 22:43 - 00810488 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe2015-11-03 18:20 - 2015-07-30 22:43 - 00176632 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl2015-11-02 19:59 - 2015-09-20 18:47 - 00002372 _____ C:\Users\Mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk2015-10-31 16:59 - 2011-10-23 18:45 - 00000000 ____D C:\Users\Eli\AppData\Local\Hewlett-Packard2015-10-31 16:56 - 2015-08-18 21:38 - 00003972 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task ==================== Files in the root of some directories ======= 2015-02-06 10:56 - 2015-02-06 10:56 - 0000093 _____ () C:\Users\Mike\AppData\Roaming\ARCompanion.log2015-10-11 15:07 - 2015-10-11 15:07 - 0037837 _____ () C:\Users\Mike\AppData\Roaming\Comma Separated Values (Windows).ADR2011-09-12 09:20 - 2011-09-12 09:20 - 0001854 _____ () C:\Users\Mike\AppData\Roaming\GhostObjGAFix.xml2011-08-24 22:14 - 2015-02-10 20:28 - 0005159 _____ () C:\Users\Mike\AppData\Roaming\Rim.Desktop.Exception.log2011-08-22 16:32 - 2015-08-08 13:41 - 0002021 _____ () C:\Users\Mike\AppData\Roaming\Rim.Desktop.HttpServerSetup.log2011-08-24 22:14 - 2015-02-10 20:28 - 0005159 _____ () C:\Users\Mike\AppData\Roaming\Rim.DesktopHelper.Exception.log2011-08-24 22:15 - 2014-11-28 14:48 - 0059904 _____ () C:\Users\Mike\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini2013-12-30 19:25 - 2015-08-04 19:27 - 0000600 _____ () C:\Users\Mike\AppData\Local\PUTTY.RND2013-01-29 14:38 - 2013-01-29 14:38 - 0000008 ___SH () C:\Users\Mike\AppData\Local\systemCurUses2013-01-29 14:38 - 2013-01-29 14:38 - 0000006 ___SH () C:\Users\Mike\AppData\Local\systemHdID Some files in TEMP:====================C:\Users\Eli\AppData\Local\Temp\avguirn_0861469464.exeC:\Users\Mike\AppData\Local\Temp\avguirn_081216781173.exeC:\Users\Mike\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpcagg_a.dllC:\Users\Mike\AppData\Local\Temp\SkypeSetup.exeC:\Users\Mike\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signedC:\Windows\system32\wininit.exe => File is digitally signedC:\Windows\explorer.exe => File is digitally signedC:\Windows\SysWOW64\explorer.exe => File is digitally signedC:\Windows\system32\svchost.exe => File is digitally signedC:\Windows\SysWOW64\svchost.exe => File is digitally signedC:\Windows\system32\services.exe => File is digitally signedC:\Windows\system32\User32.dll => File is digitally signedC:\Windows\SysWOW64\User32.dll => File is digitally signedC:\Windows\system32\userinit.exe => File is digitally signedC:\Windows\SysWOW64\userinit.exe => File is digitally signedC:\Windows\system32\rpcss.dll => File is digitally signedC:\Windows\system32\dnsapi.dll => File is digitally signedC:\Windows\SysWOW64\dnsapi.dll => File is digitally signedC:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-11-21 23:58 ==================== End of FRST.txt ============================
  10. I've now run all those tests. Results of each one are: JRT.txt ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Junkware Removal Tool (JRT) by MalwarebytesVersion: 8.0.1 (11.24.2015)Operating System: Windows 10 Home x64 Ran by Mike (Administrator) on 28/11/2015 at 19:26:53.95~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ File System: 17 Successfully deleted: C:\ProgramData\Avg_Update_0615av (Folder) Successfully deleted: C:\ProgramData\Avg_Update_0715av (Folder) Successfully deleted: C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\elicpjhcidhpjomhibiffojpinpmmpil (Folder) Successfully deleted: C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic (Folder) Successfully deleted: C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\stkwv5cl.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}-trash (Folder) Successfully deleted: C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\stkwv5cl.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\defaults\custombuttons\google.com_blog_search.xml (File) Successfully deleted: C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\stkwv5cl.default\extensions\staged (Folder) Successfully deleted: C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\stkwv5cl.default\gm_scripts\accept_all_gift2\accept_all_gift2.user.js (File) Successfully deleted: C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\stkwv5cl.default\gm_scripts\facebook_auto_confirm_fr\facebook_auto_confirm_fr.user.js (File) Successfully deleted: C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\stkwv5cl.default\gm_scripts\facebook_mass_accept_req\facebook_mass_accept_req.user.js (File) Successfully deleted: C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\stkwv5cl.default\gm_scripts\twitter_page_follower\twitter_page_follower.user.js (File) Successfully deleted: C:\Windows\system32\Tasks\0615avUpdateInfo (Task)Successfully deleted: C:\Windows\system32\Tasks\0715avUpdateInfo (Task)Successfully deleted: C:\Windows\Tasks\0615avUpdateInfo.job (Task) Successfully deleted: C:\Windows\Tasks\0715avUpdateInfo.job (Task) Successfully deleted: C:\Windows\wininit.ini (File) Successfully deleted: C:\Program Files (x86)\myfree codec (Folder) Registry: 7 Successfully deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_A9A28D217F0AF6C0AE66A9006030A09A (Registry Value) Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\Search\\SearchAssistant (Registry Value) Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} (Registry Key)Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3} (Registry Key)Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{d944bb61-2e34-4dbf-a683-47e505c587dc} (Registry Key)Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43} (Registry Key)Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827} (Registry Key) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Scan was completed on 28/11/2015 at 19:35:54.19End of JRT log~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ AdwCleaner[C1].txt# AdwCleaner v5.022 - Logfile created 28/11/2015 at 23:31:17# Updated 22/11/2015 by Xplode# Database : 2015-11-22.2 [server]# Operating system : Windows 10 Home (x64)# Username : Mike - MIKE-HP# Running from : G:\Mike\Downloads\AdwCleaner.exe# Option : Cleaning# Support : http://toolslib.net/forum ***** [ Services ] ***** ***** [ Folders ] ***** [-] Folder Deleted : C:\Program Files (x86)\SoundSpectrum[-] Folder Deleted : C:\Users\Eli\AppData\Roaming\download Manager[-] Folder Deleted : C:\Users\Mike\AppData\Local\SoundSpectrum[-] Folder Deleted : C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\elicpjhcidhpjomhibiffojpinpmmpil[-] Folder Deleted : C:\Users\Mike\AppData\Roaming\SoundSpectrum ***** [ Files ] ***** [-] File Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\yahoo.xml[-] File Deleted : C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\elicpjhcidhpjomhibiffojpinpmmpil ***** [ DLLs ] ***** ***** [ Shortcuts ] ***** ***** [ Scheduled tasks ] ***** ***** [ Registry ] ***** [-] Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}[-] Key Deleted : HKCU\Software\AVG Nation toolbar[-] Key Deleted : HKCU\Software\Avg Secure Update[-] Key Deleted : HKLM\SOFTWARE\AVG Nation toolbar[-] Key Deleted : HKLM\SOFTWARE\AVG Secure Search[-] Key Deleted : HKLM\SOFTWARE\AVG Security Toolbar[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}[-] Key Deleted : HKU\.DEFAULT\Software\Avg Secure Update[-] Key Deleted : HKU\S-1-5-21-722469699-1757417711-2172558454-1003\Software\Myfree Codec ***** [ Web browsers ] ***** [-] [C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : elicpjhcidhpjomhibiffojpinpmmpil[-] [C:\Users\Eli\AppData\Local\Google\Chrome\User Data\Default\Web Data] [search Provider] Deleted : uk.ask.com[-] [C:\Users\Eli\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [startup_URLs] Deleted : hxxp://isearch.avg.com/?cid={5BC2AB19-70A9-4195-AA16-E765DFCA6081}&mid=f66e9650c44447d18fbbd1e9977c32be-6f23396fbdfe16aeee70e3099c8c6adf8f6d88d3〈=en&ds=AVG&pr=pr&d=2012-06-30 19:57:26&v=14.0.2.14&pid=avg&sg=&sap=hp ************************* :: "Tracing" keys removed:: Winsock settings cleared ########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [3000 bytes] ########## MalwareBytes Scan LogMalwarebytes Anti-Malwarewww.malwarebytes.org Scan, 29/11/2015 00:07, SYSTEM, MIKE-HP, Manual, Start:28/11/2015 23:37, Duration:26 min 19 sec, Threat Scan, Completed, 0 Malware Detections, 22 Non-Malware Detections, Error, 29/11/2015 00:09, SYSTEM, MIKE-HP, Protection, IsLicensed, 13, Protection, 29/11/2015 00:09, SYSTEM, MIKE-HP, Protection, Malware Protection, Stopping, Protection, 29/11/2015 00:09, SYSTEM, MIKE-HP, Protection, Malware Protection, Stopped, (end)
  11. I'll do all these steps tonight and post the results tomorrow. Thanks so much for your help!
  12. Aaargh. I spoke too soon. The virus is still there. See https://dl.dropboxusercontent.com/u/86577895/avg.png
  13. Thanks. I've now fully installed AVG, rebooted and reinstalled it. It didn't find anything, and so far, no warnings. It sometime took a day or two to set off all the virus warnings though so I don't know for sure yet if the problem is gone. I'll monitor it for a couple of days and report back.
  14. Many thanks for helping. I have read the instructions carefully and I understand. I've reattached the logs as requested. I will now work through steps 0, 1 and 2. Thanks. FRST.txt Addition.txt
  15. and Addition.txt Additional scan result of Farbar Recovery Scan Tool (x64) Version:18-11-2015 Ran by Mike (2015-11-18 20:39:23) Running from G:\Mike\Downloads Windows 10 Home (X64) (2015-09-20 18:41:43) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-722469699-1757417711-2172558454-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-722469699-1757417711-2172558454-503 - Limited - Disabled) Eli (S-1-5-21-722469699-1757417711-2172558454-1003 - Limited - Enabled) => C:\Users\Eli Guest (S-1-5-21-722469699-1757417711-2172558454-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-722469699-1757417711-2172558454-1002 - Limited - Enabled) Mcx1-MIKE-HP (S-1-5-21-722469699-1757417711-2172558454-1007 - Limited - Enabled) => C:\Users\Mcx1-MIKE-HP Mike (S-1-5-21-722469699-1757417711-2172558454-1001 - Administrator - Enabled) => C:\Users\Mike ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: AVG AntiVirus Free Edition (Enabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: AVG AntiVirus Free Edition (Enabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) µTorrent (HKU\S-1-5-21-722469699-1757417711-2172558454-1001\...\uTorrent) (Version: 3.4.5.41202 - BitTorrent Inc.) Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.009.20077 - Adobe Systems Incorporated) Adobe Anchor Service x64 CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden Adobe CMaps x64 CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden Adobe CSI CS4 x64 (Version: 1 - Adobe Systems Incorporated) Hidden Adobe Dreamweaver CS3 (HKLM-x32\...\Adobe_435a6af7459cb02a9c1138113a26e93) (Version: 9.0 - Adobe Systems Incorporated) Adobe Drive CS4 x64 (Version: 1 - Adobe Systems Incorporated) Hidden Adobe Fonts All x64 (Version: 2.0 - Adobe Systems Incorporated) Hidden Adobe Linguistics CS4 x64 (Version: 4.0.0 - Adobe Systems Incorporated) Hidden Adobe PDF Library Files x64 CS4 (Version: 9.0 - Adobe Systems Incorporated) Hidden Adobe Photoshop CS4 (64 Bit) (Version: 11.0 - Adobe Systems Incorporated) Hidden Adobe Photoshop CS4 (HKLM-x32\...\Adobe_faf656ef605427ee2f42989c3ad31b8) (Version: 11.0 - Adobe Systems Incorporated) Adobe Type Support x64 CS4 (Version: 9.0 - Adobe Systems Incorporated) Hidden Adobe WinSoft Linguistics Plugin x64 (Version: 1.1 - Adobe Systems Incorporated) Hidden Aeon (HKLM-x32\...\Aeon) (Version: 2.0.1 - SoundSpectrum) Agatha Christie - Peril at End House (x32 Version: 2.2.0.95 - WildTangent) Hidden AMD Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD) AMD Catalyst Install Manager (HKLM\...\{5E03A267-415E-5383-FA8F-3CE4145663B9}) (Version: 8.0.903.0 - Advanced Micro Devices, Inc.) Application Profiles (HKLM-x32\...\{0CAE2FF0-AFC9-733D-EC3C-04BCB6B3C06F}) (Version: 2.0.4251.33734 - Advanced Micro Devices, Inc.) ATI AVIVO64 Codecs (Version: 11.6.0.10308 - ATI Technologies Inc.) Hidden AVG (Version: 16.7.7227 - AVG Technologies) Hidden AVG 2016 (Version: 16.0.4460 - AVG Technologies) Hidden AVG Protection (HKLM\...\AVG) (Version: 2016.7.7227 - AVG Technologies) Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden Blasterball 3 (x32 Version: 2.2.0.95 - WildTangent) Hidden Bounce Symphony (x32 Version: 2.2.0.95 - WildTangent) Hidden Build-a-Lot - The Elizabethan Era (x32 Version: 2.2.0.95 - WildTangent) Hidden Cake Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden CameraHelperMsi (x32 Version: 13.50.854.0 - Logitech) Hidden Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden Citrix Receiver (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 14.3.0.5014 - Citrix Systems, Inc.) Connect (x32 Version: 1.0.0.1 - Adobe Systems Incorporated) Hidden D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden DHTML Editing Component (HKLM-x32\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation) Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95 - WildTangent) Hidden Dropbox (HKU\S-1-5-21-722469699-1757417711-2172558454-1001\...\Dropbox) (Version: 3.10.11 - Dropbox, Inc.) erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden Farm Frenzy (x32 Version: 2.2.0.95 - WildTangent) Hidden FATE (x32 Version: 2.2.0.95 - WildTangent) Hidden FMW 1 (Version: 1.32.2 - AVG Technologies) Hidden G-Force (HKLM-x32\...\G-Force) (Version: 4.3.2 - SoundSpectrum) GKFX FX - CFDs (HKLM-x32\...\GKFX FX - CFDs) (Version: 4.00 - MetaQuotes Software Corp.) GKFX Spread Trading (HKLM-x32\...\GKFX Spread Trading) (Version: 4.00 - MetaQuotes Software Corp.) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 46.0.2490.86 - Google Inc.) Google Drive (HKLM-x32\...\{9C350701-AC04-48BA-A435-BD5E0D82897E}) (Version: 1.25.0523.2491 - Google, Inc.) Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.1.5 - WildTangent) HP Remote Solution (HKLM-x32\...\HP Remote Solution) (Version: 1.1.14.0 - Hewlett-Packard) HP Setup (HKLM-x32\...\{53469506-A37E-4314-A9D9-38724EC23A75}) (Version: 8.4.4400.3525 - Hewlett-Packard Company) HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.0.12844.3519 - Hewlett-Packard Company) HP Support Assistant (HKLM-x32\...\{61EB474B-67A6-47F4-B1B7-386851BAB3D0}) (Version: 8.1.40.3 - Hewlett-Packard Company) HP Support Information (HKLM-x32\...\{7F2A11F4-EAE8-4325-83EC-E3E99F85169E}) (Version: 10.1.1000 - Hewlett-Packard) HP Support Solutions Framework (HKLM-x32\...\{F6A11738-3EE4-4573-AEA5-6CD5D491C167}) (Version: 12.0.30.219 - Hewlett-Packard Company) HP Update (HKLM-x32\...\{DE77FE3F-A33D-499A-87AD-5FC406617B40}) (Version: 5.002.003.003 - Hewlett-Packard) HP Vision Hardware Diagnostics (HKLM\...\{D79A02E9-6713-4335-9668-AAC7474C0C0E}) (Version: 2.1.6.0 - Hewlett-Packard) iArt 3 (HKLM-x32\...\iArt_is1) (Version: - iPodSoft) Insaniquarium Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden Internet TV for Windows Media Center (HKLM-x32\...\{9D318C86-AF4C-409F-A6AC-7183FF4CF424}) (Version: 4.2.2.0 - Microsoft Corporation) Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation) Jewel Quest II (x32 Version: 2.2.0.95 - WildTangent) Hidden Jewel Quest Solitaire (x32 Version: 2.2.0.95 - WildTangent) Hidden John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden KeePass Password Safe 1.23 (HKLM-x32\...\KeePass Password Safe_is1) (Version: 1.23 - Dominik Reichl) kuler (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden Logitech SetPoint 6.65 (HKLM\...\sp6) (Version: 6.65.62 - Logitech) Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.30 - Logitech Inc.) LWS VideoEffects (Version: 13.30.1379.0 - Logitech) Hidden Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes) Marketmaker Spreadbet Client Live (HKLM-x32\...\Marketmaker Spreadbet Client Live) (Version: 5.0.0.0 - MarketMaker) McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.226.1 - McAfee, Inc.) Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation) Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.5.166.0 - Microsoft Corporation) Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft Office Visio Professional 2003 (HKLM-x32\...\{90510409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation) Microsoft Outlook Social Connector Provider for Facebook 32-bit (HKLM-x32\...\{95140000-007C-0409-0000-0000000FF1CE}) (Version: 14.0.6114.5003 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) Mozilla Firefox 23.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 23.0.1 (x86 en-US)) (Version: 23.0.1 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 23.0.1 - Mozilla) MozyHome (HKLM\...\{81D29D4E-9658-BB63-D879-E6A625C01364}) (Version: 2.28.2.432 - Mozy, Inc.) MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) MySQL Utilities (HKLM-x32\...\{E967FF67-DE28-4BB0-857C-87A825CCF003}) (Version: 1.3.6 - Oracle) MySQL Workbench 6.2 CE (HKLM\...\{B632465A-857D-4FC2-A76E-B1F3693527D8}) (Version: 6.2.4 - Oracle Corporation) NVIDIA Display Control Panel (HKLM\...\NVIDIA Display Control Panel) (Version: 6.14.12.5965 - NVIDIA Corporation) NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.62.40 - NVIDIA Corporation) Online Plug-in (x32 Version: 14.3.0.5014 - Citrix Systems, Inc.) Hidden OpenAL (HKLM-x32\...\OpenAL) (Version: - ) PDF Settings CS4 (x32 Version: 9.0 - Adobe Systems Incorporated) Hidden Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden Photoshop Camera Raw (x32 Version: 5.0 - Adobe Systems Incorporated) Hidden Photoshop Camera Raw_x64 (Version: 5.0 - Adobe Systems Incorporated) Hidden Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.) Plants vs. Zombies (x32 Version: 2.2.0.95 - WildTangent) Hidden PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation) Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden Ralink 802.11n Wireless LAN Card (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 4.0.3.0 - Ralink) Rapport (x32 Version: 3.5.1507.84 - Trusteer) Hidden Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6662 - Realtek Semiconductor Corp.) Recovery Manager (x32 Version: 5.5.3219 - CyberLink Corp.) Hidden Samsung Data Migration (HKLM-x32\...\{D4DE3DB4-7734-47E5-8D92-B80146311406}) (Version: 2.7 - Samsung) Samsung Magician (HKLM-x32\...\{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1) (Version: 4.5.1 - Samsung Electronics) Self-service Plug-in (x32 Version: 4.3.0.8352 - Citrix Systems, Inc.) Hidden Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft) SketchUp 2015 (HKLM\...\{350488A4-1540-4103-8F01-B27503891EB0}) (Version: 15.3.331 - Trimble Navigation Limited) Skype™ 7.13 (HKLM-x32\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.13.101 - Skype Technologies S.A.) Slingo Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden SoftSkies (HKLM-x32\...\SoftSkies) (Version: 1.7 - SoundSpectrum) Suite Shared Configuration CS4 (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden TextPad 6 (HKLM-x32\...\{3F04067F-0DA5-4F48-9A89-6FCFD2A9E040}) (Version: 6.2.2 - Helios) Trusteer Endpoint Protection (HKLM-x32\...\Rapport_msi) (Version: 3.5.1507.84 - Trusteer) Virtual Villagers - The Secret City (x32 Version: 2.2.0.95 - WildTangent) Hidden Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies) Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies) Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies) Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.) VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN) Wedding Dash (x32 Version: 2.2.0.95 - WildTangent) Hidden WinDirStat 1.1.2 (HKU\S-1-5-21-722469699-1757417711-2172558454-1001\...\WinDirStat) (Version: - ) Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation) WinRAR 4.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.01.0 - win.rar GmbH) Winter Wonders (HKLM-x32\...\WinterWonders) (Version: 1.4.1 - SoundSpectrum) Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-722469699-1757417711-2172558454-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Mike\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-722469699-1757417711-2172558454-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Mike\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\FileCoAuth.exe (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-722469699-1757417711-2172558454-1001_Classes\CLSID\{ABECE8A0-FF84-4efb-82AE-9B3181CE097D}\InprocServer32 -> C:\Program Files (x86)\TextPad 6\System\shellext64.dll (Helios Software Solutions) CustomCLSID: HKU\S-1-5-21-722469699-1757417711-2172558454-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Mike\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-722469699-1757417711-2172558454-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mike\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-722469699-1757417711-2172558454-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mike\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-722469699-1757417711-2172558454-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mike\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-722469699-1757417711-2172558454-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mike\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-722469699-1757417711-2172558454-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mike\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-722469699-1757417711-2172558454-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mike\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-722469699-1757417711-2172558454-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mike\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-722469699-1757417711-2172558454-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mike\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-722469699-1757417711-2172558454-1001_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\Mike\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.) ==================== Restore Points ========================= ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 02:34 - 2015-11-08 11:48 - 00442953 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 activate.adobe.com127.0.0.1 www.007guard.com 127.0.0.1 007guard.com 127.0.0.1 008i.com 127.0.0.1 www.008k.com 127.0.0.1 008k.com 127.0.0.1 www.00hq.com 127.0.0.1 00hq.com 127.0.0.1 010402.com 127.0.0.1 www.032439.com 127.0.0.1 032439.com 127.0.0.1 www.0scan.com 127.0.0.1 0scan.com 127.0.0.1 1000gratisproben.com 127.0.0.1 www.1000gratisproben.com 127.0.0.1 1001namen.com 127.0.0.1 www.1001namen.com 127.0.0.1 www.100888290cs.com 127.0.0.1 100888290cs.com 127.0.0.1 100sexlinks.com 127.0.0.1 www.100sexlinks.com 127.0.0.1 www.10sek.com 127.0.0.1 10sek.com 127.0.0.1 1-2005-search.com 127.0.0.1 www.1-2005-search.com 127.0.0.1 www.123fporn.info 127.0.0.1 123fporn.info 127.0.0.1 www.123haustiereundmehr.com 127.0.0.1 123haustiereundmehr.com 127.0.0.1 www.123moviedownload.com 127.0.0.1 123moviedownload.com There are 15208 more lines. ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {00CDF12F-0521-4ADC-BC53-B40332E7DCC4} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated) Task: {0DD91829-F972-4ACF-AC00-C1DAE452E64E} - System32\Tasks\{D835536D-3081-4DDE-A671-C34ADF3B860E} => pcalua.exe -a "C:\Program Files (x86)\NetBeans 7.4\uninstall.exe" Task: {12A8E817-2BD4-4F52-95C6-5D872018899E} - System32\Tasks\HPCeeScheduleForMike => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard) Task: {180219FD-1BAE-46F9-9C81-B51C6FD73ABF} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2015-07-08] (Microsoft Corporation) Task: {1A1F26A7-8A4D-496F-8514-CCC655B2354D} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION Task: {1ACCFC68-FFCB-47B3-8085-D9F594CA6DEA} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION Task: {21696658-F88B-4919-AF7E-8F8C3CF87F7F} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION Task: {2E0313AA-A10C-4404-AC5E-E9655D66D9D0} - System32\Tasks\0615avUpdateInfo => C:\ProgramData\Avg_Update_0615av\0615av_AVG-Secure-Search-Update.exe [2015-05-07] () Task: {2FFEA115-9D99-4969-B901-51A8485A3501} - System32\Tasks\Microsoft\Windows\Media Center\Extender\Update media permissions for Mcx1-MIKE-HP => C:\Windows\ehome\McxTask.exe Task: {3014FA25-9EE4-4DFD-9E9F-B32DDCED0E64} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.) Task: {321B3EF7-6E06-4E6D-BACB-F784860B5623} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION Task: {35A0433B-12A7-4462-BFFA-74ACC8FE757B} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION Task: {3D4968F0-7FEE-4D84-A528-B483020DA837} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe Task: {3F4B416D-31E1-41FB-BA8F-9EFBDD37C19A} - System32\Tasks\ServicePlan => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2010-09-27] () Task: {4AF4FA0B-D6EA-4457-AFEE-3970CB682FFA} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2015-09-28] (Hewlett-Packard Company) Task: {4BFCCB0A-D2ED-47B9-B782-A58E8ED61DC1} - System32\Tasks\SamsungMagician => C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe [2014-09-28] (Samsung Electronics.) Task: {4EE8B174-09A4-46F7-89C7-DB6C6FE26C8D} - System32\Tasks\{B5B8F61C-A41A-4546-9B5F-19F0E8F3EF8A} => pcalua.exe -a "C:\Program Files (x86)\GKFX FX - CFDs\Uninstall.exe" Task: {59BDED96-0B64-412E-BE99-DCE65F344217} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-722469699-1757417711-2172558454-1001UA => C:\Users\Mike\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-19] (Dropbox, Inc.) Task: {6DD68955-BD1A-47BB-AB06-B0A9D2DEF1BB} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION Task: {71F11B36-BA51-4831-B936-6E6BC1B77E06} - System32\Tasks\{D46D87B8-8C8A-4D25-B5A9-35AE0C41E5D6} => pcalua.exe -a "C:\Program Files (x86)\Marketmaker\Spreadbet Client Live\UninstallerData\Uninstall Marketmaker Spreadbet Client Live.exe" Task: {7CE015FB-5F05-4880-92FE-92448D1DA8DA} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2015-09-28] (Hewlett-Packard Company) Task: {7CE450B3-F6AB-4316-A209-1C36A43A49B9} - System32\Tasks\{48259BB4-B976-469B-8B55-0A385CBCF8C4} => pcalua.exe -a "C:\Users\Mike\Temp\Office XP Premium.exe" -d C:\Users\Mike\Temp Task: {84D9761B-A17F-4300-BFD8-239CBB3D9114} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe Task: {8C80E1F5-4D41-4465-A1F5-F786188D06E4} - System32\Tasks\ROC_REG_JAN_DELETE => C:\ProgramData\AVG January 2013 Campaign\ROC.exe [2013-01-17] () Task: {9A5ECA70-898F-42A3-9C8B-542A966F76A2} - System32\Tasks\{BC444172-5895-4D29-9FAE-38C92D256289} => c:\windows\system32\launchwinapp.exe [2015-07-10] (Microsoft Corporation) Task: {A0C30E06-11FA-432E-BA10-658BAFBAEDC4} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-11-10] (Microsoft Corporation) Task: {B3E92B3D-6FB4-4D33-B533-7BB2B1BC79EC} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Active Health Launcher => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2015-11-04] (Hewlett-Packard) Task: {B77206C4-25F7-4943-88A4-FAAD2D010C92} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2015-07-08] (Microsoft Corporation) Task: {BBEF4C42-DFF2-49D2-8B61-960A4DDE838A} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2015-07-08] (Microsoft Corporation) Task: {BD9AE099-3762-4F54-A086-3155D3E33E7E} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION Task: {C53CA5F9-69DF-4F10-A23F-B2F029D8BEFB} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION Task: {D0723A28-BC7E-4241-8C26-24F1E1BFE036} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2015-07-08] (Microsoft Corporation) Task: {D9A3EEF3-2EC9-4744-9BFC-5342646EFC21} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION Task: {DB34597C-F7EE-41F1-9AD6-E288FB1E9E51} - System32\Tasks\0715avUpdateInfo => C:\ProgramData\Avg_Update_0715av\0715av_AVG-Secure-Search-Update.exe [2015-07-07] () Task: {E11364BB-9357-4B2E-A54F-B86C31649007} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.) Task: {E20D85A9-0BFB-4185-A49B-40455C19ECEA} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2015-09-28] (Hewlett-Packard) Task: {E9B5BDCF-E399-4D6B-8DD0-419EB2B54C35} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2015-11-04] (Hewlett-Packard) Task: {EC1D1384-F9F9-4725-996A-76C542C14956} - System32\Tasks\SidebarExecute => C:\Program Files\Windows Sidebar\sidebar.exe Task: {EC77BCB9-AA00-4FBE-8B26-10DEEEA080D1} - System32\Tasks\{A188D684-4A1E-4C50-A6EE-1E7FE91C2BB3} => pcalua.exe -a "C:\Users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E22HM887\Spreadbet_MM5_Installer[1].exe" -d C:\Users\Mike\Desktop Task: {ED98C0BF-60C1-4CFF-9304-F6659A6FF737} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION Task: {F50131DB-9C71-49C0-8B92-2F1F0CA70DAA} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-722469699-1757417711-2172558454-1001Core => C:\Users\Mike\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-19] (Dropbox, Inc.) Task: {FB1A93F7-18B2-4896-BCF5-F49D4DE7B1E3} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2015-07-08] (Microsoft) Task: {FBFE5201-88E9-4694-87D6-7B71EE275920} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\0615avUpdateInfo.job => C:\ProgramData\Avg_Update_0615av\0615av_AVG-Secure-Search-Update.exe Task: C:\Windows\Tasks\0715avUpdateInfo.job => C:\ProgramData\Avg_Update_0715av\0715av_AVG-Secure-Search-Update.exe Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-722469699-1757417711-2172558454-1001Core.job => C:\Users\Mike\AppData\Local\Dropbox\Update\DropboxUpdate.exe Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-722469699-1757417711-2172558454-1001UA.job => C:\Users\Mike\AppData\Local\Dropbox\Update\DropboxUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\HPCeeScheduleForMike.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe Task: C:\Windows\Tasks\ROC_REG_JAN_DELETE.job => C:\ProgramData\AVG January 2013 Campaign\ROC.exe ==================== Loaded Modules (Whitelisted) ============== 2015-07-10 03:33 - 2015-07-10 03:33 - 00028160 _____ () C:\Windows\SYSTEM32\efsext.dll 2015-09-10 05:08 - 2015-09-10 05:08 - 00032768 _____ () C:\Windows\SYSTEM32\licensemanagerapi.dll 2015-09-10 05:08 - 2015-09-10 05:08 - 00404480 _____ () C:\Windows\System32\diagtrack_wininternal.dll 2015-08-21 21:09 - 2015-08-21 21:09 - 00127488 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll 2015-10-02 22:30 - 2015-09-17 06:48 - 02494712 _____ () C:\Windows\system32\CoreUIComponents.dll 2015-10-02 22:30 - 2015-09-17 06:48 - 02494712 _____ () C:\Windows\System32\CoreUIComponents.dll 2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF 2010-10-20 14:23 - 2010-10-20 14:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll 2015-10-02 22:30 - 2015-09-17 05:43 - 02028544 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RulesService.dll 2015-10-02 22:29 - 2015-09-17 05:42 - 00471040 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll 2015-10-02 22:29 - 2015-09-17 05:42 - 00619008 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SignalsManager.dll 2015-10-02 22:29 - 2015-09-17 05:43 - 00928768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RulesBackgroundTasks.dll 2015-10-02 22:29 - 2015-09-17 05:42 - 01808384 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll 2015-10-02 22:29 - 2015-09-17 05:48 - 00429056 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll 2015-10-02 22:30 - 2015-09-17 05:44 - 06569472 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll 2015-10-02 22:29 - 2015-09-17 05:49 - 00884736 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll 2015-10-02 22:30 - 2015-09-17 05:43 - 02274816 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll 2015-08-21 21:09 - 2015-08-21 21:09 - 00102400 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll 2011-11-11 14:07 - 2011-11-11 14:07 - 00265240 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe 2011-08-12 12:19 - 2011-08-12 12:19 - 00680984 _____ () C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe 2015-07-21 16:02 - 2015-07-21 16:02 - 00557056 _____ () C:\Program Files (x86)\Trusteer\Rapport\bin\js32.dll 2015-11-18 20:21 - 2015-11-18 20:21 - 00098816 _____ () C:\Users\Mike\AppData\Local\Temp\_MEI79682\win32api.pyd 2015-11-18 20:21 - 2015-11-18 20:21 - 00110080 _____ () C:\Users\Mike\AppData\Local\Temp\_MEI79682\pywintypes27.dll 2015-11-18 20:21 - 2015-11-18 20:21 - 00364544 _____ () C:\Users\Mike\AppData\Local\Temp\_MEI79682\pythoncom27.dll 2015-11-18 20:21 - 2015-11-18 20:21 - 00046080 _____ () C:\Users\Mike\AppData\Local\Temp\_MEI79682\_socket.pyd 2015-11-18 20:21 - 2015-11-18 20:21 - 01208320 _____ () C:\Users\Mike\AppData\Local\Temp\_MEI79682\_ssl.pyd 2015-11-18 20:21 - 2015-11-18 20:21 - 00320512 _____ () C:\Users\Mike\AppData\Local\Temp\_MEI79682\win32com.shell.shell.pyd 2015-11-18 20:21 - 2015-11-18 20:21 - 00776704 _____ () C:\Users\Mike\AppData\Local\Temp\_MEI79682\_hashlib.pyd 2015-11-18 20:21 - 2015-11-18 20:21 - 01176576 _____ () C:\Users\Mike\AppData\Local\Temp\_MEI79682\wx._core_.pyd 2015-11-18 20:21 - 2015-11-18 20:21 - 00806400 _____ () C:\Users\Mike\AppData\Local\Temp\_MEI79682\wx._gdi_.pyd 2015-11-18 20:21 - 2015-11-18 20:21 - 00816128 _____ () C:\Users\Mike\AppData\Local\Temp\_MEI79682\wx._windows_.pyd 2015-11-18 20:21 - 2015-11-18 20:21 - 01067008 _____ () C:\Users\Mike\AppData\Local\Temp\_MEI79682\wx._controls_.pyd 2015-11-18 20:21 - 2015-11-18 20:21 - 00733184 _____ () C:\Users\Mike\AppData\Local\Temp\_MEI79682\wx._misc_.pyd 2015-11-18 20:21 - 2015-11-18 20:21 - 00682496 _____ () C:\Users\Mike\AppData\Local\Temp\_MEI79682\pysqlite2._sqlite.pyd 2015-11-18 20:21 - 2015-11-18 20:21 - 00088064 _____ () C:\Users\Mike\AppData\Local\Temp\_MEI79682\_ctypes.pyd 2015-11-18 20:21 - 2015-11-18 20:21 - 00119808 _____ () C:\Users\Mike\AppData\Local\Temp\_MEI79682\win32file.pyd 2015-11-18 20:21 - 2015-11-18 20:21 - 00108544 _____ () C:\Users\Mike\AppData\Local\Temp\_MEI79682\win32security.pyd 2015-11-18 20:21 - 2015-11-18 20:21 - 00007168 _____ () C:\Users\Mike\AppData\Local\Temp\_MEI79682\hashobjs_ext.pyd 2015-11-18 20:21 - 2015-11-18 20:21 - 00070144 _____ () C:\Users\Mike\AppData\Local\Temp\_MEI79682\usb_ext.pyd 2015-11-18 20:21 - 2015-11-18 20:21 - 00167936 _____ () C:\Users\Mike\AppData\Local\Temp\_MEI79682\win32gui.pyd 2015-11-18 20:21 - 2015-11-18 20:21 - 00018432 _____ () C:\Users\Mike\AppData\Local\Temp\_MEI79682\win32event.pyd 2015-11-18 20:21 - 2015-11-18 20:21 - 00128512 _____ () C:\Users\Mike\AppData\Local\Temp\_MEI79682\_elementtree.pyd 2015-11-18 20:21 - 2015-11-18 20:21 - 00127488 _____ () C:\Users\Mike\AppData\Local\Temp\_MEI79682\pyexpat.pyd 2015-11-18 20:21 - 2015-11-18 20:21 - 00013824 _____ () C:\Users\Mike\AppData\Local\Temp\_MEI79682\common.time34.pyd 2015-11-18 20:21 - 2015-11-18 20:21 - 00036864 _____ () C:\Users\Mike\AppData\Local\Temp\_MEI79682\_psutil_windows.pyd 2015-11-18 20:21 - 2015-11-18 20:21 - 00038912 _____ () C:\Users\Mike\AppData\Local\Temp\_MEI79682\win32inet.pyd 2015-11-18 20:21 - 2015-11-18 20:21 - 00011264 _____ () C:\Users\Mike\AppData\Local\Temp\_MEI79682\win32crypt.pyd 2015-11-18 20:21 - 2015-11-18 20:21 - 00077312 _____ () C:\Users\Mike\AppData\Local\Temp\_MEI79682\wx._html2.pyd 2015-11-18 20:21 - 2015-11-18 20:21 - 00027136 _____ () C:\Users\Mike\AppData\Local\Temp\_MEI79682\_multiprocessing.pyd 2015-11-18 20:21 - 2015-11-18 20:21 - 00020480 _____ () C:\Users\Mike\AppData\Local\Temp\_MEI79682\_yappi.pyd 2015-11-18 20:21 - 2015-11-18 20:21 - 00035840 _____ () C:\Users\Mike\AppData\Local\Temp\_MEI79682\win32process.pyd 2015-11-18 20:21 - 2015-11-18 20:21 - 00686080 _____ () C:\Users\Mike\AppData\Local\Temp\_MEI79682\unicodedata.pyd 2015-11-18 20:21 - 2015-11-18 20:21 - 00123392 _____ () C:\Users\Mike\AppData\Local\Temp\_MEI79682\wx._wizard.pyd 2015-11-18 20:21 - 2015-11-18 20:21 - 00024064 _____ () C:\Users\Mike\AppData\Local\Temp\_MEI79682\win32pipe.pyd 2015-11-18 20:21 - 2015-11-18 20:21 - 00010240 _____ () C:\Users\Mike\AppData\Local\Temp\_MEI79682\select.pyd 2015-11-18 20:21 - 2015-11-18 20:21 - 00025600 _____ () C:\Users\Mike\AppData\Local\Temp\_MEI79682\win32pdh.pyd 2015-11-18 20:21 - 2015-11-18 20:21 - 00525640 _____ () C:\Users\Mike\AppData\Local\Temp\_MEI79682\windows._lib_cacheinvalidation.pyd 2015-11-18 20:21 - 2015-11-18 20:21 - 00017408 _____ () C:\Users\Mike\AppData\Local\Temp\_MEI79682\win32profile.pyd 2015-11-18 20:21 - 2015-11-18 20:21 - 00022528 _____ () C:\Users\Mike\AppData\Local\Temp\_MEI79682\win32ts.pyd 2015-11-18 20:21 - 2015-11-18 20:21 - 00078848 _____ () C:\Users\Mike\AppData\Local\Temp\_MEI79682\wx._animate.pyd 2015-11-10 20:40 - 2015-11-07 04:36 - 01532744 _____ () C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.86\libglesv2.dll 2015-11-10 20:40 - 2015-11-07 04:36 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.86\libegl.dll 2015-10-02 22:04 - 2015-11-04 23:44 - 00166416 _____ () C:\Users\Mike\AppData\Roaming\Dropbox\bin\EnterpriseDataAdapter.dll 2015-11-18 20:21 - 2015-11-18 20:21 - 00071168 _____ () c:\users\mike\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp1mtwow.dll 2015-03-04 21:45 - 2015-09-03 00:11 - 00012800 _____ () C:\Users\Mike\AppData\Roaming\Dropbox\bin\QtQuick.2\qtquick2plugin.dll 2015-07-31 19:27 - 2015-09-03 00:11 - 00779776 _____ () C:\Users\Mike\AppData\Roaming\Dropbox\bin\QtQuick\Controls\qtquickcontrolsplugin.dll 2015-07-31 19:27 - 2015-09-03 00:11 - 00056320 _____ () C:\Users\Mike\AppData\Roaming\Dropbox\bin\QtQuick\Layouts\qquicklayoutsplugin.dll 2015-03-04 21:45 - 2015-09-03 00:11 - 00012288 _____ () C:\Users\Mike\AppData\Roaming\Dropbox\bin\QtQuick\Window.2\windowplugin.dll 2011-08-12 12:18 - 2011-08-12 12:18 - 02145304 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtCore4.dll 2011-08-12 12:18 - 2011-08-12 12:18 - 07956504 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtGui4.dll 2011-08-12 12:18 - 2011-08-12 12:18 - 00342552 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtXml4.dll 2011-08-12 12:18 - 2011-08-12 12:18 - 00029208 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QGif4.dll 2011-08-12 12:18 - 2011-08-12 12:18 - 00128536 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QJpeg4.dll 2012-07-23 15:10 - 2012-07-23 15:10 - 00336232 _____ () C:\Program Files (x86)\Common Files\logishrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll 2015-10-27 09:33 - 2015-10-27 09:33 - 40500224 _____ () C:\Program Files (x86)\AVG\UiDll\2171\libcef.dll 2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf 2013-02-14 14:46 - 2013-02-14 14:46 - 01044048 _____ () C:\Program Files (x86)\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll 2015-11-10 20:40 - 2015-11-07 04:36 - 16496456 _____ () C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.86\PepperFlash\pepflashplayer.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`26hfm ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) IE trusted site: HKU\S-1-5-21-722469699-1757417711-2172558454-1001\...\accenture.com -> accenture.com IE trusted site: HKU\S-1-5-21-722469699-1757417711-2172558454-1001\...\db.com -> db.com IE trusted site: HKU\S-1-5-21-722469699-1757417711-2172558454-1001\...\rbc.com -> hxxps://rbc.com IE restricted site: HKU\S-1-5-21-722469699-1757417711-2172558454-1001\...\007guard.com -> install.007guard.com IE restricted site: HKU\S-1-5-21-722469699-1757417711-2172558454-1001\...\008i.com -> 008i.com IE restricted site: HKU\S-1-5-21-722469699-1757417711-2172558454-1001\...\008k.com -> www.008k.com IE restricted site: HKU\S-1-5-21-722469699-1757417711-2172558454-1001\...\00hq.com -> www.00hq.com IE restricted site: HKU\S-1-5-21-722469699-1757417711-2172558454-1001\...\010402.com -> 010402.com IE restricted site: HKU\S-1-5-21-722469699-1757417711-2172558454-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com IE restricted site: HKU\S-1-5-21-722469699-1757417711-2172558454-1001\...\0scan.com -> www.0scan.com IE restricted site: HKU\S-1-5-21-722469699-1757417711-2172558454-1001\...\1-2005-search.com -> www.1-2005-search.com IE restricted site: HKU\S-1-5-21-722469699-1757417711-2172558454-1001\...\1-domains-registrations.com -> www.1-domains-registrations.com IE restricted site: HKU\S-1-5-21-722469699-1757417711-2172558454-1001\...\1000gratisproben.com -> www.1000gratisproben.com IE restricted site: HKU\S-1-5-21-722469699-1757417711-2172558454-1001\...\1001namen.com -> www.1001namen.com IE restricted site: HKU\S-1-5-21-722469699-1757417711-2172558454-1001\...\100888290cs.com -> mir.100888290cs.com IE restricted site: HKU\S-1-5-21-722469699-1757417711-2172558454-1001\...\100sexlinks.com -> www.100sexlinks.com IE restricted site: HKU\S-1-5-21-722469699-1757417711-2172558454-1001\...\10sek.com -> www.10sek.com IE restricted site: HKU\S-1-5-21-722469699-1757417711-2172558454-1001\...\12-26.net -> user1.12-26.net IE restricted site: HKU\S-1-5-21-722469699-1757417711-2172558454-1001\...\12-27.net -> user1.12-27.net IE restricted site: HKU\S-1-5-21-722469699-1757417711-2172558454-1001\...\123fporn.info -> www.123fporn.info IE restricted site: HKU\S-1-5-21-722469699-1757417711-2172558454-1001\...\123haustiereundmehr.com -> www.123haustiereundmehr.com IE restricted site: HKU\S-1-5-21-722469699-1757417711-2172558454-1001\...\123moviedownload.com -> www.123moviedownload.com IE restricted site: HKU\S-1-5-21-722469699-1757417711-2172558454-1001\...\123simsen.com -> www.123simsen.com There are 7752 more sites. ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-722469699-1757417711-2172558454-1001\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\windows\img0.jpg DNS Servers: 192.168.0.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) HKU\S-1-5-21-722469699-1757417711-2172558454-1001\...\StartupApproved\Run: => "SpybotPostWindows10UpgradeReInstall" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139 FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) LPort=808 FirewallRules: [{228E2620-F931-4C19-A81A-D1A5209EDDA5}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe FirewallRules: [uDP Query User{48CEEBC0-4B69-4502-AB86-563A851237E2}C:\users\mike\appdata\roaming\utorrent\updates\3.4.3_40760.exe] => (Allow) C:\users\mike\appdata\roaming\utorrent\updates\3.4.3_40760.exe FirewallRules: [TCP Query User{DD779CEA-B6A6-4B35-A9B5-D3F3FA36AC58}C:\users\mike\appdata\roaming\utorrent\updates\3.4.3_40760.exe] => (Allow) C:\users\mike\appdata\roaming\utorrent\updates\3.4.3_40760.exe FirewallRules: [{354B97BC-8708-470A-8343-F80D38C5E618}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe FirewallRules: [{1EF68692-81A2-44DD-8592-B01099EE85F2}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe FirewallRules: [{14FA11EF-B0F9-489F-95F8-524668BAABB6}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe FirewallRules: [{C03AD3BE-EFDD-41B2-B462-66ADB9C7D859}] => (Allow) C:\Windows\SysWOW64\muzapp.exe FirewallRules: [{E348C814-B338-4F82-874E-C42E885A08EC}] => (Allow) C:\Windows\SysWOW64\muzapp.exe FirewallRules: [{CD9FFC2C-0E18-4B89-8268-4BF195D4EB2E}] => (Allow) C:\Users\Mike\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{4E8ADD4B-1D92-4AEC-89A6-44D2445701BE}] => (Allow) C:\Users\Mike\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [uDP Query User{25335BB2-9136-47CB-9E77-E3F6D07DDAD1}C:\program files (x86)\adobe\adobe dreamweaver cs3\dreamweaver.exe] => (Allow) C:\program files (x86)\adobe\adobe dreamweaver cs3\dreamweaver.exe FirewallRules: [TCP Query User{7EC07B15-ADF4-403D-81F7-329164C7EBEE}C:\program files (x86)\adobe\adobe dreamweaver cs3\dreamweaver.exe] => (Allow) C:\program files (x86)\adobe\adobe dreamweaver cs3\dreamweaver.exe FirewallRules: [{77B27754-1571-4C34-9AA7-A618809D7A96}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe FirewallRules: [{CCC3CC5D-7429-483C-A44B-C9F86AF24813}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe FirewallRules: [uDP Query User{13872800-09BF-4FF1-9941-891D6FA3DDC8}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe FirewallRules: [TCP Query User{DD613504-8B72-4F54-9FC1-FF4A602DDF81}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe FirewallRules: [{A740D959-5758-40F7-B435-625F18E3005A}] => (Allow) C:\Program Files (x86)\Ralink\Common\RaMediaServer.exe FirewallRules: [{ACB95E7C-128D-4C0E-9024-00ECFBEDD65D}] => (Allow) C:\Program Files (x86)\Ralink\Common\RaMediaServer.exe FirewallRules: [uDP Query User{295ECDE6-D010-4160-9B20-579BF20A3297}C:\users\mike\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\mike\appdata\roaming\dropbox\bin\dropbox.exe FirewallRules: [TCP Query User{A4BE6F2B-6C32-41B1-87EF-C8B86CB8105B}C:\users\mike\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\mike\appdata\roaming\dropbox\bin\dropbox.exe FirewallRules: [{277B4EA4-F28F-4E3F-A86C-3CA070082FBA}] => (Allow) C:\Users\Mike\AppData\Roaming\Dropbox\bin\Dropbox.exe FirewallRules: [{9251989C-AB71-4593-9685-7BE9CD17E234}] => (Allow) C:\Users\Mike\AppData\Roaming\Dropbox\bin\Dropbox.exe FirewallRules: [{64A2AD44-EF28-4AFC-8565-0E591679C360}] => (Allow) C:\Windows\SysWOW64\muzapp.exe FirewallRules: [{AD6EBA58-0232-45DF-9884-724AB6EFC867}] => (Allow) C:\Windows\SysWOW64\muzapp.exe FirewallRules: [{7A4F1F23-5AFE-4E5B-947D-AAC0297AED3B}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgmfapx.exe FirewallRules: [{E57F9B8A-775D-4286-B6DE-9AD1EC0FC9C3}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgmfapx.exe FirewallRules: [uDP Query User{5764C312-BBD2-4137-A2DC-BD28A2EC7B3F}C:\program files (x86)\internet explorer\iexplore.exe] => (Allow) C:\program files (x86)\internet explorer\iexplore.exe FirewallRules: [TCP Query User{F3761E11-8FBF-4818-8766-360DFB359BC9}C:\program files (x86)\internet explorer\iexplore.exe] => (Allow) C:\program files (x86)\internet explorer\iexplore.exe FirewallRules: [{70966FBB-729F-4250-B12B-45D162972BAD}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{FD911875-5535-49D2-AF9A-89EDE287933D}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [uDP Query User{A4DB60BE-EFB1-46B5-B715-985855C5A3E5}C:\program files (x86)\intercasinoenglishgbp\casino.exe] => (Allow) C:\program files (x86)\intercasinoenglishgbp\casino.exe FirewallRules: [TCP Query User{35309002-46E0-419A-AA4D-8F60E2E8EADE}C:\program files (x86)\intercasinoenglishgbp\casino.exe] => (Allow) C:\program files (x86)\intercasinoenglishgbp\casino.exe FirewallRules: [uDP Query User{99064ADC-6D58-462A-A1C5-D50459718BEA}C:\program files (x86)\adobe\adobe dreamweaver cs3\dreamweaver.exe] => (Allow) C:\program files (x86)\adobe\adobe dreamweaver cs3\dreamweaver.exe FirewallRules: [TCP Query User{CC3A972A-92C6-4FF8-909C-3CE631A3EF6D}C:\program files (x86)\adobe\adobe dreamweaver cs3\dreamweaver.exe] => (Allow) C:\program files (x86)\adobe\adobe dreamweaver cs3\dreamweaver.exe FirewallRules: [{606C1293-CD2F-46F8-8807-497C963ACBFB}] => (Allow) C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe FirewallRules: [{BD9A108A-68F9-4204-9517-B45C73A4D0B8}] => (Allow) C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe FirewallRules: [{5A36D1D2-7CF8-4F17-B7EB-0D0A27B89B8E}] => (Allow) LPort=5353 FirewallRules: [{8C183A0F-770C-40AD-9F35-AD067A481BDA}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgmfapx.exe FirewallRules: [{08EB5E65-998D-40E1-8C3E-68D25F732286}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgmfapx.exe FirewallRules: [{B8F21BF9-DA0B-4C16-B5F7-F91BE9F9D9A3}] => (Allow) LPort=7000 FirewallRules: [{D14CC844-1DEF-45FE-8417-3C51848F1D85}] => (Allow) LPort=7000 FirewallRules: [{EA74F949-B292-4E48-9024-1BF085C83A88}] => (Allow) C:\Windows\System32\migwiz\migwiz.exe FirewallRules: [{BCB8A661-BF1B-4312-B0DE-09DF9ECE5AB2}] => (Allow) C:\Windows\System32\migwiz\migwiz.exe FirewallRules: [{DC30DEAF-ECB2-41E6-BEC2-476221C889C9}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe FirewallRules: [{EE9D132C-A405-43A0-B797-92BABE533CA9}] => (Allow) LPort=1900 FirewallRules: [{E021195F-33F0-4BCF-B41B-B1D27C167196}] => (Allow) LPort=2869 FirewallRules: [{2251B964-8714-4486-9BA4-D039B562FCEC}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe FirewallRules: [{D3B6033F-AA79-4397-985C-6860F44E164C}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe FirewallRules: [{8B2E6D73-F22C-4032-BA59-C4D7B8951296}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe FirewallRules: [{7C5E142F-A1C5-45E6-ABAF-4CE119A9661E}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe FirewallRules: [{76974AB2-EF93-4405-BED5-5C49D52D7E65}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe FirewallRules: [{8189FAC6-C3CC-4AB1-B56B-A06AE922108B}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe FirewallRules: [{347FFA47-3718-426C-AB8B-FF8062CA16FB}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe FirewallRules: [{C95FC893-EF36-4678-BF8A-BED73C2D4EF3}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe FirewallRules: [{6D31C57F-72BD-4440-B86C-0FFC6AA67FF5}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe FirewallRules: [{5F5FAE7C-FED0-4F71-8744-48D716BF6B40}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (11/18/2015 08:27:43 PM) (Source: HP Active Health) (EventID: 2200) (User: ) Description: Agent DriverCrash threw an exception: System.IndexOutOfRangeException: Index was outside the bounds of the array. at HP.ActiveHealth.Agents.DriverCrash.DriverCrashAgent.ParseMinidump(FileInfo minidumpFile) at HP.ActiveHealth.Agents.DriverCrash.DriverCrashAgent.CollectNewDataClasses(FileInfo agentStateFile, IDataClassCollector dataClassColector) at HP.ActiveHealth.API.DataGeneration.AgentRunner.QueryAgentDelegate(Object agentObj) Error: (11/18/2015 08:25:12 PM) (Source: HP Active Health) (EventID: 2200) (User: ) Description: Agent DriverCrash threw an exception: System.IndexOutOfRangeException: Index was outside the bounds of the array. at HP.ActiveHealth.Agents.DriverCrash.DriverCrashAgent.ParseMinidump(FileInfo minidumpFile) at HP.ActiveHealth.Agents.DriverCrash.DriverCrashAgent.CollectNewDataClasses(FileInfo agentStateFile, IDataClassCollector dataClassColector) at HP.ActiveHealth.API.DataGeneration.AgentRunner.QueryAgentDelegate(Object agentObj) Error: (11/17/2015 11:25:07 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: MIKE-HP) Description: Activation of application Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information. Error: (11/17/2015 10:40:30 AM) (Source: HP Active Health) (EventID: 2200) (User: ) Description: Agent DriverCrash threw an exception: System.IndexOutOfRangeException: Index was outside the bounds of the array. at HP.ActiveHealth.Agents.DriverCrash.DriverCrashAgent.ParseMinidump(FileInfo minidumpFile) at HP.ActiveHealth.Agents.DriverCrash.DriverCrashAgent.CollectNewDataClasses(FileInfo agentStateFile, IDataClassCollector dataClassColector) at HP.ActiveHealth.API.DataGeneration.AgentRunner.QueryAgentDelegate(Object agentObj) Error: (11/17/2015 08:25:56 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol. System Error: Access is denied. . Error: (11/17/2015 08:06:22 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program chrome.exe version 46.0.2490.86 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel. Process ID: 319c Start Time: 01d11fd42a4fed5d Termination Time: 21 Application Path: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe Report Id: 1323906a-8d02-11e5-8d85-643150274464 Faulting package full name: Faulting package-relative application ID: Error: (11/17/2015 00:00:41 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: MIKE-HP) Description: Activation of application Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2147023170 See the Microsoft-Windows-TWinUI/Operational log for additional information. Error: (11/16/2015 11:11:31 PM) (Source: HP Active Health) (EventID: 2200) (User: ) Description: Agent DriverCrash threw an exception: System.IndexOutOfRangeException: Index was outside the bounds of the array. at HP.ActiveHealth.Agents.DriverCrash.DriverCrashAgent.ParseMinidump(FileInfo minidumpFile) at HP.ActiveHealth.Agents.DriverCrash.DriverCrashAgent.CollectNewDataClasses(FileInfo agentStateFile, IDataClassCollector dataClassColector) at HP.ActiveHealth.API.DataGeneration.AgentRunner.QueryAgentDelegate(Object agentObj) Error: (11/16/2015 11:00:33 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Mike-HP) Description: Activation of application Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!App failed with error: -2147024891 See the Microsoft-Windows-TWinUI/Operational log for additional information. Error: (11/16/2015 10:54:59 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Mike-HP) Description: Activation of application Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!App failed with error: -2147024891 See the Microsoft-Windows-TWinUI/Operational log for additional information. System errors: ============= Error: (11/18/2015 08:32:01 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY) Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 40. Error: (11/18/2015 08:32:01 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY) Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 40. Error: (11/18/2015 08:22:00 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable Error: (11/18/2015 08:20:40 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Net.Tcp Listener Adapter service depends on the Net.Tcp Port Sharing Service service which failed to start because of the following error: %%1058 Error: (11/18/2015 08:20:37 PM) (Source: BugCheck) (EventID: 1001) (User: ) Description: 0x0000001a (0x0000000000005003, 0xfffff58010804000, 0x0000000000001121, 0x00007ffeabb06009)C:\Windows\Minidump\111815-18906-01.dmp111815-18906-01 Error: (11/18/2015 08:20:36 PM) (Source: EventLog) (EventID: 6008) (User: ) Description: The previous system shutdown at 8:19:14 PM on ‎11/‎18/‎2015 was unexpected. Error: (11/18/2015 08:09:06 PM) (Source: DCOM) (EventID: 10016) (User: Mike-HP) Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}Mike-HPEliS-1-5-21-722469699-1757417711-2172558454-1003LocalHost (Using LRPC)UnavailableUnavailable Error: (11/18/2015 08:08:40 PM) (Source: DCOM) (EventID: 10016) (User: Mike-HP) Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}Mike-HPEliS-1-5-21-722469699-1757417711-2172558454-1003LocalHost (Using LRPC)UnavailableUnavailable Error: (11/18/2015 08:08:40 PM) (Source: DCOM) (EventID: 10016) (User: Mike-HP) Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}Mike-HPEliS-1-5-21-722469699-1757417711-2172558454-1003LocalHost (Using LRPC)UnavailableUnavailable Error: (11/18/2015 08:08:39 PM) (Source: DCOM) (EventID: 10016) (User: Mike-HP) Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}Mike-HPEliS-1-5-21-722469699-1757417711-2172558454-1003LocalHost (Using LRPC)UnavailableUnavailable CodeIntegrity: =================================== Date: 2015-11-18 20:37:24.128 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagent.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-11-18 20:37:24.106 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagent.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-11-18 20:21:36.095 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagent.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-11-18 20:21:36.035 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagent.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-11-18 20:21:35.542 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagent.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-11-18 20:21:35.377 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagent.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-11-18 20:21:34.631 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagent.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-11-18 20:21:34.562 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagent.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-11-17 22:15:40.362 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagent.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-11-17 22:15:40.340 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagent.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements. ==================== Memory info =========================== Processor: AMD Phenom II X4 830 Processor Percentage of memory in use: 54% Total physical RAM: 8191.27 MB Available physical RAM: 3709.33 MB Total Virtual: 10047.27 MB Available Virtual: 5168.08 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:214.32 GB) (Free:88.06 GB) NTFS Drive g: (LargerFiles) (Fixed) (Total:918.07 GB) (Free:740.78 GB) NTFS Drive h: (HPRecovery) (Fixed) (Total:18.46 GB) (Free:7.11 GB) NTFS ==>[system with boot components (obtained from drive)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 931.5 GB) (Disk ID: D46604E9) Partition 1: (Not Active) - (Size=918.1 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=450 MB) - (Type=27) ======================================================== Disk: 1 (Size: 232.9 GB) (Disk ID: 901E8745) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=214.3 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=18.5 GB) - (Type=07 NTFS) ==================== End of Addition.txt ============================
  16. Ever since I migrated to Windows 10 I have had a virus. I've tried everything to remove it, including full scans with AVG and Malwarebytes but it keeps coming back. AVG detects it as Trojan Horse php/Backdoor.cz and HTML/Framer Would be great if anyone can help me? Its driving me crazy. Many thanks! The Farbar logs are: FRST.txt Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:18-11-2015Ran by Mike (administrator) on MIKE-HP (18-11-2015 20:38:18)Running from G:\Mike\DownloadsLoaded Profiles: Mike (Available Profiles: Mike & Eli & Mcx1-MIKE-HP & DefaultAppPool)Platform: Windows 10 Home (X64) Language: English (United States)Internet Explorer Version 11 (Default browser: Edge)Boot Mode: NormalTutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/==================== Processes (Whitelisted) =================(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgrsa.exe(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgcsrva.exe(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe(AMD) C:\Windows\System32\atiesrxx.exe(AMD) C:\Windows\System32\atieclxx.exe(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgwdsvcx.exe(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgidsagent.exe(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe(Microsoft Corporation) C:\Windows\System32\mqsvc.exe(Ralink Technology, Corp.) C:\Program Files (x86)\Ralink\Common\RaRegistry.exe(Ralink Technology, Corp.) C:\Program Files (x86)\Ralink\Common\RaRegistry64.exe(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgnsa.exe(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgemca.exe(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportInjService_x64.exe(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.15\GoogleCrashHandler.exe(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.15\GoogleCrashHandler64.exe(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe(Microsoft Corporation) C:\Windows\System32\Speech_OneCore\Common\SpeechRuntime.exe(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportInjService_x64.exe(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe(Logitech, Inc.) C:\Program Files\Common Files\logishrd\KHAL3\KHALMNPR.exe(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.226\SSScheduler.exe(Mozy, Inc.) C:\Program Files\MozyHome\mozystat.exe(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe(Dropbox, Inc.) C:\Users\Mike\AppData\Roaming\Dropbox\bin\Dropbox.exe(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe(Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe() C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe() C:\Program Files (x86)\Common Files\logishrd\LQCVFX\COCIManager.exe(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgui.exe(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\Receiver\Receiver.exe(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\redirector.exe(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\SelfServicePlugin\SelfServicePlugin.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe(Mozy, Inc.) C:\Program Files\MozyHome\mozybackup.exe(Mozy, Inc.) C:\Program Files\MozyHome\mozybackup.exe(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\ActionUriServer.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe(Microsoft Corporation) C:\Windows\System32\browser_broker.exe(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe==================== Registry (Whitelisted) ===========================(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3100440 2014-05-19] (Logitech, Inc.)HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-08-21] (Advanced Micro Devices, Inc.)HKLM-x32\...\Run: [Magic Desktop for HP notification] => C:\ProgramData\Easybits Magic Desktop for HP\mdhpSUN.exe [1258504 2013-12-27] (Easybits)HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [205336 2011-11-11] (Logitech Inc.)HKLM-x32\...\Run: [HP Remote Solution] => %ProgramFiles%\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exeHKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)HKLM-x32\...\Run: [AdobeCS4ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [611712 2008-08-14] (Adobe Systems Incorporated)HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\Av\avgui.exe [3826600 2015-10-30] (AVG Technologies CZ, s.r.o.)HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [518496 2015-06-24] (Citrix Systems, Inc.)HKLM-x32\...\Run: [Redirector] => C:\Program Files (x86)\Citrix\ICA Client\redirector.exe [231776 2015-06-24] (Citrix Systems, Inc.)HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguix.exe [1136552 2015-11-12] (AVG Technologies CZ, s.r.o.)Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)Winlogon\Notify\ScCertProp: wlnotify.dll [X]HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1HKU\S-1-5-21-722469699-1757417711-2172558454-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22568216 2015-10-12] (Google)HKU\S-1-5-21-722469699-1757417711-2172558454-1001\...\Run: [Dropbox Update] => C:\Users\Mike\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-19] (Dropbox, Inc.)HKU\S-1-5-21-722469699-1757417711-2172558454-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [48138880 2015-10-14] (Skype Technologies S.A.)HKU\S-1-5-21-722469699-1757417711-2172558454-1001\...\Run: [GoogleChromeAutoLaunch_A9A28D217F0AF6C0AE66A9006030A09A] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [811848 2015-11-07] (Google Inc.)HKU\S-1-5-21-722469699-1757417711-2172558454-1001\...\Run: [SpybotPostWindows10UpgradeReInstall] => "C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe"HKU\S-1-5-21-722469699-1757417711-2172558454-1001\...\Policies\system: [DisableLockWorkstation] 0HKU\S-1-5-21-722469699-1757417711-2172558454-1001\...\Policies\system: [DisableChangePassword] 0HKU\S-1-5-21-722469699-1757417711-2172558454-1001\...\MountPoints2: {0cf0d44f-6b0c-11e0-b704-806e6f6e6963} - "E:\Install Navigator.exe" HKU\S-1-5-21-722469699-1757417711-2172558454-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [31232 2015-07-10] (Microsoft Corporation)ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-10-12] (Google)ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-10-12] (Google)ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-10-12] (Google)ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mike\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-11-04] (Dropbox, Inc.)ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mike\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-11-04] (Dropbox, Inc.)ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mike\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-11-04] (Dropbox, Inc.)ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mike\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-11-04] (Dropbox, Inc.)ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => No FileShellIconOverlayIdentifiers: [mozy] -> {b32a6748-f273-4546-b60a-3c5adc239de5} => C:\Program Files\MozyHome\mozyshell.dll [2015-02-02] (Mozy, Inc.)ShellIconOverlayIdentifiers: [mozy2] -> {747E722C-CB46-4a9d-BDFE-192AAD5099B1} => C:\Program Files\MozyHome\mozyshell.dll [2015-02-02] (Mozy, Inc.)ShellIconOverlayIdentifiers: [mozy3] -> {EE6F5A00-7898-40f7-AB77-51FF9D6DEB20} => C:\Program Files\MozyHome\mozyshell.dll [2015-02-02] (Mozy, Inc.)ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mike\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.)ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mike\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.)ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mike\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.)Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2015-11-08]ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.226\SSScheduler.exe (McAfee, Inc.)Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\MozyHome Status.lnk [2015-07-12]ShortcutTarget: MozyHome Status.lnk -> C:\Program Files\MozyHome\mozystat.exe (Mozy, Inc.)Startup: C:\Users\Mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-11-15]ShortcutTarget: Dropbox.lnk -> C:\Users\Mike\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)BootExecute: autocheck autochk * sdnclean64.exe==================== Internet (Whitelisted) ====================(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txtTcpip\Parameters: [DhcpNameServer] 192.168.0.1Tcpip\..\Interfaces\{18b82321-0b0c-4748-a585-cb06f8448ee8}: [DhcpNameServer] 192.168.0.1Internet Explorer:==================HKU\S-1-5-21-722469699-1757417711-2172558454-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.goldstart.co.uk/adv/goldAndSilver.htmSearchScopes: HKLM -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPDTDFSearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDFSearchScopes: HKLM -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}SearchScopes: HKLM -> {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = hxxp://rover.ebay.com/rover/1/710-111095-2958-0/4?satitle={searchTerms}&mfe=DesktopsSearchScopes: HKLM -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBoxSearchScopes: HKLM-x32 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPDTDFSearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDFSearchScopes: HKLM-x32 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}SearchScopes: HKLM-x32 -> {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = hxxp://rover.ebay.com/rover/1/710-111095-2958-0/4?satitle={searchTerms}&mfe=DesktopsSearchScopes: HKLM-x32 -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBoxSearchScopes: HKU\S-1-5-21-722469699-1757417711-2172558454-1001 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = SearchScopes: HKU\S-1-5-21-722469699-1757417711-2172558454-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = SearchScopes: HKU\S-1-5-21-722469699-1757417711-2172558454-1001 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = SearchScopes: HKU\S-1-5-21-722469699-1757417711-2172558454-1001 -> {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = SearchScopes: HKU\S-1-5-21-722469699-1757417711-2172558454-1001 -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = BHO: AVG Safe Search -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> No FileBHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll [2012-02-13] (Advanced Micro Devices)BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2014-05-19] (Logitech, Inc.)BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll => No FileBHO-x32: AVG Safe Search -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> No FileBHO-x32: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll [2012-02-13] (Advanced Micro Devices)BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-02-06] (Oracle Corporation)BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2014-05-19] (Logitech, Inc.)BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-06] (Oracle Corporation)BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2015-05-06] (Hewlett-Packard)Toolbar: HKU\S-1-5-21-722469699-1757417711-2172558454-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No FileToolbar: HKU\S-1-5-21-722469699-1757417711-2172558454-1001 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No FileDPF: HKLM-x32 {4871A87A-BFDD-4106-8153-FFDE2BAC2967} hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.0.cabDPF: HKLM-x32 {A2505C6C-6F17-456F-89D2-4301FBDC6EC7} hxxps://remote-uk-tc.rbc.com/nortel_cacheable/iewiper.cabDPF: HKLM-x32 {ACDB1787-986D-434D-9857-2172CDB2108D} hxxps://remote-uk-th.rbc.com/nortel_cacheable/punblock.cabHandler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - No FileFilter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-06-24] (Citrix Systems, Inc.)Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-06-24] (Citrix Systems, Inc.)Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-06-24] (Citrix Systems, Inc.)Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-06-24] (Citrix Systems, Inc.)Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-06-24] (Citrix Systems, Inc.)Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-06-24] (Citrix Systems, Inc.)Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-06-24] (Citrix Systems, Inc.)Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-06-24] (Citrix Systems, Inc.)Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-06-24] (Citrix Systems, Inc.)Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-06-24] (Citrix Systems, Inc.)Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-06-24] (Citrix Systems, Inc.)Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-06-24] (Citrix Systems, Inc.)Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-06-24] (Citrix Systems, Inc.)Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-06-24] (Citrix Systems, Inc.)Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-06-24] (Citrix Systems, Inc.)Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-06-24] (Citrix Systems, Inc.)Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-07] (Advanced Micro Devices)Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-07] (Advanced Micro Devices)Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-07] (Advanced Micro Devices)Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-07] (Advanced Micro Devices)FireFox:========FF ProfilePath: C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\stkwv5cl.defaultFF Homepage: hxxp://www.evertonlatest.co.uk/wp-admin/index.phphxxp://www.investorwords.co.uk/wp-admin/hxxp://www.cutthedebt.co.uk/wp-admin/index.phphxxp://www.blackburnlatest.co.uk/wp-admin/index.phphxxp://www.stokelatest.co.uk/wp-admin/hxxp://www.swansealatest.co.uk/wp-admin/hxxp://www.wolveslatest.co.uk/wp-admin/index.phphxxp://www.wiganlatest.co.uk/wp-admin/index.phphxxp://www.qprlatest.co.uk/wp-admin/hxxp://www.englandfootballlatest.co.uk/wp-admin/index.phphxxp://www.norwichlatest.co.uk/wp-admin/index.phphxxp://www.westbromlatest.co.uk/wp-admin/index.phphxxp://www.sunderlandlatest.co.uk/wp-admin/index.phpFF Session Restore: -> is enabled.FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll [2015-06-24] (Citrix Systems, Inc.)FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-06-06] (Google, Inc.)FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-06] (Oracle Corporation)FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-06] (Oracle Corporation)FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-09-23] (Microsoft Corporation)FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-18] (Google Inc.)FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-18] (Google Inc.)FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\CCMSDK.dll [2011-04-25] (Citrix Systems, Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\cgpcfg.dll [2011-04-25] (Citrix Systems, Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\CgpCore.dll [2011-04-25] (Citrix Systems, Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\confmgr.dll [2011-04-25] (Citrix Systems, Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\ctxlogging.dll [2011-04-25] (Citrix Systems, Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\ctxmui.dll [2011-04-25] (Citrix Systems, Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\icafile.dll [2011-04-25] (Citrix Systems, Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\icalogon.dll [2011-04-25] (Citrix Systems, Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npicaN.dll [2011-04-25] ()FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFFICE.DLL [2007-03-22] (Microsoft Corporation)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\sslsdk_b.dll [2011-04-25] (Citrix Systems, Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\TcpPServ.dll [2011-04-25] (Citrix Systems, Inc.)FF Extension: Page Speed - C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\stkwv5cl.default\extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97} [2012-09-23] [not signed]FF Extension: Property Bee - C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\stkwv5cl.default\extensions\{da8bd68d-8e90-41cd-8345-a71b294e72e6}.xpi [2013-05-12] [not signed]FF Extension: Greasemonkey - C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\stkwv5cl.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2013-09-05] [not signed]FF Extension: YSlow - C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\stkwv5cl.default\extensions\yslow@yahoo-inc.com.xpi [2014-12-22] [not signed]FF Extension: Flash and Video Download - C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\stkwv5cl.default\extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a} [2014-12-22] [not signed]FF Extension: No Name - C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\stkwv5cl.default\Extensions\firebug@software.joehewitt.com.xpi [2015-07-04] [not signed]FF Extension: No Name - C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\stkwv5cl.default\Extensions\wagerlogic.xpi [2010-02-02] [not signed]FF Extension: Microsoft .NET Framework Assistant - C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\stkwv5cl.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011-08-21] [not signed]FF Extension: Google Toolbar for Firefox - C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\stkwv5cl.default\Extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2011-08-21] [not signed]FF Extension: No Name - C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\stkwv5cl.default\Extensions\{3112ca9c-de6d-4884-a869-9855de68056c}-trash [2011-08-21] [not signed]FF Extension: DownThemAll! - C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\stkwv5cl.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2015-07-04]FF Extension: OnlyWire - C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\stkwv5cl.default\Extensions\{e26ba8db-a646-a44e-997c-2fafeadb50f2} [2011-08-21] [not signed]FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExtFF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2014-11-29] [not signed]Chrome: =======CHR HomePage: Default -> hxxp://www.google.com/CHR StartupUrls: Default -> "hxxp://www.gumtree.com/search?property_type=house&seller_type=private&min_beds=3&max_beds=&min_price=370%2C000&max_price=600%2C000&q=&search_location=South+East+London&category=local-property-for-sale&search_scope=title","hxxps://www.google.co.uk/webhp?source=search_app&gws_rd=cr","hxxp://www.google.com/"CHR Session Restore: Default -> is enabled.CHR Profile: C:\Users\Mike\AppData\Local\Google\Chrome\User Data\DefaultCHR Extension: (Google Drive) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-27]CHR Extension: (YouTube) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-17]CHR Extension: (Google Search) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]CHR Extension: (MightyText - SMS from PC & Text from Computer) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkfhfaphfkopdgpbfkebjfcblcafcmpi [2015-10-17]CHR Extension: (Gmail Offline) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejidjjhkpiempkbhmpbfngldlkglhimk [2015-10-17]CHR Extension: (Chrome Remote Desktop) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2015-11-08]CHR Extension: (Financial News) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gfcekbbpdkhlfomdhopicfopkkedfcam [2015-10-17]CHR Extension: (Google Docs Offline) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-18]CHR Extension: (Pin It Button) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2015-10-17]CHR Extension: (Chrome Web Store Payments) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-10-17]CHR Extension: (Gmail) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-10-17]CHR HKU\S-1-5-21-722469699-1757417711-2172558454-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bbjllphbppobebmjpjcijfbakobcheof] - hxxps://clients2.google.com/service/update2/crxCHR HKU\S-1-5-21-722469699-1757417711-2172558454-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx==================== Services (Whitelisted) ========================(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2015-08-21] (Advanced Micro Devices, Inc.) [File not signed]S3 AvgAMPS; C:\Program Files (x86)\AVG\Av\avgamps.exe [595376 2015-10-30] (AVG Technologies CZ, s.r.o.)R2 AVGIDSAgent; C:\Program Files (x86)\AVG\Av\avgidsagent.exe [3815648 2015-10-30] (AVG Technologies CZ, s.r.o.)R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1046952 2015-11-12] (AVG Technologies CZ, s.r.o.)R2 avgwd; C:\Program Files (x86)\AVG\Av\avgwdsvcx.exe [579776 2015-10-30] (AVG Technologies CZ, s.r.o.)R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [25800 2015-09-28] (Hewlett-Packard Company)S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.226\McCHSvc.exe [289256 2015-10-30] (McAfee, Inc.)R2 mozybackup; C:\Program Files\MozyHome\mozybackup.exe [54040 2011-08-04] (Mozy, Inc.)R2 MSMQ; C:\Windows\system32\mqsvc.exe [26112 2015-09-21] (Microsoft Corporation)R2 RalinkRegistryWriter; C:\Program Files (x86)\Ralink\Common\RaRegistry.exe [372736 2012-07-04] (Ralink Technology, Corp.) [File not signed]R2 RalinkRegistryWriter64; C:\Program Files (x86)\Ralink\Common\RaRegistry64.exe [447488 2012-07-04] (Ralink Technology, Corp.) [File not signed]S2 RaMediaServer; C:\Program Files (x86)\Ralink\Common\RaMediaServer.exe [1859584 2012-07-04] (Ralink) [File not signed]R2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2255128 2015-10-26] (IBM Corp.)S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [84480 2015-09-21] (Microsoft Corporation)S3 w3logsvc; C:\Windows\SysWOW64\inetsrv\w3logsvc.dll [72192 2015-09-21] (Microsoft Corporation)R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [578560 2015-09-21] (Microsoft Corporation)R2 W3SVC; C:\Windows\SysWOW64\inetsrv\iisw3adm.dll [504832 2015-09-21] (Microsoft Corporation)S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation)S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation)===================== Drivers (Whitelisted) ==========================(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)R2 AODDriver4.3; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWT6.sys [102912 2015-05-28] (Advanced Micro Devices)S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [23152 2015-09-09] (AVG Technologies CZ, s.r.o.)R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [197040 2015-08-10] (AVG Technologies CZ, s.r.o.)R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [313776 2015-10-19] (AVG Technologies CZ, s.r.o.)R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [298416 2015-08-20] (AVG Technologies CZ, s.r.o.)R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [284080 2015-10-21] (AVG Technologies CZ, s.r.o.)R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [398256 2015-08-14] (AVG Technologies CZ, s.r.o.)R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [255408 2015-10-21] (AVG Technologies CZ, s.r.o.)R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [42416 2015-08-10] (AVG Technologies CZ, s.r.o.)R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [306608 2015-10-08] (AVG Technologies CZ, s.r.o.)S3 FsUsbExDisk; C:\Windows\SysWOW64\FsUsbExDisk.SYS [37344 2013-02-05] () [File not signed]R3 hcwD3bda; C:\Windows\system32\DRIVERS\hcwD3bda64.sys [121344 2011-10-26] (Mirics)R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)R1 mozyFilter; C:\Windows\System32\DRIVERS\mozy.sys [67808 2013-05-21] (Mozy, Inc.)R3 MQAC; C:\Windows\System32\drivers\mqac.sys [175104 2015-09-21] (Microsoft Corporation)R3 netr28x; C:\Windows\system32\DRIVERS\netr28x.sys [2554528 2015-06-12] (MediaTek Inc.)R1 RapportCerberus_1507072; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_1507072.sys [959416 2015-11-16] (IBM Corp.)R1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [500184 2015-10-26] (IBM Corp.)R0 RapportHades64; C:\Windows\System32\Drivers\RapportHades64.sys [139896 2015-10-26] (IBM Corp.)R0 RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [394584 2015-10-26] (IBM Corp.)R1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [489272 2015-10-26] (IBM Corp.)S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)S3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [31744 2009-01-09] (Research in Motion Ltd)R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [587264 2015-06-18] (Realtek )S3 S3XXx64; C:\Windows\system32\DRIVERS\S3XXx64.sys [73856 2015-02-17] (Identiv)S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] ()U5 usbfilter; C:\Windows\System32\Drivers\usbfilter.sys [38456 2009-12-22] (Advanced Micro Devices)S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation)S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation)S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation)U3 idsvc; no ImagePathS3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]U3 wpcsvc; no ImagePath==================== NetSvcs (Whitelisted) ===================(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)==================== One Month Created files and folders ========(If an entry is included in the fixlist, the file/folder will be moved.)2015-11-18 20:37 - 2015-11-18 20:38 - 00000000 ____D C:\FRST2015-11-18 20:21 - 2015-11-18 20:21 - 00016148 _____ C:\Windows\system32\MIKE-HP_Mike_HistoryPrediction.bin2015-11-18 20:02 - 2015-11-18 20:02 - 00003184 _____ C:\Windows\System32\Tasks\{BC444172-5895-4D29-9FAE-38C92D256289}2015-11-17 18:30 - 2015-11-17 18:30 - 00016148 _____ C:\Windows\system32\MIKE-HP_Eli_HistoryPrediction.bin2015-11-17 18:20 - 2015-11-17 18:21 - 23493437 _____ C:\Users\Eli\Downloads\fwdboda.zip2015-11-17 17:13 - 2015-11-17 17:13 - 00000000 ____D C:\Users\Eli\AppData\Local\CEF2015-11-17 17:12 - 2015-11-17 17:12 - 02756350 _____ C:\Users\Eli\Downloads\Archivos adjuntos_20151117.zip2015-11-16 22:24 - 2015-11-16 22:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trusteer Endpoint Protection2015-11-16 22:24 - 2015-11-16 22:24 - 00000000 ____D C:\Program Files (x86)\Trusteer2015-11-16 22:24 - 2015-10-26 00:01 - 00394584 _____ (IBM Corp.) C:\Windows\system32\Drivers\RapportKE64.sys2015-11-16 22:24 - 2015-10-26 00:01 - 00139896 _____ (IBM Corp.) C:\Windows\system32\Drivers\RapportHades64.sys2015-11-16 22:22 - 2015-11-16 22:23 - 00436504 _____ (IBM Corp.) C:\Users\Eli\Downloads\RapportSetup (3).exe2015-11-16 22:16 - 2015-11-16 22:16 - 00000000 ____D C:\Windows\LastGood.Tmp2015-11-16 22:15 - 2015-11-16 22:15 - 01083880 _____ (Gemalto) C:\Windows\SysWOW64\axaltocm.dll2015-11-16 22:13 - 2015-11-16 22:23 - 00436504 _____ (IBM Corp.) C:\Users\Eli\Downloads\RapportSetup (1).exe2015-11-16 22:13 - 2015-11-16 22:14 - 00436504 _____ (IBM Corp.) C:\Users\Eli\Downloads\RapportSetup (2).exe2015-11-15 12:34 - 2015-11-15 12:34 - 00000000 ___HD C:\OneDriveTemp2015-11-15 11:17 - 2015-11-15 11:17 - 00000000 ____D C:\Users\Mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox2015-11-11 22:53 - 2015-11-15 12:39 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys2015-11-11 22:53 - 2015-11-11 22:53 - 00001173 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2015-11-11 22:53 - 2015-11-11 22:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware2015-11-11 22:52 - 2015-11-11 22:52 - 00000000 ____D C:\ProgramData\Malwarebytes2015-11-11 22:52 - 2015-11-11 22:52 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware2015-11-11 22:52 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys2015-11-11 22:52 - 2015-10-05 09:50 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys2015-11-11 22:52 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys2015-11-10 21:14 - 2015-11-05 05:13 - 00577888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys2015-11-10 21:14 - 2015-11-05 05:06 - 03621248 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll2015-11-10 21:14 - 2015-11-05 04:24 - 02878512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll2015-11-10 21:14 - 2015-11-05 04:20 - 21873664 _____ (Microsoft Corporation) C:\Windows\system32\edgehtml.dll2015-11-10 21:14 - 2015-11-05 04:18 - 24597504 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll2015-11-10 21:14 - 2015-11-05 04:18 - 03248128 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.dll2015-11-10 21:14 - 2015-11-05 04:10 - 02987520 _____ (Microsoft Corporation) C:\Windows\system32\esent.dll2015-11-10 21:14 - 2015-11-05 04:03 - 02180608 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentServer.dll2015-11-10 21:14 - 2015-11-05 03:59 - 02675200 _____ (Microsoft Corporation) C:\Windows\system32\Windows.StateRepository.dll2015-11-10 21:14 - 2015-11-05 03:58 - 00627712 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.dll2015-11-10 21:14 - 2015-11-05 03:56 - 01795072 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentExtensions.dll2015-11-10 21:14 - 2015-11-05 03:47 - 19326464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll2015-11-10 21:14 - 2015-11-05 03:42 - 02647040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.dll2015-11-10 21:14 - 2015-11-05 03:35 - 18803712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\edgehtml.dll2015-11-10 21:14 - 2015-11-05 03:35 - 02639872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\esent.dll2015-11-10 21:14 - 2015-11-05 03:27 - 02049536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.StateRepository.dll2015-11-10 21:13 - 2015-11-05 05:15 - 08020832 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe2015-11-10 21:13 - 2015-11-05 05:15 - 00541024 _____ (Microsoft Corporation) C:\Windows\system32\mcupdate_GenuineIntel.dll2015-11-10 21:13 - 2015-11-05 05:14 - 00459104 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys2015-11-10 21:13 - 2015-11-05 05:11 - 01392480 _____ (Microsoft Corporation) C:\Windows\system32\LicenseManager.dll2015-11-10 21:13 - 2015-11-05 05:06 - 00966416 _____ (Microsoft Corporation) C:\Windows\system32\twinapi.appcore.dll2015-11-10 21:13 - 2015-11-05 05:01 - 00607408 _____ (Microsoft Corporation) C:\Windows\system32\fontdrvhost.exe2015-11-10 21:13 - 2015-11-05 04:56 - 01083072 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll2015-11-10 21:13 - 2015-11-05 04:56 - 00116064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys2015-11-10 21:13 - 2015-11-05 04:56 - 00025280 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe2015-11-10 21:13 - 2015-11-05 04:30 - 00961376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\LicenseManager.dll2015-11-10 21:13 - 2015-11-05 04:23 - 00762888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinapi.appcore.dll2015-11-10 21:13 - 2015-11-05 04:23 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\browserbroker.dll2015-11-10 21:13 - 2015-11-05 04:18 - 00539728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontdrvhost.exe2015-11-10 21:13 - 2015-11-05 04:17 - 02418688 _____ (Microsoft Corporation) C:\Windows\system32\MFMediaEngine.dll2015-11-10 21:13 - 2015-11-05 04:12 - 00515072 _____ (Microsoft Corporation) C:\Windows\system32\internetmail.dll2015-11-10 21:13 - 2015-11-05 04:11 - 00333312 _____ (Microsoft Corporation) C:\Windows\system32\MusUpdateHandlers.dll2015-11-10 21:13 - 2015-11-05 04:10 - 12504064 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll2015-11-10 21:13 - 2015-11-05 04:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll2015-11-10 21:13 - 2015-11-05 04:06 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Devices.Usb.dll2015-11-10 21:13 - 2015-11-05 04:05 - 01602560 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll2015-11-10 21:13 - 2015-11-05 04:05 - 00826880 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll2015-11-10 21:13 - 2015-11-05 04:03 - 01015808 _____ (Microsoft Corporation) C:\Windows\system32\RDXService.dll2015-11-10 21:13 - 2015-11-05 04:01 - 00949760 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll2015-11-10 21:13 - 2015-11-05 04:01 - 00713216 _____ (Microsoft Corporation) C:\Windows\system32\usermgr.dll2015-11-10 21:13 - 2015-11-05 04:01 - 00579072 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe2015-11-10 21:13 - 2015-11-05 03:59 - 03587072 _____ (Microsoft Corporation) C:\Windows\system32\win32kfull.sys2015-11-10 21:13 - 2015-11-05 03:58 - 01383936 _____ (Microsoft Corporation) C:\Windows\system32\win32kbase.sys2015-11-10 21:13 - 2015-11-05 03:55 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\dssvc.dll2015-11-10 21:13 - 2015-11-05 03:54 - 00502272 _____ (Microsoft Corporation) C:\Windows\system32\dlnashext.dll2015-11-10 21:13 - 2015-11-05 03:40 - 01918976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFMediaEngine.dll2015-11-10 21:13 - 2015-11-05 03:34 - 00311296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Devices.Usb.dll2015-11-10 21:13 - 2015-11-05 03:33 - 01380864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll2015-11-10 21:13 - 2015-11-05 03:33 - 00650240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll2015-11-10 21:13 - 2015-11-05 03:30 - 00767488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll2015-11-10 21:13 - 2015-11-05 03:28 - 11262976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll2015-11-10 21:13 - 2015-11-05 03:27 - 00464896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.dll2015-11-10 21:13 - 2015-11-05 03:23 - 00441344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dlnashext.dll2015-11-08 11:48 - 2015-11-08 11:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus2015-11-02 22:07 - 2015-11-02 22:07 - 00000000 ____D C:\Users\Mike\AppData\Roaming\KompoZer2015-11-02 22:06 - 2015-11-02 22:07 - 00000000 ____D C:\Program Files\KompoZer 0.7.102015-11-02 19:41 - 2015-11-02 19:41 - 00000000 ____D C:\Users\Eli\AppData\Roaming\WinRAR2015-11-02 19:40 - 2015-11-02 19:41 - 34633425 _____ C:\Users\Eli\Downloads\wetransfer-6956a2.zip2015-11-01 13:23 - 2015-11-02 19:46 - 16545096 _____ C:\Users\Eli\Desktop\Matrimonio Frailejones.odt2015-11-01 13:05 - 2015-11-01 13:05 - 00000162 ____H C:\Users\Eli\Desktop\~$mples fonts.odt2015-11-01 13:04 - 2015-11-01 13:05 - 00005122 _____ C:\Users\Eli\Desktop\samples fonts.odt2015-10-28 07:33 - 2015-10-28 07:33 - 00000085 _____ C:\Windows\wininit.ini2015-10-28 06:57 - 2015-10-28 06:57 - 00000000 ____D C:\Users\Eli\AppData\Roaming\AVG2015-10-27 23:10 - 2015-07-28 17:52 - 00821920 _____ (Safer-Networking Ltd. ) C:\Users\Public\Desktop\Post Win10 Spybot-install.exe2015-10-27 23:04 - 2015-10-27 23:04 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking2015-10-27 23:03 - 2015-10-28 07:34 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 22015-10-27 09:37 - 2015-11-08 07:22 - 00001011 _____ C:\Users\Public\Desktop\AVG Protection.lnk2015-10-27 09:32 - 2015-10-27 09:34 - 00000000 ____D C:\Users\Mike\AppData\Local\AvgSetupLog2015-10-26 19:36 - 2015-10-26 19:36 - 00504447 _____ C:\Users\Eli\Desktop\http.odt2015-10-26 14:27 - 2015-10-26 14:27 - 00000000 ____D C:\ProgramData\ATI2015-10-22 21:41 - 2015-10-22 21:41 - 00061917 _____ C:\Windows\SysWOW64\CCCInstall_201510222241121730.log2015-10-22 21:41 - 2015-10-22 21:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center2015-10-22 21:40 - 2015-10-22 21:40 - 00000000 ____D C:\Program Files\ATI Technologies2015-10-22 21:38 - 2015-10-22 21:38 - 00066655 _____ C:\Windows\SysWOW64\CCCInstall_201510222238562063.log2015-10-22 21:38 - 2015-10-22 21:38 - 00000000 ____D C:\Users\Default\AppData\Roaming\ATI2015-10-22 21:38 - 2015-10-22 21:38 - 00000000 ____D C:\Users\Default\AppData\Local\ATI2015-10-22 21:38 - 2015-10-22 21:38 - 00000000 ____D C:\Users\Default User\AppData\Roaming\ATI2015-10-22 21:38 - 2015-10-22 21:38 - 00000000 ____D C:\Users\Default User\AppData\Local\ATI2015-10-22 21:36 - 2015-10-22 21:36 - 47794160 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\amdocl64.dll2015-10-22 21:36 - 2015-10-22 21:36 - 39712768 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\amdocl.dll2015-10-22 21:36 - 2015-10-22 21:36 - 30776304 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atio6axx.dll2015-10-22 21:36 - 2015-10-22 21:36 - 27544560 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\amdocl12cl64.dll2015-10-22 21:36 - 2015-10-22 21:36 - 25320432 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atioglxx.dll2015-10-22 21:36 - 2015-10-22 21:36 - 22327280 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\amdocl12cl.dll2015-10-22 21:36 - 2015-10-22 21:36 - 15725552 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticaldd64.dll2015-10-22 21:36 - 2015-10-22 21:36 - 14310896 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticaldd.dll2015-10-22 21:36 - 2015-10-22 21:36 - 09355016 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdxc64.dll2015-10-22 21:36 - 2015-10-22 21:36 - 08009360 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdva.dll2015-10-22 21:36 - 2015-10-22 21:36 - 07683096 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdxc32.dll2015-10-22 21:36 - 2015-10-22 21:36 - 07482552 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdag.dll2015-10-22 21:36 - 2015-10-22 21:36 - 06686192 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdmantle64.dll2015-10-22 21:36 - 2015-10-22 21:36 - 05216240 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdmantle32.dll2015-10-22 21:36 - 2015-10-22 21:36 - 03471376 _____ C:\Windows\SysWOW64\atiumdva.cap2015-10-22 21:36 - 2015-10-22 21:36 - 03437632 _____ C:\Windows\system32\atiumd6a.cap2015-10-22 21:36 - 2015-10-22 21:36 - 01196032 _____ C:\Windows\system32\amdocl_as64.exe2015-10-22 21:36 - 2015-10-22 21:36 - 01070592 _____ C:\Windows\system32\amdocl_ld64.exe2015-10-22 21:36 - 2015-10-22 21:36 - 01004032 _____ C:\Windows\SysWOW64\amdocl_as32.exe2015-10-22 21:36 - 2015-10-22 21:36 - 00935408 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atiadlxy.dll2015-10-22 21:36 - 2015-10-22 21:36 - 00935408 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atiadlxx.dll2015-10-22 21:36 - 2015-10-22 21:36 - 00833800 _____ C:\Windows\system32\amdicdxx.dat2015-10-22 21:36 - 2015-10-22 21:36 - 00807424 _____ C:\Windows\SysWOW64\amdocl_ld32.exe2015-10-22 21:36 - 2015-10-22 21:36 - 00662392 _____ C:\Windows\SysWOW64\atiapfxx.blb2015-10-22 21:36 - 2015-10-22 21:36 - 00662392 _____ C:\Windows\system32\atiapfxx.blb2015-10-22 21:36 - 2015-10-22 21:36 - 00631280 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\amdlvr64.dll2015-10-22 21:36 - 2015-10-22 21:36 - 00524272 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\amdlvr32.dll2015-10-22 21:36 - 2015-10-22 21:36 - 00471312 _____ C:\Windows\system32\amdmiracast.dll2015-10-22 21:36 - 2015-10-22 21:36 - 00375792 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atiapfxx.exe2015-10-22 21:36 - 2015-10-22 21:36 - 00341488 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\ATIODE.exe2015-10-22 21:36 - 2015-10-22 21:36 - 00243696 _____ C:\Windows\system32\clinfo.exe2015-10-22 21:36 - 2015-10-22 21:36 - 00213488 _____ C:\Windows\system32\amdgfxinfo64.dll2015-10-22 21:36 - 2015-10-22 21:36 - 00199664 _____ (AMD) C:\Windows\system32\atitmm64.dll2015-10-22 21:36 - 2015-10-22 21:36 - 00198640 _____ C:\Windows\SysWOW64\amdgfxinfo32.dll2015-10-22 21:36 - 2015-10-22 21:36 - 00177344 _____ C:\Windows\system32\ativce03.dat2015-10-22 21:36 - 2015-10-22 21:36 - 00175648 _____ C:\Windows\system32\amde31a.dat2015-10-22 21:36 - 2015-10-22 21:36 - 00168944 _____ C:\Windows\system32\atieah64.exe2015-10-22 21:36 - 2015-10-22 21:36 - 00165360 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atig6txx.dll2015-10-22 21:36 - 2015-10-22 21:36 - 00152560 _____ C:\Windows\SysWOW64\atieah32.exe2015-10-22 21:36 - 2015-10-22 21:36 - 00150512 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atigktxx.dll2015-10-22 21:36 - 2015-10-22 21:36 - 00143344 _____ C:\Windows\system32\amdhdl64.dll2015-10-22 21:36 - 2015-10-22 21:36 - 00136176 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\mantle64.dll2015-10-22 21:36 - 2015-10-22 21:36 - 00132080 _____ C:\Windows\SysWOW64\amdhdl32.dll2015-10-22 21:36 - 2015-10-22 21:36 - 00122352 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\mantle32.dll2015-10-22 21:36 - 2015-10-22 21:36 - 00112360 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiu9pag.dll2015-10-22 21:36 - 2015-10-22 21:36 - 00111600 _____ C:\Windows\system32\hsa-thunk64.dll2015-10-22 21:36 - 2015-10-22 21:36 - 00111088 _____ C:\Windows\SysWOW64\hsa-thunk.dll2015-10-22 21:36 - 2015-10-22 21:36 - 00103408 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\mantleaxl64.dll2015-10-22 21:36 - 2015-10-22 21:36 - 00100816 _____ C:\Windows\system32\ativce02.dat2015-10-22 21:36 - 2015-10-22 21:36 - 00096752 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\mantleaxl32.dll2015-10-22 21:36 - 2015-10-22 21:36 - 00088000 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdpcom64.dll2015-10-22 21:36 - 2015-10-22 21:36 - 00087992 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atimpc64.dll2015-10-22 21:36 - 2015-10-22 21:36 - 00083952 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atig6pxx.dll2015-10-22 21:36 - 2015-10-22 21:36 - 00081168 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdpcom32.dll2015-10-22 21:36 - 2015-10-22 21:36 - 00081160 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atimpc32.dll2015-10-22 21:36 - 2015-10-22 21:36 - 00078320 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiglpxx.dll2015-10-22 21:36 - 2015-10-22 21:36 - 00078320 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiglpxx.dll2015-10-22 21:36 - 2015-10-22 21:36 - 00073712 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll2015-10-22 21:36 - 2015-10-22 21:36 - 00071152 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticalrt64.dll2015-10-22 21:36 - 2015-10-22 21:36 - 00068080 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll2015-10-22 21:36 - 2015-10-22 21:36 - 00064496 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticalcl64.dll2015-10-22 21:36 - 2015-10-22 21:36 - 00060912 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalrt.dll2015-10-22 21:36 - 2015-10-22 21:36 - 00059888 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\ATIODCLI.exe2015-10-22 21:36 - 2015-10-22 21:36 - 00059376 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdmmcl6.dll2015-10-22 21:36 - 2015-10-22 21:36 - 00057840 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalcl.dll2015-10-22 21:36 - 2015-10-22 21:36 - 00052208 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\ati2erec.dll2015-10-22 21:36 - 2015-10-22 21:36 - 00048112 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdmmcl.dll2015-10-22 21:36 - 2015-10-22 21:36 - 00038384 _____ (AMD) C:\Windows\system32\atimuixx.dll2015-10-22 21:36 - 2015-10-22 21:36 - 00012784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\detoured.dll2015-10-22 21:36 - 2015-10-22 21:36 - 00012784 _____ (Microsoft Corporation) C:\Windows\system32\detoured.dll2015-10-21 16:16 - 2015-10-21 16:16 - 00284080 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgldx64.sys2015-10-21 16:15 - 2015-10-21 16:15 - 00255408 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgmfx64.sys==================== One Month Modified files and folders ========(If an entry is included in the fixlist, the file/folder will be moved.)2015-11-18 20:39 - 2011-08-22 21:08 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job2015-11-18 20:36 - 2011-08-23 20:48 - 00000000 ____D C:\Users\Mike\AppData\Roaming\Skype2015-11-18 20:29 - 2015-06-19 23:11 - 00000914 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-722469699-1757417711-2172558454-1001UA.job2015-11-18 20:29 - 2015-06-19 23:11 - 00000862 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-722469699-1757417711-2172558454-1001Core.job2015-11-18 20:26 - 2015-09-20 17:27 - 01009666 _____ C:\Windows\system32\PerfStringBackup.INI2015-11-18 20:23 - 2015-09-20 17:28 - 00000000 ____D C:\Users\Eli2015-11-18 20:22 - 2015-07-30 22:42 - 00000000 ____D C:\Windows\AppReadiness2015-11-18 20:22 - 2012-07-07 12:24 - 00000000 ____D C:\Users\Mike\AppData\Roaming\Dropbox2015-11-18 20:21 - 2015-09-20 18:47 - 00000000 ___RD C:\Users\Mike\OneDrive2015-11-18 20:21 - 2012-05-31 21:21 - 00000000 ___RD C:\Users\Mike\Google Drive2015-11-18 20:21 - 2011-08-22 21:08 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job2015-11-18 20:21 - 2011-04-20 02:53 - 00000275 _____ C:\Windows\WindowsUpdate.log2015-11-18 20:20 - 2015-09-22 21:57 - 00144840 ____N C:\Windows\Minidump\111815-18906-01.dmp2015-11-18 20:20 - 2015-09-21 21:01 - 00000000 ____D C:\Windows\Minidump2015-11-18 20:20 - 2015-09-10 05:32 - 00055788 _____ C:\Windows\PFRO.log2015-11-18 20:20 - 2015-07-30 21:52 - 00000006 ____H C:\Windows\Tasks\SA.DAT2015-11-18 20:20 - 2014-11-10 21:07 - 00000344 _____ C:\Windows\Tasks\HPCeeScheduleForMike.job2015-11-18 20:06 - 2015-09-22 21:50 - 00004148 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{5F0ED98D-7354-4A01-B294-54AB7450A24E}2015-11-18 20:06 - 2015-04-01 21:26 - 00004146 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{4026B517-26E7-4767-8E9D-E443C9569FB9}2015-11-18 20:03 - 2011-08-22 17:26 - 00000000 ____D C:\ProgramData\MFAData2015-11-18 20:01 - 2015-07-30 22:42 - 00000000 ____D C:\Windows\system32\sru2015-11-17 17:44 - 2011-08-24 06:50 - 00000000 ____D C:\Users\Eli\AppData\Roaming\Adobe2015-11-17 17:13 - 2011-08-24 06:50 - 00000000 ____D C:\Users\Eli\AppData\Local\Adobe2015-11-16 23:11 - 2014-11-10 21:07 - 00003232 _____ C:\Windows\System32\Tasks\HPCeeScheduleForMike2015-11-16 23:11 - 2011-08-22 16:03 - 00000052 _____ C:\Windows\SysWOW64\DOErrors.log2015-11-16 22:15 - 2015-04-07 07:15 - 01432040 _____ (Gemalto) C:\Windows\system32\axaltocm.dll2015-11-15 15:59 - 2011-08-22 20:55 - 00000000 ____D C:\Users\Mike\AppData\Local\AMD2015-11-15 12:33 - 2015-09-22 21:57 - 00154760 ____N C:\Windows\Minidump\111515-11875-01.dmp2015-11-15 12:31 - 2015-09-20 17:28 - 00000000 ____D C:\Users\Mike2015-11-15 12:30 - 2015-07-30 22:42 - 00000000 ____D C:\Windows\Speech2015-11-15 12:30 - 2015-07-10 09:05 - 00786432 ___SH C:\Windows\system32\config\BBI2015-11-15 12:11 - 2015-07-30 22:42 - 00000000 ____D C:\Windows\rescache2015-11-11 22:09 - 2015-09-17 23:29 - 00000000 ____D C:\Program Files (x86)\Belarc2015-11-11 22:06 - 2011-12-01 23:21 - 00000000 ____D C:\Users\Mike\AppData\Roaming\SoundSpectrum2015-11-11 22:06 - 2011-12-01 23:20 - 00000000 ____D C:\Program Files (x86)\SoundSpectrum2015-11-11 22:06 - 2011-08-23 20:22 - 00000000 ____D C:\Program Files (x86)\Microsoft Games for Windows - LIVE2015-11-11 21:19 - 2015-06-28 10:18 - 00000000 ____D C:\Program Files\Common Files\AV2015-11-11 20:50 - 2015-07-10 09:05 - 00032768 ___SH C:\Windows\system32\config\ELAM2015-11-11 08:44 - 2015-07-30 22:42 - 00000000 ____D C:\Windows\SysWOW64\en-GB2015-11-11 08:44 - 2015-07-30 22:42 - 00000000 ____D C:\Windows\system32\en-GB2015-11-11 08:44 - 2015-07-30 22:42 - 00000000 ____D C:\Windows\system32\appraiser2015-11-10 22:44 - 2011-08-23 20:37 - 00000000 ____D C:\ProgramData\Microsoft Help2015-11-10 22:42 - 2015-07-30 22:25 - 00000000 ____D C:\Windows\CbsTemp2015-11-10 22:28 - 2013-08-19 17:16 - 00000000 ____D C:\Windows\system32\MRT2015-11-10 22:19 - 2011-08-22 18:48 - 145617392 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe2015-11-10 20:40 - 2015-10-17 17:18 - 00002262 _____ C:\Users\Public\Desktop\Google Chrome.lnk2015-11-08 12:05 - 2011-04-20 03:01 - 00000000 ____D C:\Windows\System32\Tasks\Hewlett-Packard2015-11-08 12:05 - 2011-04-20 02:52 - 00000000 ____D C:\ProgramData\Hewlett-Packard2015-11-08 12:04 - 2015-09-20 21:18 - 00000000 ____D C:\Users\Mike\AppData\Local\Comms2015-11-08 12:03 - 2015-09-20 18:41 - 00000000 ____D C:\Users\Mike\AppData\Local\Packages2015-11-08 11:50 - 2011-08-23 20:47 - 00000000 ____D C:\ProgramData\Skype2015-11-08 11:48 - 2015-10-18 18:35 - 00001981 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk2015-11-08 11:48 - 2015-10-18 18:35 - 00000000 ____D C:\Program Files\McAfee Security Scan2015-11-08 11:25 - 2011-09-12 09:18 - 00005912 _____ C:\Windows\mozy.blk2015-11-08 11:25 - 2011-09-12 09:18 - 00000178 _____ C:\Windows\mozy.flt2015-11-08 07:22 - 2015-08-16 12:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG2015-11-08 07:21 - 2015-08-16 11:59 - 00000000 ___HD C:\$AVG2015-11-08 07:20 - 2015-05-25 09:32 - 00000000 ____D C:\Users\Mike\AppData\Local\Avg2015-11-08 07:20 - 2015-05-25 09:32 - 00000000 ____D C:\Users\Eli\AppData\Local\Avg2015-11-04 20:54 - 2015-09-20 20:41 - 00002369 _____ C:\Users\Eli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk2015-11-04 20:54 - 2015-09-20 20:41 - 00000000 ___RD C:\Users\Eli\OneDrive2015-11-03 18:20 - 2015-07-30 22:43 - 00810488 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe2015-11-03 18:20 - 2015-07-30 22:43 - 00176632 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl2015-11-02 19:59 - 2015-09-20 18:47 - 00002372 _____ C:\Users\Mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk2015-10-31 16:59 - 2011-10-23 18:45 - 00000000 ____D C:\Users\Eli\AppData\Local\Hewlett-Packard2015-10-31 16:58 - 2015-08-18 21:38 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk2015-10-31 16:56 - 2015-08-18 21:38 - 00003972 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task2015-10-28 07:33 - 2012-05-20 21:01 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy2015-10-28 07:01 - 2015-08-19 21:54 - 15736252 _____ C:\Users\Eli\Desktop\39 Dale Road.pptx2015-10-27 09:40 - 2015-08-16 11:57 - 00000000 ____D C:\Program Files (x86)\AVG2015-10-27 09:40 - 2014-10-19 12:51 - 00000000 ____D C:\ProgramData\AVG20152015-10-27 09:39 - 2015-08-30 12:38 - 00000000 ____D C:\Users\Mike\AppData\Roaming\AVG2015-10-27 09:37 - 2015-07-30 22:42 - 00000000 ___HD C:\Windows\ELAMBKUP2015-10-27 09:36 - 2015-08-30 12:26 - 00000000 ____D C:\ProgramData\AVG2015-10-22 21:40 - 2015-09-20 17:26 - 00000000 ____D C:\ProgramData\AMD2015-10-22 21:40 - 2015-09-20 17:25 - 00000000 ____D C:\Program Files (x86)\ATI Technologies2015-10-22 21:37 - 2015-09-20 17:25 - 00000000 ____D C:\AMD2015-10-22 21:36 - 2015-08-20 20:51 - 12088000 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atidxx64.dll2015-10-22 21:36 - 2015-08-20 20:51 - 10211008 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atidxx32.dll2015-10-22 21:36 - 2015-08-20 20:51 - 08982440 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiumd6a.dll2015-10-22 21:36 - 2015-08-20 20:51 - 08864920 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiumd64.dll2015-10-22 21:36 - 2015-08-20 20:51 - 01479808 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\aticfx64.dll2015-10-22 21:36 - 2015-08-20 20:51 - 01223552 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\aticfx32.dll2015-10-22 21:36 - 2015-08-20 20:51 - 00162232 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiuxp64.dll2015-10-22 21:36 - 2015-08-20 20:51 - 00143048 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiuxpag.dll2015-10-22 21:36 - 2015-08-20 20:51 - 00130072 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiu9p64.dll2015-10-22 21:36 - 2015-08-20 20:46 - 21648880 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\atikmdag.sys2015-10-22 21:36 - 2015-08-20 20:46 - 01256432 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atiadlxx.dll2015-10-22 21:36 - 2015-08-20 20:46 - 00874480 _____ (AMD) C:\Windows\system32\coinst_15.20.dll2015-10-22 21:36 - 2015-08-20 20:46 - 00683504 _____ (AMD) C:\Windows\system32\atieclxx.exe2015-10-22 21:36 - 2015-08-20 20:46 - 00674288 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\atikmpag.sys2015-10-22 21:36 - 2015-08-20 20:46 - 00451056 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atidemgy.dll2015-10-22 21:36 - 2015-08-20 20:46 - 00255472 _____ (AMD) C:\Windows\system32\atiesrxx.exe2015-10-19 23:40 - 2012-05-31 21:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive2015-10-19 19:07 - 2011-11-17 20:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 32015-10-19 19:06 - 2011-11-17 20:25 - 00001181 _____ C:\Users\Public\Desktop\Picasa 3.lnk2015-10-19 08:03 - 2015-09-11 15:59 - 00313776 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdrivera.sys==================== Files in the root of some directories =======2015-02-06 10:56 - 2015-02-06 10:56 - 0000093 _____ () C:\Users\Mike\AppData\Roaming\ARCompanion.log2015-10-11 15:07 - 2015-10-11 15:07 - 0037837 _____ () C:\Users\Mike\AppData\Roaming\Comma Separated Values (Windows).ADR2011-09-12 09:20 - 2011-09-12 09:20 - 0001854 _____ () C:\Users\Mike\AppData\Roaming\GhostObjGAFix.xml2011-08-24 22:14 - 2015-02-10 20:28 - 0005159 _____ () C:\Users\Mike\AppData\Roaming\Rim.Desktop.Exception.log2011-08-22 16:32 - 2015-08-08 13:41 - 0002021 _____ () C:\Users\Mike\AppData\Roaming\Rim.Desktop.HttpServerSetup.log2011-08-24 22:14 - 2015-02-10 20:28 - 0005159 _____ () C:\Users\Mike\AppData\Roaming\Rim.DesktopHelper.Exception.log2011-08-24 22:15 - 2014-11-28 14:48 - 0059904 _____ () C:\Users\Mike\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini2013-12-30 19:25 - 2015-08-04 19:27 - 0000600 _____ () C:\Users\Mike\AppData\Local\PUTTY.RND2013-01-29 14:38 - 2013-01-29 14:38 - 0000008 ___SH () C:\Users\Mike\AppData\Local\systemCurUses2013-01-29 14:38 - 2013-01-29 14:38 - 0000006 ___SH () C:\Users\Mike\AppData\Local\systemHdIDSome files in TEMP:====================C:\Users\Eli\AppData\Local\Temp\avguirn_0861469464.exeC:\Users\Mike\AppData\Local\Temp\avguirn_081216781173.exeC:\Users\Mike\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp1mtwow.dll==================== Bamital & volsnap =================(There is no automatic fix for files that do not pass verification.)C:\Windows\system32\winlogon.exe => File is digitally signedC:\Windows\system32\wininit.exe => File is digitally signedC:\Windows\explorer.exe => File is digitally signedC:\Windows\SysWOW64\explorer.exe => File is digitally signedC:\Windows\system32\svchost.exe => File is digitally signedC:\Windows\SysWOW64\svchost.exe => File is digitally signedC:\Windows\system32\services.exe => File is digitally signedC:\Windows\system32\User32.dll => File is digitally signedC:\Windows\SysWOW64\User32.dll => File is digitally signedC:\Windows\system32\userinit.exe => File is digitally signedC:\Windows\SysWOW64\userinit.exe => File is digitally signedC:\Windows\system32\rpcss.dll => File is digitally signedC:\Windows\system32\dnsapi.dll => File is digitally signedC:\Windows\SysWOW64\dnsapi.dll => File is digitally signedC:\Windows\system32\Drivers\volsnap.sys => File is digitally signedLastRegBack: 2015-11-10 20:30==================== End of FRST.txt ============================
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.