Jump to content

Trumpet

Members
  • Content Count

    9
  • Joined

  • Last visited

About Trumpet

  • Rank
    New Member

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. Hi Valinorum, No I haven't had a reoccurrence for a week now. Many thanks for your help in removing this stuff from my machine. I'll be a bit more careful in future!!! All the best Trumpet
  2. Hi Valinorum, Run as suggested; logs below. I was going to post on here that for the last few days I haven't had a reoccurrence of odd webpages being loaded but Trend Micro still hangs at 11% despite reinstalling it. It's not the same file it hangs on each time. Thanks and regards Trumpet Malwarebytes Anti-Rootkit BETA 1.9.3.1001 www.malwarebytes.org Database version: main: v2017.09.19.11 rootkit: v2017.09.13.01 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 11.0.9600.18792 Dick Albin :: DESKTOP02 [administrator] 20/09/2017 01:50:31 mbar-log-2017-09-20 (01-50-31).txt Scan type: Quick scan Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken Scan options disabled: Objects scanned: 431026 Time elapsed: 45 minute(s), 7 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) Physical Sectors Detected: 0 (No malicious items detected) (end) --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.09.3.1001 (c) Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x64 Account is Administrative Internet Explorer version: 11.0.9600.18792 File system is: NTFS Disk drives: C:\ DRIVE_FIXED CPU speed: 3.395000 GHz Memory total: 8548982784, free: 4632027136 Downloaded database version: v2017.09.19.11 Downloaded database version: v2017.09.13.01 Downloaded database version: v2017.09.01.01 Initializing... ====================== ------------ Kernel report ------------ 09/20/2017 01:50:18 ------------ Loaded modules ----------- \SystemRoot\system32\ntoskrnl.exe \SystemRoot\system32\hal.dll \SystemRoot\system32\kdcom.dll \SystemRoot\system32\mcupdate_GenuineIntel.dll \SystemRoot\system32\PSHED.dll \SystemRoot\system32\CLFS.SYS \SystemRoot\system32\CI.dll \SystemRoot\system32\drivers\Wdf01000.sys \SystemRoot\system32\drivers\WDFLDR.SYS \SystemRoot\system32\drivers\ACPI.sys \SystemRoot\system32\drivers\WMILIB.SYS \SystemRoot\system32\drivers\msisadrv.sys \SystemRoot\system32\drivers\pci.sys \SystemRoot\system32\drivers\vdrvroot.sys \SystemRoot\system32\DRIVERS\iusb3hcs.sys \SystemRoot\System32\drivers\partmgr.sys \SystemRoot\system32\drivers\volmgr.sys \SystemRoot\System32\drivers\volmgrx.sys \SystemRoot\System32\drivers\mountmgr.sys \SystemRoot\system32\DRIVERS\TMEBC64.sys \SystemRoot\system32\drivers\iaStor.sys \SystemRoot\system32\drivers\amdxata.sys \SystemRoot\system32\drivers\fltmgr.sys \SystemRoot\system32\drivers\fileinfo.sys \SystemRoot\system32\DRIVERS\file_tracker.sys \SystemRoot\System32\Drivers\PxHlpa64.sys \SystemRoot\System32\Drivers\Ntfs.sys \SystemRoot\System32\Drivers\msrpc.sys \SystemRoot\System32\Drivers\ksecdd.sys \SystemRoot\System32\Drivers\cng.sys \SystemRoot\System32\drivers\pcw.sys \SystemRoot\System32\Drivers\Fs_Rec.sys \SystemRoot\system32\drivers\ndis.sys \SystemRoot\system32\drivers\NETIO.SYS \SystemRoot\System32\Drivers\ksecpkg.sys \SystemRoot\System32\drivers\tcpip.sys \SystemRoot\System32\drivers\fwpkclnt.sys \SystemRoot\system32\DRIVERS\tmcomm.sys \SystemRoot\system32\drivers\volsnap.sys \SystemRoot\System32\Drivers\spldr.sys \SystemRoot\system32\DRIVERS\snapman.sys \SystemRoot\System32\drivers\rdyboost.sys \SystemRoot\System32\Drivers\mup.sys \SystemRoot\System32\drivers\hwpolicy.sys \SystemRoot\system32\DRIVERS\fltsrv.sys \SystemRoot\System32\DRIVERS\fvevol.sys \SystemRoot\system32\drivers\disk.sys \SystemRoot\system32\drivers\CLASSPNP.SYS \SystemRoot\system32\DRIVERS\cdrom.sys \SystemRoot\system32\DRIVERS\TMUMH.sys \SystemRoot\System32\Drivers\Null.SYS \SystemRoot\System32\Drivers\Beep.SYS \SystemRoot\System32\drivers\vga.sys \SystemRoot\System32\drivers\VIDEOPRT.SYS \SystemRoot\System32\drivers\watchdog.sys \SystemRoot\System32\DRIVERS\RDPCDD.sys \SystemRoot\system32\drivers\rdpencdd.sys \SystemRoot\system32\drivers\rdprefmp.sys \SystemRoot\System32\Drivers\Msfs.SYS \SystemRoot\System32\Drivers\Npfs.SYS \SystemRoot\system32\DRIVERS\tdx.sys \SystemRoot\system32\DRIVERS\TDI.SYS \SystemRoot\System32\DRIVERS\netbt.sys \SystemRoot\system32\drivers\afd.sys \SystemRoot\system32\DRIVERS\wfplwf.sys \SystemRoot\system32\DRIVERS\pacer.sys \SystemRoot\system32\DRIVERS\vpcnfltr.sys \SystemRoot\system32\DRIVERS\vwififlt.sys \SystemRoot\system32\DRIVERS\netbios.sys \SystemRoot\system32\DRIVERS\tmevtmgr.sys \SystemRoot\system32\DRIVERS\tmactmon.sys \??\C:\Windows\System32\drivers\zamguard64.sys \??\C:\Windows\System32\drivers\zam64.sys \SystemRoot\system32\DRIVERS\wanarp.sys \SystemRoot\system32\drivers\vpcvmm.sys \SystemRoot\system32\DRIVERS\termdd.sys \SystemRoot\system32\DRIVERS\rdbss.sys \SystemRoot\system32\drivers\nsiproxy.sys \SystemRoot\system32\DRIVERS\mssmbios.sys \??\C:\Windows\system32\drivers\mbae64.sys \SystemRoot\System32\drivers\discache.sys \SystemRoot\system32\drivers\csc.sys \SystemRoot\System32\Drivers\dfsc.sys \SystemRoot\system32\DRIVERS\blbdrive.sys \SystemRoot\system32\DRIVERS\tunnel.sys \SystemRoot\system32\DRIVERS\atikmpag.sys \SystemRoot\system32\DRIVERS\atikmdag.sys \SystemRoot\System32\drivers\dxgkrnl.sys \SystemRoot\System32\drivers\dxgmms1.sys \SystemRoot\system32\DRIVERS\HDAudBus.sys \SystemRoot\system32\DRIVERS\iusb3xhc.sys \SystemRoot\system32\DRIVERS\USBD.SYS \SystemRoot\system32\DRIVERS\HECIx64.sys \SystemRoot\system32\drivers\usbehci.sys \SystemRoot\system32\drivers\USBPORT.SYS \SystemRoot\system32\DRIVERS\Rt64win7.sys \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys \SystemRoot\system32\DRIVERS\intelppm.sys \SystemRoot\system32\DRIVERS\tib_mounter.sys \SystemRoot\system32\DRIVERS\CompositeBus.sys \SystemRoot\system32\DRIVERS\AgileVpn.sys \SystemRoot\system32\DRIVERS\rasl2tp.sys \SystemRoot\system32\DRIVERS\ndistapi.sys \SystemRoot\system32\DRIVERS\ndiswan.sys \SystemRoot\system32\DRIVERS\raspppoe.sys \SystemRoot\system32\DRIVERS\raspptp.sys \SystemRoot\system32\DRIVERS\rassstp.sys \SystemRoot\system32\DRIVERS\rdpbus.sys \SystemRoot\system32\DRIVERS\kbdclass.sys \SystemRoot\system32\DRIVERS\mouclass.sys \SystemRoot\system32\DRIVERS\swenum.sys \SystemRoot\system32\DRIVERS\ks.sys \SystemRoot\system32\DRIVERS\btath_bus.sys \SystemRoot\system32\drivers\DDDriver64Dcsa.sys \SystemRoot\system32\drivers\DellProf.sys \SystemRoot\system32\DRIVERS\umbus.sys \SystemRoot\system32\drivers\NetgearUDSMBus.sys \SystemRoot\system32\DRIVERS\vpcusb.sys \SystemRoot\system32\DRIVERS\usbrpm.sys \SystemRoot\system32\DRIVERS\vpchbus.sys \SystemRoot\system32\drivers\usbhub.sys \SystemRoot\System32\Drivers\NDProxy.SYS \SystemRoot\system32\drivers\AtihdW76.sys \SystemRoot\system32\drivers\portcls.sys \SystemRoot\system32\drivers\drmk.sys \SystemRoot\system32\drivers\ksthunk.sys \SystemRoot\system32\DRIVERS\iusb3hub.sys \SystemRoot\system32\drivers\RTKVHD64.sys \SystemRoot\system32\DRIVERS\IntcDAud.sys \SystemRoot\System32\Drivers\crashdmp.sys \SystemRoot\System32\Drivers\dump_iaStor.sys \SystemRoot\System32\Drivers\dump_dumpfve.sys \SystemRoot\System32\win32k.sys \SystemRoot\System32\drivers\Dxapi.sys \SystemRoot\system32\DRIVERS\usbccgp.sys \SystemRoot\system32\DRIVERS\hidusb.sys \SystemRoot\system32\DRIVERS\HIDCLASS.SYS \SystemRoot\system32\DRIVERS\HIDPARSE.SYS \SystemRoot\system32\DRIVERS\LEqdUsb.Sys \SystemRoot\system32\DRIVERS\kbdhid.sys \SystemRoot\system32\DRIVERS\mouhid.sys \SystemRoot\system32\DRIVERS\LHidEqd.Sys \SystemRoot\system32\DRIVERS\btfilter.sys \SystemRoot\System32\Drivers\BTHUSB.sys \SystemRoot\System32\Drivers\bthport.sys \SystemRoot\system32\DRIVERS\USBSTOR.SYS \SystemRoot\system32\DRIVERS\LHidFilt.Sys \SystemRoot\system32\DRIVERS\LMouFilt.Sys \SystemRoot\system32\DRIVERS\usbprint.sys \SystemRoot\system32\DRIVERS\usbscan.sys \SystemRoot\system32\DRIVERS\WinUsb.sys \SystemRoot\system32\DRIVERS\rfcomm.sys \SystemRoot\system32\DRIVERS\BthEnum.sys \SystemRoot\system32\drivers\bthpan.sys \SystemRoot\system32\DRIVERS\btath_rcp.sys \SystemRoot\system32\drivers\btath_avdt.sys \SystemRoot\system32\drivers\btath_a2dp.sys \SystemRoot\system32\DRIVERS\btath_hcrp.sys \SystemRoot\system32\DRIVERS\btath_flt.sys \SystemRoot\system32\DRIVERS\btath_lwflt.sys \SystemRoot\system32\DRIVERS\monitor.sys \SystemRoot\System32\TSDDD.dll \SystemRoot\System32\cdd.dll \SystemRoot\System32\ATMFD.DLL \SystemRoot\system32\drivers\luafv.sys \SystemRoot\system32\drivers\MBAMChameleon.sys \SystemRoot\system32\DRIVERS\tib.sys \SystemRoot\system32\DRIVERS\lltdio.sys \SystemRoot\system32\DRIVERS\nwifi.sys \SystemRoot\system32\DRIVERS\ndisuio.sys \SystemRoot\system32\DRIVERS\rspndr.sys \SystemRoot\system32\DRIVERS\bowser.sys \SystemRoot\System32\drivers\mpsdrv.sys \SystemRoot\system32\DRIVERS\mrxsmb.sys \SystemRoot\system32\DRIVERS\mrxsmb10.sys \SystemRoot\system32\DRIVERS\mrxsmb20.sys \??\C:\Windows\system32\drivers\npf.sys \SystemRoot\system32\drivers\peauth.sys \SystemRoot\System32\DRIVERS\srvnet.sys \SystemRoot\System32\drivers\tcpipreg.sys \SystemRoot\system32\DRIVERS\tmusa.sys \SystemRoot\System32\DRIVERS\srv2.sys \SystemRoot\System32\DRIVERS\srv.sys \SystemRoot\System32\Drivers\fastfat.SYS \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys \SystemRoot\system32\drivers\WudfPf.sys \SystemRoot\system32\DRIVERS\WUDFRd.sys \??\C:\Windows\system32\drivers\mwac.sys \??\C:\Windows\system32\drivers\mbam.sys \SystemRoot\system32\DRIVERS\farflt.sys \SystemRoot\system32\DRIVERS\tmnciesc.sys \SystemRoot\system32\DRIVERS\tmeevw.sys \SystemRoot\system32\drivers\HTTP.sys \SystemRoot\system32\DRIVERS\umpass.sys \SystemRoot\system32\drivers\NetgearUDSTcpBus.sys \SystemRoot\system32\DRIVERS\asyncmac.sys \Windows\System32\ntdll.dll \Windows\System32\smss.exe \Windows\System32\apisetschema.dll \Windows\System32\autochk.exe \Windows\System32\user32.dll \Windows\System32\advapi32.dll \Windows\System32\kernel32.dll \Windows\System32\urlmon.dll \Windows\System32\oleaut32.dll \Windows\System32\shlwapi.dll \Windows\System32\lpk.dll \Windows\System32\Wldap32.dll \Windows\System32\wininet.dll \Windows\System32\shell32.dll \Windows\System32\difxapi.dll \Windows\System32\ws2_32.dll \Windows\System32\usp10.dll \Windows\System32\rpcrt4.dll \Windows\System32\setupapi.dll \Windows\System32\ole32.dll \Windows\System32\imagehlp.dll \Windows\System32\imm32.dll \Windows\System32\nsi.dll \Windows\System32\comdlg32.dll \Windows\System32\sechost.dll \Windows\System32\iertutil.dll \Windows\System32\psapi.dll \Windows\System32\msvcrt.dll \Windows\System32\normaliz.dll \Windows\System32\msctf.dll \Windows\System32\clbcatq.dll \Windows\System32\gdi32.dll \Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll \Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll \Windows\System32\devobj.dll \Windows\System32\crypt32.dll \Windows\System32\wintrust.dll \Windows\System32\cfgmgr32.dll \Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll \Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll \Windows\System32\comctl32.dll \Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll \Windows\System32\KernelBase.dll \Windows\System32\userenv.dll \Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll \Windows\System32\profapi.dll \Windows\System32\msasn1.dll \Windows\SysWOW64\normaliz.dll ----------- End ----------- Done! Scan started Database versions: main: v2017.09.19.11 rootkit: v2017.09.13.01 <<<2>>> Physical Sector Size: 512 Drive: 0, DevicePointer: 0xfffffa8009bc9060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa8009bc9b90, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa8009bc9060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa8007433200, DeviceName: Unknown, DriverName: \Driver\ACPI\ DevicePointer: 0xfffffa800743a050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\ ------------ End ---------- Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ Upper DeviceData: 0x0, 0x0, 0x0 Lower DeviceData: 0x0, 0x0, 0x0 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes <<<2>>> <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers... Done! Drive 0 This is a System drive Scanning MBR on drive 0... Inspecting partition table: MBR Signature: 55AA Disk Signature: 40511AD1 Partition information: Partition 0 type is Other (0xde) Partition is NOT ACTIVE. Partition starts at LBA: 63 Numsec = 80262 Partition is not bootable Partition 1 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 81920 Numsec = 31776768 Partition is bootable Partition file system is NTFS Partition 2 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 31858688 Numsec = 1921662976 Partition is not bootable Partition file system is NTFS Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition is not bootable Disk Size: 1000204886016 bytes Sector size: 512 bytes Done! Physical Sector Size: 0 Drive: 1, DevicePointer: 0xfffffa800ba7a790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa800b88eb90, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa800ba7a790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa800b888b60, DeviceName: \Device\000000aa\, DriverName: \Driver\USBSTOR\ ------------ End ---------- Physical Sector Size: 0 Drive: 2, DevicePointer: 0xfffffa800ba86060, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa800b890b90, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa800ba86060, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa800b886b60, DeviceName: \Device\000000ab\, DriverName: \Driver\USBSTOR\ ------------ End ---------- Physical Sector Size: 0 Drive: 3, DevicePointer: 0xfffffa800ba0f790, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa800b891b90, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa800ba0f790, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa800b87fb60, DeviceName: \Device\000000ac\, DriverName: \Driver\USBSTOR\ ------------ End ---------- Physical Sector Size: 0 Drive: 4, DevicePointer: 0xfffffa800ba15790, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa800b892b90, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa800ba15790, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa800b889b60, DeviceName: \Device\000000ad\, DriverName: \Driver\USBSTOR\ ------------ End ---------- Physical Sector Size: 0 Drive: 5, DevicePointer: 0xfffffa800ba2a060, DeviceName: \Device\Harddisk5\DR5\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa800b8aeb90, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa800ba2a060, DeviceName: \Device\Harddisk5\DR5\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa800b84cb60, DeviceName: \Device\000000b2\, DriverName: \Driver\USBSTOR\ ------------ End ---------- Scan finished ======================================= Removal queue found; removal started Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-0-63-i.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-1-81920-i.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-2-31858688-i.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam... Removal finished
  3. Another odd thing that may be unrelated is that Trend Micro keeps hanging at 11%. I reinstalled it [before you started looking at it] but it's doing it again.
  4. Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 11-09-2017 Ran by Dick Albin (administrator) on DESKTOP02 (11-09-2017 16:11:23) Running from C:\Users\Dick Albin\Desktop Loaded Profiles: Dick Albin (Available Profiles: Dick Albin & Linda & Farm & Guest) Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: IE) Boot Mode: Normal ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Logitech Inc.) C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe (Intel Corporation) C:\Windows\System32\igfxCUIService.exe (Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe (Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe (Trend Micro Inc.) C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiWatchDog.exe (Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe () C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe (Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Atheros Commnucations) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe (Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe (Sanford, L.P.) C:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe (SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE (NETGEAR) C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe (Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtSvcHost.exe (Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtWatchDog.exe (Trend Micro Inc.) C:\Program Files\Trend Micro\PasswordManager\PwmSvc.exe (TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Atheros) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe (Atheros) C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE () C:\Program Files\Trend Micro\PasswordManager\tower\PwmTower.exe () C:\Program Files\Trend Micro\PasswordManager\tower\PwmTower.exe () C:\Program Files\Trend Micro\PasswordManager\tower\PwmTower.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtSessionAgent.exe (Trend Micro Inc.) C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiSeAgnt.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe (Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Dell Inc.) C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe (SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe (Acronis) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe (Dell Inc.) C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe (Dell Inc.) C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Dell Inc.) C:\Program Files\Dell\DellDataVault\atiw.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Google Inc.) C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe (Copyright 2017.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe (Copyright 2017.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe ==================== Registry (Whitelisted) ==================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6457960 2011-12-23] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1156712 2011-11-16] (Realtek Semiconductor) HKLM\...\Run: [Kernel and Hardware Abstraction Layer] => C:\Windows\KHALMNPR.EXE [130576 2009-06-17] (Logitech, Inc.) HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [570152 2014-08-14] (Acronis) HKLM\...\Run: [AtherosBtStack] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\btvstack.exe [1023104 2012-12-27] (Atheros Commnucations) HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\athbttray.exe [801920 2012-12-27] (Atheros Commnucations) HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-04-07] (Apple Inc.) HKLM\...\Run: [Platinum] => C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtSessionAgent.exe [1266176 2016-12-02] (Trend Micro Inc.) HKLM\...\Run: [Trend Micro Client Framework] => C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe [256744 2016-07-24] (Trend Micro Inc.) HKLM\...\Run: [ZAM] => C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [15775888 2017-08-09] (Copyright 2017.) HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2011-11-29] (Intel Corporation) HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-02-17] (Intel Corporation) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-03-20] (Apple Inc.) HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe [620152 2006-10-22] (Adobe Systems Inc.) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [Adobe Photo Downloader] => C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\apdproxy.exe [67488 2007-09-11] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Intuit SyncManager] => C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe [3774776 2014-01-10] (Intuit Inc. All rights reserved.) HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [5343664 2015-07-20] (Acronis) HKLM-x32\...\Run: [AcronisTibMounterMonitor] => C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe [691056 2015-07-20] (Acronis International GmbH) HKLM-x32\...\Run: [NETGEAR USB Control Center] => C:\Program Files (x86)\NETGEAR\USB Control Center\Control Center.exe [4139008 2012-09-20] () HKLM-x32\...\Run: [IndexSearch] => C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe [47432 2013-08-15] (Nuance Communications, Inc.) HKLM-x32\...\Run: [PaperPort PTD] => C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe [31048 2013-08-15] (Nuance Communications, Inc.) HKLM-x32\...\Run: [PDFHook] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe [636192 2010-03-05] (Nuance Communications, Inc.) HKLM-x32\...\Run: [PDF5 Registry Controller] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe [62752 2010-03-05] (Nuance Communications, Inc.) HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [139776 2016-02-03] (Brother Industries, Ltd.) HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [4513792 2014-05-22] (Brother Industries, Ltd.) HKLM-x32\...\Run: [BrHelp] => C:\Program Files (x86)\Brother\Brother Help\BrotherHelp.exe [1944576 2013-03-07] (Brother Industries, Ltd.) HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [3487032 2017-09-06] (Dropbox, Inc.) Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.) HKU\S-1-5-21-2377353217-2488679963-1038452676-1000\...\Run: [TomTomHOME.exe] => C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe [254840 2017-03-17] (TomTom) HKU\S-1-5-21-2377353217-2488679963-1038452676-1000\...\Run: [NETGEARGenie] => C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe [602880 2014-12-15] (NETGEAR Inc.) HKU\S-1-5-21-2377353217-2488679963-1038452676-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9832152 2017-08-03] (Piriform Ltd) HKU\S-1-5-21-2377353217-2488679963-1038452676-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2015-04-26] (Apple Inc.) HKU\S-1-5-21-2377353217-2488679963-1038452676-1000\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2015-04-26] (Apple Inc.) HKU\S-1-5-21-2377353217-2488679963-1038452676-1000\...\Run: [Spotify Web Helper] => C:\Users\Dick Albin\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1562224 2017-07-14] (Spotify Ltd) HKU\S-1-5-21-2377353217-2488679963-1038452676-1000\...\Run: [AppleIEDAV] => C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe [1079592 2015-04-26] (Apple Inc.) HKU\S-1-5-21-2377353217-2488679963-1038452676-1000\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [43816 2015-04-26] (Apple Inc.) HKU\S-1-5-21-2377353217-2488679963-1038452676-1000\...\RunOnce: [Uninstall C:\Users\Dick Albin\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Dick Albin\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64" HKU\S-1-5-21-2377353217-2488679963-1038452676-1000\...\RunOnce: [Uninstall C:\Users\Dick Albin\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Dick Albin\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512\amd64" HKU\S-1-5-21-2377353217-2488679963-1038452676-1000\...\RunOnce: [Uninstall C:\Users\Dick Albin\AppData\Local\Microsoft\SkyDrive\17.3.1165.0612\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Dick Albin\AppData\Local\Microsoft\SkyDrive\17.3.1165.0612\amd64" HKU\S-1-5-21-2377353217-2488679963-1038452676-1000\...\RunOnce: [Uninstall C:\Users\Dick Albin\AppData\Local\Microsoft\SkyDrive\17.3.1166.0618\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Dick Albin\AppData\Local\Microsoft\SkyDrive\17.3.1166.0618\amd64" HKU\S-1-5-21-2377353217-2488679963-1038452676-1000\...\RunOnce: [Uninstall C:\Users\Dick Albin\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Dick Albin\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64" HKU\S-1-5-21-2377353217-2488679963-1038452676-1000\...\RunOnce: [Uninstall C:\Users\Dick Albin\AppData\Local\Microsoft\OneDrive\17.3.5860.0512\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Dick Albin\AppData\Local\Microsoft\OneDrive\17.3.5860.0512\amd64" HKU\S-1-5-21-2377353217-2488679963-1038452676-1000\...\RunOnce: [Uninstall C:\Users\Dick Albin\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Dick Albin\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\amd64" HKU\S-1-5-21-2377353217-2488679963-1038452676-1000\...\MountPoints2: {6f0b270e-c927-11e3-9af1-08edb92422fa} - I:\AutoRun.exe HKU\S-1-5-21-2377353217-2488679963-1038452676-1000\...\MountPoints2: {fb50aa2b-99fc-11e1-94b9-08edb92422fa} - L:\Windows\CHECK\DriveNavigator.exe HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe" Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk [2012-05-31] ShortcutTarget: Adobe Acrobat Speed Launcher.lnk -> C:\Windows\Installer\{AC76BA86-1033-0000-BA7E-000000000003}\_SC_Acrobat.exe () Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat Synchronizer.lnk [2012-05-31] ShortcutTarget: Adobe Acrobat Synchronizer.lnk -> C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe () Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Logitech SetPoint.lnk [2012-05-19] ShortcutTarget: Logitech SetPoint.lnk -> C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk [2012-10-28] ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Limited.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk [2012-10-28] ShortcutTarget: QuickBooks_Standard_21.lnk -> C:\Program Files (x86)\Intuit\QuickBooks 2013\QBW32.EXE (Intuit Limited.) Startup: C:\Users\Dick Albin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2015-05-15] ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe (Microsoft Corporation) GroupPolicy: Restriction - Chrome <==== ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{5BFAFD3A-0D34-4970-A189-1C57170E6170}: [DhcpNameServer] 172.20.10.1 Tcpip\..\Interfaces\{7298F93E-5BC6-4940-9638-548C9D3E506E}: [DhcpNameServer] 192.168.1.254 Tcpip\..\Interfaces\{FF322152-F8AC-4B68-BE2B-2FC01D8B4E0A}: [DhcpNameServer] 192.168.0.1 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?bcutc=sp-004-752 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?bcutc=sp-004-752&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = HKU\S-1-5-21-2377353217-2488679963-1038452676-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?bcutc=sp-004-752&q={searchTerms} HKU\S-1-5-21-2377353217-2488679963-1038452676-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.virginmedia.com/ SearchScopes: HKLM -> {47ABDE33-6A25-4C19-BFA8-B1075CACCFD0} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLSDF8&pc=MDDR&src=IE-SearchBox SearchScopes: HKLM-x32 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?bcutc=sp-004-752&q={searchTerms} SearchScopes: HKLM-x32 -> {47ABDE33-6A25-4C19-BFA8-B1075CACCFD0} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLSDF8&pc=MDDR&src=IE-SearchBox SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?bcutc=sp-004-752&q={searchTerms} SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-2377353217-2488679963-1038452676-1000 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?bcutc=sp-004-752&q={searchTerms} BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2017-08-16] (Microsoft Corporation) BHO: Trend Micro Security Toolbar Helper -> {43C6D902-A1C5-45c9-91F6-FD9E90337E18} -> C:\Program Files\Trend Micro\Titanium\plugin\ToolbarIE64\ToolbarIE.dll [2016-07-24] (Trend Micro Inc.) BHO: Password Manager BHO -> {782829FB-43A5-4AE0-A14E-590A252E7946} -> C:\Program Files\Trend Micro\PasswordManager\bhoDirectPass64.dll [2017-07-14] (Trend Micro Inc.) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.) BHO: Trend Micro Network Filter Plugin -> {959A5673-7971-48e6-AF54-58F745AC4ABC} -> C:\Program Files\Trend Micro\AMSP\module\20013\5.0.1403\2.7.1088\TmopIEPlg.dll [2017-01-10] (Trend Micro Inc.) BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-10-18] (Google Inc.) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2017-03-14] (Microsoft Corporation) BHO: Trend Micro IE Protection -> {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} -> C:\Program Files\Trend Micro\AMSP\module\20002\9.2.1026\9.2.1026\TmBpIe64.dll [2016-06-29] (Trend Micro Inc.) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2017-07-11] (Microsoft Corporation) BHO-x32: No Name -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> No File BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2017-08-16] (Microsoft Corporation) BHO-x32: Trend Micro Security Toolbar Helper -> {43C6D902-A1C5-45c9-91F6-FD9E90337E18} -> C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll [2016-07-24] (Trend Micro Inc.) BHO-x32: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll [2009-02-06] (Zeon Corporation) BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll [2012-12-27] (Atheros Commnucations) BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.) BHO-x32: Trend Micro Network Filter Plugin -> {959A5673-7971-48e6-AF54-58F745AC4ABC} -> C:\Program Files\Trend Micro\AMSP\module\20013\5.0.1403\2.7.1088\TmopIEPlg32.dll [2017-01-10] (Trend Micro Inc.) BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-10-18] (Google Inc.) BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006-10-22] (Adobe Systems Incorporated) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2017-03-14] (Microsoft Corporation) BHO-x32: Trend Micro IE Protection -> {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} -> C:\Program Files\Trend Micro\AMSP\module\20002\9.2.1026\9.2.1026\TmBpIe32.dll [2016-06-29] (Trend Micro Inc.) BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2017-07-11] (Microsoft Corporation) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-10-18] (Google Inc.) Toolbar: HKLM - Password Manager ToolBar - {97EE74D2-C351-4ECE-B75A-8CD36FAE3661} - C:\Program Files\Trend Micro\PasswordManager\bhoDirectPass64.dll [2017-07-14] (Trend Micro Inc.) Toolbar: HKLM - Trend Micro Security Toolbar - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\plugin\ToolbarIE64\ToolbarIE.dll [2016-07-24] (Trend Micro Inc.) Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006-10-22] (Adobe Systems Incorporated) Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-10-18] (Google Inc.) Toolbar: HKLM-x32 - Trend Micro Security Toolbar - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll [2016-07-24] (Trend Micro Inc.) Toolbar: HKU\S-1-5-21-2377353217-2488679963-1038452676-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-10-18] (Google Inc.) Toolbar: HKU\S-1-5-21-2377353217-2488679963-1038452676-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File Handler-x32: intu-help-qb6 - {6898B29B-BF49-43cb-A0B1-D0B9496AF491} - C:\Program Files (x86)\Intuit\QuickBooks 2013\HelpAsyncPluggableProtocol.dll [2014-01-10] (Intuit, Inc.) Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2016-04-20] (Microsoft Corporation) Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\9.2.1026\9.2.1026\TmBpIe64.dll [2016-06-29] (Trend Micro Inc.) Handler-x32: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\9.2.1026\9.2.1026\TmBpIe32.dll [2016-06-29] (Trend Micro Inc.) Handler: tmop - {69FD7CE3-4604-4fe6-967C-49B9735CEE70} - C:\Program Files\Trend Micro\AMSP\module\20013\5.0.1403\2.7.1088\TmopIEPlg.dll [2017-01-10] (Trend Micro Inc.) Handler-x32: tmop - {69FD7CE3-4604-4fe6-967C-49B9735CEE70} - C:\Program Files\Trend Micro\AMSP\module\20013\5.0.1403\2.7.1088\TmopIEPlg32.dll [2017-01-10] (Trend Micro Inc.) Handler: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\plugin\ToolbarIE64\ToolbarIE.dll [2016-07-24] (Trend Micro Inc.) Handler-x32: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll [2016-07-24] (Trend Micro Inc.) Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\plugin\ToolbarIE64\ProToolbarIMRatingActiveX.dll [2016-07-24] (Trend Micro Inc.) Handler-x32: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll [2016-07-24] (Trend Micro Inc.) FireFox: ======== FF ProfilePath: C:\Users\Dick Albin\AppData\Roaming\TomTom\HOME\Profiles\n7owkkwe.default [2017-09-09] FF Extension: (Emulator) - C:\Users\Dick Albin\AppData\Roaming\TomTom\HOME\Profiles\n7owkkwe.default\Extensions\Navcore.7.901.9181@tomtom.com [2012-07-17] [not signed] FF Extension: (Emulator) - C:\Users\Dick Albin\AppData\Roaming\TomTom\HOME\Profiles\n7owkkwe.default\Extensions\Navcore.9.430.890926@tomtom.com [2012-10-07] [not signed] FF Extension: (Emulator) - C:\Users\Dick Albin\AppData\Roaming\TomTom\HOME\Profiles\n7owkkwe.default\Extensions\Navcore.9.465.1074274@tomtom.com [2013-04-18] [not signed] FF Extension: (Emulator) - C:\Users\Dick Albin\AppData\Roaming\TomTom\HOME\Profiles\n7owkkwe.default\Extensions\Navcore.9.500.1161701@tomtom.com [2016-04-25] [not signed] FF Extension: (Emulator) - C:\Users\Dick Albin\AppData\Roaming\TomTom\HOME\Profiles\n7owkkwe.default\Extensions\Navcore.9.510.1234792@tomtom.com [2016-03-23] [not signed] FF Extension: (Tyre) - C:\Users\Dick Albin\AppData\Roaming\TomTom\HOME\Profiles\n7owkkwe.default\Extensions\tyre@tyre.tk [2016-07-31] [not signed] FF ProfilePath: C:\Users\Dick Albin\AppData\Roaming\Mozilla\Firefox\Profiles\a00a15lm.default [2017-09-11] FF DefaultSearchEngine: Mozilla\Firefox\Profiles\a00a15lm.default -> Yahoo! (Avast) FF DefaultSearchUrl: Mozilla\Firefox\Profiles\a00a15lm.default -> hxxps://uk.search.yahoo.com/yhs/search FF SearchEngineOrder.1: Mozilla\Firefox\Profiles\a00a15lm.default -> Yahoo! (Avast) FF SelectedSearchEngine: Mozilla\Firefox\Profiles\a00a15lm.default -> Yahoo! (Avast) FF Homepage: Mozilla\Firefox\Profiles\a00a15lm.default -> hxxps://uk.yahoo.com/?fr=hp-avast&type=752 FF Keyword.URL: Mozilla\Firefox\Profiles\a00a15lm.default -> hxxps://uk.search.yahoo.com/yhs/search FF NetworkProxy: Mozilla\Firefox\Profiles\a00a15lm.default -> no_proxies_on", "hxxps://localhost, localhost, 127.0.0.1" FF SearchPlugin: C:\Users\Dick Albin\AppData\Roaming\Mozilla\Firefox\Profiles\a00a15lm.default\searchplugins\yahoo-avast.xml [2017-09-08] FF HKLM\...\Firefox\Extensions: [tmbepff@trendmicro.com] - C:\Program Files\Trend Micro\AMSP\module\20002\9.2.1026\9.2.1026\firefoxextension FF Extension: (Trend Micro BEP Firefox Extension) - C:\Program Files\Trend Micro\AMSP\module\20002\9.2.1026\9.2.1026\firefoxextension [2017-09-05] FF HKLM\...\Firefox\Extensions: [{c2056674-a37f-4b29-9300-2004759d74fe}] - C:\Program Files\Trend Micro\AMSP\module\20013\FxExt\firefoxextension FF Extension: (No Name) - C:\Program Files\Trend Micro\AMSP\module\20013\FxExt\firefoxextension [2017-09-05] [not signed] FF HKLM\...\Firefox\Extensions: [com.trendmicro.tmopfirefox.ext@trendop] - C:\Program Files\Trend Micro\AMSP\module\20013\FxExt\firefoxextension\com.trendmicro.tmopfirefox.ext@trendop.xpi FF Extension: (Trend Micro Osprey Firefox Extension) - C:\Program Files\Trend Micro\AMSP\module\20013\FxExt\firefoxextension\com.trendmicro.tmopfirefox.ext@trendop.xpi [2017-01-24] FF HKLM-x32\...\Firefox\Extensions: [tmbepff@trendmicro.com] - C:\Program Files\Trend Micro\AMSP\module\20002\9.2.1026\9.2.1026\firefoxextension FF HKLM-x32\...\Firefox\Extensions: [{c2056674-a37f-4b29-9300-2004759d74fe}] - C:\Program Files\Trend Micro\AMSP\module\20013\FxExt\firefoxextension FF HKLM-x32\...\Firefox\Extensions: [{22181a4d-af90-4ca3-a569-faed9118d6bc}] - C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension FF Extension: (Trend Micro Toolbar) - C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension [2017-09-06] FF HKLM-x32\...\Firefox\Extensions: [com.trendmicro.tmopfirefox.ext@trendop] - C:\Program Files\Trend Micro\AMSP\module\20013\FxExt\firefoxextension\com.trendmicro.tmopfirefox.ext@trendop.xpi FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_26_0_0_151.dll [2017-08-09] () FF Plugin: @microsoft.com/GENUINE -> disabled [No File] FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_26_0_0_151.dll [2017-08-09] () FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] () FF Plugin-x32: @dymo.com/DymoLabelFramework -> C:\Program Files (x86)\DYMO\DYMO Label Software\Framework\npDYMOLabelFramework.dll [2014-03-20] ( Sanford L.P.) FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google) FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File] FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-07-12] (Microsoft Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-04-10] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-27] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-27] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-07-31] (Adobe Systems Inc.) Chrome: ======= CHR DefaultProfile: Default CHR HomePage: Default -> hxxp://www.google.com/ CHR StartupUrls: Default -> "hxxp://www.google.com/" CHR Profile: C:\Users\Dick Albin\AppData\Local\Google\Chrome\User Data\Default [2017-09-08] CHR Extension: (YouTube) - C:\Users\Dick Albin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-08] CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Dick Albin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-10-08] CHR Extension: (Skype Click to Call) - C:\Users\Dick Albin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-10-08] CHR Extension: (Chrome Web Store Payments) - C:\Users\Dick Albin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-10-08] CHR Extension: (Trend Micro Toolbar) - C:\Users\Dick Albin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohhcpmplhhiiaoiddkfboafbhiknefdf [2015-10-08] CHR Extension: (Gmail) - C:\Users\Dick Albin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-10-08] CHR HKLM-x32\...\Chrome\Extension: [dflinnddekagfkncpgojoppgnppfkbkj] - <no Path/update_url> CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [ohhcpmplhhiiaoiddkfboafbhiknefdf] - hxxps://clients2.google.com/service/update2/crx ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AdobeActiveFileMonitor6.0; C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [124832 2007-09-11] () S3 ALG; C:\Windows\System32\alg.exe [79360 2009-07-14] (Microsoft Corporation) R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-20] (Apple Inc.) R2 AtherosSvc; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [204928 2012-12-27] (Atheros Commnucations) [File not signed] R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [282112 2013-09-25] (Brother Industries, Ltd.) [File not signed] R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3042544 2017-03-14] (Microsoft Corporation) S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-09-06] (Dropbox, Inc.) S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-09-06] (Dropbox, Inc.) R2 DbxSvc; C:\Windows\system32\DbxSvc.exe [49992 2017-09-06] (Dropbox, Inc.) R2 DDVCollectorSvcApi; C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe [208760 2017-07-27] (Dell Inc.) R2 DDVDataCollector; C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe [3294584 2017-07-27] (Dell Inc.) R2 DDVRulesProcessor; C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe [217464 2017-07-27] (Dell Inc.) R2 DymoPnpService; C:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe [33072 2014-03-20] (Sanford, L.P.) R2 EFS; C:\Windows\System32\lsass.exe [30720 2017-07-07] (Microsoft Corporation) S3 Fax; C:\Windows\system32\fxssvc.exe [689152 2010-11-21] (Microsoft Corporation) S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2012-05-31] (Macrovision Europe Ltd.) [File not signed] S3 FLEXnet Licensing Service 64; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [1030600 2012-06-04] (Macrovision Europe Ltd.) [File not signed] S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed] S3 IEEtwCollectorService; C:\Windows\system32\IEEtwCollector.exe [116224 2017-07-14] (Microsoft Corporation) R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [330136 2015-08-27] (Intel Corporation) R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128280 2012-01-21] () R3 KeyIso; C:\Windows\system32\lsass.exe [30720 2017-07-07] (Microsoft Corporation) R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6058960 2017-08-21] (Malwarebytes) S3 MSDTC; C:\Windows\System32\msdtc.exe [141824 2009-07-14] (Microsoft Corporation) S3 msiserver; C:\Windows\System32\msiexec.exe [128512 2016-11-09] (Microsoft Corporation) S3 msiserver; C:\Windows\SysWOW64\msiexec.exe [73216 2016-11-09] (Microsoft Corporation) R2 NETGEARGenieDaemon; C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe [232192 2014-12-15] (NETGEAR) S3 Netlogon; C:\Windows\system32\lsass.exe [30720 2017-07-07] (Microsoft Corporation) R2 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [145736 2013-08-15] (Nuance Communications, Inc.) R2 Platinum Host Service; C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtSvcHost.exe [1145856 2016-12-02] (Trend Micro Inc.) S3 ProtectedStorage; C:\Windows\system32\lsass.exe [30720 2017-07-07] (Microsoft Corporation) R2 PwmSvc; C:\Program Files\Trend Micro\PasswordManager\PwmSvc.exe [2679232 2017-07-14] (Trend Micro Inc.) S4 QBCFMonitorService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2014-01-10] (Intuit) [File not signed] S4 QBFCService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [61440 2012-08-18] (Intuit Inc.) [File not signed] S3 RpcLocator; C:\Windows\system32\locator.exe [10240 2009-07-14] (Microsoft Corporation) R2 SamSs; C:\Windows\system32\lsass.exe [30720 2017-07-07] (Microsoft Corporation) S3 SNMPTRAP; C:\Windows\System32\snmptrap.exe [14336 2009-07-14] (Microsoft Corporation) R2 Spooler; C:\Windows\System32\spoolsv.exe [559104 2012-02-11] (Microsoft Corporation) S2 sppsvc; C:\Windows\system32\sppsvc.exe [3524608 2010-11-21] (Microsoft Corporation) S2 SupportAssistAgent; C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [53208 2017-08-04] (Dell Inc.) S3 UI0Detect; C:\Windows\system32\UI0Detect.exe [40960 2009-07-14] (Microsoft Corporation) R3 VaultSvc; C:\Windows\system32\lsass.exe [30720 2017-07-07] (Microsoft Corporation) S3 vds; C:\Windows\System32\vds.exe [533504 2010-11-21] (Microsoft Corporation) S3 VSS; C:\Windows\system32\vssvc.exe [1600512 2010-11-21] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) R2 WSearch; C:\Windows\system32\SearchIndexer.exe [591872 2017-07-14] (Microsoft Corporation) R2 WSearch; C:\Windows\SysWOW64\SearchIndexer.exe [427520 2017-07-14] (Microsoft Corporation) R2 ZAMSvc; C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [15775888 2017-08-09] (Copyright 2017.) R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe [327296 2012-12-27] (Atheros) [File not signed] R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [81536 2012-12-26] (Atheros) [File not signed] R2 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=rb -dt=60000 -ad -bt=0 [X] ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 BTHprint; C:\Windows\System32\DRIVERS\bthprint.sys [67072 2009-07-14] (Microsoft Corporation) R3 DDDriver; C:\Windows\System32\drivers\DDDriver64Dcsa.sys [32960 2017-06-20] (Dell Inc.) R3 DellProf; C:\Windows\System32\drivers\DellProf.sys [32568 2017-06-20] (Dell Computer Corporation) R0 file_tracker; C:\Windows\System32\DRIVERS\file_tracker.sys [296736 2014-09-20] (Acronis International GmbH) R2 MBAMChameleon; C:\Windows\system32\drivers\MBAMChameleon.sys [192960 2017-09-09] (Malwarebytes) R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [253888 2017-09-11] (Malwarebytes) R3 NetgearUDSMBus; C:\Windows\System32\drivers\NetgearUDSMBus.sys [107296 2012-08-13] (Windows (R) Codename Longhorn DDK provider) R3 NetgearUDSMBus; C:\Windows\SysWOW64\drivers\NetgearUDSMBus.sys [92160 2012-06-15] (Windows (R) Codename Longhorn DDK provider) [File not signed] R3 NetgearUDSTcpBus; C:\Windows\System32\drivers\NetgearUDSTcpBus.sys [183584 2012-08-13] (Windows (R) Codename Longhorn DDK provider) R3 NetgearUDSTcpBus; C:\Windows\SysWOW64\drivers\NetgearUDSTcpBus.sys [153600 2012-06-15] (Windows (R) Codename Longhorn DDK provider) [File not signed] R2 NPF; C:\Windows\system32\drivers\npf.sys [35344 2015-01-28] (CACE Technologies, Inc.) S3 pmxdrv; C:\Windows\system32\drivers\pmxdrv.sys [31152 2012-11-11] () R2 tib; C:\Windows\System32\DRIVERS\tib.sys [1058632 2015-07-27] (Acronis International GmbH) R2 tib_mounter; C:\Windows\System32\DRIVERS\tib_mounter.sys [248648 2015-07-27] (Acronis International GmbH) R1 tmactmon; C:\Windows\System32\DRIVERS\tmactmon.sys [142544 2017-04-06] (Trend Micro Inc.) R0 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [434896 2017-04-06] (Trend Micro Inc.) R0 tmcomm; C:\Windows\SysWOW64\DRIVERS\tmcomm.sys [256904 2012-06-05] (Trend Micro Inc.) R0 TMEBC; C:\Windows\System32\DRIVERS\TMEBC64.sys [72504 2016-01-05] (Trend Micro Inc.) R3 tmeevw; C:\Windows\System32\DRIVERS\tmeevw.sys [143648 2016-06-21] (Trend Micro Inc.) R1 tmevtmgr; C:\Windows\System32\DRIVERS\tmevtmgr.sys [118992 2017-04-06] (Trend Micro Inc.) R3 tmnciesc; C:\Windows\System32\DRIVERS\tmnciesc.sys [561952 2016-06-24] (Trend Micro Inc.) R1 tmumh; C:\Windows\System32\DRIVERS\TMUMH.sys [113880 2017-04-13] (Trend Micro Inc.) R2 tmusa; C:\Windows\System32\DRIVERS\tmusa.sys [131800 2017-02-08] (Trend Micro Inc.) R1 ZAM; C:\Windows\System32\drivers\zam64.sys [203680 2017-09-11] (Zemana Ltd.) R1 ZAM_Guard; C:\Windows\System32\drivers\zamguard64.sys [203680 2017-09-11] (Zemana Ltd.) S3 dbx; system32\DRIVERS\dbx.sys [X] U2 TMAgent; no ImagePath ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-09-11 16:11 - 2017-09-11 16:11 - 000041044 _____ C:\Users\Dick Albin\Desktop\FRST.txt 2017-09-11 16:11 - 2017-09-11 16:11 - 000000000 ____D C:\Users\Dick Albin\Desktop\FRST-OlderVersion 2017-09-11 16:09 - 2017-09-11 16:09 - 000010933 _____ C:\Users\Dick Albin\Desktop\2017.09.11-15.29.57-i0-t92-d4.txt 2017-09-11 15:56 - 2017-09-11 15:56 - 000003484 _____ C:\Windows\System32\Tasks\PCDEventLauncherTask 2017-09-11 15:29 - 2017-09-11 16:11 - 000994444 _____ C:\Windows\ZAM.krnl.trace 2017-09-11 15:28 - 2017-09-11 16:11 - 000148352 _____ C:\Windows\ZAM_Guard.krnl.trace 2017-09-11 15:28 - 2017-09-11 15:28 - 000203680 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zamguard64.sys 2017-09-11 15:28 - 2017-09-11 15:28 - 000203680 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zam64.sys 2017-09-11 15:28 - 2017-09-11 15:28 - 000001154 _____ C:\Users\Public\Desktop\Zemana AntiMalware.lnk 2017-09-11 15:28 - 2017-09-11 15:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware 2017-09-11 15:28 - 2017-09-11 15:28 - 000000000 ____D C:\Program Files (x86)\Zemana AntiMalware 2017-09-11 15:27 - 2017-09-11 15:27 - 000000000 ____D C:\Users\Dick Albin\AppData\Local\Zemana 2017-09-11 15:26 - 2017-09-11 15:27 - 006625600 _____ (Zemana Ltd. ) C:\Users\Dick Albin\Desktop\Zemana.AntiMalware.Setup.exe 2017-09-11 15:08 - 2017-09-11 15:08 - 000000000 ___RD C:\Users\Dick Albin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices 2017-09-11 14:31 - 2017-09-11 15:22 - 000000559 _____ C:\Users\Dick Albin\Desktop\JRT.txt 2017-09-11 14:15 - 2017-09-11 14:15 - 001790024 _____ (Malwarebytes) C:\Users\Dick Albin\Desktop\JRT.exe 2017-09-11 11:01 - 2017-09-11 11:01 - 000003053 _____ C:\Users\Dick Albin\Desktop\Malwarebytes_scan_log_002.txt 2017-09-09 10:25 - 2017-09-09 10:25 - 000000000 ____D C:\Program Files (x86)\ESET 2017-09-09 10:23 - 2017-09-09 10:23 - 002870984 _____ (ESET) C:\Users\Dick Albin\Desktop\esetsmartinstaller_enu.exe 2017-09-08 21:00 - 2017-09-08 21:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox 2017-09-08 18:24 - 2017-09-08 18:24 - 000001227 _____ C:\Users\Dick Albin\Desktop\Malwarebytes_scan_log_001.txt 2017-09-08 17:55 - 2017-09-08 17:56 - 000077770 _____ C:\Users\Dick Albin\Desktop\Addition.txt 2017-09-08 17:53 - 2017-09-11 16:11 - 000000000 ____D C:\FRST 2017-09-08 17:53 - 2017-09-08 17:56 - 000087686 _____ C:\Users\Dick Albin\Desktop\FRST1.txt 2017-09-08 17:49 - 2017-09-11 16:11 - 002396672 _____ (Farbar) C:\Users\Dick Albin\Desktop\FRST64.exe 2017-09-08 10:41 - 2017-09-08 10:41 - 000004266 _____ C:\Windows\System32\Tasks\avast! BCU UpdateS-1-5-21-2377353217-2488679963-1038452676-1000 2017-09-08 10:41 - 2017-09-08 10:41 - 000003326 _____ C:\Windows\System32\Tasks\avastBCLS-1-5-21-2377353217-2488679963-1038452676-1000 2017-09-08 10:41 - 2017-09-08 10:41 - 000001113 _____ C:\Users\Dick Albin\Desktop\Avast Browser Cleanup.lnk 2017-09-08 10:41 - 2017-09-08 10:41 - 000000000 ____D C:\Users\Dick Albin\AppData\Roaming\Microsoft\Windows\Start Menu\Avast Browser Cleanup 2017-09-08 10:41 - 2017-09-08 10:41 - 000000000 ____D C:\Users\Dick Albin\AppData\Roaming\AVAST Software 2017-09-08 09:57 - 2017-09-08 09:57 - 000001280 _____ C:\Users\Dick Albin\Desktop\adwcleaner_7.0.2.1.exe - Shortcut.lnk 2017-09-08 09:56 - 2017-09-08 09:56 - 008182736 _____ (Malwarebytes) C:\Users\Dick Albin\Downloads\adwcleaner_7.0.2.1.exe 2017-09-07 17:05 - 2017-09-08 10:00 - 000000000 ____D C:\AdwCleaner 2017-09-07 14:50 - 2017-09-07 14:50 - 001093942 _____ C:\Windows\system32\cc_20170907_144946.reg 2017-09-06 17:45 - 2017-09-11 15:08 - 000084256 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys 2017-09-06 17:45 - 2017-09-09 10:24 - 000192960 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys 2017-09-06 17:44 - 2017-09-11 15:07 - 000045472 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys 2017-09-06 17:44 - 2017-09-11 15:06 - 000253888 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2017-09-06 17:44 - 2017-09-06 17:44 - 000001869 _____ C:\Users\Public\Desktop\Malwarebytes.lnk 2017-09-06 17:44 - 2017-09-06 17:44 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes 2017-09-06 17:44 - 2017-09-06 17:44 - 000000000 ____D C:\Program Files\Malwarebytes 2017-09-06 17:44 - 2017-08-24 11:27 - 000077440 _____ C:\Windows\system32\Drivers\mbae64.sys 2017-09-06 11:29 - 2017-09-06 11:29 - 000049992 _____ (Dropbox, Inc.) C:\Windows\system32\DbxSvc.exe 2017-09-06 11:29 - 2017-09-06 11:29 - 000045672 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-dev.sys 2017-09-06 11:29 - 2017-09-06 11:29 - 000045640 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-stable.sys 2017-09-06 11:29 - 2017-09-06 11:29 - 000045640 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-canary.sys 2017-09-05 15:27 - 2017-09-05 15:27 - 000000000 ___HD C:\TMRescueDisk 2017-09-05 15:24 - 2017-09-05 15:24 - 000001447 _____ C:\Users\Dick Albin\Desktop\Trend Micro Maximum Security.lnk 2017-09-05 15:24 - 2017-09-05 15:24 - 000000000 ____D C:\Users\Dick Albin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Trend Micro Maximum Security 2017-09-05 15:23 - 2017-04-13 01:26 - 000113880 _____ (Trend Micro Inc.) C:\Windows\system32\Drivers\TMUMH.sys 2017-09-05 15:23 - 2017-04-06 18:40 - 000434896 _____ (Trend Micro Inc.) C:\Windows\system32\Drivers\tmcomm.sys 2017-09-05 15:23 - 2017-04-06 18:40 - 000142544 _____ (Trend Micro Inc.) C:\Windows\system32\Drivers\tmactmon.sys 2017-09-05 15:23 - 2017-04-06 18:40 - 000118992 _____ (Trend Micro Inc.) C:\Windows\system32\Drivers\tmevtmgr.sys 2017-09-05 15:23 - 2017-02-08 22:37 - 000131800 _____ (Trend Micro Inc.) C:\Windows\system32\Drivers\tmusa.sys 2017-09-05 15:23 - 2016-06-24 07:58 - 000561952 _____ (Trend Micro Inc.) C:\Windows\system32\Drivers\tmnciesc.sys 2017-09-05 15:23 - 2016-06-21 04:23 - 000143648 _____ (Trend Micro Inc.) C:\Windows\system32\Drivers\tmeevw.sys 2017-09-05 15:23 - 2016-01-05 04:35 - 000072504 _____ (Trend Micro Inc.) C:\Windows\system32\Drivers\TMEBC64.sys 2017-09-05 15:21 - 2017-09-05 15:21 - 000000059 _____ C:\Windows\system32\SupportTool.exe.bat 2017-09-05 15:20 - 2017-09-05 15:20 - 000003312 _____ C:\Windows\System32\Tasks\AirSupport Update 2017-09-05 15:20 - 2017-09-05 15:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trend Micro Troubleshooting Tool 2017-09-05 15:02 - 2017-09-05 15:13 - 215984640 _____ (Trend Micro Inc.) C:\Users\Public\Desktop\TrendMicro_Download.exe 2017-08-19 09:24 - 2017-08-19 09:24 - 000000000 ___RD C:\Users\Linda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices 2017-08-13 08:29 - 2017-08-13 08:29 - 000000000 ____D C:\Users\Linda\AppData\Roaming\Sun ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-09-11 16:07 - 2017-07-22 00:52 - 000000000 ____D C:\Users\Dick Albin\AppData\Local\DP_Tower_3.7 2017-09-11 15:30 - 2012-05-08 21:00 - 000000000 ____D C:\Users\Dick Albin 2017-09-11 15:25 - 2016-09-06 21:01 - 000000916 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job 2017-09-11 15:17 - 2009-07-14 05:45 - 000031312 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2017-09-11 15:17 - 2009-07-14 05:45 - 000031312 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2017-09-11 15:11 - 2012-05-01 13:42 - 000000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup 2017-09-11 15:08 - 2016-10-11 13:43 - 000000000 ___RD C:\Users\Dick Albin\iCloudDrive 2017-09-11 15:05 - 2016-09-06 21:01 - 000000912 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job 2017-09-11 15:05 - 2012-05-01 13:37 - 000000828 _____ C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job 2017-09-11 15:05 - 2009-07-14 06:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT 2017-09-11 15:04 - 2016-11-05 07:44 - 000065536 _____ C:\Windows\system32\spu_storage.bin 2017-09-11 14:24 - 2012-05-01 13:37 - 000000830 _____ C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job 2017-09-11 14:09 - 2016-10-11 13:44 - 000000000 ____D C:\Users\Dick Albin\AppData\Local\64CA713B-2076-4408-97DD-09D1A105EC9D.aplzod 2017-09-11 14:09 - 2015-04-06 10:11 - 000000000 ____D C:\Users\Dick Albin\Documents\Outlook Files 2017-09-11 07:08 - 2015-06-17 23:37 - 000000010 _____ C:\Users\Dick Albin\AppData\Local\sponge.last.runtime.cache 2017-09-09 15:36 - 2015-08-13 07:03 - 000000000 ____D C:\ProgramData\TMDP_Log 2017-09-08 21:01 - 2016-09-06 21:01 - 000000000 ____D C:\Program Files (x86)\Dropbox 2017-09-07 18:28 - 2015-01-22 21:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ITN Converter 2017-09-07 16:59 - 2014-11-19 16:18 - 000000000 ____D C:\ProgramData\Package Cache 2017-09-07 16:48 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\inf 2017-09-07 16:46 - 2014-10-19 13:32 - 000000000 ____D C:\Program Files (x86)\Java 2017-09-06 18:16 - 2016-04-30 15:13 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox 2017-09-06 17:44 - 2015-09-26 17:15 - 000000000 ____D C:\ProgramData\Malwarebytes 2017-09-05 21:09 - 2012-05-15 23:08 - 000000000 ____D C:\Users\Dick Albin\AppData\Local\CrashDumps 2017-09-05 17:22 - 2012-11-01 04:32 - 000000000 ____D C:\Users\Dick Albin\AppData\Local\Trend Micro 2017-09-05 15:25 - 2015-06-17 00:33 - 000000000 ____D C:\ProgramData\Trend Micro Installer 2017-09-05 15:24 - 2012-05-01 13:52 - 000000000 ____D C:\ProgramData\Trend Micro 2017-09-05 15:21 - 2012-05-01 13:51 - 000000000 ____D C:\Program Files\Trend Micro 2017-09-05 15:14 - 2012-11-01 04:19 - 000000000 ____D C:\Program Files (x86)\Trend Micro 2017-09-05 10:04 - 2010-03-18 23:30 - 000000000 ____D C:\Users\Dick Albin\Documents\Business 2017-09-04 01:23 - 2013-10-30 01:56 - 000007622 _____ C:\Users\Dick Albin\AppData\Local\Resmon.ResmonCfg 2017-09-03 09:42 - 2009-02-15 06:49 - 000000000 ____D C:\Users\Dick Albin\Documents\Maps 2017-09-01 17:27 - 2017-07-01 18:01 - 000000111 _____ C:\Windows\SysWOW64\SmartFlow.txt 2017-08-31 18:51 - 2017-03-26 17:01 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk 2017-08-30 19:02 - 2015-12-01 08:33 - 000014799 _____ C:\Users\Dick Albin\Documents\sudoku square.xlsx 2017-08-30 15:02 - 2009-02-15 06:48 - 000000000 ____D C:\Users\Farm\Grazing agreements 2017-08-29 21:49 - 2014-07-03 16:41 - 000000000 ____D C:\Users\Dick Albin\Documents\Triumph Tiger 1050 2017-08-28 23:12 - 2012-08-26 09:14 - 000002197 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2017-08-28 23:12 - 2012-08-26 09:14 - 000002185 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2017-08-27 09:00 - 2011-02-13 12:11 - 000000000 ____D C:\Users\Dick Albin\Documents\Job lists 2017-08-26 15:08 - 2010-04-11 08:29 - 000000000 ____D C:\Users\Farm\Land for Events 2017-08-25 11:37 - 2010-03-19 18:07 - 000000000 ____D C:\Users\Farm\Events 2017-08-21 19:07 - 2009-07-14 06:13 - 000802430 _____ C:\Windows\system32\PerfStringBackup.INI 2017-08-19 22:30 - 2012-08-22 11:59 - 000000000 ____D C:\Windows\Minidump 2017-08-19 09:24 - 2012-05-12 09:29 - 000000000 ____D C:\Users\Linda\Documents\Bluetooth Folder 2017-08-19 08:06 - 2016-08-29 10:05 - 000000000 ____D C:\Users\Farm\AppData\Local\DP_Tower_3.7 2017-08-19 08:06 - 2012-05-15 07:33 - 000000000 ____D C:\Users\Farm\Documents\Bluetooth Folder 2017-08-19 08:05 - 2016-10-07 07:58 - 000000000 ____D C:\Users\Farm\AppData\Local\Dropbox 2017-08-19 08:05 - 2012-05-15 07:33 - 000000000 ___RD C:\Users\Farm\Virtual Machines 2017-08-17 10:51 - 2013-10-20 22:35 - 000000000 ____D C:\ProgramData\Oracle 2017-08-16 09:27 - 2015-04-10 10:25 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2017-08-16 09:26 - 2015-04-10 10:15 - 000000000 ____D C:\Program Files\Microsoft Office 15 2017-08-16 00:04 - 2015-02-27 18:57 - 000000824 _____ C:\Users\Public\Desktop\CCleaner.lnk 2017-08-13 08:45 - 2017-06-30 15:08 - 000000000 ____D C:\Users\Linda\AppData\Local\DP_Tower_3.7 2017-08-13 08:41 - 2009-02-15 08:15 - 000000000 ____D C:\Users\Public\Documents\addresses ==================== Files in the root of some directories ======= 2014-07-04 11:33 - 2014-07-04 11:35 - 000044086 __RSH () C:\Program Files (x86)\DLS8Uninstall.log 2012-10-26 18:39 - 2012-10-26 18:39 - 000000000 _____ () C:\Users\Dick Albin\AppData\Roaming\tmcef.log 2012-10-28 18:24 - 2012-10-28 18:24 - 000115436 _____ () C:\Users\Dick Albin\AppData\Local\ars.cache 2012-10-28 18:24 - 2012-10-28 18:24 - 000236002 _____ () C:\Users\Dick Albin\AppData\Local\census.cache 2012-10-28 17:31 - 2012-10-28 18:18 - 000000036 _____ () C:\Users\Dick Albin\AppData\Local\housecall.guid.cache 2013-10-30 01:56 - 2017-09-04 01:23 - 000007622 _____ () C:\Users\Dick Albin\AppData\Local\Resmon.ResmonCfg 2015-06-17 23:37 - 2017-09-11 07:08 - 000000010 _____ () C:\Users\Dick Albin\AppData\Local\sponge.last.runtime.cache ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2017-09-11 07:24 ==================== End of FRST.txt ============================
  5. Hi Valinorum, I've done as requested. Logs pasted below. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Malwarebytes Version: 8.1.4 (07.09.2017) Operating System: Windows 7 Professional x64 Ran by Dick Albin (Administrator) on 11/09/2017 at 15:13:39.55 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ File System: 0 Registry: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 11/09/2017 at 15:22:40.79 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Zemana AntiMalware 2.74.2.150 (Installed) ------------------------------------------------------- Scan Result : Completed Scan Date : 2017/9/11 Operating System : Windows 7 64-bit Processor : 8X Intel(R) Core(TM) i7-3770 CPU @ 3.40GHz BIOS Mode : Legacy CUID : 120F339BA3EBDECC808195 Scan Type : System Scan Duration : 37m 46s Scanned Objects : 218410 Detected Objects : 4 Excluded Objects : 0 Read Level : SCSI Auto Upload : Enabled Detect All Extensions : Disabled Scan Documents : Disabled Domain Info : MSHOME,0,2 Detected Objects ------------------------------------------------------- accesswebquick.net Status : Scanned Object : HKLM\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\E99B2B0B5036B547B296FA11260E9A64BC8778E2\Blob MD5 : - Publisher : - Size : - Version : - Detection : Suspicious Root CA Cleaning Action : Delete Related Objects : Registry Entry - HKLM\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\E99B2B0B5036B547B296FA11260E9A64BC8778E2\Blob = 5C0000000100000004000000000800001900000001000000100000008F0B217CF610FD36ECE3A9F540723973140000000100000014000000369FC5FFEA832593627363215B9056C694D1632D0F0000000100000020000000F81D7DDC92621C1907A9A670A2488D71C75E65AE7A022FE77E81DED3F625B225030000000100000014000000E99B2B0B5036B547B296FA11260E9A64BC8778E2040000000100000010000000FD46F200EF851F9108F6EEE4C34D853320000000010000004B030000308203473082022FA0030201020209009ADC5E49599E4C91300D06092A864886F70D01010B0500303A311B301906035504030C12616363657373776562717569636B2E6E6574311B3019060355040A0C12616363657373776562717569636B2E6E6574301E170D3137303830343038353234305A170D3237303830323038353234305A303A311B301906035504030C12616363657373776562717569636B2E6E6574311B3019060355040A0C12616363657373776562717569636B2E6E657430820122300D06092A864886F70D01010105000382010F003082010A0282010100AF41A4D0E4130E50FB78161B533CD3B7C34EFA02B6A1C3A9B3FA5AE2D41E6984434E39358F81919F5B6E6831A73FA87263B0E2165AD6D1F00624B1589FC8BA60FF0113C93BBE608CC5B4D075C372F6A2A4052AC8F8979AEA92693E04B90CB32E6B51C0DAE8DC375BB7A4C552FA6FB140F2FA39D1D821B8C830122AF3F43A718828764642822A381B7F6555199EE29A72C85EF7C0401979558CE848574F340DFC6D55A4BFEFF31F54E1B33059AE79EDE527892889E2B6927AD9A2E920CD9172FA9A8B397A4A0FEF4D7CA75A2F502A08A16F294D2C9520FCD11F24EBF46EC5DB050DA814D00A93F73C420C7C158CB417DBE19C13144D3C6E6A88CCAEAD18E642F10203010001A350304E301D0603551D0E04160414369FC5FFEA832593627363215B9056C694D1632D301F0603551D23041830168014369FC5FFEA832593627363215B9056C694D1632D300C0603551D13040530030101FF300D06092A864886F70D01010B050003820101002C4C731BB2188F1B169CC3E4F33E54FEEA4CFAB5519EC5BF35F8B442B63F731811935974BAE0DCB11B4EEC80BDE4988491853A2C4B4F0FD806C82A251CAC4BD19573D13BD8FD9E04222EAB7539CAB50A1EA74DC97694D81FFC7BE8295FC104722BDE2F2B1DEECF9F637BD9897EBF09C4DAA5990B0F76C2C92A018AD0E3D49EB3EF0FE32E7A4DEC6400656798C4CA12E09EE0D02F02CD205576C7AFF16826CE34B65D5C465D91BFB937509CCB7D0908BE301DD34A49704807985523EB141F008BDAD4DFA89D778D3B6C106C46B0FCFC071AA8D2134B956C59048071B2EFCFD583A72C022CDD48322AA10D3DB2B0946DE3D799147A0F9BD8AE645ECC8CB121CE1B Password Manager Root Status : Scanned Object : HKLM\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\A058E65189988FD2002D038C8050299ED4E9196E\Blob MD5 : - Publisher : - Size : - Version : - Detection : Suspicious Root CA Cleaning Action : Delete Related Objects : Registry Entry - HKLM\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\A058E65189988FD2002D038C8050299ED4E9196E\Blob = 5C00000001000000040000000010000019000000010000001000000015DEA11646C43229B044128098C630810F0000000100000020000000A51CAE2DC25B8A7F4441C6156F57BC1ADFF75F25EEB80CED4C653641EE4F309D030000000100000014000000A058E65189988FD2002D038C8050299ED4E9196E1400000001000000140000003A69ACCA85E6155B7521805FEBA02A4CD45196F90400000001000000100000002DD7CC7CBD36E1E692E66FC2A3FE7CB92000000001000000B4050000308205B030820398A003020102020900C58951132FE16AD9300D06092A864886F70D01010B05003065310B3009060355040613025457310F300D06035504080C0654616977616E310F300D06035504070C0654616970656931143012060355040A0C0B5472656E64204D6963726F311E301C06035504030C1550617373776F7264204D616E6167657220526F6F74301E170D3137303732323030303732305A170D3437303731353030303732305A3065310B3009060355040613025457310F300D06035504080C0654616977616E310F300D06035504070C0654616970656931143012060355040A0C0B5472656E64204D6963726F311E301C06035504030C1550617373776F7264204D616E6167657220526F6F7430820222300D06092A864886F70D01010105000382020F003082020A0282020100EDC7AE34A18D4A885AD353F8571A58F8AC3CCD0C6CCC82C21F58984A5EBD0F2FCCF9A0EBB6FEE1A9CF6A08FE23046F48D19A052B693C9A1851CC9705B28DD38B8FCD7F4BE1C8911C73BBDCEEDDB35C42683B8B064CF70C9608CFB6C95BE381BD24700E355800CFBC862B70ACBBEF8A228729CCC329ABD10796D5ED6C6AE46E2FE9BFAE1C6F3A578F9745B6C33EA6273AA2E8F9707BEB209B6A469757F546201E21F57F095A1E9FAD0E96B02320023911EF628C1994E0411CAEDE6D702BB27A070E2B798B067E6863C33EC1EF22710D1FA3A2DB49E4D5BD8EA4785FDAD9C667735B8E51FAF9797F99A953DF01B5598984646689DBC029A19F74E1CA2F251F18C03ECFD7AAC4E90625E53BAC3A663333965E02F64855449C5FAFD7BB20CAF807AD7EDEB30530E3C15C2159EF721A6F11EFFB408361B1A078FDE68E1A337F16927018DFA4C34929DB520A52271A9662891AB5493D781939D1DBA9866F02A09AA5CAF81ADC35F98A54747A7450C94B010A3D60B345BCD081AC6B7526DEE44C7DD0457981522FC5A9F725304BF343635C86D506ADC6A793729D77398C28EE2C3BB7C13D07DD1D0462DDDAB618C36819F602C20D8AD3681665D5ACA7850A6316265753FB1DC739EF60F56121AB53B2C1B10854B2EFDD6556778776C7449C9A6695B647701807C9854FC9495424CDF122156F495054806341D34037112F9A88803A54330203010001A3633061301D0603551D0E041604143A69ACCA85E6155B7521805FEBA02A4CD45196F9301F0603551D230418301680143A69ACCA85E6155B7521805FEBA02A4CD45196F9300F0603551D130101FF040530030101FF300E0603551D0F0101FF040403020186300D06092A864886F70D01010B050003820201009373D53E64C673DD625B05B1583C08C28BC64107E4B5BB4C1B62050A005667A8248E145B0716C3FB72BAC932A888925CC4CA4E7C980C8FE3341E366002200162E29373F54BE26C9C20F2424F7FEAF55CFFA10A4F085E6B6FD1CA592EE258D0BA740C7F0FB6E8E4C811F43C29A364111F1E76BD38523C3A546FAD2C5495714856850BBC0117C3B58123FFE3C3604A10DE3A2B5468CC3A2B30E68D01A5A7D1807251C35A253855FAF504DA84788FFDC98F3A2D1F0CC2AA5495BA8993980798F25C0161081829352A821E9E4D6374CFCF0833FF42BA1581388F63E31C05954C6BB715D7000ED53E250758CC27F3B7360234447BBA9196D9BFEC7B49E2983DB0B694D70B9CFA566A23AE451C9CADC429BA477CFAE25B1084238DEFD922FCE1F808050F7058E7EB30ACD4D1FEE71184074BBDCA9844360424064E6E0B5FE98988F3144628452A1837BBC0DA8B7F8FD92E1D49607F325D09D6B160F7420986F9A1FCA2A600A8BF54AAE30E1B6DFE3E0F819B7CF86DD70FE2927079BF51A4273518D7DD48AACFF91DB0AF41A51F68B476813B3A462C6DF4FDE7630D51966D27734067EF0FE4FD9C5C57CFE58D489B56BFEAC3770C2983F2FD2982F1FC3A8F4487A40821E8DAD23E3AC42C54E27B43CFB7ACB0D7DB7D7B42F424F6DC0C941F9CE420B536328DC320D869EA682AE219807E2F983103D67F427C5D8BEAF07FCE3D05597C87 GlobalSign CodeSigning CA - G2 Status : Scanned Object : HKLM\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\2EE8D6982CEDAA5666E9B5F55535A36E3A3932A2\Blob MD5 : - Publisher : - Size : - Version : - Detection : Suspicious Root CA Cleaning Action : Delete Related Objects : Registry Entry - HKLM\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\2EE8D6982CEDAA5666E9B5F55535A36E3A3932A2\Blob = 190000000100000010000000C84538EE0D3FBA9AFB3B1CAE2067EA9E0F00000001000000140000009EF9494BA4967B969E1061163DD655AAC1F8EFF60300000001000000140000002EE8D6982CEDAA5666E9B5F55535A36E3A3932A2140000000100000014000000937F80F06D9A1B5779B9BA11A27914D06E52C3922000000001000000C0040000308204BC308203A4A00302010202121121356405609AB95F8DDB13164B82F96DE5300D06092A864886F70D01010505003051310B300906035504061302424531193017060355040A1310476C6F62616C5369676E206E762D7361312730250603550403131E476C6F62616C5369676E20436F64655369676E696E67204341202D204732301E170D3132303532393137353230325A170D3135303533303137353230325A308188310B300906035504061302425A310F300D0603550408130642656C697A65311430120603550407130B42656C697A65206369747931163014060355040A130D4469736320536F6674204C7464311630140603550403130D4469736320536F6674204C74643122302006092A864886F70D010901161366696E707240646973632D736F66742E636F6D30820122300D06092A864886F70D01010105000382010F003082010A0282010100BE8F3BCF9AE445DBC426AEA6FAAFA55A2BC9970F33D6B07C0DC723F7AA5723B6089A2913FDC3C0E86A9E9683DB416ECAF4A108D110BA5B6F462DEF825E810AFA540DFA11D524B99297C37F36429A891A0B612A4E7A2742673AF6F76F72C9C1467A3861254C27CD45A65D413743E57FDE2D2D43A23FA3DDA9F1FD4B1CC6F1E069CDBDFCAC1FFC71D7DF74F87E3CC9BAB7473916302F439546634B47DAFF625FD92BFC6A435ED4B7C063C19F8066357BDD1A919FDE5DF5D04B54D1FC3973A4ACB2891076388B2A3D8D2CD452577CE860A1EFD6E5D5A906CCB0D65AB9AF9EF9A3F5B9A43A315DF56D55CA534190B250787351CA6F045200175D0DF3F82F9F6CD0DD0203010001A382015430820150300E0603551D0F0101FF040403020780304C0603551D2004453043304106092B06010401A03201323034303206082B06010505070201162668747470733A2F2F7777772E676C6F62616C7369676E2E636F6D2F7265706F7369746F72792F30090603551D130402300030130603551D25040C300A06082B06010505070303303E0603551D1F043730353033A031A02F862D687474703A2F2F63726C2E676C6F62616C7369676E2E636F6D2F67732F6773636F64657369676E67322E63726C305006082B0601050507010104443042304006082B060105050730028634687474703A2F2F7365637572652E676C6F62616C7369676E2E636F6D2F6361636572742F6773636F64657369676E67322E637274301D0603551D0E04160414937F80F06D9A1B5779B9BA11A27914D06E52C392301F0603551D23041830168014086ED8B69C8ABFED3ED7C3745DCC801FA82F507A300D06092A864886F70D0101050500038201010039D923CA8BACB7A13AEB2C1114A92E27353871F58AC1DD9D0B7E930F795C7D86CB2BE9FD0F30FD0449D3029A0E6B1350432D29B012CA85A627C8A92F239D380084BCFA456629BDC20243553F4E3AD43EB714F580793C6B955319FC0CE47326F9E6B0EA1610EFDCA100895F23D2527779A6A13B22BD54A7B4A0C57A655768ACE3ACD87B91EAC4B42B1057BA017865B7E027B919175607DF73CFD1AEF66E296181A5B28B54A329910C80619D0329D3B46E98D62574E37E10135DC4A26F3F7FE256F09F93839B6692E04233B7626CDA00773A214C474F645AFF7DBAB6343A4CBE9FACDE015D89B19945698475315D04F6A17BF0D2F5A41916E629DC91C87F7E3692 hotspot Status : Scanned Object : NE->c:\programdata\microsoft\windows\start menu\programs\hotspot MD5 : - Publisher : - Size : - Version : - Detection : PUA:Win32/Free WiFi.B!Neng Cleaning Action : Quarantine Related Objects : (null) - (null) Cleaning Result ------------------------------------------------------- Cleaned : 4 Reported as safe : 0 Failed : 0
  6. Hi again, I've run ESET online scanner. The resultant log.txt pasted below. I actually ran it twice as I had not read your instructions re. which boxes to check. Dick ESETSmartInstaller@High as downloader log: all ok # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # EOSSerial=7d715c8e2a7f384393614492726041ee # end=init # utc_time=2017-09-09 09:25:30 # local_time=2017-09-09 10:25:30 (+0000, GMT Daylight Time) # country="United Kingdom" # osver=6.1.7601 NT Service Pack 1 Update Init Update Download Update Finalize Updated modules version: 34686 # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # EOSSerial=7d715c8e2a7f384393614492726041ee # end=updated # utc_time=2017-09-09 09:32:53 # local_time=2017-09-09 10:32:53 (+0000, GMT Daylight Time) # country="United Kingdom" # osver=6.1.7601 NT Service Pack 1 # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.7777 # api_version=3.1.1 # EOSSerial=7d715c8e2a7f384393614492726041ee # engine=34686 # end=stopped # remove_checked=false # archives_checked=false # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2017-09-09 10:55:30 # local_time=2017-09-09 11:55:30 (+0000, GMT Daylight Time) # country="United Kingdom" # lang=1033 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode_1='Trend Micro Maximum Security' # compatibility_mode=534 16777213 100 100 271582 35572504 0 0 # compatibility_mode_1='' # compatibility_mode=5893 16776574 100 94 333227 257419580 0 0 # scanned=253099 # found=1 # cleaned=0 # scan_time=4957 sh=4AB4907E1CF373D6A6B48AE93A47BD38B1FFEDCD ft=0 fh=0000000000000000 vn="JS/ProxyChanger.EJ trojan" ac=I fn="C:\Users\Dick Albin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BM6U41RV\wpad[1].dat" ESETSmartInstaller@High as downloader log: all ok # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # EOSSerial=7d715c8e2a7f384393614492726041ee # end=init # utc_time=2017-09-09 10:56:10 # local_time=2017-09-09 11:56:10 (+0000, GMT Daylight Time) # country="United Kingdom" # osver=6.1.7601 NT Service Pack 1 Update Init Update Download esets_scanner_update returned -1 esets_gle=53251 Update Finalize Updated modules version: 34686 # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # EOSSerial=7d715c8e2a7f384393614492726041ee # end=updated # utc_time=2017-09-09 10:56:53 # local_time=2017-09-09 11:56:53 (+0000, GMT Daylight Time) # country="United Kingdom" # osver=6.1.7601 NT Service Pack 1 # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.7777 # api_version=3.1.1 # EOSSerial=7d715c8e2a7f384393614492726041ee # engine=34686 # end=finished # remove_checked=true # archives_checked=true # unwanted_checked=true # unsafe_checked=true # antistealth_checked=true # utc_time=2017-09-09 02:02:15 # local_time=2017-09-09 03:02:15 (+0000, GMT Daylight Time) # country="United Kingdom" # lang=1033 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode_1='Trend Micro Maximum Security' # compatibility_mode=534 16777213 100 100 282787 35583709 0 0 # compatibility_mode_1='' # compatibility_mode=5893 16776574 100 94 344432 257430785 0 0 # scanned=374249 # found=4 # cleaned=3 # scan_time=11121 sh=255D3A2F1A585BEF21A2877A74C2224F4C3D190F ft=0 fh=0000000000000000 vn="JS/ProxyChanger.EJ trojan" ac=I fn="C:\Users\Dick Albin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BM6U41RV\wpad[1].dat" sh=78D39055963B638142A26F6A1CA0858557F1553D ft=1 fh=22097666a78966a3 vn="a variant of Win32/HiddenStart.A potentially unsafe application (cleaned by deleting)" ac=C fn="C:\Program Files (x86)\Dell DataSafe Local Backup\hstart.exe" sh=E51D31466DA5738E4D029C788B93EF7D428648A3 ft=1 fh=5cf3f026d273c9eb vn="a variant of Win32/HiddenStart.A potentially unsafe application (cleaned by deleting)" ac=C fn="C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe" sh=976D24D060C8F9B655B5EC01472194B9DA6C190C ft=1 fh=1966d8d77ea974eb vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application (cleaned by deleting)" ac=C fn="C:\Users\Dick Albin\Downloads\ccsetup503.exe"
  7. Hi Valinorum, Thank for your speedy response. I'm on the case now and will let you know the outcome later. All the best, Dick
  8. Hi, For the last 3 or 4 days I have had random webpages appear when I am browsing and click on buttons/links on a website. I have Malwarebytes Premium, Trend Micro Maximum Security and have run adwcleaner. None has detected the malware so I was hoping someone may be able to help me. I have run FRST as suggested and I have attached the 2 .txt files. I've also attached the last scan log. Thanks in anticipation. Dick Addition.txt FRST.txt Malwarebytes_scan_log_001.txt
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.