Go Back   Cyber Tech Help Support Forums > Software > Malware Removal

Notices

Reply
 
Topic Tools
  #1  
Old June 5th, 2017, 08:21 PM
MrUK1953 MrUK1953 is offline
Member
 
Join Date: Jun 2004
Posts: 78
Browser automatically changing page

Hi

I have a very weird problem, and I wonder if it is caused by malware.

When I am using a browser, every so often it switches back to a previous state. For example if I am on one page and then switch to another it will switch back to that first page. This is mildly annoying if I am just browsing, but can cause a loss of data and time when I am doing something specific on the page, such as ticking certain boxes, as when it switches away from the page I lose all the work I have done.

This is not browser specific. I mostly use Chrome, but I have tested Firefox and even IE and I get the same issue on all 3.

I am protected by AVG Free, with a regular weekly scan. I also, at the suggestion of David (your founder) did a scan with Malware Bytes. That picked up a Trojan (which is the type of malware I imagined might have caused my problem) but even though that has been quarantined I still have the same problem.

I am running Windows 7.

Does anyone here have any idea what might be causing this and how I can get rid of it?
Reply With Quote


  #2  
Old June 6th, 2017, 03:07 PM
olgun52's Avatar
olgun52 olgun52 is offline
Malware Removal Team
 
Join Date: Feb 2014
O/S: Windows 10 Pro
Location: Europa
Posts: 2,029
Hello MrUK1953 and Welcome to the CyberTechHelp Forums. .
I will be helping you fixing your problems.

Please take note of some guidelines for this fix:

1- My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Keep your sentences short. Thanks for your understanding.
2- Perform everything in the correct order. Sometimes one step requires the previous one.
3- Please open as administrator the computer. How is open as administrator the computer?
4- Disable your AntiVirus and AntiSpyware applications, as they will interfere with our tools and the removal. If you are unsure how to do this, please refer to get help here
How to disable your security applications.
5- To make sure you have an accurate view of files there, make sure you can View Hidden Files. Also uncheck "Hide Extensions for Known File Types"
6- Back up all your private data / important files on another (external) drive before using our tools (if possible).
7- Please subscribe to this thread if you have not done so already, and please don't do any other scans on your own and don't install or remove software.
8- Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal.

Thanks

************************************************** *******************************************
Let's check.

I Would like you to do the following.

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
Have a nice day.

Reply With Quote
  #3  
Old June 7th, 2017, 06:54 AM
MrUK1953 MrUK1953 is offline
Member
 
Join Date: Jun 2004
Posts: 78
Merhaba, Olgun

I have tried running FRST. When it was creating Addition.txt I got the following error message: "There is no disk in the drive. Please insert a disk into drive \Device\Harddisk3\DR3.", but both files were still created.

Here is the first part of FRST.txt (the whole file is too large for one reply so I am sending in 2 parts):

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 05-06-2017
Ran by Graham (administrator) on GRAHAM-PC (07-06-2017 06:39:57)
Running from C:\Users\Graham\Desktop\Tools
Loaded Profiles: Graham (Available Profiles: Graham)
Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\AVGSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ABBYY) C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\Networ kLicenseServer.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Framework\Common\avgsvcx.exe
(CobianSoft, Luis Cobian) C:\Program Files\Cobian Backup 11\cbVSCService11.exe
(Luis Cobian, CobianSoft) C:\Program Files\Cobian Backup 11\cbService.exe
(Creative Technology Ltd) C:\Program Files\Creative\Shared Files\CTDevSrv.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS32.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(pdfforge GmbH) C:\Program Files\PDF Architect\HelperService.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.33.5\GoogleCrashHandler.ex e
(pdfforge GmbH) C:\Program Files\PDF Architect\ConversionService.exe
() C:\Program Files\PenWes\DNSService.exe
(Protexis Inc.) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Saitek) C:\Program Files\Saitek\CyborgKeyboard\SaiVolume.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Luis Cobian, CobianSoft) C:\Program Files\Cobian Backup 11\cbInterface.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Framework\Common\avguix.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\AVGUI.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Creative Technology Ltd) C:\Program Files\Creative\Software Update 3\SoftAuto.exe
(Creative Technology Ltd) C:\Program Files\Creative\MediaSource5\MtdAcqu.exe
() C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(inteleXual.com) C:\Program Files\YCIII\YankClip.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\aswidsagent.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EX E
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SaiVolume] => C:\Program Files\Saitek\CyborgKeyboard\SaiVolume.exe [126976 2008-07-29] (Saitek)
HKLM\...\Run: [CanonSolutionMenu] => C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe [689488 2008-03-11] (CANON INC.)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [LifeCam] => C:\Program Files\Microsoft LifeCam\LifeExp.exe [135536 2010-12-13] (Microsoft Corporation)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM\...\Run: [NvBackend] => C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe [2403104 2014-07-25] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap.dll,ShadowPlayOnSystem Start
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [7518752 2009-06-02] (Realtek Semiconductor)
HKLM\...\Run: [Cobian Backup 11 interface] => C:\Program Files\Cobian Backup 11\cbInterface.exe [4407808 2012-12-06] (Luis Cobian, CobianSoft)
HKLM\...\Run: [AvgUi] => C:\Program Files\AVG\Framework\Common\avguirnx.exe [220288 2017-05-31] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [AVGUI.exe] => C:\Program Files\AVG\Antivirus\AvLaunch.exe [263232 2017-05-24] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [HP Software Update] => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [3146704 2017-05-09] (Malwarebytes)
Winlogon\Notify\GoToAssist: C:\Program Files\Citrix\GoToAssist\615\G2AWinLogon.dll [2011-03-31] (Citrix Online, a division of Citrix Systems, Inc.)
HKU\S-1-5-21-3597907355-2430030293-454580081-1001\...\Run: [SoftAuto.exe] => C:\Program Files\Creative\Software Update 3\SoftAuto.exe [405504 2008-08-13] (Creative Technology Ltd)
HKU\S-1-5-21-3597907355-2430030293-454580081-1001\...\Run: [] => [X]
HKU\S-1-5-21-3597907355-2430030293-454580081-1001\...\Run: [Google Update] => C:\Users\Graham\AppData\Local\Google\Update\1.3.33 .5\GoogleUpdateCore.exe [601168 2017-04-27] (Google Inc.)
HKU\S-1-5-21-3597907355-2430030293-454580081-1001\...\Run: [MtdAcqu] => C:\Program Files\Creative\MediaSource5\MtdAcqu.exe [278528 2006-03-08] (Creative Technology Ltd)
HKU\S-1-5-21-3597907355-2430030293-454580081-1001\...\Run: [CTSyncU.exe] => C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe [851968 2006-11-23] ()
HKU\S-1-5-21-3597907355-2430030293-454580081-1001\...\MountPoints2: {8e7adcc4-81f4-11df-861a-002170571b4d} - M:\SETUP.EXE
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
Startup: C:\Users\Graham\AppData\Roaming\Microsoft\Windows\ Start Menu\Programs\Startup\Monitor Ink Alerts - HP DeskJet 3630 series.lnk [2017-06-07]
ShortcutTarget: Monitor Ink Alerts - HP DeskJet 3630 series.lnk -> C:\Program Files\HP\HP DeskJet 3630 series\Bin\HPStatusBL.dll (Hewlett-Packard Development Company, LP)
Startup: C:\Users\Graham\AppData\Roaming\Microsoft\Windows\ Start Menu\Programs\Startup\Yankee Clipper III.lnk [2011-08-29]
ShortcutTarget: Yankee Clipper III.lnk -> C:\Program Files\YCIII\YankClip.exe (inteleXual.com)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyServer: [S-1-5-21-3597907355-2430030293-454580081-1001] => 172.241.136.162:29842
AutoConfigURL: [S-1-5-21-3597907355-2430030293-454580081-1001] => 172.241.136.162:29842
Tcpip\Parameters: [DhcpNameServer] 194.168.4.100 194.168.8.100
Tcpip\..\Interfaces\{9D998852-A7A5-4471-876F-69C00DE33051}: [NameServer] 127.0.0.1
Tcpip\..\Interfaces\{9D998852-A7A5-4471-876F-69C00DE33051}: [DhcpNameServer] 194.168.4.100 194.168.8.100

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3597907355-2430030293-454580081-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3597907355-2430030293-454580081-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.co.uk/
HKU\S-1-5-21-3597907355-2430030293-454580081-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxps://www.socialoomph.com/vetfollowers
SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3597907355-2430030293-454580081-1001 -> {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = hxxp://uk.search.yahoo.com/search?p={searchTerms}&fr=chr-rog
BHO: iMacros Browser Helper Object -> {34D5A80A-992D-4F07-9509-66E9E133BAAF} -> C:\Program Files\Ipswitch\iMacros\iMacrosBHO.dll [2014-05-14] ()
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2014-07-07] (CANON INC.)
BHO: PDF Architect Helper -> {3A2D5EBA-F86D-4BD3-A177-019765996711} -> C:\Program Files\PDF Architect\PDFIEHelper.dll [2013-04-08] (pdfforge GmbH)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_73\bin\ssv.dll [2016-02-11] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Easy Photo Print -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> No File
BHO: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files\Windows Live\Companion\companioncore.dll [2010-11-10] (Microsoft Corporation)
BHO: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2012-10-02] (Skype Technologies S.A.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_73\bin\jp2ssv.dll [2016-02-11] (Oracle Corporation)
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - No File
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2014-07-07] (CANON INC.)
IE Session Restore: HKU\S-1-5-21-3597907355-2430030293-454580081-1001 -> is enabled.
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_51-windows-i586.cab
DPF: {CAFEEFAC-0018-0000-0051-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_51-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_51-windows-i586.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2012-10-02] (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2016-02-01] (Skype Technologies)

FireFox:
========
FF ProfilePath: C:\Users\Graham\AppData\Roaming\TomTom\HOME\Profil es\mmt9btlj.default [2010-10-16]
FF Extension: (No Name) - C:\Program Files\TomTom HOME 2\xul\extensions\MapShare-status@tomtom.com [not found]
FF ProfilePath: C:\Users\Graham\AppData\Roaming\Mozilla\Firefox\Pr ofiles\ltvex8j9.default [2017-06-02]
FF DefaultSearchUrl: Mozilla\Firefox\Profiles\ltvex8j9.default -> hxxp://uk.search.yahoo.com/search?fr=ffsp1&p=
FF Homepage: Mozilla\Firefox\Profiles\ltvex8j9.default -> hxxp://www.google.co.uk/
FF Session Restore: Mozilla\Firefox\Profiles\ltvex8j9.default -> is enabled.
FF NetworkProxy: Mozilla\Firefox\Profiles\ltvex8j9.default -> http", "50.117.37.223"
FF NetworkProxy: Mozilla\Firefox\Profiles\ltvex8j9.default -> http_port", 29842
FF NetworkProxy: Mozilla\Firefox\Profiles\ltvex8j9.default -> type", 0
FF Extension: (Avira Browser Safety) - C:\Users\Graham\AppData\Roaming\Mozilla\Firefox\Pr ofiles\ltvex8j9.default\Extensions\abs@avira.com.x pi [2017-05-17]
FF Extension: (Microsoft Choice Guard) - C:\Users\Graham\AppData\Roaming\Mozilla\Firefox\Pr ofiles\ltvex8j9.default\Extensions\ChoiceGuard@Mic rosoft [2010-05-06] [not signed]
FF Extension: (Microsoft Default Manager) - C:\Users\Graham\AppData\Roaming\Mozilla\Firefox\Pr ofiles\ltvex8j9.default\Extensions\DefaultManager@ Microsoft [2011-05-15] [not signed]
FF Extension: (British English Dictionary) - C:\Users\Graham\AppData\Roaming\Mozilla\Firefox\Pr ofiles\ltvex8j9.default\Extensions\en-GB@dictionaries.addons.mozilla.org [2016-02-14] [not signed]
FF Extension: (Screengrab) - C:\Users\Graham\AppData\Roaming\Mozilla\Firefox\Pr ofiles\ltvex8j9.default\Extensions\{02450954-cdd9-410f-b1da-db804e18c671}(519) [2010-05-06] [not signed]
FF Extension: (Forecastfox) - C:\Users\Graham\AppData\Roaming\Mozilla\Firefox\Pr ofiles\ltvex8j9.default\Extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}(520) [2010-05-06] [not signed]
FF Extension: (FireShot) - C:\Users\Graham\AppData\Roaming\Mozilla\Firefox\Pr ofiles\ltvex8j9.default\Extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}(2) [2010-05-06] [not signed]
FF Extension: (iMacros for Firefox) - C:\Users\Graham\AppData\Roaming\Mozilla\Firefox\Pr ofiles\ltvex8j9.default\Extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}(521) [2010-05-06] [not signed]
FF Extension: (iMacros for Firefox) - C:\Users\Graham\AppData\Roaming\Mozilla\Firefox\Pr ofiles\ltvex8j9.default\Extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}(55) [2010-05-06] [not signed]
FF Extension: (iMacros for Firefox) - C:\Users\Graham\AppData\Roaming\Mozilla\Firefox\Pr ofiles\ltvex8j9.default\Extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}.xpi [2017-05-17]
FF Extension: (Adobe DLM (powered by getPlus(R))) - C:\Users\Graham\AppData\Roaming\Mozilla\Firefox\Pr ofiles\ltvex8j9.default\Extensions\{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7} [2010-05-06] [not signed]
FF Extension: (Adblock Plus) - C:\Users\Graham\AppData\Roaming\Mozilla\Firefox\Pr ofiles\ltvex8j9.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-05-25]
FF Extension: (DownThemAll!) - C:\Users\Graham\AppData\Roaming\Mozilla\Firefox\Pr ofiles\ltvex8j9.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}(522) [2010-05-06] [not signed]
FF Extension: (Skype Click to Call) - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2017-05-15] [not signed]
FF HKLM\...\Firefox\Extensions: [{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}] - C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension
FF Extension: (Firefox Synchronisation Extension) - C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension [2010-10-10] [not signed]
FF HKLM\...\Firefox\Extensions: [netsight@nielsen.com] - C:\Program Files\NetRatingsNetSight\NetSight\meter8\FirefoxAd dOns\netsight@nielsen.xpi => not found
FF HKLM\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files\PDF Architect\FFPDFArchitectExt
FF Extension: (PDF Architect Converter For Firefox) - C:\Program Files\PDF Architect\FFPDFArchitectExt [2013-05-21] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_19_0_0_ 226.dll [2015-10-17] ()
FF Plugin: @canon.com/EPPEX -> C:\Program Files\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2011-11-30] (CANON INC.)
FF Plugin: @java.com/DTPlugin,version=11.73.2 -> C:\Program Files\Java\jre1.8.0_73\bin\dtplugin\npDeployJava1. dll [2016-02-11] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.73.2 -> C:\Program Files\Java\jre1.8.0_73\bin\plugin2\npjp2.dll [2016-02-11] (Oracle Corporation)
FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files\Yahoo!\Shared\npYState.dll [2010-04-29] (Yahoo! Inc.)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50906.0\npctrl.dll [2017-03-09] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin: @nielsen/FirefoxTracker -> C:\Program Files\NetRatingsNetSight\NetSight\meter8\FirefoxAd dOns\npfirefoxtracker.dll [No File]
FF Plugin: @nvidia.com/3DVision -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-06-29] (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-06-29] (NVIDIA Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-05] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3597907355-2430030293-454580081-1001: @citrixonline.com/appdetectorplugin -> C:\Users\Graham\AppData\Local\Citrix\Plugins\104\n pappdetector.dll [2013-08-15] (Citrix Online)
FF Plugin HKU\S-1-5-21-3597907355-2430030293-454580081-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\Graham\AppData\Roaming\Mozilla\plugins\np googletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-3597907355-2430030293-454580081-1001: @talk.google.com/O1DPlugin -> C:\Users\Graham\AppData\Roaming\Mozilla\plugins\np o1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-3597907355-2430030293-454580081-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Graham\AppData\Local\Google\Update\1.3.33 .5\npGoogleUpdate3.dll [2017-04-27] (Google Inc.)
FF Plugin HKU\S-1-5-21-3597907355-2430030293-454580081-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Graham\AppData\Local\Google\Update\1.3.33 .5\npGoogleUpdate3.dll [2017-04-27] (Google Inc.)
FF Plugin HKU\S-1-5-21-3597907355-2430030293-454580081-1001: @yahoo.com/BrowserPlus,version=2.7.1 -> C:\Users\Graham\AppData\Local\Yahoo!\BrowserPlus\2 .7.1\Plugins\npybrowserplus_2.7.1.dll [2010-04-20] (Yahoo! Inc.)
FF Plugin HKU\S-1-5-21-3597907355-2430030293-454580081-1001: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101753.dll [2012-10-30] (Amazon.com, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2017-04-05] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2014-02-23] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2014-02-23] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2014-02-23] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2014-02-23] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2014-02-23] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll [2014-02-23] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Graham\AppData\Roaming\mozilla\plugins\np googletalk.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Graham\AppData\Roaming\mozilla\plugins\np o1d.dll [2015-12-08] (Google)

Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxps://www.google.co.uk/
CHR StartupUrls: Default -> "hxxp://www.google.com","hxxps://www.google.co.uk/","hxxp://start.mysearchdial.com/?f=1&a=dsites0103&cd=2XzuyEtN2Y1L1QzutDtDtBtCzy0Bt CyB0F0C0FyEtCtDyB0CtN0D0Tzu0CyByDyEtN1L2XzutBtFtBt FtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R&cr=552127649&i r="
CHR Profile: C:\Users\Graham\AppData\Local\Google\Chrome\User Data\Default [2017-06-07]
CHR Extension: (Kindle Cloud Reader) - C:\Users\Graham\AppData\Local\Google\Chrome\User Data\Default\Extensions\aicjkkmjijnlncpkailhjcdfke chjbpl [2016-10-06]
CHR Extension: (Google Drive) - C:\Users\Graham\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigk jlhalf [2015-10-22]
CHR Extension: (YouTube) - C:\Users\Graham\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldk acnbeo [2015-09-25]
CHR Extension: (Adblock Plus) - C:\Users\Graham\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddi lifddb [2017-03-22]
CHR Extension: (Google Search) - C:\Users\Graham\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljnie djpjpf [2015-10-28]
CHR Extension: (iMacros for Chrome) - C:\Users\Graham\AppData\Local\Google\Chrome\User Data\Default\Extensions\cplklnmnlbnpmjogncfgfijoop mnlemp [2017-02-09]
CHR Extension: (Adobe Acrobat) - C:\Users\Graham\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefi ndmkaj [2017-03-03]
CHR Extension: (Google Docs Offline) - C:\Users\Graham\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdl olhkhi [2016-03-16]
CHR Extension: (Mailvelope) - C:\Users\Graham\AppData\Local\Google\Chrome\User Data\Default\Extensions\kajibbejlbohfaggdiogboambc ijhkke [2017-04-21]
CHR Extension: (Tweepi Bulk Default Action (aka Select All)) - C:\Users\Graham\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpniicpnanbaopgkcagaphglbe aejnph [2016-09-05]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Graham\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccm gmieda [2017-03-10]
CHR Extension: (Buffer) - C:\Users\Graham\AppData\Local\Google\Chrome\User Data\Default\Extensions\noojglkidnpfjbincgijbaiedl djfbhh [2017-06-04]
CHR Extension: (Gmail) - C:\Users\Graham\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoe jaedia [2015-03-29]
CHR Extension: (Chrome Media Router) - C:\Users\Graham\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcj beemfm [2017-05-15]
CHR HKLM\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2012-10-02]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\Networ kLicenseServer.exe [759048 2009-05-14] (ABBYY)
S3 Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2009-12-05] (Adobe Systems) [File not signed]
R2 AVG Antivirus; C:\Program Files\AVG\Antivirus\AVGSvc.exe [264432 2017-05-24] (AVG Technologies CZ, s.r.o.)
R3 avgbIDSAgent; C:\Program Files\AVG\Antivirus\aswidsagent.exe [5782800 2017-05-24] (AVG Technologies CZ, s.r.o.)
R2 avgsvc; C:\Program Files\AVG\Framework\Common\avgsvcx.exe [1189720 2017-05-31] (AVG Technologies CZ, s.r.o.)
R2 cbVSCService11; C:\Program Files\Cobian Backup 11\cbVSCService11.exe [67584 2012-12-05] (CobianSoft, Luis Cobian) [File not signed]
S4 CGVPNCliSrvc; C:\Program Files\CyberGhost VPN\CGVPNCliService.exe [2438696 2012-05-04] (mobile concepts GmbH)
R2 CobianBackup11; C:\Program Files\Cobian Backup 11\cbService.exe [1131008 2012-12-06] (Luis Cobian, CobianSoft) [File not signed]
S3 Creative ALchemy AL1 Licensing Service; C:\Program Files\Common Files\Creative Labs Shared\Service\AL1Licensing.exe [79360 2009-04-24] (Creative Labs) [File not signed]
R2 CTDevice_Srv; C:\Program Files\Creative\Shared Files\CTDevSrv.exe [61440 2007-04-02] (Creative Technology Ltd) [File not signed]
S3 CTUPnPSv; C:\Program Files\Creative\Creative Centrale\CTUPnPSv.exe [64000 2008-05-21] (Creative Technology Ltd) [File not signed]
S3 GoToAssist; C:\Program Files\Citrix\GoToAssist\615\g2aservice.exe [13160 2011-03-31] (Citrix Online, a division of Citrix Systems, Inc.)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
S2 KMService; C:\Windows\system32\srvany.exe [8192 2010-07-13] () [File not signed]
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [3398608 2017-05-09] (Malwarebytes)
R2 NvNetworkService; C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe [1720608 2014-07-25] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [17536800 2014-07-25] (NVIDIA Corporation)
R2 PDF Architect Helper Service; C:\Program Files\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH)
R2 PDF Architect Service; C:\Program Files\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH)
R2 PenWesController; C:\Program Files\PenWes\DNSService.exe [1655808 2014-09-20] () [File not signed]
S3 ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [615936 2010-06-14] (Nokia) [File not signed]
S4 Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3064000 2012-10-02] (Skype Technologies S.A.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 avgbdisk; C:\Windows\system32\drivers\avgbdiskx.sys [135872 2017-05-24] (AVG Technologies CZ, s.r.o.)
R1 avgbidsdriver; C:\Windows\system32\drivers\avgbidsdriverx.sys [260616 2017-05-24] (AVG Technologies CZ, s.r.o.)
R0 avgbidsh; C:\Windows\system32\drivers\avgbidshx.sys [151024 2017-05-24] (AVG Technologies CZ, s.r.o.)
R0 avgblog; C:\Windows\system32\drivers\avgblogx.sys [270344 2017-05-24] (AVG Technologies CZ, s.r.o.)
R0 avgbuniv; C:\Windows\system32\drivers\avgbunivx.sys [43992 2017-05-24] (AVG Technologies CZ, s.r.o.)
S3 avgHwid; C:\Windows\system32\drivers\avgHwid.sys [35264 2017-05-24] (AVG Technologies CZ, s.r.o.)
R2 avgMonFlt; C:\Windows\system32\drivers\avgMonFlt.sys [109056 2017-05-24] (AVG Technologies CZ, s.r.o.)
R1 avgRdr; C:\Windows\system32\drivers\avgRdr2.sys [91464 2017-05-24] (AVG Technologies CZ, s.r.o.)
R0 avgRvrt; C:\Windows\system32\drivers\avgRvrt.sys [63280 2017-05-24] (AVG Technologies CZ, s.r.o.)
R1 avgSnx; C:\Windows\system32\drivers\avgSnx.sys [765704 2017-05-24] (AVG Technologies CZ, s.r.o.)
R1 avgSP; C:\Windows\system32\drivers\avgSP.sys [483736 2017-05-24] (AVG Technologies CZ, s.r.o.)
R2 avgStm; C:\Windows\system32\drivers\avgStm.sys [116280 2017-05-24] (AVG Technologies CZ, s.r.o.)
R0 avgVmm; C:\Windows\system32\drivers\avgVmm.sys [280928 2017-05-24] (AVG Technologies CZ, s.r.o.)
R1 ElbyCDIO; C:\Windows\System32\Drivers\ElbyCDIO.sys [24232 2009-02-17] (Elaborate Bytes AG)
R2 MBAMChameleon; C:\Windows\system32\drivers\MBAMChameleon.sys [162208 2017-06-04] (Malwarebytes)
S3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [39840 2017-06-07] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [220576 2017-06-07] (Malwarebytes)
R3 mcdbus; C:\Windows\System32\DRIVERS\mcdbus.sys [116736 2009-02-24] (MagicISO, Inc.) [File not signed]
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19232 2014-07-25] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad32v.sys [34080 2014-03-31] (NVIDIA Corporation)
R3 SaiK8018; C:\Windows\System32\DRIVERS\SaiK8018.sys [106496 2008-07-29] (Saitek)
S4 secdrv; C:\Windows\system32\Drivers\secdrv.sys [12400 2016-01-10] (Macrovision Europe Ltd) [File not signed]
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [13024 2012-08-27] ()
R3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [26624 2011-12-15] (The OpenVPN Project)
S3 wdm_usb; C:\Windows\System32\DRIVERS\usb2ser.sys [128704 2016-08-16] (MBB)
S3 ZSMC301b; C:\Windows\System32\Drivers\usbVM31b.sys [90968 2004-03-19] (VM)
S3 Jukebox3; system32\DRIVERS\ctpdusb.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)
Reply With Quote
  #4  
Old June 7th, 2017, 06:56 AM
MrUK1953 MrUK1953 is offline
Member
 
Join Date: Jun 2004
Posts: 78
Here is the rest of FRST.txt and the whole of Addition.txt:

2017-06-07 06:39 - 2017-06-07 06:39 - 00000000 ____D C:\FRST
2017-05-31 06:58 - 2017-06-07 04:40 - 00097208 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2017-05-31 06:57 - 2017-06-06 07:51 - 00059936 _____ C:\Windows\system32\Drivers\mbae.sys
2017-05-31 06:57 - 2017-05-31 06:57 - 00002022 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-05-31 06:57 - 2017-05-31 06:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-05-31 06:57 - 2017-05-31 06:57 - 00000000 ____D C:\Program Files\Malwarebytes
2017-05-28 19:46 - 2017-05-28 19:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\partypoker
2017-05-24 06:19 - 2017-05-24 06:17 - 00331896 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\avgBoot.exe
2017-05-19 20:45 - 2017-05-19 20:45 - 00014219 _____ C:\Users\Graham\Desktop\To-Do (Personal).xlsx
2017-05-15 19:09 - 2017-05-15 19:09 - 00418423 _____ C:\Users\Graham\Documents\correspondence.pdf
2017-05-15 13:30 - 2017-06-02 17:58 - 00000000 ____D C:\Users\Graham\AppData\LocalLow\Mozilla
2017-05-15 06:28 - 2017-05-20 06:08 - 00000000 ____D C:\Program Files\Mozilla Firefox
2017-05-10 06:12 - 2017-04-28 01:36 - 04000488 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2017-05-10 06:12 - 2017-04-28 01:36 - 03945192 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2017-05-10 06:12 - 2017-04-28 01:32 - 00644096 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2017-05-10 06:12 - 2017-04-26 15:51 - 02400768 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2017-05-10 06:12 - 2017-04-20 00:16 - 00346320 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2017-05-10 06:12 - 2017-04-17 16:12 - 01417728 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2017-05-10 06:12 - 2017-04-17 16:12 - 00581632 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2017-05-10 06:12 - 2017-04-16 09:01 - 00499200 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2017-05-10 06:12 - 2017-04-16 08:53 - 02290176 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2017-05-10 06:12 - 2017-04-16 08:49 - 20278272 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2017-05-10 06:12 - 2017-04-16 08:47 - 00104960 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2017-05-10 06:12 - 2017-04-16 08:29 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2017-05-10 06:12 - 2017-04-16 08:24 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2017-05-10 06:12 - 2017-04-16 08:08 - 04548608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2017-05-10 06:12 - 2017-04-16 08:08 - 02057216 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2017-05-10 06:12 - 2017-04-16 07:53 - 13661184 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2017-05-10 06:12 - 2017-04-16 07:37 - 02767872 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2017-05-10 06:12 - 2017-04-16 07:34 - 01314816 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2017-05-10 06:12 - 2017-04-12 16:25 - 01176064 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2017-05-10 06:12 - 2017-04-07 16:26 - 00730344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2017-05-10 06:12 - 2017-04-07 16:21 - 00306688 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2017-05-10 06:12 - 2017-04-05 16:00 - 00313856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2017-05-10 06:12 - 2017-04-05 16:00 - 00311808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2017-05-10 06:12 - 2017-04-04 16:25 - 01309928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2017-05-10 06:12 - 2017-03-10 17:20 - 01508352 _____ (Microsoft Corporation) C:\Windows\system32\pla.dll
2017-05-10 06:12 - 2017-03-10 17:20 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\pdh.dll
2017-05-10 06:12 - 2017-03-10 16:51 - 00148992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fastfat.sys
2017-05-10 06:12 - 2017-03-10 16:51 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\exfat.sys
2017-05-10 06:11 - 2017-04-28 01:36 - 00137960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2017-05-10 06:11 - 2017-04-28 01:36 - 00067304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2017-05-10 06:11 - 2017-04-28 01:34 - 01310528 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2017-05-10 06:11 - 2017-04-28 01:32 - 01062912 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2017-05-10 06:11 - 2017-04-28 01:32 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2017-05-10 06:11 - 2017-04-28 01:32 - 00655360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2017-05-10 06:11 - 2017-04-28 01:32 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2017-05-10 06:11 - 2017-04-28 01:32 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2017-05-10 06:11 - 2017-04-28 01:32 - 00261120 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2017-05-10 06:11 - 2017-04-28 01:32 - 00254464 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2017-05-10 06:11 - 2017-04-28 01:32 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2017-05-10 06:11 - 2017-04-28 01:32 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2017-05-10 06:11 - 2017-04-28 01:32 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2017-05-10 06:11 - 2017-04-28 01:32 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2017-05-10 06:11 - 2017-04-28 01:32 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2017-05-10 06:11 - 2017-04-28 01:32 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2017-05-10 06:11 - 2017-04-28 01:32 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2017-05-10 06:11 - 2017-04-28 01:32 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2017-05-10 06:11 - 2017-04-28 01:32 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2017-05-10 06:11 - 2017-04-28 01:32 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2017-05-10 06:11 - 2017-04-28 01:32 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2017-05-10 06:11 - 2017-04-28 01:32 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2017-05-10 06:11 - 2017-04-28 01:32 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2017-05-10 06:11 - 2017-04-28 01:32 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2017-05-10 06:11 - 2017-04-28 01:32 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2017-05-10 06:11 - 2017-04-28 01:11 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2017-05-10 06:11 - 2017-04-28 01:11 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2017-05-10 06:11 - 2017-04-28 01:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2017-05-10 06:11 - 2017-04-28 01:11 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2017-05-10 06:11 - 2017-04-28 01:11 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2017-05-10 06:11 - 2017-04-28 01:09 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2017-05-10 06:11 - 2017-04-28 01:07 - 00226304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2017-05-10 06:11 - 2017-04-28 01:07 - 00124416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2017-05-10 06:11 - 2017-04-28 01:07 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2017-05-10 06:11 - 2017-04-28 01:07 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2017-05-10 06:11 - 2017-04-28 01:07 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2017-05-10 06:11 - 2017-04-28 01:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2017-05-10 06:11 - 2017-04-28 01:07 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2017-05-10 06:11 - 2017-04-21 16:15 - 00805376 _____ (Microsoft Corporation) C:\Windows\system32\cdosys.dll
2017-05-10 06:11 - 2017-04-17 16:12 - 00872448 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2017-05-10 06:11 - 2017-04-17 16:12 - 00377344 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
2017-05-10 06:11 - 2017-04-17 16:12 - 00294400 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2017-05-10 06:11 - 2017-04-17 16:12 - 00171008 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2017-05-10 06:11 - 2017-04-17 16:12 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\oleres.dll
2017-05-10 06:11 - 2017-04-17 16:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2017-05-10 06:11 - 2017-04-17 16:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2017-05-10 06:11 - 2017-04-17 16:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2017-05-10 06:11 - 2017-04-17 16:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2017-05-10 06:11 - 2017-04-17 16:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2017-05-10 06:11 - 2017-04-17 16:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2017-05-10 06:11 - 2017-04-17 16:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2017-05-10 06:11 - 2017-04-17 16:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2017-05-10 06:11 - 2017-04-17 16:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2017-05-10 06:11 - 2017-04-17 16:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2017-05-10 06:11 - 2017-04-17 16:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2017-05-10 06:11 - 2017-04-17 16:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2017-05-10 06:11 - 2017-04-17 16:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2017-05-10 06:11 - 2017-04-17 16:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2017-05-10 06:11 - 2017-04-17 16:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-05-10 06:11 - 2017-04-17 16:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2017-05-10 06:11 - 2017-04-17 16:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2017-05-10 06:11 - 2017-04-17 16:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2017-05-10 06:11 - 2017-04-17 16:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2017-05-10 06:11 - 2017-04-17 16:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2017-05-10 06:11 - 2017-04-17 16:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2017-05-10 06:11 - 2017-04-17 16:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2017-05-10 06:11 - 2017-04-17 16:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2017-05-10 06:11 - 2017-04-17 16:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2017-05-10 06:11 - 2017-04-17 15:54 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\comcat.dll
2017-05-10 06:11 - 2017-04-17 15:51 - 00271360 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2017-05-10 06:11 - 2017-04-17 15:48 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2017-05-10 06:11 - 2017-04-17 15:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2017-05-10 06:11 - 2017-04-17 15:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2017-05-10 06:11 - 2017-04-17 15:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2017-05-10 06:11 - 2017-04-16 09:19 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2017-05-10 06:11 - 2017-04-16 09:19 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2017-05-10 06:11 - 2017-04-16 09:02 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2017-05-10 06:11 - 2017-04-16 09:01 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2017-05-10 06:11 - 2017-04-16 09:01 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2017-05-10 06:11 - 2017-04-16 09:00 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2017-05-10 06:11 - 2017-04-16 08:52 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2017-05-10 06:11 - 2017-04-16 08:52 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2017-05-10 06:11 - 2017-04-16 08:48 - 00476160 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2017-05-10 06:11 - 2017-04-16 08:47 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2017-05-10 06:11 - 2017-04-16 08:47 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2017-05-10 06:11 - 2017-04-16 08:46 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2017-05-10 06:11 - 2017-04-16 08:39 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2017-05-10 06:11 - 2017-04-16 08:35 - 00416256 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2017-05-10 06:11 - 2017-04-16 08:30 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2017-05-10 06:11 - 2017-04-16 08:28 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2017-05-10 06:11 - 2017-04-16 08:25 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2017-05-10 06:11 - 2017-04-16 08:22 - 00279040 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2017-05-10 06:11 - 2017-04-16 08:20 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2017-05-10 06:11 - 2017-04-16 08:12 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2017-05-10 06:11 - 2017-04-16 08:10 - 00693248 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2017-05-10 06:11 - 2017-04-16 08:10 - 00689664 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2017-05-10 06:11 - 2017-04-16 08:08 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2017-05-10 06:11 - 2017-04-16 07:34 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2017-05-10 06:11 - 2017-04-12 16:26 - 00179200 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2017-05-10 06:11 - 2017-04-12 16:25 - 00145920 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2017-05-10 06:11 - 2017-04-12 16:25 - 00106496 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2017-05-10 06:11 - 2017-04-07 16:26 - 00218856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2017-05-10 06:11 - 2017-04-07 16:20 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2017-05-10 06:11 - 2017-04-05 16:00 - 00116224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2017-05-10 06:11 - 2017-04-04 16:25 - 00240872 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2017-05-10 06:11 - 2017-04-04 16:25 - 00187624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2017-05-10 06:11 - 2017-04-04 15:52 - 00338944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2017-05-10 06:11 - 2017-04-04 15:52 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2017-05-10 06:11 - 2017-03-10 16:52 - 00007680 _____ (Microsoft Corporation) C:\Windows\system32\plasrv.exe
2017-05-10 06:11 - 2017-03-09 17:19 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-06-07 06:39 - 2010-05-06 13:32 - 00000000 ___RD C:\Users\Graham\Desktop\Tools
2017-06-07 06:30 - 2014-04-09 20:31 - 00000516 _____ C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-3597907355-2430030293-454580081-1001.job
2017-06-07 05:03 - 2009-07-14 05:34 - 00022592 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-06-07 05:03 - 2009-07-14 05:34 - 00022592 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-06-07 04:55 - 2014-06-08 10:55 - 00065824 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2017-06-07 04:51 - 2015-05-30 16:12 - 00000612 _____ C:\Windows\Tasks\G2MUploadTask-S-1-5-21-3597907355-2430030293-454580081-1001.job
2017-06-07 04:40 - 2014-06-08 10:55 - 00220576 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-06-07 04:40 - 2014-06-08 10:55 - 00039840 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2017-06-07 04:39 - 2010-07-28 20:32 - 00000000 ____D C:\ProgramData\NVIDIA
2017-06-07 04:39 - 2009-07-14 05:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-06-04 07:59 - 2014-06-08 10:55 - 00162208 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2017-06-01 06:55 - 2010-10-16 18:23 - 00000000 ____D C:\Program Files\TomTom HOME 2
2017-05-31 21:08 - 2011-03-31 19:11 - 00332804 _____ C:\Windows\ntbtlog.txt
2017-05-31 21:07 - 2016-02-05 08:19 - 00390144 ___SH C:\Users\Graham\Desktop\Thumbs.db
2017-05-31 18:13 - 2015-01-17 12:57 - 00000000 ____D C:\Program Files\PenWes
2017-05-31 06:57 - 2014-06-08 10:55 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-05-30 06:13 - 2017-04-04 20:00 - 00000978 _____ C:\Users\Public\Desktop\AVG.lnk
2017-05-30 06:13 - 2017-03-07 20:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2017-05-29 15:15 - 2010-06-08 23:29 - 00000000 ____D C:\Users\Graham\AppData\Local\ElevatedDiagnostics
2017-05-28 19:46 - 2017-03-23 20:05 - 00001531 _____ C:\Users\Graham\Desktop\partypoker.lnk
2017-05-28 19:46 - 2016-12-07 19:33 - 00001537 _____ C:\ProgramData\Microsoft\Windows\Start Menu\partypoker.lnk
2017-05-28 19:46 - 2009-07-14 05:52 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2017-05-24 06:30 - 2017-03-04 10:32 - 00116280 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgstm.sys
2017-05-24 06:18 - 2017-03-04 10:32 - 00483736 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgSP.sys
2017-05-24 06:18 - 2017-03-04 10:32 - 00280928 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgVmm.sys
2017-05-24 06:18 - 2017-03-04 10:32 - 00109056 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgMonFlt.sys
2017-05-24 06:18 - 2017-03-04 10:32 - 00091464 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgRdr2.sys
2017-05-24 06:18 - 2017-03-04 10:32 - 00063280 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgRvrt.sys
2017-05-24 06:18 - 2017-03-04 10:32 - 00035264 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgHwid.sys
2017-05-24 06:17 - 2017-03-04 10:32 - 00765704 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgSnx.sys
2017-05-24 06:17 - 2017-03-04 10:32 - 00270344 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgblogx.sys
2017-05-24 06:17 - 2017-03-04 10:32 - 00260616 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbidsdriverx.sys
2017-05-24 06:17 - 2017-03-04 10:32 - 00151024 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbidshx.sys
2017-05-24 06:17 - 2017-03-04 10:32 - 00135872 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbdiskx.sys
2017-05-24 06:17 - 2017-03-04 10:32 - 00043992 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbunivx.sys
2017-05-23 19:51 - 2013-08-14 07:37 - 00000000 ____D C:\Windows\system32\MRT
2017-05-23 19:51 - 2010-05-12 06:59 - 129479984 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-05-21 12:33 - 2011-07-23 15:36 - 00005018 ___SH C:\ProgramData\KGyGaAvL.sys
2017-05-21 12:33 - 2010-05-06 15:48 - 00000000 ____D C:\Users\Graham\Documents\My PSP Files
2017-05-20 11:34 - 2012-06-05 17:58 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2017-05-17 06:48 - 2015-07-19 23:22 - 00002143 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-05-14 06:33 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\rescache
2017-05-11 04:37 - 2010-05-06 13:32 - 00782470 _____ C:\Windows\system32\PerfStringBackup.INI
2017-05-11 04:37 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\inf
2017-05-11 04:30 - 2009-07-14 05:33 - 00474240 _____ C:\Windows\system32\FNTCACHE.DAT
2017-05-11 04:27 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\PolicyDefinitions

==================== Files in the root of some directories =======

2010-05-06 14:55 - 2009-05-17 14:16 - 0000604 ____H () C:\Program Files\STLL Notifier
2012-01-02 18:13 - 2012-01-28 10:41 - 0000656 _____ () C:\Users\Graham\AppData\Roaming\.backup.dm
2010-06-28 21:12 - 2014-09-30 18:51 - 0035328 _____ () C:\Users\Graham\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-09-29 08:39 - 2012-09-29 08:39 - 0027520 _____ () C:\Users\Graham\AppData\Local\dt.dat
2011-07-24 17:11 - 2011-07-24 17:11 - 0000600 _____ () C:\Users\Graham\AppData\Local\PUTTY.RND
2012-09-15 19:05 - 2014-02-08 11:03 - 0007605 _____ () C:\Users\Graham\AppData\Local\Resmon.ResmonCfg
2011-07-23 15:36 - 2011-07-23 15:45 - 0000088 __RSH () C:\ProgramData\17CA0A90C6.sys
2017-03-11 17:05 - 2017-03-11 17:05 - 0000057 _____ () C:\ProgramData\Ament.ini
2011-07-23 15:36 - 2017-05-21 12:33 - 0005018 ___SH () C:\ProgramData\KGyGaAvL.sys

Some files in TEMP:
====================
2015-12-06 23:21 - 2010-08-21 13:05 - 0071680 _____ () C:\Users\Graham\AppData\Local\Temp\6fd90dae.exe
2003-08-29 00:02 - 2003-08-29 00:02 - 0561152 _____ (Electronic Arts Inc.) C:\Users\Graham\AppData\Local\Temp\AutoRun.exe
2016-01-10 15:49 - 2003-08-28 23:38 - 1736704 _____ () C:\Users\Graham\AppData\Local\Temp\AutoRunGUI.dll
2016-02-19 20:21 - 2016-02-19 20:21 - 0000000 ____D () C:\Users\Graham\AppData\Local\Temp\avgnt.exe
2016-04-07 20:37 - 2016-02-18 13:09 - 0179624 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Graham\AppData\Local\Temp\avguirn_0810464 21345.exe
2016-01-15 22:11 - 2015-12-08 08:23 - 0091048 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Graham\AppData\Local\Temp\avguirn_0813444 41755.exe
2016-02-23 23:40 - 2016-01-12 17:23 - 0179624 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Graham\AppData\Local\Temp\avguirn_0816042 7094.exe
2016-05-14 07:05 - 2016-04-14 17:29 - 0186640 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Graham\AppData\Local\Temp\avguirn_0818404 56358.exe
2016-01-06 07:15 - 2015-11-12 17:54 - 0091048 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Graham\AppData\Local\Temp\avguirn_0819288 94072.exe
2015-11-18 15:38 - 2015-10-16 13:30 - 0091048 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Graham\AppData\Local\Temp\avguirn_0819356 62593.exe
2016-06-01 09:49 - 2016-04-22 10:01 - 0186640 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Graham\AppData\Local\Temp\avguirn_0820829 3567.exe
2016-06-23 20:15 - 2016-05-18 13:03 - 0186640 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Graham\AppData\Local\Temp\avguirn_0821044 69806.exe
2016-08-22 19:44 - 2016-07-20 14:01 - 0186640 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Graham\AppData\Local\Temp\avguirn_0821745 2989.exe
2016-04-18 19:42 - 2016-03-23 16:57 - 0186640 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Graham\AppData\Local\Temp\avguirn_0855499 1746.exe
2016-07-27 08:00 - 2016-06-21 18:49 - 0186640 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Graham\AppData\Local\Temp\avguirn_0863771 8682.exe
2016-02-11 21:41 - 2016-02-11 21:41 - 0000000 _____ () C:\Users\Graham\AppData\Local\Temp\GUREDB7.exe
2016-05-26 21:48 - 2016-05-26 21:48 - 0000000 _____ () C:\Users\Graham\AppData\Local\Temp\GURF0F4.exe
2016-02-11 09:59 - 2016-02-11 09:59 - 0736352 _____ (Oracle Corporation) C:\Users\Graham\AppData\Local\Temp\jre-8u73-windows-au.exe
2017-03-08 20:50 - 2017-03-08 20:50 - 0001536 _____ () C:\Users\Graham\AppData\Local\Temp\NEventMessages. dll
2017-05-31 21:07 - 2011-05-30 18:08 - 0414464 _____ (Playtech) C:\Users\Graham\AppData\Local\Temp\ptu8575_tmp.exe
2016-07-21 16:04 - 2014-12-22 23:12 - 0227840 _____ (Bwin.Party) C:\Users\Graham\AppData\Local\Temp\SIInvoker.exe
2016-05-03 04:30 - 2016-05-03 04:30 - 47405696 _____ (Skype Technologies S.A.) C:\Users\Graham\AppData\Local\Temp\SkypeSetup.exe
2017-02-21 07:47 - 2011-08-12 17:27 - 0455600 _____ (Macrovision Corporation) C:\Users\Graham\AppData\Local\Temp\_isA360.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


teşekkür ederim

Graham
Reply With Quote
  #5  
Old June 7th, 2017, 12:12 PM
olgun52's Avatar
olgun52 olgun52 is offline
Malware Removal Team
 
Join Date: Feb 2014
O/S: Windows 10 Pro
Location: Europa
Posts: 2,029
Quote:
Merhaba / teşekkür ederim
Rica ederim.Merhaba
---------------------------------------------

Quote:
ProxyServer: [S-1-5-21-3597907355-2430030293-454580081-1001] => 172.241.136.162:29842
Did you make this proxy settings or did you set this proxy on purpose?
================================================== ====
Please uninstall the following via Start->(or My Computer)->Control Panel->(Programs)->Programs and Features if it still exists:

if they are still present,
mysearchdial.com
C:\Program Files\PenWes
==================================
Step1:
Please download AdwCleaner by Xplode onto your desktop.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan, then Clean.
  • A logfile will automatically open after the scan has finished.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
Step2:
Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista / 7 / 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Step3:
Please be sure to run our tools with administrator rights.

ComboFix run:

* IMPORTAN: 1Place ComboFix.exe on your Desktop
* IMPORTAN: 2Ensure your external and/or USB drives are inserted during the scan

Next, downloadComboFix Save to the Desktop

  • Disable all antivirus and antispyware programs. Get help here
  • Now, close all open windows
  • Double-click combofix.exe to run the program
  • Follow the prompts.
  • If the option is offered, it is in your best interest to allow the download and install of the Recovery Console when prompted.
  • When told that the RC is installed correctly, press YES to continue scanning for malware.
  • ComboFix will run. Please don't click on the window while the program is running, it may cause your system to stall.
  • CF may reboot the computer and resume running when it restarts.
  • When finished, a log, ComboFix.txt, is produced.
Please provide the contents of the ComboFix report in your reply.

Have a nice day.
Reply With Quote
  #6  
Old June 8th, 2017, 08:20 AM
MrUK1953 MrUK1953 is offline
Member
 
Join Date: Jun 2004
Posts: 78
Hi

Thank you for pointing out that I was still running through a proxy server. I do that when I am checking multiple Twitter accounts so I don't make it too obvious that they are all run from the same IP address. I must have forgotten to untick the proxy when I finished.

I am still getting a problem with the software telling me there is no disk in the drive and to insert a disk into \Device\Harddisk5\DR5

Here are the results of AdwCleaner:



# AdwCleaner v6.047 - Logfile created 08/06/2017 at 05:56:44
# Updated on 19/05/2017 by Malwarebytes
# Database : 2017-06-07.1 [Server]
# Operating System : Windows 7 Home Premium Service Pack 1 (X86)
# Username : Graham - GRAHAM-PC
# Running from : C:\Users\Graham\Desktop\Tools\AdwCleaner.exe
# Mode: Clean
# Support : https://www.malwarebytes.com/support



***** [ Services ] *****

[-] Service deleted: PenWesController
[-] Service deleted: YahooAUService
[-] Service deleted: swdumon


***** [ Folders ] *****

[-] Folder deleted: C:\Users\Graham\AppData\Local\slimware utilities inc
[#] Folder deleted on reboot: C:\Users\Graham\AppData\Local\SlimWare Utilities Inc
[-] Folder deleted: C:\Users\Graham\AppData\Roaming\Yahoo!\Companion
[-] Folder deleted: C:\ProgramData\PenWes
[#] Folder deleted on reboot: C:\ProgramData\Application Data\PenWes
[-] Folder deleted: C:\Users\Public\Documents\Downloaded Installers
[-] Folder deleted: C:\Program Files\PenWes
[-] Folder deleted: C:\Users\Graham\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\jgceplfonlgodadnpognljgdjlcnpjnh
[-] Folder deleted: C:\Users\Graham\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\jgceplfonlgodadnpognljgdjlcnpjnh


***** [ Files ] *****

[-] File deleted: C:\Windows\system32\drivers\swdumon.sys


***** [ DLL ] *****



***** [ WMI ] *****



***** [ Shortcuts ] *****



***** [ Scheduled Tasks ] *****

[-] Task deleted: PenWes
[-] Task deleted: iorrt


***** [ Registry ] *****

[#] Key deleted on reboot: HKLM\SYSTEM\CurrentControlSet\services\yahooauserv ice
[#] Key deleted on reboot: HKLM\SYSTEM\CurrentControlSet\services\penwescontr oller
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\YahooAUService
[#] Key deleted on reboot: HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\yahooauservice
[-] Key deleted: HKLM\SOFTWARE\Classes\LXImageTool.ZIPTool
[-] Key deleted: HKLM\SOFTWARE\Classes\LXImageTool.ZIPTool.1
[-] Key deleted: HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserTool bar
[-] Key deleted: HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserTool bar.1
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{3CCC052E-BDEE-408A-BEA7-90914EF2964B}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{61F47056-E400-43D3-AF1E-AB7DFFD4C4AD}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{E2B98EEA-EE55-4E9B-A8C1-6E5288DF785A}
[-] Key deleted: HKU\.DEFAULT\Software\Auslogics
[-] Key deleted: HKU\S-1-5-21-3597907355-2430030293-454580081-1001\Software\SlimWare Utilities Inc
[-] Key deleted: HKU\S-1-5-21-3597907355-2430030293-454580081-1001\Software\Yahoo\Companion
[-] Key deleted: HKU\S-1-5-21-3597907355-2430030293-454580081-1001\Software\Yahoo\YFriendsBar
[-] Key deleted: HKU\S-1-5-21-3597907355-2430030293-454580081-1001\Software\AppDataLow\Software\Yahoo\Companion
[#] Key deleted on reboot: HKU\S-1-5-18\Software\Auslogics
[#] Key deleted on reboot: HKCU\Software\SlimWare Utilities Inc
[#] Key deleted on reboot: HKCU\Software\Yahoo\Companion
[#] Key deleted on reboot: HKCU\Software\Yahoo\YFriendsBar
[#] Key deleted on reboot: HKCU\Software\AppDataLow\Software\Yahoo\Companion
[-] Key deleted: HKLM\SOFTWARE\SlimWare Utilities Inc
[-] Key deleted: HKLM\SOFTWARE\Yahoo\Companion
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall\Penwes
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ins taller\UserData\S-1-5-18\Components\120DFADEB50841F408F04D2A278F9509
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ins taller\UserData\S-1-5-18\Components\B5BAE2ED018083A4C8DA86D6E3F4B024
[-] Data restored: HKCU\Software\Microsoft\Internet Explorer\SearchURI [(Default)]
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Shared Tools\MsConfig\StartupReg\Search Protection


***** [ Web browsers ] *****

[-] Firefox preferences cleaned: "avg.toolbar.buttons_label" - ",Search,Active Surf-Shield,Active Surf-Shield,Search-Shield,AVG Info ,AVG Info ,Get More"
[-] [C:\Users\Graham\AppData\Local\Google\Chrome\User Data\Default] [startup_urls] Deleted: hxxp://start.mysearchdial.com/?f=1&a=dsites0103&cd=2XzuyEtN2Y1L1QzutDtDtBtCzy0Bt CyB0F0C0FyEtCtDyB0CtN0D0Tzu0CyByDyEtN1L2XzutBtFtBt FtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R&cr=552127649&i r=
[-] [C:\Users\Graham\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: jgceplfonlgodadnpognljgdjlcnpjnh
[-] [C:\Users\Graham\AppData\Local\Google\Chrome\User Data\Profile 1\Web data] [Search Provider] Deleted: uk.ask.com
[-] [C:\Users\Graham\AppData\Local\Google\Chrome\User Data\Profile 2\Web data] [Search Provider] Deleted: uk.ask.com


*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [4778 Bytes] - [08/06/2017 05:56:44]
C:\AdwCleaner\AdwCleaner[R0].txt - [18476 Bytes] - [08/06/2014 10:39:10]
C:\AdwCleaner\AdwCleaner[S0].txt - [18433 Bytes] - [08/06/2014 10:40:25]
C:\AdwCleaner\AdwCleaner[S1].txt - [4982 Bytes] - [08/06/2017 05:55:10]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [5072 Bytes] ##########


I have left Junkware Removal Tool running on my computer while I am here at the office. However, I am not certain it is running properly. At the moment there is no internet in the area around my home. I think the program may need some internet access. It succeeded in finding a restore point but failed to validate it. It has gone through all the following:

Processes
Startup - Logon
Startup - Scheduled Tasks
Services
File System
Browsers
Shortcuts

I am not sure if that is everything or if it is still running, but I have left it on just in case. But so far it has not produced a text file. I will check again when I get home this evening and if it has not produced a file I will let you know. If it has I will continue with ComboFix and then post both JRT and Combofix in my reply.

Kind regards

Graham
Reply With Quote
  #7  
Old June 8th, 2017, 01:21 PM
olgun52's Avatar
olgun52 olgun52 is offline
Malware Removal Team
 
Join Date: Feb 2014
O/S: Windows 10 Pro
Location: Europa
Posts: 2,029
Quote:
I am still getting a problem with the software telling me there is no disk in the drive and to insert a disk into \Device\Harddisk5\DR5
At the moment there is no internet in the area around my home.
I think the program may need some internet access.
I understand. It is true.Transactions must be made on the internet.

Quote:
I will check again when I get home this evening and if it has not produced a file I will let you know. If it has I will continue with ComboFix and then post both JRT and Combofix in my reply.
I understand,thank you.I am waiting.
Reply With Quote
  #8  
Old June 8th, 2017, 07:46 PM
MrUK1953 MrUK1953 is offline
Member
 
Join Date: Jun 2004
Posts: 78
Something happened when I was using one of those cleaner programs which has stopped me accessing the internet. I have checked everything and it is all working ok. But now I find if I use through a proxy server I CAN connect, but not if I turn off the proxy server. How can I fix this?
Reply With Quote
  #9  
Old June 8th, 2017, 09:02 PM
MrUK1953 MrUK1953 is offline
Member
 
Join Date: Jun 2004
Posts: 78
I get the same problem with JRT not being able to ping or validate the restore point even though I can now access the internet through an American proxy server.

I have tried pinging 8.8.8.8 and there are no problems at all reaching Google.

JRT cannot complete, and it therefore does not produce a text file.

I haven't yet run Combofix in case each of the processes must be run in a particular order.
Reply With Quote
  #10  
Old June 9th, 2017, 01:32 AM
olgun52's Avatar
olgun52 olgun52 is offline
Malware Removal Team
 
Join Date: Feb 2014
O/S: Windows 10 Pro
Location: Europa
Posts: 2,029
Quote:
I haven't yet run Combofix in case each of the processes must be run in a particular order
JRT cannot complete, and it therefore does not produce a text file.
I understand and no JRT problem.Do you want to remove the proxy ?
Reply With Quote
  #11  
Old June 9th, 2017, 04:22 AM
Mathilda Mathilda is offline
Banned
 
Join Date: Jun 2017
O/S: Windows 7 64-bit
Posts: 1
Smile Typical symptom of redirect virus

As per the CTH guidelines for the Malware Removal Forum shown Here, this post has been deleted. Members who have not been approved by the CTH Staff to provide infection removal/repair steps are prohibited from posting those procedures.

Last edited by Jintan; June 9th, 2017 at 08:36 PM.
Reply With Quote
  #12  
Old June 9th, 2017, 06:42 AM
MrUK1953 MrUK1953 is offline
Member
 
Join Date: Jun 2004
Posts: 78
Hi Olgun

Yes, I want to remove the need to use a proxy in order to gain internet access. I still need all my proxies available for when I am working with Twitter. But I also want to be able to access the internet without using a proxy.

Many thanks
Reply With Quote
  #13  
Old June 9th, 2017, 11:13 AM
olgun52's Avatar
olgun52 olgun52 is offline
Malware Removal Team
 
Join Date: Feb 2014
O/S: Windows 10 Pro
Location: Europa
Posts: 2,029
Hi,
You have to make these settings yourself. Proxy is not a problem for the system.Does the proxy create a problem?

You can run Combofix software.

Thanks,regards.
Reply With Quote
  #14  
Old June 10th, 2017, 11:24 AM
MrUK1953 MrUK1953 is offline
Member
 
Join Date: Jun 2004
Posts: 78
Combofix will not install properly. It says I have the incorrect operating system.

I notice that when I use Google now it assumes I am in Colombia. Perhaps this is because I am forced to access the internet through a proxy, although the proxy server is in the US, not Colombia.

I do not know what settings I must change in order to allow me to access the internet again without using proxy. This problem only arose while I was using one of the cleaner programs you suggested (I am not blaming you for this, but I think it is important to know at what point the problem arose so we can work out how to fix it). I think it may have something to do with the removal of PenWes.

It is certainly a big problem for me only to be able to access the internet through a proxy. Firstly, this means I can only maintain internet access for as long as I pay for the proxy service. Secondly it reduces my internet speed. Thirdly it means it looks to all sites as though I am based in the US - and that means I can no longer play online poker, as this is illegal in the US and the site I use will not let me log in.
Reply With Quote
  #15  
Old June 11th, 2017, 12:01 AM
olgun52's Avatar
olgun52 olgun52 is offline
Malware Removal Team
 
Join Date: Feb 2014
O/S: Windows 10 Pro
Location: Europa
Posts: 2,029
Sorry. Let's remove Proxy completely from the system. You can still upload it at any time.
What is your idea for this ?
Reply With Quote
Reply

Bookmarks

Topic Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump




All times are GMT +1. The time now is 07:06 AM.