#16
|
||||
|
||||
fixlist.txt file:
Fix result of Farbar Recovery Scan Tool (x64) Version: 12-02-2017 Ran by Al (12-02-2017 11:35:12) Run:1 Running from C:\Users\Al\Desktop Loaded Profiles: Al & ntp (Available Profiles: Al & UpdatusUser & ntp & DefaultAppPool) Boot Mode: Normal ============================================== fixlist content: ***************** start HKU\S-1-5-21-1118254938-2305694269-2017895754-1000\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.) CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION CHR HKU\S-1-5-21-1118254938-2305694269-2017895754-1000\SOFTWARE\Policies\Google: Restriction <======= ATTENTION HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-1118254938-2305694269-2017895754-1005 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = CHR HKLM-x32\...\Chrome\Extension: [lhmiofmipcpmhgihiecmpiekcacigpgb] - C:\ProgramData\Anvisoft\Anvi Smart Defender 2\extensions\chrome.crx <not found> R2 AnviCsbSvc; C:\Program Files (x86)\Anvisoft\Cloud System Booster\CSBSvc.exe [42680 2014-08-20] (Anvisoft) S1 Asdids; C:\WINDOWS\System32\DRIVERS\asdids.sys [47632 2014-08-20] (Anvisoft) [File not signed] R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50976 2014-11-20] (AVG Technologies) S1 BdfNdisf; C:\WINDOWS\system32\DRIVERS\bdfndisf6.sys [107496 2016-02-16] (BitDefender LLC) S1 KLIF; C:\WINDOWS\System32\DRIVERS\klif.sys [611160 2012-11-15] (Kaspersky Lab) S1 bdfwfpf; \??\C:\Program Files\Lavasoft\Ad-Aware Antivirus\Firewall Engine\1.6.1.0\Drivers\bdfwfpf.sys [X] end ***************** HKU\S-1-5-21-1118254938-2305694269-2017895754-1000\Software\Microsoft\Windows\CurrentVersion\Run \\SpybotPostWindows10UpgradeReInstall => value removed successfully HKLM\SOFTWARE\Policies\Google => key removed successfully HKU\S-1-5-21-1118254938-2305694269-2017895754-1000\SOFTWARE\Policies\Google => key removed successfully HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => key removed successfully HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully HKU\S-1-5-21-1118254938-2305694269-2017895754-1005\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions \lhmiofmipcpmhgihiecmpiekcacigpgb => key removed successfully AnviCsbSvc => Unable to stop service. HKLM\System\CurrentControlSet\Services\AnviCsbSvc => key removed successfully AnviCsbSvc => service removed successfully HKLM\System\CurrentControlSet\Services\Asdids => key removed successfully Asdids => service removed successfully avgtp => Unable to stop service. HKLM\System\CurrentControlSet\Services\avgtp => key removed successfully avgtp => service removed successfully HKLM\System\CurrentControlSet\Services\BdfNdisf => key removed successfully BdfNdisf => service removed successfully HKLM\System\CurrentControlSet\Services\KLIF => key removed successfully KLIF => service removed successfully HKLM\System\CurrentControlSet\Services\bdfwfpf => key removed successfully bdfwfpf => service removed successfully The system needed a reboot. ==== End of Fixlog 11:35:22 ==== Logfile: # AdwCleaner v6.043 - Logfile created 12/02/2017 at 11:53:43 # Updated on 27/01/2017 by Malwarebytes # Database : 2017-02-09.1 [Local] # Operating System : Windows 10 Home (X64) # Username : Al - ALS_COMP # Running from : C:\Users\Al\Desktop\adwcleaner_6.043.exe # Mode: Scan # Support : https://www.malwarebytes.com/support ***** [ Services ] ***** No malicious services found. ***** [ Folders ] ***** Folder Found: C:\Users\Al\AppData\LocAl\DriverToolkit Folder Found: C:\Users\Al\AppData\LocAl\PackageAware Folder Found: C:\Users\Al\AppData\LocAl\avg web tuneup Folder Found: C:\Users\Al\AppData\LocAlLow\Check Point Software Technologies LTD Folder Found: C:\Users\Al\AppData\LocAlLow\avg web tuneup Folder Found: C:\Users\Al\AppData\Roaming\eCyber Folder Found: C:\Users\Al\AppData\Roaming\iSafe Folder Found: C:\Users\Al\AppData\Roaming\MailUpdate Folder Found: C:\Users\Al\AppData\Roaming\ParetoLogic Folder Found: C:\Users\Al\AppData\Roaming\SecureSearch Folder Found: C:\Users\Al\AppData\Roaming\WinZipper Folder Found: C:\Users\Al\AppData\Roaming\PARETOLOGIC Folder Found: C:\Users\Al\AppData\Roaming\Microsoft\Windows\Star t Menu\ByteFence Folder Found: C:\ProgramData\ParetoLogic Folder Found: C:\ProgramData\avg web tuneup Folder Found: C:\ProgramData\PARETOLOGIC Folder Found: C:\ProgramData\Application Data\ParetoLogic Folder Found: C:\ProgramData\Application Data\avg web tuneup Folder Found: C:\ProgramData\Application Data\PARETOLOGIC Folder Found: C:\Program Files (x86)\DriverToolkit ***** [ Files ] ***** File Found: C:\Users\Al\daemonprocess.txt File Found: C:\Users\Al\AppData\Local\Temp\reimage.log File Found: C:\Program Files (x86)\Mozilla Firefox\avg-secure-search.xml File Found: C:\Users\Al\AppData\Roaming\Mozilla\Firefox\Profil es\vy6ih178.default-1416502492888\invalidprefs.js File Found: C:\Program Files (x86)\Mozilla Firefox\avg-secure-search.xml File Found: C:\Program Files (x86)\Mozilla Firefox\avg-secure-search.xml File Found: C:\Program Files (x86)\Mozilla Firefox\avg-secure-search.xml File Found: C:\Users\Al\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_noajmlkipclmeolfcnflkjhijkigpfjh_0.local storage ***** [ DLL ] ***** No malicious DLLs found. ***** [ WMI ] ***** No malicious keys found. ***** [ Shortcuts ] ***** No infected shortcut found. ***** [ Scheduled Tasks ] ***** Task Found: ReimageUpdater Task Found: ReimageUpdater Task Found: reimageupdater ***** [ Registry ] ***** Key Found: HKLM\SOFTWARE\Classes\WinZipper.001 Key Found: HKLM\SOFTWARE\Classes\WinZipper.7z Key Found: HKLM\SOFTWARE\Classes\WinZipper.arj Key Found: HKLM\SOFTWARE\Classes\WinZipper.bz2 Key Found: HKLM\SOFTWARE\Classes\WinZipper.bzip2 Key Found: HKLM\SOFTWARE\Classes\WinZipper.cab Key Found: HKLM\SOFTWARE\Classes\WinZipper.cpio Key Found: HKLM\SOFTWARE\Classes\WinZipper.deb Key Found: HKLM\SOFTWARE\Classes\WinZipper.dmg Key Found: HKLM\SOFTWARE\Classes\WinZipper.fat Key Found: HKLM\SOFTWARE\Classes\WinZipper.gz Key Found: HKLM\SOFTWARE\Classes\WinZipper.gzip Key Found: HKLM\SOFTWARE\Classes\WinZipper.hfs Key Found: HKLM\SOFTWARE\Classes\WinZipper.iso Key Found: HKLM\SOFTWARE\Classes\WinZipper.lha Key Found: HKLM\SOFTWARE\Classes\WinZipper.lzh Key Found: HKLM\SOFTWARE\Classes\WinZipper.lzma Key Found: HKLM\SOFTWARE\Classes\WinZipper.ntfs Key Found: HKLM\SOFTWARE\Classes\WinZipper.rar Key Found: HKLM\SOFTWARE\Classes\WinZipper.rpm Key Found: HKLM\SOFTWARE\Classes\WinZipper.squashfs Key Found: HKLM\SOFTWARE\Classes\WinZipper.swm Key Found: HKLM\SOFTWARE\Classes\WinZipper.tar Key Found: HKLM\SOFTWARE\Classes\WinZipper.taz Key Found: HKLM\SOFTWARE\Classes\WinZipper.tbz Key Found: HKLM\SOFTWARE\Classes\WinZipper.tbz2 Key Found: HKLM\SOFTWARE\Classes\WinZipper.tgz Key Found: HKLM\SOFTWARE\Classes\WinZipper.tpz Key Found: HKLM\SOFTWARE\Classes\WinZipper.txz Key Found: HKLM\SOFTWARE\Classes\WinZipper.vhd Key Found: HKLM\SOFTWARE\Classes\WinZipper.wim Key Found: HKLM\SOFTWARE\Classes\WinZipper.xar Key Found: HKLM\SOFTWARE\Classes\WinZipper.xz Key Found: HKLM\SOFTWARE\Classes\WinZipper.z Key Found: HKLM\SOFTWARE\Classes\WinZipper.zip Key Found: HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Ap plication\mailUpdate Key Found: [x64] HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Ap plication\mailUpdate Key Found: HKLM\SOFTWARE\Classes\ScriptHelper.GenericWnd Key Found: HKLM\SOFTWARE\Classes\ScriptHelper.NativeApi Key Found: HKLM\SOFTWARE\Classes\ScriptHelper.NativeApi.1 Key Found: HKLM\SOFTWARE\Classes\WtuServer.WtuServerObj Key Found: [x64] HKLM\SOFTWARE\Classes\ScriptHelper.GenericWnd Key Found: [x64] HKLM\SOFTWARE\Classes\ScriptHelper.NativeApi Key Found: [x64] HKLM\SOFTWARE\Classes\ScriptHelper.NativeApi.1 Key Found: [x64] HKLM\SOFTWARE\Classes\WtuServer.WtuServerObj Key Found: HKLM\SOFTWARE\Classes\CLSID\{00B11DA2-75ED-4364-ABA5-9A95B1F5E946} Key Found: HKLM\SOFTWARE\Classes\CLSID\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A} Key Found: HKLM\SOFTWARE\Classes\CLSID\{CA3A5461-96B5-46DD-9341-5350D3C94615} Key Found: HKLM\SOFTWARE\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4} Key Found: HKLM\SOFTWARE\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546} Key Found: HKLM\SOFTWARE\Classes\TypeLib\{FA6468D2-FAA4-4951-A53B-2A5CF9CC0A36} Key Found: HKLM\SOFTWARE\Classes\TypeLib\{4BC8AD89-AC5F-4DBD-A38F-C355C7DD33D7} Key Found: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext \PreApproved\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A} Key Found: HKU\.DEFAULT\Software\Auslogics Key Found: HKU\.DEFAULT\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA} Key Found: HKU\S-1-5-21-1118254938-2305694269-2017895754-1000\Software\DriverToolkit Key Found: HKU\S-1-5-21-1118254938-2305694269-2017895754-1000\Software\Mozilla\Extends Key Found: HKU\S-1-5-21-1118254938-2305694269-2017895754-1000\Software\ParetoLogic Key Found: HKU\S-1-5-21-1118254938-2305694269-2017895754-1000\Software\WEBAPP Key Found: HKU\S-1-5-21-1118254938-2305694269-2017895754-1000\Software\Auslogics Key Found: HKU\S-1-5-21-1118254938-2305694269-2017895754-1000\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA} Key Found: HKU\S-1-5-21-1118254938-2305694269-2017895754-1000\Software\AppDataLow\Software\adawarebp Key Found: HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1118254938-2305694269-2017895754-1000\Software\SweetIM Key Found: HKU\S-1-5-18\Software\Auslogics Key Found: HKU\S-1-5-18\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA} Key Found: HKCU\Software\DriverToolkit Key Found: HKCU\Software\Mozilla\Extends Key Found: HKCU\Software\ParetoLogic Key Found: HKCU\Software\WEBAPP Key Found: HKCU\Software\Auslogics Key Found: HKCU\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA} Key Found: HKCU\Software\AppDataLow\Software\adawarebp Key Found: HKLM\SOFTWARE\{12A61307-94CD-4F8E-94BC-918E511FAA81} Key Found: HKLM\SOFTWARE\{12DA0E6F-5543-440C-BAA2-28BF01070AFA} Key Found: HKLM\SOFTWARE\hdcode Key Found: HKLM\SOFTWARE\istart123Software Key Found: HKLM\SOFTWARE\ParetoLogic Key Found: HKLM\SOFTWARE\Reimage Key Found: HKLM\SOFTWARE\AVG Tuneup Key Found: [x64] HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1118254938-2305694269-2017895754-1000\Software\SweetIM Key Found: [x64] HKCU\Software\DriverToolkit Key Found: [x64] HKCU\Software\Mozilla\Extends Key Found: [x64] HKCU\Software\ParetoLogic Key Found: [x64] HKCU\Software\WEBAPP Key Found: [x64] HKCU\Software\Auslogics Key Found: [x64] HKCU\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA} Key Found: [x64] HKCU\Software\AppDataLow\Software\adawarebp Key Found: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall\Reimage Protector Key Found: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\mysearch.avg.com Key Found: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\mysearch.avg.com Key Found: HKLM\SOFTWARE\Classes\lnkfile\shellex\ContextMenuH andlers\WinZipper Key Found: HKLM\SOFTWARE\Google\Chrome\NativeMessagingHosts\a vgsh Key Found: HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandler s\WinZipper ***** [ Web browsers ] ***** No malicious Firefox based browser items found. Chrome pref Found: [C:\Users\Al\AppData\Local\Google\Chrome\User Data\Default\Web data] - check point software technologies ltd Chrome pref Found: [C:\Users\Al\AppData\Local\Google\Chrome\User Data\Default\Web data] - yahoo.com Search Chrome pref Found: [C:\Users\Al\AppData\Local\Google\Chrome\User Data\Default\Web data] - uk.ask.com Chrome pref Found: [C:\Users\Al\AppData\Local\Google\Chrome\User Data\Default\Web data] - v9.com Chrome pref Found: [C:\Users\Al\AppData\Local\Google\Chrome\User Data\Default\Web data] - v9 Chrome pref Found: [C:\Users\Al\AppData\Local\Google\Chrome\User Data\Default\Web data] - securedsearch.lavasoft.com Chrome pref Found: [C:\Users\Al\AppData\Local\Google\Chrome\User Data\Default\Web data] - mysearch.avg.com Chrome pref Found: [C:\Users\Al\AppData\Local\Google\Chrome\User Data\Default\Web data] - search.conduit.com Chrome pref Found: [C:\Users\Al\AppData\Local\Google\Chrome\User Data\Default\Web data] - delta-search.com Chrome pref Found: [C:\Users\Al\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences ] - noajmlkipclmeolfcnflkjhijkigpfjh ************************* C:\AdwCleaner\AdwCleaner[R0].txt - [24348 Bytes] - [26/02/2014 21:52:57] C:\AdwCleaner\AdwCleaner[R1].txt - [6323 Bytes] - [20/11/2014 16:57:50] C:\AdwCleaner\AdwCleaner[R2].txt - [6049 Bytes] - [20/11/2014 21:24:18] C:\AdwCleaner\AdwCleaner[R3].txt - [1219 Bytes] - [21/11/2014 08:00:11] C:\AdwCleaner\AdwCleaner[R4].txt - [2472 Bytes] - [27/12/2014 18:28:32] C:\AdwCleaner\AdwCleaner[S0].txt - [20319 Bytes] - [26/02/2014 21:54:11] C:\AdwCleaner\AdwCleaner[S1].txt - [5108 Bytes] - [20/11/2014 16:59:07] C:\AdwCleaner\AdwCleaner[S2].txt - [5556 Bytes] - [20/11/2014 21:26:04] C:\AdwCleaner\AdwCleaner[S3].txt - [1283 Bytes] - [21/11/2014 08:20:31] C:\AdwCleaner\AdwCleaner[S4].txt - [2234 Bytes] - [27/12/2014 18:30:24] C:\AdwCleaner\AdwCleaner[S5].txt - [10542 Bytes] - [12/02/2017 11:52:06] C:\AdwCleaner\AdwCleaner[S6].txt - [10401 Bytes] - [12/02/2017 11:53:43] ########## EOF - C:\AdwCleaner\AdwCleaner[S6].txt - [10475 Bytes] ########## |
#17
|
||||
|
||||
Run a scan with AdwCleaner again, but this time when it is finished click Clean. Agree to the prompt, and the reboot prompts, then try changing the pointer again.
|
#18
|
||||
|
||||
Hi Tom
Followed instructions but no change. I think the virus has overwritten the windows default as it says it's already in use. When I try and change to another cursor I click 'Apply' and for two seconds it changes before changing back. I may have to delete the cursor folder and re-install? Al |
#19
|
||||
|
||||
I was kinda hoping that by the time we got to this point, the problem would have been fixed. Isn't any malware cursor changer I am aware of. The cursor won't change to anything you have tried? I will ask a Moderator to move this request to the Windows 10 forum.
|
#20
|
||||
|
||||
Thank you for your time and hep Tom - the good news is that my machine is loading quicker and some little quirks seem to have disappeared. Thank you again.
Al |
#22
|
||||
|
||||
Quote:
Al |
#23
|
||||
|
||||
Still working on learning 10. I'll ask a Mod to move this to the Windows 10 forum.
|
Bookmarks |
«
Previous Topic
|
Next Topic
»
Topic Tools | |
|
|
Similar Topics | ||||
Topic | Topic Starter | Forum | Replies | Last Post |
what is up with the cursor | ckydoofy13 | Windows XP | 5 | December 4th, 2008 01:09 PM |
Cursor only | dr_ledger | Hardware | 2 | September 1st, 2006 01:15 AM |
cursor xp for mac | hello55 | MacOS | 4 | November 8th, 2005 01:09 AM |
five five "Cursor Virus - Types by it self"... "see" | xprcc | Windows XP | 5 | August 1st, 2002 06:05 AM |
I need help with my cursor | teedough | Windows ME | 2 | December 16th, 2001 07:36 AM |
All times are GMT +1. The time now is 07:45 AM.