Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
I definitely need help with this
-
04-07-2016 9:54pmI bought a secondhand PC a few moths ago...a Dell Optiplex 755 desktop running Windows 7 Professional. Apart from an issue with updates it was (still is as such) running fine until a few days ago when I noticed web pages with strange names starting to pop up when I used Mozilla Firefox which is probably the only browser I use.
Im not into the whole technical stuff but I had an idea that I had a virus of some sort. I was using AFG free and it scanned the system every day but nothing was ever detected. So I installed Malwarebytes and it found and quarantined about 4 possible trogans/viruses. But the problem appeared to have gotten worse after that or possibly it was because I could see notifications of what was happening. Malwarebytes then began to show with little pop up windows what malicious websites it had blocked and one day I had 17 of those in appear on the trot i.e. within a minute
I also installed Ariva and scanned but it didnt detect anything. The Malwarebytes pop ups are still appearing and web pages are opening now and then when I click through from one forum here to another for example. The problem appears to be something called dofilter.exe or dofilterHost.exe. I manged to stop this process, as I thought, through the task manager but it seems to just start on its own again. If you look at the 3 screengrabs below you will see dofilter in the first 2 but Moxilla Firefox is the culprit (apparently) in the third one as this appeared after stopping the process.
I have googled this but cant find any solution to it so I shall open this to the floor. I would really appreciate and help or advice.
0
Comments
-
Looks like something along the lines of Babylon. It will have programs installed , mostly with names related to shopping. You need to remove them in the add/remove programs in control panel and then reset Firefox.0
-
also post the log from a malwarebytes quick scan0
-
also post the log from a malwarebytes quick scan
Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 28/06/2016
Scan Time: 16:29
Logfile: Malwarebytes scan - 28 June 2016.txt
Administrator: Yes
Version: 2.2.1.1043
Malware Database: v2016.06.28.04
Rootkit Database: v2016.05.27.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: user
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 297034
Time Elapsed: 7 min, 47 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 7
Trojan.ProxyHijacker, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{C379EAD1-CB34-4B09-AF6B-7E587F8BCD80}, , [65efcf33cad02c0a390ae2b4c43ed62a],
Trojan.ProxyHijacker, HKLM\SOFTWARE\CLASSES\Julianne_Moore_End_Of_The_Affair_01.DynamicNS, , [65efcf33cad02c0a390ae2b4c43ed62a],
Trojan.ProxyHijacker, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Julianne_Moore_End_Of_The_Affair_01.DynamicNS, , [65efcf33cad02c0a390ae2b4c43ed62a],
Trojan.ProxyHijacker, HKLM\SOFTWARE\CLASSES\WOW6432NODE\Julianne_Moore_End_Of_The_Affair_01.DynamicNS, , [65efcf33cad02c0a390ae2b4c43ed62a],
Trojan.ProxyHijacker, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{C379EAD1-CB34-4B09-AF6B-7E587F8BCD80}, , [65efcf33cad02c0a390ae2b4c43ed62a],
Adware.Hicosmea, HKCU\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{3050F406-98B5-11CF-BB82-00AA00BDCE0B}, , [aea60df52e6cbf7719bb0bca0ff340c0],
PUP.Optional.Hicosmea, HKU\S-1-5-21-3684883250-502440045-1445226648-1000_Classes\WOW6432NODE\CLSID\{3050F406-98B5-11CF-BB82-00AA00BDCE0B}, , [2e26cb37d4c665d19cd52d6759aa04fc],
Registry Values: 0
(No malicious items detected)
Registry Data: 0
(No malicious items detected)
Folders: 0
(No malicious items detected)
Files: 0
(No malicious items detected)
Physical Sectors: 0
(No malicious items detected)
(end)0 -
Just so you know, you should only have one antivirus installed at a time (but MalwareBytes is ok to install alongside).
So, if you still have AVG installed, uninstall it and keep Avira.
I'd highly recommend using a live CD / USB to run a scan from startup (not while in Windows).
https://www.avira.com/en/download/product/avira-rescue-system
That link has instructions too.0 -
try this before the above step as its quick and easier
Download OTL to your Desktop- Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
- Click the Quick Scan button. Do not change any settings. The scan wont take long.
- When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
- Please copy (Edit->Select All, Edit->Copy) the contents of these files here
0 -
Advertisement
-
FortySeven wrote: »Looks like something along the lines of Babylon. It will have programs installed , mostly with names related to shopping. You need to remove them in the add/remove programs in control panel and then reset Firefox.
0 -
-
This pretty much fixed nearly every malware I've seen that hijacks browsers etc.
http://www.bleepingcomputer.com/download/adwcleaner/
Use it regularly to kill stuff on my users PCs at work.0 -
Malwarebytes scan results from just a couple of minutes ago
Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 04/07/2016
Scan Time: 22:10
Logfile: Malwarebytes scan - 4 July 2016.txt
Administrator: Yes
Version: 2.2.1.1043
Malware Database: v2016.07.04.07
Rootkit Database: v2016.05.27.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: user
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 300075
Time Elapsed: 10 min, 47 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 0
(No malicious items detected)
Registry Values: 0
(No malicious items detected)
Registry Data: 0
(No malicious items detected)
Folders: 0
(No malicious items detected)
Files: 0
(No malicious items detected)
Physical Sectors: 0
(No malicious items detected)
(end)0 -
try this before the above step as its quick and easier
Download OTL to your Desktop- Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
- Click the Quick Scan button. Do not change any settings. The scan wont take long.
- When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
- Please copy (Edit->Select All, Edit->Copy) the contents of these files here
0 -
Advertisement
-
the OTL step and the #9 post on adwcleaner are pretty novice friendly, just click and run, they should sort your problem out, especially adwcleaner0
-
-
This pretty much fixed nearly every malware I've seen that hijacks browsers etc.
http://www.bleepingcomputer.com/download/adwcleaner/
Use it regularly to kill stuff on my users PCs at work.try this before the above step as its quick and easier
Download OTL to your Desktop- Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
- Click the Quick Scan button. Do not change any settings. The scan wont take long.
- When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
- Please copy (Edit->Select All, Edit->Copy) the contents of these files here
0 -
adwcleaner done, rebooted and got this report.
# AdwCleaner v5.201 - Logfile created 04/07/2016 at 22:55:34
# Updated 30/06/2016 by ToolsLib
# Database : 2016-07-04.1 [Server]
# Operating system : Windows 7 Professional Service Pack 1 (X64)
# Username : user - USER-PC
# Running from : C:\Users\user\Downloads\AdwCleaner.exe
# Option : Clean
# Support : https://toolslib.net/forum
***** [ Services ] *****
***** [ Folders ] *****
***** [ Files ] *****
***** [ DLLs ] *****
***** [ WMI ] *****
***** [ Shortcuts ] *****
***** [ Scheduled tasks ] *****
***** [ Registry ] *****
[-] Key Deleted : HKCU\Software\IM
[-] Key Deleted : HKU\S-1-5-21-3684883250-502440045-1445226648-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\IM
[-] Key Deleted : HKU\S-1-5-21-3684883250-502440045-1445226648-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\IM
[-] Key Deleted : HKU\S-1-5-21-3684883250-502440045-1445226648-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\Software\IM
***** [ Web browsers ] *****
*************************
:: "Tracing" keys deleted
:: Winsock settings cleared
*************************
C:\AdwCleaner\AdwCleaner[C1].txt - [1131 bytes] - [04/07/2016 22:55:34]
C:\AdwCleaner\AdwCleaner[S1].txt - [1245 bytes] - [04/07/2016 22:50:18]
########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [1277 bytes] ##########0 -
you can post the otl log when you have it0
-
I just checked the processes in the task manager and I see this dofilter.exe is still there. Is that my problem or is it something else. No pop ups yet from Malwarebytes and no random web pages loading so maybe the adwcleaner done the business0
-
you can post the otl log when you have it
OTL logfile created on: 04/07/2016 22:30:11 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\user\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.18349)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
3.86 Gb Total Physical Memory | 2.17 Gb Available Physical Memory | 56.26% Memory free
7.73 Gb Paging File | 5.19 Gb Available in Paging File | 67.18% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.76 Gb Total Space | 418.22 Gb Free Space | 89.79% Space Free | Partition Type: NTFS
Computer Name: USER-PC | User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2016/07/04 22:25:53 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\user\Downloads\OTL.exe
PRC - [2016/06/21 18:51:02 | 001,251,600 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
PRC - [2016/06/01 13:03:20 | 000,302,680 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
PRC - [2016/04/22 16:56:22 | 000,082,128 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2016/04/04 17:07:33 | 000,467,016 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\Antivirus\sched.exe
PRC - [2016/04/04 17:07:23 | 000,467,016 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\Antivirus\avguard.exe
PRC - [2016/04/04 17:07:22 | 000,814,608 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
PRC - [2016/03/10 14:07:30 | 001,136,608 | ---- | M] (Malwarebytes) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
PRC - [2016/03/10 14:07:28 | 001,514,464 | ---- | M] (Malwarebytes) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
PRC - [2016/03/10 14:07:20 | 009,926,112 | ---- | M] (Malwarebytes) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
PRC - [2016/01/22 05:45:36 | 000,373,248 | ---- | M] (The Privoxy team - www.privoxy.org) -- C:\Users\user\AppData\Local\Host Service\dofilter.exe
PRC - [2014/12/04 04:32:14 | 000,405,136 | ---- | M] (Mediatek Inc.) -- C:\Program Files (x86)\MediatekWiFi\Common\RaRegistry.exe
PRC - [2014/08/31 16:34:44 | 000,294,912 | ---- | M] () -- C:\Users\user\AppData\Local\Host Service\nssm.exe
========== Modules (No Company Name) ==========
MOD - [2016/07/02 13:09:42 | 040,500,224 | ---- | M] () -- C:\Program Files (x86)\AVG\UiDll\2171\libcef.dll
MOD - [2010/03/24 22:17:36 | 008,794,464 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2010/01/30 03:41:12 | 004,254,560 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
========== Services (SafeList) ==========
SRV:64bit: - [2016/05/20 22:54:46 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2015/07/23 01:02:54 | 001,390,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\diagtrack.dll -- (DiagTrack)
SRV:64bit: - [2013/05/27 06:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2016/06/29 16:40:36 | 005,251,808 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\Av\avgidsagenta.exe -- (AVGIDSAgent)
SRV - [2016/06/29 16:34:48 | 000,712,792 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\Av\avgwdsvca.exe -- (avgwd)
SRV - [2016/06/29 16:24:50 | 000,637,944 | ---- | M] (AVG Technologies CZ, s.r.o.) [On_Demand | Stopped] -- C:\Program Files (x86)\AVG\Av\avgamps.exe -- (AvgAMPS)
SRV - [2016/06/28 22:22:02 | 000,146,888 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2016/06/21 18:51:02 | 001,080,080 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe -- (avgsvc)
SRV - [2016/06/14 10:08:38 | 000,230,744 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\VPN\Avira.VpnService.exe -- (AviraPhantomVPN)
SRV - [2016/06/01 13:03:20 | 000,302,680 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe -- (Avira.ServiceHost)
SRV - [2016/04/22 16:56:22 | 000,082,128 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2016/04/04 17:07:33 | 000,467,016 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\Antivirus\sched.exe -- (AntiVirSchedulerService)
SRV - [2016/04/04 17:07:24 | 001,435,704 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe -- (AntiVirWebService)
SRV - [2016/04/04 17:07:23 | 000,970,656 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe -- (AntiVirMailService)
SRV - [2016/04/04 17:07:23 | 000,467,016 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\Antivirus\avguard.exe -- (AntiVirService)
SRV - [2016/03/10 14:07:30 | 001,136,608 | ---- | M] (Malwarebytes) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2016/03/10 14:07:28 | 001,514,464 | ---- | M] (Malwarebytes) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2015/11/05 20:36:48 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2014/12/04 04:32:14 | 000,454,288 | ---- | M] (Mediatek Inc.) [Auto | Running] -- C:\Program Files (x86)\MediatekWiFi\Common\RaRegistry64.exe -- (MediatekRegistryWriter64)
SRV - [2014/12/04 04:32:14 | 000,405,136 | ---- | M] (Mediatek Inc.) [Auto | Running] -- C:\Program Files (x86)\MediatekWiFi\Common\RaRegistry.exe -- (MediatekRegistryWriter)
SRV - [2014/08/31 16:34:44 | 000,294,912 | ---- | M] () [Auto | Running] -- C:\Users\user\AppData\Local\Host Service\nssm.exe -- (dofilter)
SRV - [2014/03/20 23:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2016/07/04 22:01:27 | 000,192,216 | ---- | M] (Malwarebytes) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys -- (MBAMSwissArmy)
DRV:64bit: - [2016/06/09 08:15:02 | 000,310,016 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2016/06/02 15:13:08 | 000,249,088 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2016/06/01 13:28:02 | 000,260,352 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2016/06/01 13:26:36 | 000,280,320 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2016/06/01 13:25:42 | 000,261,376 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2016/06/01 13:25:36 | 000,076,544 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avguniva.sys -- (avguniva)
DRV:64bit: - [2016/06/01 13:16:40 | 000,052,992 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2016/05/13 07:52:10 | 000,163,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgdiska.sys -- (Avgdiska)
DRV:64bit: - [2016/05/12 12:09:08 | 002,246,488 | ---- | M] (MediaTek Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28ux.sys -- (netr28ux)
DRV:64bit: - [2016/04/04 17:07:23 | 000,141,920 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2016/04/04 17:07:23 | 000,079,696 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\avnetflt.sys -- (avnetflt)
DRV:64bit: - [2016/04/04 17:07:23 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2016/04/04 17:07:22 | 000,154,816 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2016/03/10 14:09:06 | 000,064,896 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mwac.sys -- (MBAMWebAccessControl)
DRV:64bit: - [2016/03/10 14:08:54 | 000,027,008 | ---- | M] (Malwarebytes) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2016/02/16 16:05:56 | 000,360,736 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgloga.sys -- (Avgloga)
DRV:64bit: - [2015/06/11 08:02:00 | 000,033,960 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Smb_driver_Intel.sys -- (SmbDrvI)
DRV:64bit: - [2014/05/20 03:32:37 | 000,197,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2014/01/12 10:05:46 | 000,086,016 | ---- | M] (Nuvoton Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nuvserial.sys -- (Serial)
DRV:64bit: - [2014/01/12 10:05:46 | 000,023,552 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nuvserenum.sys -- (Serenum)
DRV:64bit: - [2013/10/02 03:22:20 | 000,056,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/08/23 15:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 15:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/03/01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/10/17 12:55:32 | 000,559,384 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/21 04:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010/11/21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/09/23 19:23:02 | 006,180,832 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/09/18 23:33:00 | 000,070,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 01:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/05 19:12:30 | 000,286,936 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1e6232e.sys -- (e1express)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ie/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/en-ie/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 5A 17 C0 8B F4 97 D1 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.countryCode: "IE"
FF - prefs.js..browser.search.region: "IE"
FF - prefs.js..browser.startup.homepage: "http://www.google.ie/"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:47.0.1
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_22_0_0_192.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_192.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 47.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 47.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 47.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 47.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
[2016/04/17 08:07:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\Mozilla\Extensions
[2016/06/28 22:11:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\hrqtq6ys.default\extensions
[2016/06/28 22:11:56 | 000,000,000 | ---D | M] (Avira Browser Safety) -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\hrqtq6ys.default\extensions\abs@avira.com
[2016/06/28 22:22:03 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
O1 HOSTS File: ([2009/06/10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\Av\avuirunnerx.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\Antivirus\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [AvgUi] C:\Program Files (x86)\AVG\Framework\Common\avguirnx.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{85A15A4B-C185-487A-A18C-69D691A16B80}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D9CF3586-81B9-4721-B197-75A32202FB26}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2016/07/02 18:55:34 | 000,000,000 | ---D | C] -- C:\Users\user\Documents\AVG detections - 2 June 2016
[2016/07/02 14:51:49 | 000,000,000 | ---D | C] -- C:\Users\user\Desktop\From downstairs
[2016/07/02 13:17:50 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AV
[2016/07/02 13:17:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2016/07/02 13:10:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG
[2016/07/02 10:45:29 | 000,000,000 | ---D | C] -- C:\Users\user\Documents\Brother printer
[2016/07/01 16:29:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
[2016/06/30 21:05:47 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\GWX
[2016/06/30 18:16:52 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\MRT
[2016/06/30 15:47:06 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat
[2016/06/30 15:47:05 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat
[2016/06/30 11:35:39 | 000,000,000 | --SD | C] -- C:\Windows\SysWow64\GWX
[2016/06/30 11:35:39 | 000,000,000 | --SD | C] -- C:\Windows\SysNative\GWX
[2016/06/30 11:35:29 | 000,000,000 | --SD | C] -- C:\Windows\SysNative\CompatTel
[2016/06/30 11:35:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appraiser
[2016/06/30 00:02:49 | 000,000,000 | ---D | C] -- C:\1e2fe4e32d87e341f0c115cbb6f336
[2016/06/29 23:32:44 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\x64
[2016/06/29 22:55:53 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2016/06/29 19:46:28 | 000,000,000 | ---D | C] -- C:\Windows\CheckSur
[2016/06/29 16:16:57 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\ElevatedDiagnostics
[2016/06/29 16:16:18 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2016/06/29 15:13:27 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\Avira_Operations_GmbH_&_C
[2016/06/29 15:09:20 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2016/06/29 08:23:23 | 000,000,000 | ---D | C] -- C:\Windows\Migration
[2016/06/28 22:21:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2016/06/28 22:16:47 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Avira
[2016/06/28 22:09:04 | 000,154,816 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2016/06/28 22:09:04 | 000,141,920 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[2016/06/28 22:09:04 | 000,079,696 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avnetflt.sys
[2016/06/28 22:09:04 | 000,028,600 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2016/06/28 22:07:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2016/06/28 22:07:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2016/06/28 22:07:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2016/06/28 22:07:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Package Cache
[2016/06/28 16:29:08 | 000,192,216 | ---- | C] (Malwarebytes) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2016/06/28 16:28:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
[2016/06/28 16:28:04 | 000,140,672 | ---- | C] (Malwarebytes) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2016/06/28 16:28:04 | 000,064,896 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys
[2016/06/28 16:28:04 | 000,027,008 | ---- | C] (Malwarebytes) -- C:\Windows\SysNative\drivers\mbam.sys
[2016/06/28 16:28:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes Anti-Malware
[2016/06/28 16:28:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2016/06/28 16:27:32 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\Programs
[2016/06/15 15:29:55 | 000,000,000 | ---D | C] -- C:\Users\user\Documents\Personal
[2016/06/09 08:15:02 | 000,310,016 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgidsdrivera.sys
[2016/06/08 16:23:55 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\Host Service
[2016/06/08 15:40:23 | 000,278,528 | ---- | C] (Real Networks, Inc) -- C:\Windows\SysWow64\pncrt.dll
========== Files - Modified Within 30 Days ==========
[2016/07/04 22:16:54 | 000,159,456 | ---- | M] () -- C:\Users\user\Desktop\Programs.JPG
[2016/07/04 22:01:27 | 000,192,216 | ---- | M] (Malwarebytes) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2016/07/04 21:19:12 | 000,021,504 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2016/07/04 21:19:12 | 000,021,504 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2016/07/04 20:36:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2016/07/04 16:04:28 | 000,151,552 | ---- | M] () -- C:\Windows\KMSEmulator.exe
[2016/07/04 16:04:28 | 000,000,292 | ---- | M] () -- C:\Windows\tasks\AutoKMS.job
[2016/07/04 16:03:18 | 3111,604,224 | -HS- | M] () -- C:\hiberfil.sys
[2016/07/02 14:52:37 | 000,781,298 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2016/07/02 14:52:37 | 000,665,740 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2016/07/02 14:52:37 | 000,125,416 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2016/07/01 16:20:09 | 000,409,576 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2016/06/30 19:14:32 | 000,078,884 | ---- | M] () -- C:\Users\user\Desktop\Windows updates failed - 30 June 2016.JPG
[2016/06/30 14:00:55 | 000,765,280 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2016/06/29 19:56:04 | 000,036,754 | ---- | M] () -- C:\Users\user\Desktop\Updates2.JPG
[2016/06/29 15:46:11 | 000,016,303 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2016/06/29 15:45:52 | 000,016,303 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2016/06/29 14:25:33 | 000,031,373 | ---- | M] () -- C:\Users\user\Desktop\Updates.JPG
[2016/06/28 22:04:46 | 000,020,320 | ---- | M] () -- C:\Users\user\Desktop\8.JPG
[2016/06/28 21:59:08 | 000,022,928 | ---- | M] () -- C:\Users\user\Desktop\6.JPG
[2016/06/28 21:58:43 | 000,022,236 | ---- | M] () -- C:\Users\user\Desktop\5.JPG
[2016/06/28 21:58:23 | 000,022,561 | ---- | M] () -- C:\Users\user\Desktop\4.JPG
[2016/06/28 21:56:48 | 000,022,638 | ---- | M] () -- C:\Users\user\Desktop\Malicious website 3.JPG
[2016/06/28 21:55:41 | 000,023,118 | ---- | M] () -- C:\Users\user\Desktop\Malicious website 2.JPG
[2016/06/28 16:53:52 | 000,022,804 | ---- | M] () -- C:\Users\user\Desktop\malicious website.JPG
[2016/06/12 12:29:08 | 000,330,563 | -H-- | M] () -- C:\Users\user\Desktop\PP11Thumbs.ptn
[2016/06/12 12:29:08 | 000,000,224 | -H-- | M] () -- C:\Users\user\Desktop\PP11Thumbs.ptn2
[2016/06/12 12:29:08 | 000,000,130 | -H-- | M] () -- C:\Users\user\Desktop\maxdesk.ini2
[2016/06/09 08:15:02 | 000,310,016 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgidsdrivera.sys
[2016/06/08 15:40:23 | 000,278,528 | ---- | M] (Real Networks, Inc) -- C:\Windows\SysWow64\pncrt.dll
========== Files Created - No Company Name ==========
[2016/07/04 22:16:53 | 000,159,456 | ---- | C] () -- C:\Users\user\Desktop\Programs.JPG
[2016/07/04 16:04:27 | 000,151,552 | ---- | C] () -- C:\Windows\KMSEmulator.exe
[2016/06/30 19:14:31 | 000,078,884 | ---- | C] () -- C:\Users\user\Desktop\Windows updates failed - 30 June 2016.JPG
[2016/06/29 22:33:23 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2016/06/29 19:56:04 | 000,036,754 | ---- | C] () -- C:\Users\user\Desktop\Updates2.JPG
[2016/06/29 15:46:11 | 000,016,303 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2016/06/29 15:45:52 | 000,016,303 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2016/06/29 14:25:32 | 000,031,373 | ---- | C] () -- C:\Users\user\Desktop\Updates.JPG
[2016/06/29 08:29:08 | 000,001,052 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira Phantom VPN.lnk
[2016/06/29 08:25:23 | 000,765,280 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2016/06/28 22:04:46 | 000,020,320 | ---- | C] () -- C:\Users\user\Desktop\8.JPG
[2016/06/28 21:59:08 | 000,022,928 | ---- | C] () -- C:\Users\user\Desktop\6.JPG
[2016/06/28 21:58:43 | 000,022,236 | ---- | C] () -- C:\Users\user\Desktop\5.JPG
[2016/06/28 21:58:23 | 000,022,561 | ---- | C] () -- C:\Users\user\Desktop\4.JPG
[2016/06/28 21:56:48 | 000,022,638 | ---- | C] () -- C:\Users\user\Desktop\Malicious website 3.JPG
[2016/06/28 21:55:41 | 000,023,118 | ---- | C] () -- C:\Users\user\Desktop\Malicious website 2.JPG
[2016/06/28 16:53:52 | 000,022,804 | ---- | C] () -- C:\Users\user\Desktop\malicious website.JPG
[2016/06/15 10:19:01 | 000,191,445 | ---- | C] () -- C:\Users\user\Documents\Phone book amended - September 2015.xml
[2016/05/17 16:02:04 | 000,000,257 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2016/05/17 16:02:04 | 000,000,094 | ---- | C] () -- C:\Windows\brpcfx.ini
[2016/05/17 13:45:09 | 000,000,419 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2016/05/17 13:45:09 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2016/05/17 13:44:19 | 000,106,496 | ---- | C] () -- C:\Windows\SysWow64\BrMuSNMP.dll
[2016/05/17 13:44:19 | 000,000,066 | ---- | C] () -- C:\Windows\Brfaxrx.ini
[2016/05/17 13:44:18 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat
[2016/05/17 13:39:53 | 000,031,567 | ---- | C] () -- C:\Windows\maxlink.ini
[2016/04/16 16:25:08 | 000,079,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\FW_7662.bin
[2016/04/16 16:25:08 | 000,020,626 | ---- | C] () -- C:\Windows\SysWow64\drivers\Patch_7662.bin
[2016/04/16 16:25:08 | 000,016,389 | ---- | C] () -- C:\Windows\SysWow64\RaCoInst.dat
[2016/04/16 16:24:58 | 000,792,416 | ---- | C] () -- C:\Windows\SysWow64\DiagFunc.dll
[2016/04/16 16:24:58 | 000,000,451 | ---- | C] () -- C:\Windows\SysWow64\DiagFunc.ini
========== ZeroAccess Check ==========
[2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2016/04/09 07:58:02 | 014,186,496 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2016/04/09 07:54:53 | 012,881,408 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== LOP Check ==========
[2016/07/02 13:04:52 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\AVG
[2016/05/17 16:29:17 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Free-PDF-to-Word.com
[2016/05/17 16:18:54 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\ScanSoft
[2016/04/17 08:17:02 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\TuneUp Software
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 150 bytes -> C:\ProgramData\TEMP:0B4227B4
< End of report >0 -
Thank God I didnt have to type that ^0
-
-
Tut, tut. Autokms!0
-
Advertisement
-
FortySeven wrote: »Tut, tut. Autokms!
:pac:
https://www.reddit.com/r/Piracy/comments/3y12br/is_hacktoolwin32autokms_dangerous/0 -
-
FortySeven wrote: »Tut, tut. Autokms!0
-
Reformat. He should have deleted the sys 32 folder!0 -
I think I know what that is having googled it. Before buying the PC I told the seller I typed a fair bit and needed something to work with so I was told not to worry about it. Should I get rid of it?
Good god no! I was kidding. Sorry. Please ignore the above post. Do not delete anything. Autokms is not harmful. Ignore it.0 -
FortySeven wrote: »Good god no! I was kidding. Sorry. Please ignore the above post. Do not delete anything. Autokms is not harmful. Ignore it.0
-
would something like adblock plus be needed if scrolling over weppage with popups did he mention?0
-
greasepalm wrote: »would something like adblock plus be needed if scrolling over weppage with popups did he mention?
I find uBlock Origin far better.0 -
I bought a secondhand PC a few moths ago...a Dell Optiplex 755 desktop running Windows 7 Professional........
Might be as well to save the kitten pictures off it , erase the HDD and reinstall
reason : way too easy to rootkit a pc, put it for sale and wait and gather creditcard data or whatever0 -
Advertisement
-
found your problem
run FRST and post the log it gives you
http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/0
Advertisement