One of the random popup pages said I had been infected by the Zeus Virus. Obviously I doubt the source of the information but it may be relevant nonetheless. All help appreciated.
FRST log-
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:13-06-2016
Ran by Robert (administrator) on ROBS_LAPTOP (14-06-2016 13:47:58)
Running from C:\Users\Robert\Downloads
Loaded Profiles: Robert (Available Profiles: Robert & Administrator)
Platform: Windows 10 Home Version 1511 (X64) Language: English (United Kingdom)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Webroot) C:\Program Files\Webroot\WRSA.exe
(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
(Intel Corporation) C:\Windows\SysWOW64\IntelCpHeciSvc.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
() C:\Program Files (x86)\TOSHIBA\PasswordUtility\GFNEXSrv.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Alcatel-Lucent) C:\Program Files\Common Files\Motive\pcCMService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Alcatel-Lucent) C:\Program Files (x86)\Common Files\Motive\pcCMService.exe
(Toshiba Corporation) C:\Program Files\TOSHIBA\Teco\TecoService.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(Webroot) C:\Program Files\Webroot\WRSA.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoResident.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe
() C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe
(Sony) C:\Program Files (x86)\Sony\Xperia Companion\XperiaCompanionAgent.exe
(Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(TOSHIBA) C:\Program Files (x86)\TOSHIBA\PasswordUtility\readLM.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
(Toshiba Europe GmbH) C:\Program Files (x86)\Toshiba TEMPRO\Toshiba.Tempro.UI.CommonNotifier.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [TSSSrv] => C:\Program Files (x86)\TOSHIBA\System Setting\TSSSrv.exe [296520 2013-09-11] (TOSHIBA Corporation)
HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [178016 2013-08-21] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [354144 2013-08-13] (TOSHIBA Corporation)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2556768 2013-08-17] (TOSHIBA Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3954880 2015-10-08] (Synaptics Incorporated)
HKLM-x32\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [383768 2002-04-12] (Alcor Micro Corp.)
HKLM-x32\...\Run: [1.TPUReg] => C:\Program Files (x86)\TOSHIBA\PasswordUtility\readLM.exe [2216800 2013-03-27] (TOSHIBA)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [6108752 2015-11-15] (AVAST Software)
HKLM-x32\...\Run: [TSVU] => c:\Program Files\TOSHIBA\TOSHIBA Smart View Utility\TosSmartViewLauncher.exe [516976 2015-06-09] (TOSHIBA)
HKLM-x32\...\Run: [WRSVC] => C:\Program Files\Webroot\WRSA.exe [896472 2016-06-14] (Webroot)
HKU\S-1-5-21-234256130-4129765883-971741967-1001\...\Run: [Dropbox Update] => C:\Users\Robert\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-19] (Dropbox, Inc.)
HKU\S-1-5-21-234256130-4129765883-971741967-1001\...\Run: [XperiaCompanionAgent] => C:\Program Files (x86)\Sony\Xperia Companion\XperiaCompanionAgent.exe [2065280 2016-05-19] (Sony)
HKU\S-1-5-21-234256130-4129765883-971741967-1001\...\RunOnce: [Uninstall C:\Users\Robert\AppData\Local\Microsoft\OneDrive\17.3.5892.0626_1\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Robert\AppData\Local\Microsoft\OneDrive\17.3.5892.0626_1\amd64"
HKU\S-1-5-21-234256130-4129765883-971741967-1001\...\MountPoints2: {ff342493-2860-11e6-8300-0c54a52d9b0a} - "E:\startme.exe"
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Robert\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\FileSyncShell64.dll [2016-05-18] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Robert\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\FileSyncShell64.dll [2016-05-18] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Robert\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\FileSyncShell64.dll [2016-05-18] (Microsoft Corporation)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Robert\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Robert\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Robert\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Robert\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Robert\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Robert\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Robert\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Robert\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-07-20] (AVAST Software)
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Robert\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\FileSyncShell.dll [2016-05-18] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Robert\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\FileSyncShell.dll [2016-05-18] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Robert\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\FileSyncShell.dll [2016-05-18] (Microsoft Corporation)
Startup: C:\Users\Robert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-09-05]
ShortcutTarget: Dropbox.lnk -> C:\Users\Robert\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
AutoConfigURL: [S-1-5-21-234256130-4129765883-971741967-1001] => hxxp://un-stop.info/wpad.dat?98e30d21d4b2481af938d2a7104d508b11530750
Tcpip\Parameters: [DhcpNameServer] 194.168.4.100 194.168.8.100
Tcpip\..\Interfaces\{2b42187b-9326-4ef1-b9d4-029c48d0f127}: [DhcpNameServer] 194.168.4.100 194.168.8.100
Tcpip\..\Interfaces\{9b494516-d7c8-4635-a9b0-b499c8c26e57}: [DhcpNameServer] 194.168.4.100 194.168.8.100
ManualProxies: 0hxxp://un-stop.info/wpad.dat?98e30d21d4b2481af938d2a7104d508b11530750
Internet Explorer:
==================
HKU\S-1-5-21-234256130-4129765883-971741967-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs
HKU\S-1-5-21-234256130-4129765883-971741967-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba13.msn.com/?pc=TEJB
HKU\S-1-5-21-234256130-4129765883-971741967-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://toshiba.eu/symbaloo_c
HKU\S-1-5-21-234256130-4129765883-971741967-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://toshiba.eu/symbaloo_c
SearchScopes: HKU\S-1-5-21-234256130-4129765883-971741967-1001 -> DefaultScope {888AF55B-43BC-480D-8929-71248BCD3925} URL =
SearchScopes: HKU\S-1-5-21-234256130-4129765883-971741967-1001 -> {888AF55B-43BC-480D-8929-71248BCD3925} URL =
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2016-04-12] (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-07-20] (AVAST Software)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Microsoft Corporation)
BHO: Webroot Filtering Extension -> {C9C42510-9B41-42c1-9DCD-7282A2D07C61} -> C:\Program Files\Common Files\Webroot\WebFiltering\wrflt.dll [2016-06-14] (Webroot)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2016-04-12] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-01-23] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-07-20] (AVAST Software)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation)
BHO-x32: Webroot Filtering Extension -> {C9C42510-9B41-42c1-9DCD-7282A2D07C61} -> C:\Program Files (x86)\Common Files\Webroot\WebFiltering\wrflt.dll [2016-06-14] (Webroot)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-23] (Oracle Corporation)
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation)
FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1211151.dll [2014-04-15] (Adobe Systems, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-03] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-03] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-23] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-23] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-05-04] (Microsoft Corporation)
FF Plugin-x32: @Motive.com/NpMotive,version=1.0 -> C:\Program Files (x86)\Common Files\Motive\npMotive.dll [2012-10-05] (Alcatel-Lucent)
FF Plugin-x32: @Motive.com/npMotiveRequest,version=1.0 -> C:\Program Files (x86)\Common Files\Motive\npMotiveRequest.dll [2011-12-06] (Alcatel-Lucent)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [No File]
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2012-05-12] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-05-27] (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: No Name - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-12-23] [not signed]
Chrome:
=======
CHR HKU\S-1-5-21-234256130-4129765883-971741967-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bbjllphbppobebmjpjcijfbakobcheof] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-234256130-4129765883-971741967-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [kgdcapepedmpopjkmdbjnmmmfgllnfek] - C:\Users\Robert\AppData\Roaming\Check Point Software Technologies LTD\zonealarm\1.8.29.17\zonealarm.crx [2014-02-12]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-12-23]
CHR HKLM-x32\...\Chrome\Extension: [kjeghcllfecehndceplomkocgfbklffd] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2016-05-25]
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [312448 2013-08-22] (Windows (R) Win 7 DDK provider) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [146600 2015-07-20] (AVAST Software)
S3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4047768 2015-07-20] (Avast Software)
S2 BT Help Wizard; C:\Program Files (x86)\BT Broadband Desktop Help\btbb\MA\8.4.0.53.bt.10\ma\bin\MAHostService.exe [321024 2014-04-09] (Alcatel-Lucent) [File not signed]
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1364096 2016-05-25] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1687680 2016-05-25] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3009264 2016-05-17] (Microsoft Corporation)
R3 dts_apo_service; C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe [19960 2015-05-27] ()
R2 GFNEXSrv; C:\Program Files (x86)\TOSHIBA\PasswordUtility\GFNEXSrv.exe [163168 2013-03-27] ()
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [330136 2015-08-27] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-09-03] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-03] (Intel Corporation)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219272 2013-08-07] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [182752 2013-08-07] (McAfee, Inc.)
R2 pcCMService64; C:\Program Files\Common Files\Motive\pcCMService.exe [467256 2013-11-11] (Alcatel-Lucent)
R2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2383344 2016-05-30] (IBM Corp.)
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [339456 2013-08-16] (IDT, Inc.) [File not signed]
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [255168 2015-10-08] (Synaptics Incorporated)
S3 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [116088 2013-07-18] (Toshiba Europe GmbH)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)
R2 WRSVC; C:\Program Files\Webroot\WRSA.exe [896472 2016-06-14] (Webroot)
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-12-23] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [97648 2015-12-23] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-12-23] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-12-23] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1065720 2016-03-02] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [464256 2016-01-22] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [155304 2015-12-23] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [273784 2015-12-23] (AVAST Software)
R3 athr; C:\Windows\System32\drivers\athw10x.sys [4342936 2015-09-21] (Qualcomm Atheros Communications, Inc.)
S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70112 2013-08-07] (McAfee, Inc.)
S3 ggsomc; C:\Windows\System32\drivers\ggsomc.sys [30424 2016-06-01] (Sony Mobile Communications)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-03] (Intel Corporation)
S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [179664 2013-08-07] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [310224 2013-08-07] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [69264 2013-08-07] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [519064 2013-08-07] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [776168 2013-08-07] (McAfee, Inc.)
S3 MREMP50; C:\Program Files (x86)\Common Files\Motive\MREMP50.sys [21248 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MREMP50a64; C:\Program Files\Common Files\Motive\MREMP50a64.sys [43008 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA))
S3 MRESP50; C:\Program Files (x86)\Common Files\Motive\MRESP50.sys [20096 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MRESP50a64; C:\Program Files\Common Files\Motive\MRESP50a64.sys [40960 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA))
R2 PEGAGFN; C:\Program Files (x86)\TOSHIBA\PasswordUtility\PEGAGFN.sys [14344 2009-09-11] (PEGATRON)
R1 RapportCerberus_1609041; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_1609041.sys [1157864 2016-06-08] (IBM Corp.)
R1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [544360 2016-05-30] (IBM Corp.)
R0 RapportHades64; C:\Windows\System32\Drivers\RapportHades64.sys [215560 2016-05-30] (IBM Corp.)
R0 RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [470056 2016-05-30] (IBM Corp.)
R1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [525992 2016-05-30] (IBM Corp.)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [51392 2015-10-08] (Synaptics Incorporated)
R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [54424 2015-07-29] (Toshiba Corporation)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [273824 2015-07-20] (Avast Software)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
R0 WRkrn; C:\Windows\System32\drivers\WRkrn.sys [117728 2016-06-14] (Webroot)
S3 wrUrlFlt; C:\WINDOWS\system32\DRIVERS\wrUrlFlt.sys [54512 2016-06-14] (Webroot)
S0 mfewfpk; system32\drivers\mfewfpk.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-06-14 13:47 - 2016-06-14 13:48 - 00024688 _____ C:\Users\Robert\Downloads\FRST.txt
2016-06-14 13:45 - 2016-06-14 13:47 - 00000000 ____D C:\FRST
2016-06-14 13:45 - 2016-06-14 13:45 - 02385920 _____ (Farbar) C:\Users\Robert\Downloads\FRST64.exe
2016-06-14 12:08 - 2016-06-14 13:29 - 00117728 _____ (Webroot) C:\WINDOWS\system32\Drivers\WRkrn.sys
2016-06-14 12:08 - 2016-06-14 12:08 - 00181176 _____ (Webroot) C:\WINDOWS\SysWOW64\WRusr.dll
2016-06-14 12:08 - 2016-06-14 12:08 - 00115768 _____ (Webroot) C:\WINDOWS\system32\WRusr.dll
2016-06-14 12:08 - 2016-06-14 12:08 - 00054512 ____T (Webroot) C:\WINDOWS\system32\Drivers\wrUrlFlt.sys
2016-06-14 12:08 - 2016-06-14 12:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Webroot SecureAnywhere
2016-06-14 12:08 - 2016-06-14 12:08 - 00000000 ____D C:\Program Files\Common Files\Webroot
2016-06-14 12:07 - 2016-06-14 13:37 - 00000000 ____D C:\ProgramData\WRData
2016-06-14 12:07 - 2016-06-14 12:07 - 00000000 ____D C:\Program Files\Webroot
2016-06-14 11:38 - 2016-06-14 11:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2016-06-13 18:26 - 2016-06-13 20:29 - 00000000 ____D C:\Program Files (x86)\SrpnFiles
2016-06-13 18:26 - 2016-06-13 18:26 - 00000000 ____D C:\Users\Robert\AppData\Roaming\SpringFiles
2016-06-04 13:52 - 2016-06-04 13:52 - 00000000 ____D C:\Users\Robert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-06-02 10:40 - 2016-06-02 10:40 - 00085648 _____ C:\Users\Robert\Desktop\32 Marshall plus virgin.odt
2016-06-01 22:43 - 2016-06-01 22:43 - 00030424 _____ (Sony Mobile Communications) C:\WINDOWS\system32\Drivers\ggsomc.sys
2016-06-01 22:43 - 2016-06-01 22:43 - 00016088 _____ (Sony Mobile Communications) C:\WINDOWS\system32\Drivers\ggflt.sys
2016-06-01 22:42 - 2016-06-01 22:42 - 00000000 ____D C:\Users\Robert\.oracle_jre_usage
2016-06-01 22:42 - 2016-06-01 22:42 - 00000000 ____D C:\ProgramData\Sony Mobile
2016-06-01 22:42 - 2016-06-01 22:42 - 00000000 ____D C:\Program Files (x86)\Sony Mobile
2016-06-01 22:39 - 2016-06-01 22:39 - 00000000 ____D C:\Users\Robert\AppData\Roaming\Apple Computer
2016-06-01 22:35 - 2016-06-01 22:35 - 00002677 _____ C:\Users\Public\Desktop\Xperia Companion.lnk
2016-06-01 22:35 - 2016-06-01 22:35 - 00000000 ____D C:\Users\Robert\Documents\Sony
2016-06-01 22:35 - 2016-06-01 22:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony
2016-06-01 22:35 - 2016-06-01 22:35 - 00000000 ____D C:\Program Files (x86)\Sony
2016-05-26 23:14 - 2016-05-26 23:14 - 00009104 _____ C:\Users\Robert\Desktop\NQT questions.odt
2016-05-23 19:57 - 2016-05-23 19:57 - 00000000 ___RD C:\Users\Robert\Downloads\325289AEDD75.TorrentRTFREE_qtx9tqphctw9r!App
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-06-14 13:31 - 2016-01-02 21:59 - 00000000 __SHD C:\Users\Robert\IntelGraphicsProfiles
2016-06-14 13:29 - 2016-01-02 21:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-06-14 12:13 - 2016-01-02 21:24 - 00000000 ____D C:\Users\Robert
2016-06-14 12:13 - 2015-10-30 07:28 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2016-06-14 11:51 - 2015-06-19 14:39 - 00000946 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-234256130-4129765883-971741967-1001UA.job
2016-06-14 11:51 - 2014-04-21 21:26 - 00000000 ____D C:\Users\Robert\AppData\Local\Google
2016-06-14 11:51 - 2014-04-21 21:26 - 00000000 ____D C:\Program Files (x86)\Google
2016-06-14 11:40 - 2014-06-17 16:33 - 00000000 ____D C:\Users\Robert\AppData\Roaming\Skype
2016-06-14 11:39 - 2014-06-17 16:33 - 00000000 ____D C:\ProgramData\Skype
2016-06-14 11:38 - 2014-06-17 16:33 - 00002640 _____ C:\Users\Public\Desktop\Skype.lnk
2016-06-14 11:38 - 2014-06-17 16:33 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-06-14 11:38 - 2014-06-17 16:33 - 00000000 ____D C:\Users\Robert\AppData\Local\Skype
2016-06-13 20:23 - 2015-10-30 08:21 - 00000000 ____D C:\WINDOWS\INF
2016-06-13 18:50 - 2015-06-19 14:39 - 00000894 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-234256130-4129765883-971741967-1001Core.job
2016-06-13 13:11 - 2014-04-21 21:27 - 00004280 _____ C:\WINDOWS\System32\Tasks\avast! Emergency Update
2016-06-11 13:54 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-06-10 11:36 - 2015-10-30 08:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-06-08 21:46 - 2014-04-21 21:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trusteer Endpoint Protection
2016-06-08 20:57 - 2016-01-02 22:00 - 00000000 ____D C:\Users\Robert\AppData\Local\Comms
2016-06-04 23:24 - 2016-01-11 19:16 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-06-04 13:53 - 2015-01-05 19:26 - 00000000 ____D C:\Users\Robert\AppData\Roaming\Dropbox
2016-06-01 22:35 - 2013-11-20 21:14 - 00000000 ____D C:\ProgramData\Package Cache
2016-06-01 22:33 - 2016-01-02 21:41 - 00879220 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-05-31 21:17 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-05-30 17:04 - 2014-04-21 21:49 - 00470056 _____ (IBM Corp.) C:\WINDOWS\system32\Drivers\RapportKE64.sys
2016-05-30 17:04 - 2014-04-21 21:49 - 00215560 _____ (IBM Corp.) C:\WINDOWS\system32\Drivers\RapportHades64.sys
2016-05-28 08:34 - 2015-10-30 08:24 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-05-28 08:32 - 2014-05-03 14:38 - 00000000 ____D C:\Program Files\Microsoft Office 15
2016-05-23 19:47 - 2013-12-28 19:08 - 00000000 ____D C:\Users\Robert\AppData\Local\Packages
2016-05-18 18:09 - 2016-01-02 22:32 - 00002377 _____ C:\Users\Robert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-05-18 18:09 - 2016-01-02 22:32 - 00000000 ___RD C:\Users\Robert\OneDrive
2016-05-17 19:14 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\rescache
2016-05-16 22:26 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2016-05-15 11:26 - 2015-10-30 08:11 - 00000000 ____D C:\WINDOWS\CbsTemp
==================== Files in the root of some directories =======
2015-12-23 01:41 - 2015-12-23 01:41 - 0000017 _____ () C:\Users\Robert\AppData\Local\resmon.resmoncfg
2014-06-03 22:41 - 2014-04-04 22:41 - 0000032 ____R () C:\ProgramData\hash.dat
Files to move or delete:
====================
C:\ProgramData\hash.dat
Some files in TEMP:
====================
C:\Users\Administrator\AppData\Local\Temp\PresentationCore.dll
C:\Users\Administrator\AppData\Local\Temp\PresentationFramework.dll
C:\Users\Administrator\AppData\Local\Temp\ReachFramework.dll
C:\Users\Administrator\AppData\Local\Temp\UIAutomationProvider.dll
C:\Users\Administrator\AppData\Local\Temp\UIAutomationTypes.dll
C:\Users\Administrator\AppData\Local\Temp\WindowsBase.dll
C:\Users\Administrator\AppData\Local\Temp\WindowsFormsIntegration.dll
C:\Users\Robert\AppData\Local\Temp\4Am6AibRnj.exe
C:\Users\Robert\AppData\Local\Temp\99Pp0dXgv6.exe
C:\Users\Robert\AppData\Local\Temp\mFyPnrbEd1.exe
C:\Users\Robert\AppData\Local\Temp\nseB286.tmp.exe
C:\Users\Robert\AppData\Local\Temp\xcs9061.tmp.exe
C:\Users\Robert\AppData\Local\Temp\{FA23E709-5365-496B-9D01-98AE9AF0DFD5}-50.0.2661.94_49.0.2623.112_chrome_updater.exe
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2016-06-09 22:31
==================== End of FRST.txt ============================
-----------------------------------------------------
adwCleaner log-
# AdwCleaner v5.119 - Logfile created 14/06/2016 at 14:12:46
# Updated 30/05/2016 by Xplode
# Database : 2016-06-13.1 [Server]
# Operating system : Windows 10 Home (X64)
# Username : Robert - ROBS_LAPTOP
# Running from : C:\Users\Robert\Downloads\AdwCleaner.exe
# Option : Scan
# Support : ToolsLib
***** [ Services ] *****
***** [ Folders ] *****
Folder Found : C:\Program Files (x86)\Check Point Software Technologies LTD
Folder Found : C:\Program Files (x86)\SrpnFiles
Folder Found : C:\Users\Robert\AppData\Roaming\Check Point Software Technologies LTD
Folder Found : C:\Users\Robert\AppData\Roaming\SpringFiles
***** [ Files ] *****
File Found : C:\Users\Public\Desktop\eBay.lnk
File Found : C:\Users\Administrator\Favorites\eBay.lnk
***** [ DLL ] *****
***** [ WMI ] *****
***** [ Shortcuts ] *****
***** [ Scheduled tasks ] *****
***** [ Registry ] *****
Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION [SpeedCheckerService.exe]
Key Found : HKLM\SOFTWARE\Classes\c
Value Found : HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN\FEATURECONTROL\FEATURE_BROWSER_EMULATION [SpeedCheckerService.exe]
Key Found : HKCU\Software\Google\Chrome\Extensions\kgdcapepedmpopjkmdbjnmmmfgllnfek
Key Found : HKLM\SOFTWARE\Classes\ScriptHost.Tool
Key Found : HKLM\SOFTWARE\Classes\ScriptHost.Tool.1
Key Found : HKLM\SOFTWARE\Classes\AppID\{06DEB529-DE09-43EC-B6E2-451AAB0FF000}
Key Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Found : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Found : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{19D2F415-D58B-46BC-9390-C03DCBC21EB2}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{6E45F3E8-2683-4824-A6BE-08108022FB36}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{744E0E81-BC79-4719-A58B-C98F7E78EE5D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{987D9269-F8A1-408F-BF62-4397D2F5363E}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{9F0F16DD-4E76-4049-A9B1-7A91E48F0323}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E0722BEB-FDA1-4AA1-A2A8-15A74A5B3F70}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F1963E76-845B-474C-8C7F-D69A96D8AA34}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F4288797-CB12-49CE-9DF8-7CDFA1143BEA}
Key Found : HKLM\SOFTWARE\Classes\Interface\{744E0E81-BC79-4719-A58B-C98F7E78EE5D}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{06DEB529-DE09-43EC-B6E2-451AAB0FF000}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{212C2C4F-C845-4FBC-9561-C833A13D8DCE}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{3C5D1D57-16C8-473C-A552-37B8D88596FE}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{4A115D8A-6A7B-4C72-92B1-2E2D01F36979}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{99DF8440-814E-497F-BDDD-FB93E9E9DF96}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{E00DE9B9-B128-4C39-B732-B5D85013FA48}
Key Found : HKCU\Software\Check Point Software Technologies LTD
Key Found : HKCU\Software\SrpnFiles
Key Found : HKLM\SOFTWARE\Check Point Software Technologies LTD
Key Found : HKLM\SOFTWARE\Speedchecker Limited
Key Found : HKLM\SOFTWARE\SrpnFiles
Key Found : [x64] HKLM\SOFTWARE\Speedchecker Limited
Key Found : HKU\S-1-5-21-234256130-4129765883-971741967-1001\Software\Check Point Software Technologies LTD
Key Found : HKU\S-1-5-21-234256130-4129765883-971741967-1001\Software\SrpnFiles
Value Found : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{417FEF69-68F5-4180-90B0-07EE03730B09}]
Value Found : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{3EF60283-60AF-4358-8AE9-594672EA18E7}]
Value Found : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{2DBB7911-5B42-4A35-834D-ECC4B48C3229}]
Value Found : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{C7960AAF-4ACD-4660-B9BF-FFD81C2CE393}]
***** [ Web browsers ] *****
*************************
C:\AdwCleaner\AdwCleaner[S1].txt - [4477 bytes] - [14/06/2016 14:12:46]
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [4550 bytes] ##########
----------------------------------------------------------------------------------------------------------
aswMBR log-
aswMBR version 1.0.1.2252 Copyright(c) 2014 AVAST Software
Run date: 2016-06-14 14:23:35
-----------------------------
14:23:35.068 OS Version: Windows x64 6.2.9200
14:23:35.068 Number of processors: 2 586 0x3A09
14:23:35.068 ComputerName: ROBS_LAPTOP UserName: Robert
14:23:37.716 Initialize success
14:23:37.731 VM: initialized successfully
14:23:37.731 VM: Intel CPU supported virtualized
14:23:41.436 VM: disk I/O iaStorA.sys
14:23:44.654 AVAST engine defs: 16061400
14:23:59.236 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000002c
14:23:59.236 Disk 0 Vendor: HGST_HTS541075A9E680 JA2OA700 Size: 715404MB BusType: 11
14:23:59.435 Disk 0 MBR read successfully
14:23:59.435 Disk 0 MBR scan
14:23:59.450 Disk 0 unknown MBR code
14:23:59.450 Disk 0 Partition 1 00 EE GPT 2097151 MB offset 1
14:23:59.613 Disk 0 scanning C:\WINDOWS\system32\drivers
14:24:17.074 Service scanning
14:25:22.835 Service WRkrn C:\WINDOWS\System32\drivers\WRkrn.sys **LOCKED** 32
14:25:25.459 Modules scanning
14:25:25.459 Disk 0 trace - called modules:
14:25:25.481 ntoskrnl.exe CLASSPNP.SYS disk.sys storport.sys hal.dll iaStorA.sys
14:25:25.481 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xffffe000b85e7060]
14:25:25.497 3 CLASSPNP.SYS[fffff80102c07d95] -> nt!IofCallDriver -> \Device\0000002c[0xffffe000b8301060]
14:25:26.459 AVAST engine scan C:\WINDOWS
14:25:31.003 AVAST engine scan C:\WINDOWS\system32
14:28:40.903 AVAST engine scan C:\WINDOWS\system32\drivers
14:28:59.382 AVAST engine scan C:\Users\Robert
14:44:55.060 AVAST engine scan C:\ProgramData
14:49:53.951 Disk 0 statistics 4781291/0/0 @ 1.92 MB/s
14:49:53.973 Scan finished successfully
15:01:22.610 Disk 0 MBR has been saved successfully to "C:\Users\Robert\Downloads\MBR.dat"
15:01:22.634 The log file has been saved successfully to "C:\Users\Robert\Downloads\aswMBR.txt"
FRST log-
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:13-06-2016
Ran by Robert (administrator) on ROBS_LAPTOP (14-06-2016 13:47:58)
Running from C:\Users\Robert\Downloads
Loaded Profiles: Robert (Available Profiles: Robert & Administrator)
Platform: Windows 10 Home Version 1511 (X64) Language: English (United Kingdom)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Webroot) C:\Program Files\Webroot\WRSA.exe
(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
(Intel Corporation) C:\Windows\SysWOW64\IntelCpHeciSvc.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
() C:\Program Files (x86)\TOSHIBA\PasswordUtility\GFNEXSrv.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Alcatel-Lucent) C:\Program Files\Common Files\Motive\pcCMService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Alcatel-Lucent) C:\Program Files (x86)\Common Files\Motive\pcCMService.exe
(Toshiba Corporation) C:\Program Files\TOSHIBA\Teco\TecoService.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(Webroot) C:\Program Files\Webroot\WRSA.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoResident.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe
() C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe
(Sony) C:\Program Files (x86)\Sony\Xperia Companion\XperiaCompanionAgent.exe
(Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(TOSHIBA) C:\Program Files (x86)\TOSHIBA\PasswordUtility\readLM.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
(Toshiba Europe GmbH) C:\Program Files (x86)\Toshiba TEMPRO\Toshiba.Tempro.UI.CommonNotifier.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [TSSSrv] => C:\Program Files (x86)\TOSHIBA\System Setting\TSSSrv.exe [296520 2013-09-11] (TOSHIBA Corporation)
HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [178016 2013-08-21] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [354144 2013-08-13] (TOSHIBA Corporation)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2556768 2013-08-17] (TOSHIBA Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3954880 2015-10-08] (Synaptics Incorporated)
HKLM-x32\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [383768 2002-04-12] (Alcor Micro Corp.)
HKLM-x32\...\Run: [1.TPUReg] => C:\Program Files (x86)\TOSHIBA\PasswordUtility\readLM.exe [2216800 2013-03-27] (TOSHIBA)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [6108752 2015-11-15] (AVAST Software)
HKLM-x32\...\Run: [TSVU] => c:\Program Files\TOSHIBA\TOSHIBA Smart View Utility\TosSmartViewLauncher.exe [516976 2015-06-09] (TOSHIBA)
HKLM-x32\...\Run: [WRSVC] => C:\Program Files\Webroot\WRSA.exe [896472 2016-06-14] (Webroot)
HKU\S-1-5-21-234256130-4129765883-971741967-1001\...\Run: [Dropbox Update] => C:\Users\Robert\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-19] (Dropbox, Inc.)
HKU\S-1-5-21-234256130-4129765883-971741967-1001\...\Run: [XperiaCompanionAgent] => C:\Program Files (x86)\Sony\Xperia Companion\XperiaCompanionAgent.exe [2065280 2016-05-19] (Sony)
HKU\S-1-5-21-234256130-4129765883-971741967-1001\...\RunOnce: [Uninstall C:\Users\Robert\AppData\Local\Microsoft\OneDrive\17.3.5892.0626_1\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Robert\AppData\Local\Microsoft\OneDrive\17.3.5892.0626_1\amd64"
HKU\S-1-5-21-234256130-4129765883-971741967-1001\...\MountPoints2: {ff342493-2860-11e6-8300-0c54a52d9b0a} - "E:\startme.exe"
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Robert\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\FileSyncShell64.dll [2016-05-18] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Robert\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\FileSyncShell64.dll [2016-05-18] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Robert\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\FileSyncShell64.dll [2016-05-18] (Microsoft Corporation)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Robert\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Robert\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Robert\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Robert\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Robert\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Robert\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Robert\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Robert\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-07-20] (AVAST Software)
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Robert\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\FileSyncShell.dll [2016-05-18] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Robert\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\FileSyncShell.dll [2016-05-18] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Robert\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\FileSyncShell.dll [2016-05-18] (Microsoft Corporation)
Startup: C:\Users\Robert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-09-05]
ShortcutTarget: Dropbox.lnk -> C:\Users\Robert\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
AutoConfigURL: [S-1-5-21-234256130-4129765883-971741967-1001] => hxxp://un-stop.info/wpad.dat?98e30d21d4b2481af938d2a7104d508b11530750
Tcpip\Parameters: [DhcpNameServer] 194.168.4.100 194.168.8.100
Tcpip\..\Interfaces\{2b42187b-9326-4ef1-b9d4-029c48d0f127}: [DhcpNameServer] 194.168.4.100 194.168.8.100
Tcpip\..\Interfaces\{9b494516-d7c8-4635-a9b0-b499c8c26e57}: [DhcpNameServer] 194.168.4.100 194.168.8.100
ManualProxies: 0hxxp://un-stop.info/wpad.dat?98e30d21d4b2481af938d2a7104d508b11530750
Internet Explorer:
==================
HKU\S-1-5-21-234256130-4129765883-971741967-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs
HKU\S-1-5-21-234256130-4129765883-971741967-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba13.msn.com/?pc=TEJB
HKU\S-1-5-21-234256130-4129765883-971741967-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://toshiba.eu/symbaloo_c
HKU\S-1-5-21-234256130-4129765883-971741967-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://toshiba.eu/symbaloo_c
SearchScopes: HKU\S-1-5-21-234256130-4129765883-971741967-1001 -> DefaultScope {888AF55B-43BC-480D-8929-71248BCD3925} URL =
SearchScopes: HKU\S-1-5-21-234256130-4129765883-971741967-1001 -> {888AF55B-43BC-480D-8929-71248BCD3925} URL =
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2016-04-12] (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-07-20] (AVAST Software)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Microsoft Corporation)
BHO: Webroot Filtering Extension -> {C9C42510-9B41-42c1-9DCD-7282A2D07C61} -> C:\Program Files\Common Files\Webroot\WebFiltering\wrflt.dll [2016-06-14] (Webroot)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2016-04-12] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-01-23] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-07-20] (AVAST Software)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation)
BHO-x32: Webroot Filtering Extension -> {C9C42510-9B41-42c1-9DCD-7282A2D07C61} -> C:\Program Files (x86)\Common Files\Webroot\WebFiltering\wrflt.dll [2016-06-14] (Webroot)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-23] (Oracle Corporation)
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation)
FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1211151.dll [2014-04-15] (Adobe Systems, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-03] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-03] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-23] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-23] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-05-04] (Microsoft Corporation)
FF Plugin-x32: @Motive.com/NpMotive,version=1.0 -> C:\Program Files (x86)\Common Files\Motive\npMotive.dll [2012-10-05] (Alcatel-Lucent)
FF Plugin-x32: @Motive.com/npMotiveRequest,version=1.0 -> C:\Program Files (x86)\Common Files\Motive\npMotiveRequest.dll [2011-12-06] (Alcatel-Lucent)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [No File]
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2012-05-12] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-05-27] (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: No Name - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-12-23] [not signed]
Chrome:
=======
CHR HKU\S-1-5-21-234256130-4129765883-971741967-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bbjllphbppobebmjpjcijfbakobcheof] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-234256130-4129765883-971741967-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [kgdcapepedmpopjkmdbjnmmmfgllnfek] - C:\Users\Robert\AppData\Roaming\Check Point Software Technologies LTD\zonealarm\1.8.29.17\zonealarm.crx [2014-02-12]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-12-23]
CHR HKLM-x32\...\Chrome\Extension: [kjeghcllfecehndceplomkocgfbklffd] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2016-05-25]
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [312448 2013-08-22] (Windows (R) Win 7 DDK provider) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [146600 2015-07-20] (AVAST Software)
S3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4047768 2015-07-20] (Avast Software)
S2 BT Help Wizard; C:\Program Files (x86)\BT Broadband Desktop Help\btbb\MA\8.4.0.53.bt.10\ma\bin\MAHostService.exe [321024 2014-04-09] (Alcatel-Lucent) [File not signed]
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1364096 2016-05-25] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1687680 2016-05-25] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3009264 2016-05-17] (Microsoft Corporation)
R3 dts_apo_service; C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe [19960 2015-05-27] ()
R2 GFNEXSrv; C:\Program Files (x86)\TOSHIBA\PasswordUtility\GFNEXSrv.exe [163168 2013-03-27] ()
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [330136 2015-08-27] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-09-03] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-03] (Intel Corporation)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219272 2013-08-07] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [182752 2013-08-07] (McAfee, Inc.)
R2 pcCMService64; C:\Program Files\Common Files\Motive\pcCMService.exe [467256 2013-11-11] (Alcatel-Lucent)
R2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2383344 2016-05-30] (IBM Corp.)
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [339456 2013-08-16] (IDT, Inc.) [File not signed]
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [255168 2015-10-08] (Synaptics Incorporated)
S3 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [116088 2013-07-18] (Toshiba Europe GmbH)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)
R2 WRSVC; C:\Program Files\Webroot\WRSA.exe [896472 2016-06-14] (Webroot)
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-12-23] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [97648 2015-12-23] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-12-23] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-12-23] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1065720 2016-03-02] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [464256 2016-01-22] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [155304 2015-12-23] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [273784 2015-12-23] (AVAST Software)
R3 athr; C:\Windows\System32\drivers\athw10x.sys [4342936 2015-09-21] (Qualcomm Atheros Communications, Inc.)
S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70112 2013-08-07] (McAfee, Inc.)
S3 ggsomc; C:\Windows\System32\drivers\ggsomc.sys [30424 2016-06-01] (Sony Mobile Communications)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-03] (Intel Corporation)
S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [179664 2013-08-07] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [310224 2013-08-07] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [69264 2013-08-07] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [519064 2013-08-07] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [776168 2013-08-07] (McAfee, Inc.)
S3 MREMP50; C:\Program Files (x86)\Common Files\Motive\MREMP50.sys [21248 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MREMP50a64; C:\Program Files\Common Files\Motive\MREMP50a64.sys [43008 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA))
S3 MRESP50; C:\Program Files (x86)\Common Files\Motive\MRESP50.sys [20096 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MRESP50a64; C:\Program Files\Common Files\Motive\MRESP50a64.sys [40960 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA))
R2 PEGAGFN; C:\Program Files (x86)\TOSHIBA\PasswordUtility\PEGAGFN.sys [14344 2009-09-11] (PEGATRON)
R1 RapportCerberus_1609041; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_1609041.sys [1157864 2016-06-08] (IBM Corp.)
R1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [544360 2016-05-30] (IBM Corp.)
R0 RapportHades64; C:\Windows\System32\Drivers\RapportHades64.sys [215560 2016-05-30] (IBM Corp.)
R0 RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [470056 2016-05-30] (IBM Corp.)
R1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [525992 2016-05-30] (IBM Corp.)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [51392 2015-10-08] (Synaptics Incorporated)
R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [54424 2015-07-29] (Toshiba Corporation)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [273824 2015-07-20] (Avast Software)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
R0 WRkrn; C:\Windows\System32\drivers\WRkrn.sys [117728 2016-06-14] (Webroot)
S3 wrUrlFlt; C:\WINDOWS\system32\DRIVERS\wrUrlFlt.sys [54512 2016-06-14] (Webroot)
S0 mfewfpk; system32\drivers\mfewfpk.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-06-14 13:47 - 2016-06-14 13:48 - 00024688 _____ C:\Users\Robert\Downloads\FRST.txt
2016-06-14 13:45 - 2016-06-14 13:47 - 00000000 ____D C:\FRST
2016-06-14 13:45 - 2016-06-14 13:45 - 02385920 _____ (Farbar) C:\Users\Robert\Downloads\FRST64.exe
2016-06-14 12:08 - 2016-06-14 13:29 - 00117728 _____ (Webroot) C:\WINDOWS\system32\Drivers\WRkrn.sys
2016-06-14 12:08 - 2016-06-14 12:08 - 00181176 _____ (Webroot) C:\WINDOWS\SysWOW64\WRusr.dll
2016-06-14 12:08 - 2016-06-14 12:08 - 00115768 _____ (Webroot) C:\WINDOWS\system32\WRusr.dll
2016-06-14 12:08 - 2016-06-14 12:08 - 00054512 ____T (Webroot) C:\WINDOWS\system32\Drivers\wrUrlFlt.sys
2016-06-14 12:08 - 2016-06-14 12:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Webroot SecureAnywhere
2016-06-14 12:08 - 2016-06-14 12:08 - 00000000 ____D C:\Program Files\Common Files\Webroot
2016-06-14 12:07 - 2016-06-14 13:37 - 00000000 ____D C:\ProgramData\WRData
2016-06-14 12:07 - 2016-06-14 12:07 - 00000000 ____D C:\Program Files\Webroot
2016-06-14 11:38 - 2016-06-14 11:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2016-06-13 18:26 - 2016-06-13 20:29 - 00000000 ____D C:\Program Files (x86)\SrpnFiles
2016-06-13 18:26 - 2016-06-13 18:26 - 00000000 ____D C:\Users\Robert\AppData\Roaming\SpringFiles
2016-06-04 13:52 - 2016-06-04 13:52 - 00000000 ____D C:\Users\Robert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-06-02 10:40 - 2016-06-02 10:40 - 00085648 _____ C:\Users\Robert\Desktop\32 Marshall plus virgin.odt
2016-06-01 22:43 - 2016-06-01 22:43 - 00030424 _____ (Sony Mobile Communications) C:\WINDOWS\system32\Drivers\ggsomc.sys
2016-06-01 22:43 - 2016-06-01 22:43 - 00016088 _____ (Sony Mobile Communications) C:\WINDOWS\system32\Drivers\ggflt.sys
2016-06-01 22:42 - 2016-06-01 22:42 - 00000000 ____D C:\Users\Robert\.oracle_jre_usage
2016-06-01 22:42 - 2016-06-01 22:42 - 00000000 ____D C:\ProgramData\Sony Mobile
2016-06-01 22:42 - 2016-06-01 22:42 - 00000000 ____D C:\Program Files (x86)\Sony Mobile
2016-06-01 22:39 - 2016-06-01 22:39 - 00000000 ____D C:\Users\Robert\AppData\Roaming\Apple Computer
2016-06-01 22:35 - 2016-06-01 22:35 - 00002677 _____ C:\Users\Public\Desktop\Xperia Companion.lnk
2016-06-01 22:35 - 2016-06-01 22:35 - 00000000 ____D C:\Users\Robert\Documents\Sony
2016-06-01 22:35 - 2016-06-01 22:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony
2016-06-01 22:35 - 2016-06-01 22:35 - 00000000 ____D C:\Program Files (x86)\Sony
2016-05-26 23:14 - 2016-05-26 23:14 - 00009104 _____ C:\Users\Robert\Desktop\NQT questions.odt
2016-05-23 19:57 - 2016-05-23 19:57 - 00000000 ___RD C:\Users\Robert\Downloads\325289AEDD75.TorrentRTFREE_qtx9tqphctw9r!App
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-06-14 13:31 - 2016-01-02 21:59 - 00000000 __SHD C:\Users\Robert\IntelGraphicsProfiles
2016-06-14 13:29 - 2016-01-02 21:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-06-14 12:13 - 2016-01-02 21:24 - 00000000 ____D C:\Users\Robert
2016-06-14 12:13 - 2015-10-30 07:28 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2016-06-14 11:51 - 2015-06-19 14:39 - 00000946 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-234256130-4129765883-971741967-1001UA.job
2016-06-14 11:51 - 2014-04-21 21:26 - 00000000 ____D C:\Users\Robert\AppData\Local\Google
2016-06-14 11:51 - 2014-04-21 21:26 - 00000000 ____D C:\Program Files (x86)\Google
2016-06-14 11:40 - 2014-06-17 16:33 - 00000000 ____D C:\Users\Robert\AppData\Roaming\Skype
2016-06-14 11:39 - 2014-06-17 16:33 - 00000000 ____D C:\ProgramData\Skype
2016-06-14 11:38 - 2014-06-17 16:33 - 00002640 _____ C:\Users\Public\Desktop\Skype.lnk
2016-06-14 11:38 - 2014-06-17 16:33 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-06-14 11:38 - 2014-06-17 16:33 - 00000000 ____D C:\Users\Robert\AppData\Local\Skype
2016-06-13 20:23 - 2015-10-30 08:21 - 00000000 ____D C:\WINDOWS\INF
2016-06-13 18:50 - 2015-06-19 14:39 - 00000894 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-234256130-4129765883-971741967-1001Core.job
2016-06-13 13:11 - 2014-04-21 21:27 - 00004280 _____ C:\WINDOWS\System32\Tasks\avast! Emergency Update
2016-06-11 13:54 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-06-10 11:36 - 2015-10-30 08:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-06-08 21:46 - 2014-04-21 21:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trusteer Endpoint Protection
2016-06-08 20:57 - 2016-01-02 22:00 - 00000000 ____D C:\Users\Robert\AppData\Local\Comms
2016-06-04 23:24 - 2016-01-11 19:16 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-06-04 13:53 - 2015-01-05 19:26 - 00000000 ____D C:\Users\Robert\AppData\Roaming\Dropbox
2016-06-01 22:35 - 2013-11-20 21:14 - 00000000 ____D C:\ProgramData\Package Cache
2016-06-01 22:33 - 2016-01-02 21:41 - 00879220 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-05-31 21:17 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-05-30 17:04 - 2014-04-21 21:49 - 00470056 _____ (IBM Corp.) C:\WINDOWS\system32\Drivers\RapportKE64.sys
2016-05-30 17:04 - 2014-04-21 21:49 - 00215560 _____ (IBM Corp.) C:\WINDOWS\system32\Drivers\RapportHades64.sys
2016-05-28 08:34 - 2015-10-30 08:24 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-05-28 08:32 - 2014-05-03 14:38 - 00000000 ____D C:\Program Files\Microsoft Office 15
2016-05-23 19:47 - 2013-12-28 19:08 - 00000000 ____D C:\Users\Robert\AppData\Local\Packages
2016-05-18 18:09 - 2016-01-02 22:32 - 00002377 _____ C:\Users\Robert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-05-18 18:09 - 2016-01-02 22:32 - 00000000 ___RD C:\Users\Robert\OneDrive
2016-05-17 19:14 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\rescache
2016-05-16 22:26 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2016-05-15 11:26 - 2015-10-30 08:11 - 00000000 ____D C:\WINDOWS\CbsTemp
==================== Files in the root of some directories =======
2015-12-23 01:41 - 2015-12-23 01:41 - 0000017 _____ () C:\Users\Robert\AppData\Local\resmon.resmoncfg
2014-06-03 22:41 - 2014-04-04 22:41 - 0000032 ____R () C:\ProgramData\hash.dat
Files to move or delete:
====================
C:\ProgramData\hash.dat
Some files in TEMP:
====================
C:\Users\Administrator\AppData\Local\Temp\PresentationCore.dll
C:\Users\Administrator\AppData\Local\Temp\PresentationFramework.dll
C:\Users\Administrator\AppData\Local\Temp\ReachFramework.dll
C:\Users\Administrator\AppData\Local\Temp\UIAutomationProvider.dll
C:\Users\Administrator\AppData\Local\Temp\UIAutomationTypes.dll
C:\Users\Administrator\AppData\Local\Temp\WindowsBase.dll
C:\Users\Administrator\AppData\Local\Temp\WindowsFormsIntegration.dll
C:\Users\Robert\AppData\Local\Temp\4Am6AibRnj.exe
C:\Users\Robert\AppData\Local\Temp\99Pp0dXgv6.exe
C:\Users\Robert\AppData\Local\Temp\mFyPnrbEd1.exe
C:\Users\Robert\AppData\Local\Temp\nseB286.tmp.exe
C:\Users\Robert\AppData\Local\Temp\xcs9061.tmp.exe
C:\Users\Robert\AppData\Local\Temp\{FA23E709-5365-496B-9D01-98AE9AF0DFD5}-50.0.2661.94_49.0.2623.112_chrome_updater.exe
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2016-06-09 22:31
==================== End of FRST.txt ============================
-----------------------------------------------------
adwCleaner log-
# AdwCleaner v5.119 - Logfile created 14/06/2016 at 14:12:46
# Updated 30/05/2016 by Xplode
# Database : 2016-06-13.1 [Server]
# Operating system : Windows 10 Home (X64)
# Username : Robert - ROBS_LAPTOP
# Running from : C:\Users\Robert\Downloads\AdwCleaner.exe
# Option : Scan
# Support : ToolsLib
***** [ Services ] *****
***** [ Folders ] *****
Folder Found : C:\Program Files (x86)\Check Point Software Technologies LTD
Folder Found : C:\Program Files (x86)\SrpnFiles
Folder Found : C:\Users\Robert\AppData\Roaming\Check Point Software Technologies LTD
Folder Found : C:\Users\Robert\AppData\Roaming\SpringFiles
***** [ Files ] *****
File Found : C:\Users\Public\Desktop\eBay.lnk
File Found : C:\Users\Administrator\Favorites\eBay.lnk
***** [ DLL ] *****
***** [ WMI ] *****
***** [ Shortcuts ] *****
***** [ Scheduled tasks ] *****
***** [ Registry ] *****
Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION [SpeedCheckerService.exe]
Key Found : HKLM\SOFTWARE\Classes\c
Value Found : HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN\FEATURECONTROL\FEATURE_BROWSER_EMULATION [SpeedCheckerService.exe]
Key Found : HKCU\Software\Google\Chrome\Extensions\kgdcapepedmpopjkmdbjnmmmfgllnfek
Key Found : HKLM\SOFTWARE\Classes\ScriptHost.Tool
Key Found : HKLM\SOFTWARE\Classes\ScriptHost.Tool.1
Key Found : HKLM\SOFTWARE\Classes\AppID\{06DEB529-DE09-43EC-B6E2-451AAB0FF000}
Key Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Found : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Found : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{19D2F415-D58B-46BC-9390-C03DCBC21EB2}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{6E45F3E8-2683-4824-A6BE-08108022FB36}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{744E0E81-BC79-4719-A58B-C98F7E78EE5D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{987D9269-F8A1-408F-BF62-4397D2F5363E}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{9F0F16DD-4E76-4049-A9B1-7A91E48F0323}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E0722BEB-FDA1-4AA1-A2A8-15A74A5B3F70}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F1963E76-845B-474C-8C7F-D69A96D8AA34}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F4288797-CB12-49CE-9DF8-7CDFA1143BEA}
Key Found : HKLM\SOFTWARE\Classes\Interface\{744E0E81-BC79-4719-A58B-C98F7E78EE5D}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{06DEB529-DE09-43EC-B6E2-451AAB0FF000}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{212C2C4F-C845-4FBC-9561-C833A13D8DCE}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{3C5D1D57-16C8-473C-A552-37B8D88596FE}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{4A115D8A-6A7B-4C72-92B1-2E2D01F36979}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{99DF8440-814E-497F-BDDD-FB93E9E9DF96}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{E00DE9B9-B128-4C39-B732-B5D85013FA48}
Key Found : HKCU\Software\Check Point Software Technologies LTD
Key Found : HKCU\Software\SrpnFiles
Key Found : HKLM\SOFTWARE\Check Point Software Technologies LTD
Key Found : HKLM\SOFTWARE\Speedchecker Limited
Key Found : HKLM\SOFTWARE\SrpnFiles
Key Found : [x64] HKLM\SOFTWARE\Speedchecker Limited
Key Found : HKU\S-1-5-21-234256130-4129765883-971741967-1001\Software\Check Point Software Technologies LTD
Key Found : HKU\S-1-5-21-234256130-4129765883-971741967-1001\Software\SrpnFiles
Value Found : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{417FEF69-68F5-4180-90B0-07EE03730B09}]
Value Found : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{3EF60283-60AF-4358-8AE9-594672EA18E7}]
Value Found : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{2DBB7911-5B42-4A35-834D-ECC4B48C3229}]
Value Found : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{C7960AAF-4ACD-4660-B9BF-FFD81C2CE393}]
***** [ Web browsers ] *****
*************************
C:\AdwCleaner\AdwCleaner[S1].txt - [4477 bytes] - [14/06/2016 14:12:46]
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [4550 bytes] ##########
----------------------------------------------------------------------------------------------------------
aswMBR log-
aswMBR version 1.0.1.2252 Copyright(c) 2014 AVAST Software
Run date: 2016-06-14 14:23:35
-----------------------------
14:23:35.068 OS Version: Windows x64 6.2.9200
14:23:35.068 Number of processors: 2 586 0x3A09
14:23:35.068 ComputerName: ROBS_LAPTOP UserName: Robert
14:23:37.716 Initialize success
14:23:37.731 VM: initialized successfully
14:23:37.731 VM: Intel CPU supported virtualized
14:23:41.436 VM: disk I/O iaStorA.sys
14:23:44.654 AVAST engine defs: 16061400
14:23:59.236 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000002c
14:23:59.236 Disk 0 Vendor: HGST_HTS541075A9E680 JA2OA700 Size: 715404MB BusType: 11
14:23:59.435 Disk 0 MBR read successfully
14:23:59.435 Disk 0 MBR scan
14:23:59.450 Disk 0 unknown MBR code
14:23:59.450 Disk 0 Partition 1 00 EE GPT 2097151 MB offset 1
14:23:59.613 Disk 0 scanning C:\WINDOWS\system32\drivers
14:24:17.074 Service scanning
14:25:22.835 Service WRkrn C:\WINDOWS\System32\drivers\WRkrn.sys **LOCKED** 32
14:25:25.459 Modules scanning
14:25:25.459 Disk 0 trace - called modules:
14:25:25.481 ntoskrnl.exe CLASSPNP.SYS disk.sys storport.sys hal.dll iaStorA.sys
14:25:25.481 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xffffe000b85e7060]
14:25:25.497 3 CLASSPNP.SYS[fffff80102c07d95] -> nt!IofCallDriver -> \Device\0000002c[0xffffe000b8301060]
14:25:26.459 AVAST engine scan C:\WINDOWS
14:25:31.003 AVAST engine scan C:\WINDOWS\system32
14:28:40.903 AVAST engine scan C:\WINDOWS\system32\drivers
14:28:59.382 AVAST engine scan C:\Users\Robert
14:44:55.060 AVAST engine scan C:\ProgramData
14:49:53.951 Disk 0 statistics 4781291/0/0 @ 1.92 MB/s
14:49:53.973 Scan finished successfully
15:01:22.610 Disk 0 MBR has been saved successfully to "C:\Users\Robert\Downloads\MBR.dat"
15:01:22.634 The log file has been saved successfully to "C:\Users\Robert\Downloads\aswMBR.txt"