Merhaba, Olgun
I have tried running FRST. When it was creating Addition.txt I got the following error message: "There is no disk in the drive. Please insert a disk into drive \Device\Harddisk3\DR3.", but both files were still created.
Here is the first part of FRST.txt (the whole file is too large for one reply so I am sending in 2 parts):
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 05-06-2017
Ran by Graham (administrator) on GRAHAM-PC (07-06-2017 06:39:57)
Running from C:\Users\Graham\Desktop\Tools
Loaded Profiles: Graham (Available Profiles: Graham)
Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:
http://www.geekstogo.com/forum/topic...ery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\AVGSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ABBYY) C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\Networ kLicenseServer.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Framework\Common\avgsvcx.exe
(CobianSoft, Luis Cobian) C:\Program Files\Cobian Backup 11\cbVSCService11.exe
(Luis Cobian, CobianSoft) C:\Program Files\Cobian Backup 11\cbService.exe
(Creative Technology Ltd) C:\Program Files\Creative\Shared Files\CTDevSrv.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS32.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(pdfforge GmbH) C:\Program Files\PDF Architect\HelperService.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.33.5\GoogleCrashHandler.ex e
(pdfforge GmbH) C:\Program Files\PDF Architect\ConversionService.exe
() C:\Program Files\PenWes\DNSService.exe
(Protexis Inc.) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Saitek) C:\Program Files\Saitek\CyborgKeyboard\SaiVolume.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Luis Cobian, CobianSoft) C:\Program Files\Cobian Backup 11\cbInterface.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Framework\Common\avguix.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\AVGUI.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Creative Technology Ltd) C:\Program Files\Creative\Software Update 3\SoftAuto.exe
(Creative Technology Ltd) C:\Program Files\Creative\MediaSource5\MtdAcqu.exe
() C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(inteleXual.com) C:\Program Files\YCIII\YankClip.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\aswidsagent.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EX E
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SaiVolume] => C:\Program Files\Saitek\CyborgKeyboard\SaiVolume.exe [126976 2008-07-29] (Saitek)
HKLM\...\Run: [CanonSolutionMenu] => C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe [689488 2008-03-11] (CANON INC.)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [LifeCam] => C:\Program Files\Microsoft LifeCam\LifeExp.exe [135536 2010-12-13] (Microsoft Corporation)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM\...\Run: [NvBackend] => C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe [2403104 2014-07-25] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap.dll,ShadowPlayOnSystem Start
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [7518752 2009-06-02] (Realtek Semiconductor)
HKLM\...\Run: [Cobian Backup 11 interface] => C:\Program Files\Cobian Backup 11\cbInterface.exe [4407808 2012-12-06] (Luis Cobian, CobianSoft)
HKLM\...\Run: [AvgUi] => C:\Program Files\AVG\Framework\Common\avguirnx.exe [220288 2017-05-31] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [AVGUI.exe] => C:\Program Files\AVG\Antivirus\AvLaunch.exe [263232 2017-05-24] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [HP Software Update] => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [3146704 2017-05-09] (Malwarebytes)
Winlogon\Notify\GoToAssist: C:\Program Files\Citrix\GoToAssist\615\G2AWinLogon.dll [2011-03-31] (Citrix Online, a division of Citrix Systems, Inc.)
HKU\S-1-5-21-3597907355-2430030293-454580081-1001\...\Run: [SoftAuto.exe] => C:\Program Files\Creative\Software Update 3\SoftAuto.exe [405504 2008-08-13] (Creative Technology Ltd)
HKU\S-1-5-21-3597907355-2430030293-454580081-1001\...\Run: [] => [X]
HKU\S-1-5-21-3597907355-2430030293-454580081-1001\...\Run: [Google Update] => C:\Users\Graham\AppData\Local\Google\Update\1.3.33 .5\GoogleUpdateCore.exe [601168 2017-04-27] (Google Inc.)
HKU\S-1-5-21-3597907355-2430030293-454580081-1001\...\Run: [MtdAcqu] => C:\Program Files\Creative\MediaSource5\MtdAcqu.exe [278528 2006-03-08] (Creative Technology Ltd)
HKU\S-1-5-21-3597907355-2430030293-454580081-1001\...\Run: [CTSyncU.exe] => C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe [851968 2006-11-23] ()
HKU\S-1-5-21-3597907355-2430030293-454580081-1001\...\MountPoints2: {8e7adcc4-81f4-11df-861a-002170571b4d} - M:\SETUP.EXE
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
Startup: C:\Users\Graham\AppData\Roaming\Microsoft\Windows\ Start Menu\Programs\Startup\Monitor Ink Alerts - HP DeskJet 3630 series.lnk [2017-06-07]
ShortcutTarget: Monitor Ink Alerts - HP DeskJet 3630 series.lnk -> C:\Program Files\HP\HP DeskJet 3630 series\Bin\HPStatusBL.dll (Hewlett-Packard Development Company, LP)
Startup: C:\Users\Graham\AppData\Roaming\Microsoft\Windows\ Start Menu\Programs\Startup\Yankee Clipper III.lnk [2011-08-29]
ShortcutTarget: Yankee Clipper III.lnk -> C:\Program Files\YCIII\YankClip.exe (inteleXual.com)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
ProxyServer: [S-1-5-21-3597907355-2430030293-454580081-1001] => 172.241.136.162:29842
AutoConfigURL: [S-1-5-21-3597907355-2430030293-454580081-1001] => 172.241.136.162:29842
Tcpip\Parameters: [DhcpNameServer] 194.168.4.100 194.168.8.100
Tcpip\..\Interfaces\{9D998852-A7A5-4471-876F-69C00DE33051}: [NameServer] 127.0.0.1
Tcpip\..\Interfaces\{9D998852-A7A5-4471-876F-69C00DE33051}: [DhcpNameServer] 194.168.4.100 194.168.8.100
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3597907355-2430030293-454580081-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3597907355-2430030293-454580081-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.co.uk/
HKU\S-1-5-21-3597907355-2430030293-454580081-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxps://www.socialoomph.com/vetfollowers
SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3597907355-2430030293-454580081-1001 -> {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = hxxp://uk.search.yahoo.com/search?p={searchTerms}&fr=chr-rog
BHO: iMacros Browser Helper Object -> {34D5A80A-992D-4F07-9509-66E9E133BAAF} -> C:\Program Files\Ipswitch\iMacros\iMacrosBHO.dll [2014-05-14] ()
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2014-07-07] (CANON INC.)
BHO: PDF Architect Helper -> {3A2D5EBA-F86D-4BD3-A177-019765996711} -> C:\Program Files\PDF Architect\PDFIEHelper.dll [2013-04-08] (pdfforge GmbH)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_73\bin\ssv.dll [2016-02-11] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Easy Photo Print -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> No File
BHO: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files\Windows Live\Companion\companioncore.dll [2010-11-10] (Microsoft Corporation)
BHO: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2012-10-02] (Skype Technologies S.A.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_73\bin\jp2ssv.dll [2016-02-11] (Oracle Corporation)
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - No File
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2014-07-07] (CANON INC.)
IE Session Restore: HKU\S-1-5-21-3597907355-2430030293-454580081-1001 -> is enabled.
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_51-windows-i586.cab
DPF: {CAFEEFAC-0018-0000-0051-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_51-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_51-windows-i586.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2012-10-02] (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2016-02-01] (Skype Technologies)
FireFox:
========
FF ProfilePath: C:\Users\Graham\AppData\Roaming\TomTom\HOME\Profil es\mmt9btlj.default [2010-10-16]
FF Extension: (No Name) - C:\Program Files\TomTom HOME 2\xul\extensions\MapShare-status@tomtom.com [not found]
FF ProfilePath: C:\Users\Graham\AppData\Roaming\Mozilla\Firefox\Pr ofiles\ltvex8j9.default [2017-06-02]
FF DefaultSearchUrl: Mozilla\Firefox\Profiles\ltvex8j9.default -> hxxp://uk.search.yahoo.com/search?fr=ffsp1&p=
FF Homepage: Mozilla\Firefox\Profiles\ltvex8j9.default -> hxxp://www.google.co.uk/
FF Session Restore: Mozilla\Firefox\Profiles\ltvex8j9.default -> is enabled.
FF NetworkProxy: Mozilla\Firefox\Profiles\ltvex8j9.default -> http", "50.117.37.223"
FF NetworkProxy: Mozilla\Firefox\Profiles\ltvex8j9.default -> http_port", 29842
FF NetworkProxy: Mozilla\Firefox\Profiles\ltvex8j9.default -> type", 0
FF Extension: (Avira Browser Safety) - C:\Users\Graham\AppData\Roaming\Mozilla\Firefox\Pr ofiles\ltvex8j9.default\Extensions\abs@avira.com.x pi [2017-05-17]
FF Extension: (Microsoft Choice Guard) - C:\Users\Graham\AppData\Roaming\Mozilla\Firefox\Pr ofiles\ltvex8j9.default\Extensions\ChoiceGuard@Mic rosoft [2010-05-06] [not signed]
FF Extension: (Microsoft Default Manager) - C:\Users\Graham\AppData\Roaming\Mozilla\Firefox\Pr ofiles\ltvex8j9.default\Extensions\DefaultManager@ Microsoft [2011-05-15] [not signed]
FF Extension: (British English Dictionary) - C:\Users\Graham\AppData\Roaming\Mozilla\Firefox\Pr ofiles\ltvex8j9.default\Extensions\en-GB@dictionaries.addons.mozilla.org [2016-02-14] [not signed]
FF Extension: (Screengrab) - C:\Users\Graham\AppData\Roaming\Mozilla\Firefox\Pr ofiles\ltvex8j9.default\Extensions\{02450954-cdd9-410f-b1da-db804e18c671}(519) [2010-05-06] [not signed]
FF Extension: (Forecastfox) - C:\Users\Graham\AppData\Roaming\Mozilla\Firefox\Pr ofiles\ltvex8j9.default\Extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}(520) [2010-05-06] [not signed]
FF Extension: (FireShot) - C:\Users\Graham\AppData\Roaming\Mozilla\Firefox\Pr ofiles\ltvex8j9.default\Extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}(2) [2010-05-06] [not signed]
FF Extension: (iMacros for Firefox) - C:\Users\Graham\AppData\Roaming\Mozilla\Firefox\Pr ofiles\ltvex8j9.default\Extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}(521) [2010-05-06] [not signed]
FF Extension: (iMacros for Firefox) - C:\Users\Graham\AppData\Roaming\Mozilla\Firefox\Pr ofiles\ltvex8j9.default\Extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}(55) [2010-05-06] [not signed]
FF Extension: (iMacros for Firefox) - C:\Users\Graham\AppData\Roaming\Mozilla\Firefox\Pr ofiles\ltvex8j9.default\Extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}.xpi [2017-05-17]
FF Extension: (Adobe DLM (powered by getPlus(R))) - C:\Users\Graham\AppData\Roaming\Mozilla\Firefox\Pr ofiles\ltvex8j9.default\Extensions\{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7} [2010-05-06] [not signed]
FF Extension: (Adblock Plus) - C:\Users\Graham\AppData\Roaming\Mozilla\Firefox\Pr ofiles\ltvex8j9.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-05-25]
FF Extension: (DownThemAll!) - C:\Users\Graham\AppData\Roaming\Mozilla\Firefox\Pr ofiles\ltvex8j9.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}(522) [2010-05-06] [not signed]
FF Extension: (Skype Click to Call) - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2017-05-15] [not signed]
FF HKLM\...\Firefox\Extensions: [{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}] - C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension
FF Extension: (Firefox Synchronisation Extension) - C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension [2010-10-10] [not signed]
FF HKLM\...\Firefox\Extensions: [netsight@nielsen.com] - C:\Program Files\NetRatingsNetSight\NetSight\meter8\FirefoxAd dOns\netsight@nielsen.xpi => not found
FF HKLM\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files\PDF Architect\FFPDFArchitectExt
FF Extension: (PDF Architect Converter For Firefox) - C:\Program Files\PDF Architect\FFPDFArchitectExt [2013-05-21] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_19_0_0_ 226.dll [2015-10-17] ()
FF Plugin: @canon.com/EPPEX -> C:\Program Files\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2011-11-30] (CANON INC.)
FF Plugin: @java.com/DTPlugin,version=11.73.2 -> C:\Program Files\Java\jre1.8.0_73\bin\dtplugin\npDeployJava1. dll [2016-02-11] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.73.2 -> C:\Program Files\Java\jre1.8.0_73\bin\plugin2\npjp2.dll [2016-02-11] (Oracle Corporation)
FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files\Yahoo!\Shared\npYState.dll [2010-04-29] (Yahoo! Inc.)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50906.0\npctrl.dll [2017-03-09] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin: @nielsen/FirefoxTracker -> C:\Program Files\NetRatingsNetSight\NetSight\meter8\FirefoxAd dOns\npfirefoxtracker.dll [No File]
FF Plugin: @nvidia.com/3DVision -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-06-29] (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-06-29] (NVIDIA Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-05] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3597907355-2430030293-454580081-1001: @citrixonline.com/appdetectorplugin -> C:\Users\Graham\AppData\Local\Citrix\Plugins\104\n pappdetector.dll [2013-08-15] (Citrix Online)
FF Plugin HKU\S-1-5-21-3597907355-2430030293-454580081-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\Graham\AppData\Roaming\Mozilla\plugins\np googletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-3597907355-2430030293-454580081-1001: @talk.google.com/O1DPlugin -> C:\Users\Graham\AppData\Roaming\Mozilla\plugins\np o1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-3597907355-2430030293-454580081-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Graham\AppData\Local\Google\Update\1.3.33 .5\npGoogleUpdate3.dll [2017-04-27] (Google Inc.)
FF Plugin HKU\S-1-5-21-3597907355-2430030293-454580081-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Graham\AppData\Local\Google\Update\1.3.33 .5\npGoogleUpdate3.dll [2017-04-27] (Google Inc.)
FF Plugin HKU\S-1-5-21-3597907355-2430030293-454580081-1001: @yahoo.com/BrowserPlus,version=2.7.1 -> C:\Users\Graham\AppData\Local\Yahoo!\BrowserPlus\2 .7.1\Plugins\npybrowserplus_2.7.1.dll [2010-04-20] (Yahoo! Inc.)
FF Plugin HKU\S-1-5-21-3597907355-2430030293-454580081-1001: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101753.dll [2012-10-30] (Amazon.com, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2017-04-05] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2014-02-23] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2014-02-23] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2014-02-23] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2014-02-23] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2014-02-23] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll [2014-02-23] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Graham\AppData\Roaming\mozilla\plugins\np googletalk.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Graham\AppData\Roaming\mozilla\plugins\np o1d.dll [2015-12-08] (Google)
Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxps://www.google.co.uk/
CHR StartupUrls: Default -> "hxxp://www.google.com","hxxps://www.google.co.uk/","hxxp://start.mysearchdial.com/?f=1&a=dsites0103&cd=2XzuyEtN2Y1L1QzutDtDtBtCzy0Bt CyB0F0C0FyEtCtDyB0CtN0D0Tzu0CyByDyEtN1L2XzutBtFtBt FtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R&cr=552127649&i r="
CHR Profile: C:\Users\Graham\AppData\Local\Google\Chrome\User Data\Default [2017-06-07]
CHR Extension: (Kindle Cloud Reader) - C:\Users\Graham\AppData\Local\Google\Chrome\User Data\Default\Extensions\aicjkkmjijnlncpkailhjcdfke chjbpl [2016-10-06]
CHR Extension: (Google Drive) - C:\Users\Graham\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigk jlhalf [2015-10-22]
CHR Extension: (YouTube) - C:\Users\Graham\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldk acnbeo [2015-09-25]
CHR Extension: (Adblock Plus) - C:\Users\Graham\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddi lifddb [2017-03-22]
CHR Extension: (Google Search) - C:\Users\Graham\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljnie djpjpf [2015-10-28]
CHR Extension: (iMacros for Chrome) - C:\Users\Graham\AppData\Local\Google\Chrome\User Data\Default\Extensions\cplklnmnlbnpmjogncfgfijoop mnlemp [2017-02-09]
CHR Extension: (Adobe Acrobat) - C:\Users\Graham\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefi ndmkaj [2017-03-03]
CHR Extension: (Google Docs Offline) - C:\Users\Graham\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdl olhkhi [2016-03-16]
CHR Extension: (Mailvelope) - C:\Users\Graham\AppData\Local\Google\Chrome\User Data\Default\Extensions\kajibbejlbohfaggdiogboambc ijhkke [2017-04-21]
CHR Extension: (Tweepi Bulk Default Action (aka Select All)) - C:\Users\Graham\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpniicpnanbaopgkcagaphglbe aejnph [2016-09-05]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Graham\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccm gmieda [2017-03-10]
CHR Extension: (Buffer) - C:\Users\Graham\AppData\Local\Google\Chrome\User Data\Default\Extensions\noojglkidnpfjbincgijbaiedl djfbhh [2017-06-04]
CHR Extension: (Gmail) - C:\Users\Graham\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoe jaedia [2015-03-29]
CHR Extension: (Chrome Media Router) - C:\Users\Graham\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcj beemfm [2017-05-15]
CHR HKLM\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2012-10-02]
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\Networ kLicenseServer.exe [759048 2009-05-14] (ABBYY)
S3 Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2009-12-05] (Adobe Systems) [File not signed]
R2 AVG Antivirus; C:\Program Files\AVG\Antivirus\AVGSvc.exe [264432 2017-05-24] (AVG Technologies CZ, s.r.o.)
R3 avgbIDSAgent; C:\Program Files\AVG\Antivirus\aswidsagent.exe [5782800 2017-05-24] (AVG Technologies CZ, s.r.o.)
R2 avgsvc; C:\Program Files\AVG\Framework\Common\avgsvcx.exe [1189720 2017-05-31] (AVG Technologies CZ, s.r.o.)
R2 cbVSCService11; C:\Program Files\Cobian Backup 11\cbVSCService11.exe [67584 2012-12-05] (CobianSoft, Luis Cobian) [File not signed]
S4 CGVPNCliSrvc; C:\Program Files\CyberGhost VPN\CGVPNCliService.exe [2438696 2012-05-04] (mobile concepts GmbH)
R2 CobianBackup11; C:\Program Files\Cobian Backup 11\cbService.exe [1131008 2012-12-06] (Luis Cobian, CobianSoft) [File not signed]
S3 Creative ALchemy AL1 Licensing Service; C:\Program Files\Common Files\Creative Labs Shared\Service\AL1Licensing.exe [79360 2009-04-24] (Creative Labs) [File not signed]
R2 CTDevice_Srv; C:\Program Files\Creative\Shared Files\CTDevSrv.exe [61440 2007-04-02] (Creative Technology Ltd) [File not signed]
S3 CTUPnPSv; C:\Program Files\Creative\Creative Centrale\CTUPnPSv.exe [64000 2008-05-21] (Creative Technology Ltd) [File not signed]
S3 GoToAssist; C:\Program Files\Citrix\GoToAssist\615\g2aservice.exe [13160 2011-03-31] (Citrix Online, a division of Citrix Systems, Inc.)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
S2 KMService; C:\Windows\system32\srvany.exe [8192 2010-07-13] () [File not signed]
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [3398608 2017-05-09] (Malwarebytes)
R2 NvNetworkService; C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe [1720608 2014-07-25] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [17536800 2014-07-25] (NVIDIA Corporation)
R2 PDF Architect Helper Service; C:\Program Files\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH)
R2 PDF Architect Service; C:\Program Files\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH)
R2 PenWesController; C:\Program Files\PenWes\DNSService.exe [1655808 2014-09-20] () [File not signed]
S3 ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [615936 2010-06-14] (Nokia) [File not signed]
S4 Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3064000 2012-10-02] (Skype Technologies S.A.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R1 avgbdisk; C:\Windows\system32\drivers\avgbdiskx.sys [135872 2017-05-24] (AVG Technologies CZ, s.r.o.)
R1 avgbidsdriver; C:\Windows\system32\drivers\avgbidsdriverx.sys [260616 2017-05-24] (AVG Technologies CZ, s.r.o.)
R0 avgbidsh; C:\Windows\system32\drivers\avgbidshx.sys [151024 2017-05-24] (AVG Technologies CZ, s.r.o.)
R0 avgblog; C:\Windows\system32\drivers\avgblogx.sys [270344 2017-05-24] (AVG Technologies CZ, s.r.o.)
R0 avgbuniv; C:\Windows\system32\drivers\avgbunivx.sys [43992 2017-05-24] (AVG Technologies CZ, s.r.o.)
S3 avgHwid; C:\Windows\system32\drivers\avgHwid.sys [35264 2017-05-24] (AVG Technologies CZ, s.r.o.)
R2 avgMonFlt; C:\Windows\system32\drivers\avgMonFlt.sys [109056 2017-05-24] (AVG Technologies CZ, s.r.o.)
R1 avgRdr; C:\Windows\system32\drivers\avgRdr2.sys [91464 2017-05-24] (AVG Technologies CZ, s.r.o.)
R0 avgRvrt; C:\Windows\system32\drivers\avgRvrt.sys [63280 2017-05-24] (AVG Technologies CZ, s.r.o.)
R1 avgSnx; C:\Windows\system32\drivers\avgSnx.sys [765704 2017-05-24] (AVG Technologies CZ, s.r.o.)
R1 avgSP; C:\Windows\system32\drivers\avgSP.sys [483736 2017-05-24] (AVG Technologies CZ, s.r.o.)
R2 avgStm; C:\Windows\system32\drivers\avgStm.sys [116280 2017-05-24] (AVG Technologies CZ, s.r.o.)
R0 avgVmm; C:\Windows\system32\drivers\avgVmm.sys [280928 2017-05-24] (AVG Technologies CZ, s.r.o.)
R1 ElbyCDIO; C:\Windows\System32\Drivers\ElbyCDIO.sys [24232 2009-02-17] (Elaborate Bytes AG)
R2 MBAMChameleon; C:\Windows\system32\drivers\MBAMChameleon.sys [162208 2017-06-04] (Malwarebytes)
S3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [39840 2017-06-07] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [220576 2017-06-07] (Malwarebytes)
R3 mcdbus; C:\Windows\System32\DRIVERS\mcdbus.sys [116736 2009-02-24] (MagicISO, Inc.) [File not signed]
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19232 2014-07-25] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad32v.sys [34080 2014-03-31] (NVIDIA Corporation)
R3 SaiK8018; C:\Windows\System32\DRIVERS\SaiK8018.sys [106496 2008-07-29] (Saitek)
S4 secdrv; C:\Windows\system32\Drivers\secdrv.sys [12400 2016-01-10] (Macrovision Europe Ltd) [File not signed]
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [13024 2012-08-27] ()
R3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [26624 2011-12-15] (The OpenVPN Project)
S3 wdm_usb; C:\Windows\System32\DRIVERS\usb2ser.sys [128704 2016-08-16] (MBB)
S3 ZSMC301b; C:\Windows\System32\Drivers\usbVM31b.sys [90968 2004-03-19] (VM)
S3 Jukebox3; system32\DRIVERS\ctpdusb.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)