Hi there.
I have a problem that I've seen elsewhere on this forum, but I think it needs a personalised fix.
If I click AVG (2014 version), an error message pops up saying "This program is blocked by group policy".
I've downloaded Farbar to my desktop, and have run it. The log is below. 'd be really grateful if someone could tell me what to do next?
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 06-06-2014
Ran by currys (administrator) on JAMES-LAPTOP on 07-06-2014 16:48:13
Running from C:\Users\currys\Desktop\Farbar
Platform: Windows 7 Home Premium (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: Downloading Farbar Recovery Scan Tool
Download link for 64-Bit Version: Downloading Farbar Recovery Scan Tool
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials
==================== Processes (Whitelisted) =================
(Trusteer Ltd.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Motorola, Inc.) C:\Program Files\Motorola\Bluetooth\devmgrsrv.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(EasyBits Software AS) C:\Windows\SysWOW64\ezSharedSvcHost.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Trusteer Ltd.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
(Motorola, Inc.) C:\Program Files\Motorola\Bluetooth\obexsrv.exe
(Safer Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Spotify Ltd) C:\Users\currys\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(Google Inc.) C:\Users\currys\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\currys\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\currys\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\currys\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\currys\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\currys\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\prevhost.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2281256 2011-09-10] (Synaptics Incorporated)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [487424 2010-06-18] (IDT, Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-06-22] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-06] (Apple Inc.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5181456 2014-05-13] (AVG Technologies CZ, s.r.o.)
HKLM\...\RunOnce: [NCPluginUpdater] - "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update [21720 2014-05-27] (Hewlett-Packard)
HKLM Group Policy restriction on software: C:\Program Files (x86)\AVG <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files (x86)\AVG <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKU\S-1-5-21-2277526583-1492975468-2897393942-1000\...\Run: [Spotify Web Helper] => C:\Users\currys\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1140736 2013-10-29] (Spotify Ltd)
HKU\S-1-5-21-2277526583-1492975468-2897393942-1000\...\Policies\system: [DisableLockWorkstation] 0
HKU\S-1-5-21-2277526583-1492975468-2897393942-1000\...\Policies\system: [DisableChangePassword] 0
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.uk.msn.com/HPNOT/2
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Sign In
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.uk.msn.com/HPNOT/2
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPNOT/2
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://g.uk.msn.com/HPNOT/2
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {3EB3566F-8062-422F-B512-D5F2D076897F} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM - {AF84A143-EA59-44E2-BD9E-8B570B990B3A} URL = http://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {3EB3566F-8062-422F-B512-D5F2D076897F} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 - {AF84A143-EA59-44E2-BD9E-8B570B990B3A} URL = http://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKCU - {3EB3566F-8062-422F-B512-D5F2D076897F} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKCU - {AF84A143-EA59-44E2-BD9E-8B570B990B3A} URL = http://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKCU - {BBEC3412-EDFB-4DF1-B071-FFFC2D4CE71E} URL = http://search.avg.com/?d=4de9e28f&i=23&tp=chrome&q={searchTerms}&lng={language}&nt=1
BHO: No Name - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO-x32: No Name - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
BHO-x32: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: No Name - {95B7759C-8C7F-4BF1-B163-73684A933233} - No File
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
FireFox:
========
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @Motive.com/NpMotive,version=1.0 - C:\Program Files (x86)\Common Files\Motive\npMotive.dll (Motive, Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\currys\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\currys\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR DefaultSearchKeyword: google.co.uk
CHR Plugin: (Shockwave Flash) - C:\Users\currys\AppData\Local\Google\Chrome\Application\35.0.1916.114\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\currys\AppData\Local\Google\Chrome\Application\35.0.1916.114\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\currys\AppData\Local\Google\Chrome\Application\35.0.1916.114\pdf.dll ()
CHR Plugin: (AVG Internet Security) - C:\Users\currys\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2210_0\plugins/avgnpss.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Java(TM) Platform SE 6 U37) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.370.6) - C:\Windows\SysWOW64\npdeployJava1.dll No File
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Google Update) - C:\Users\currys\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (Shockwave for Director) - C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Extension: (YouTube) - C:\Users\currys\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-18]
CHR Extension: (Google Search) - C:\Users\currys\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-18]
CHR Extension: (Google Wallet) - C:\Users\currys\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
CHR Extension: (Late Night) - C:\Users\currys\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgbdhkpacgdhfabeceekiafonfkipohm [2011-06-15]
CHR Extension: (Gmail) - C:\Users\currys\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-18]
CHR StartMenuInternet: Google Chrome - C:\Users\currys\AppData\Local\Google\Chrome\Application\chrome.exe
==================== Services (Whitelisted) =================
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3644432 2014-05-13] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [292424 2014-05-13] (AVG Technologies CZ, s.r.o.)
S4 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [138192 2011-02-07] ()
S4 McciCMService64; C:\Program Files\Common Files\Motive\McciCMService.exe [517632 2012-01-26] (Alcatel-Lucent)
R2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [1882392 2014-05-03] (Trusteer Ltd.)
R2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
==================== Drivers (Whitelisted) ====================
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [152344 2014-05-13] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [236312 2014-05-13] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [191768 2014-05-13] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [235800 2014-05-13] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [323352 2014-05-13] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [130328 2014-05-13] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-05-13] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [273176 2014-05-13] (AVG Technologies CZ, s.r.o.)
R3 BTMNET; C:\Windows\System32\DRIVERS\btmnet.sys [28672 2010-06-18] (Motorola, Inc.)
S3 MREMP50; C:\Program Files (x86)\Common Files\Motive\MREMP50.sys [21248 2012-06-25] (Printing Communications Assoc., Inc. (PCAUSA))
S3 MRESP50; C:\Program Files (x86)\Common Files\Motive\MRESP50.sys [20096 2012-06-25] (Printing Communications Assoc., Inc. (PCAUSA))
R1 RapportCerberus_68261; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_68261.sys [631096 2014-05-12] ()
R1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [299512 2014-05-03] (Trusteer Ltd.)
R0 RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [358552 2014-05-03] (Trusteer Ltd.)
R1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [414232 2014-05-03] (Trusteer Ltd.)
S3 clwvd; system32\DRIVERS\clwvd.sys [X]
S3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [X]
S3 MREMPR5; \??\C:\PROGRA~2\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~2\COMMON~1\Motive\MRENDIS5.SYS [X]
S3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-06-07 16:38 - 2014-06-07 16:48 - 00000000 ____D () C:\Users\currys\Desktop\Farbar
2014-06-07 16:36 - 2014-06-07 16:37 - 02072576 _____ (Farbar) C:\Users\currys\Downloads\FRST64 (1).exe
2014-06-07 16:32 - 2014-06-07 16:32 - 00000000 ____D () C:\Users\currys\AppData\Roaming\AVG2014
2014-06-07 16:30 - 2014-06-07 16:31 - 00000000 ____D () C:\ProgramData\AVG2014
2014-06-07 16:30 - 2014-06-07 16:30 - 00000925 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
2014-06-07 16:30 - 2014-06-07 16:30 - 00000000 ___HD () C:\$AVG
2014-06-07 16:30 - 2014-06-07 16:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-06-07 16:26 - 2014-06-07 16:35 - 00000000 ____D () C:\ProgramData\MFAData
2014-06-07 16:26 - 2014-06-07 16:31 - 00000000 ____D () C:\Users\currys\AppData\Local\Avg2014
2014-06-07 16:26 - 2014-06-07 16:26 - 00000000 ____D () C:\Users\currys\AppData\Local\MFAData
2014-06-07 16:21 - 2014-06-07 16:23 - 00594537 _____ () C:\Users\currys\Downloads\avgremover.log
2014-06-07 16:20 - 2014-06-07 16:20 - 03386520 _____ (AVG Technologies CZ, s.r.o.) C:\Users\currys\Downloads\avg_remover_stf_x86_2014_4116.exe
2014-06-07 16:19 - 2014-06-07 16:19 - 00001181 _____ () C:\Users\currys\Downloads\Reset_Local_Group_Policy.vbs
2014-06-07 16:09 - 2014-06-07 16:09 - 00000000 ____D () C:\Users\TEMP\AppData\Local\temp
2014-06-07 16:09 - 2014-06-07 16:09 - 00000000 ____D () C:\Users\Default\AppData\Local\temp
2014-06-07 16:09 - 2014-06-07 16:09 - 00000000 ____D () C:\Users\Default User\AppData\Local\temp
2014-06-07 16:03 - 2014-06-07 16:09 - 00000000 ___SD () C:\ComboFix
2014-06-07 14:16 - 2014-06-07 15:42 - 00099391 _____ () C:\Users\currys\Desktop\avgrep.txt
2014-06-07 14:14 - 2014-06-07 16:24 - 00027508 _____ () C:\Windows\PFRO.log
2014-06-07 14:09 - 2014-06-07 16:11 - 00002908 _____ () C:\Users\currys\Desktop\Rkill.txt
2014-06-07 14:09 - 2014-06-07 14:09 - 01061112 _____ (Bleeping Computer, LLC) C:\Users\currys\Downloads\rkill64-17030.exe
2014-06-07 14:09 - 2014-06-07 14:09 - 01061112 _____ (Bleeping Computer, LLC) C:\Users\currys\Downloads\rkill64.exe
2014-06-07 14:08 - 2014-06-07 14:09 - 01940216 _____ (Bleeping Computer, LLC) C:\Users\currys\Downloads\rkill.exe
2014-06-07 13:30 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-06-07 13:30 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-06-07 13:30 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-06-07 13:30 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-06-07 13:30 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-06-07 13:30 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2014-06-07 13:30 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2014-06-07 13:30 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2014-06-07 13:29 - 2014-06-07 13:30 - 00000000 ____D () C:\Qoobox
2014-06-07 13:29 - 2014-06-07 13:29 - 00000000 ____D () C:\Windows\erdnt
2014-06-07 13:28 - 2014-06-07 13:28 - 05205146 ____R (Swearware) C:\Users\currys\Downloads\ComboFix.exe
2014-06-07 13:25 - 2014-06-07 16:48 - 00000000 ____D () C:\FRST
2014-06-07 13:25 - 2014-06-07 13:26 - 00038809 _____ () C:\Users\currys\Downloads\Addition.txt
2014-06-07 13:25 - 2014-06-07 13:26 - 00023733 _____ () C:\Users\currys\Downloads\FRST.txt
2014-06-07 13:24 - 2014-06-07 13:24 - 02072576 _____ (Farbar) C:\Users\currys\Downloads\FRST64.exe
2014-06-07 12:44 - 2014-06-07 12:45 - 04485528 _____ (AVG Technologies) C:\Users\currys\Downloads\avg_free_stb_all_2014_4577_cnet.exe
2014-05-13 14:20 - 2014-05-13 14:20 - 00273176 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgtdia.sys
2014-05-13 14:20 - 2014-05-13 14:20 - 00235800 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgldx64.sys
2014-05-13 14:06 - 2014-05-13 14:06 - 00323352 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgloga.sys
2014-05-13 14:05 - 2014-05-13 14:05 - 00191768 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsha.sys
2014-05-13 14:05 - 2014-05-13 14:05 - 00152344 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgdiska.sys
2014-05-13 14:05 - 2014-05-13 14:05 - 00130328 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgmfx64.sys
2014-05-13 14:04 - 2014-05-13 14:04 - 00236312 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdrivera.sys
2014-05-13 14:04 - 2014-05-13 14:04 - 00031512 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgrkx64.sys
==================== One Month Modified Files and Folders =======
2014-06-07 16:49 - 2011-02-08 06:35 - 00000000 ____D () C:\Users\currys\AppData\Local\Temp
2014-06-07 16:48 - 2014-06-07 16:38 - 00000000 ____D () C:\Users\currys\Desktop\Farbar
2014-06-07 16:48 - 2014-06-07 13:25 - 00000000 ____D () C:\FRST
2014-06-07 16:37 - 2014-06-07 16:36 - 02072576 _____ (Farbar) C:\Users\currys\Downloads\FRST64 (1).exe
2014-06-07 16:35 - 2014-06-07 16:26 - 00000000 ____D () C:\ProgramData\MFAData
2014-06-07 16:33 - 2009-07-14 05:45 - 00023248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-07 16:33 - 2009-07-14 05:45 - 00023248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-07 16:32 - 2014-06-07 16:32 - 00000000 ____D () C:\Users\currys\AppData\Roaming\AVG2014
2014-06-07 16:31 - 2014-06-07 16:30 - 00000000 ____D () C:\ProgramData\AVG2014
2014-06-07 16:31 - 2014-06-07 16:26 - 00000000 ____D () C:\Users\currys\AppData\Local\Avg2014
2014-06-07 16:30 - 2014-06-07 16:30 - 00000925 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
2014-06-07 16:30 - 2014-06-07 16:30 - 00000000 ___HD () C:\$AVG
2014-06-07 16:30 - 2014-06-07 16:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-06-07 16:28 - 2010-09-16 09:51 - 01871987 _____ () C:\Windows\WindowsUpdate.log
2014-06-07 16:26 - 2014-06-07 16:26 - 00000000 ____D () C:\Users\currys\AppData\Local\MFAData
2014-06-07 16:25 - 2014-03-01 20:50 - 00002800 _____ () C:\Windows\setupact.log
2014-06-07 16:25 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-07 16:24 - 2014-06-07 14:14 - 00027508 _____ () C:\Windows\PFRO.log
2014-06-07 16:23 - 2014-06-07 16:21 - 00594537 _____ () C:\Users\currys\Downloads\avgremover.log
2014-06-07 16:20 - 2014-06-07 16:20 - 03386520 _____ (AVG Technologies CZ, s.r.o.) C:\Users\currys\Downloads\avg_remover_stf_x86_2014_4116.exe
2014-06-07 16:19 - 2014-06-07 16:19 - 00001181 _____ () C:\Users\currys\Downloads\Reset_Local_Group_Policy.vbs
2014-06-07 16:13 - 2012-11-30 23:10 - 00000336 _____ () C:\Windows\Tasks\HPCeeScheduleForcurrys.job
2014-06-07 16:11 - 2014-06-07 14:09 - 00002908 _____ () C:\Users\currys\Desktop\Rkill.txt
2014-06-07 16:09 - 2014-06-07 16:09 - 00000000 ____D () C:\Users\TEMP\AppData\Local\temp
2014-06-07 16:09 - 2014-06-07 16:09 - 00000000 ____D () C:\Users\Default\AppData\Local\temp
2014-06-07 16:09 - 2014-06-07 16:09 - 00000000 ____D () C:\Users\Default User\AppData\Local\temp
2014-06-07 16:09 - 2014-06-07 16:03 - 00000000 ___SD () C:\ComboFix
2014-06-07 15:42 - 2014-06-07 14:16 - 00099391 _____ () C:\Users\currys\Desktop\avgrep.txt
2014-06-07 14:09 - 2014-06-07 14:09 - 01061112 _____ (Bleeping Computer, LLC) C:\Users\currys\Downloads\rkill64-17030.exe
2014-06-07 14:09 - 2014-06-07 14:09 - 01061112 _____ (Bleeping Computer, LLC) C:\Users\currys\Downloads\rkill64.exe
2014-06-07 14:09 - 2014-06-07 14:08 - 01940216 _____ (Bleeping Computer, LLC) C:\Users\currys\Downloads\rkill.exe
2014-06-07 14:05 - 2012-11-30 23:10 - 00003192 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForcurrys
2014-06-07 14:05 - 2011-02-08 06:35 - 00000000 ____D () C:\Users\currys
2014-06-07 13:58 - 2012-06-21 21:54 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-07 13:30 - 2014-06-07 13:29 - 00000000 ____D () C:\Qoobox
2014-06-07 13:29 - 2014-06-07 13:29 - 00000000 ____D () C:\Windows\erdnt
2014-06-07 13:28 - 2014-06-07 13:28 - 05205146 ____R (Swearware) C:\Users\currys\Downloads\ComboFix.exe
2014-06-07 13:26 - 2014-06-07 13:25 - 00038809 _____ () C:\Users\currys\Downloads\Addition.txt
2014-06-07 13:26 - 2014-06-07 13:25 - 00023733 _____ () C:\Users\currys\Downloads\FRST.txt
2014-06-07 13:24 - 2014-06-07 13:24 - 02072576 _____ (Farbar) C:\Users\currys\Downloads\FRST64.exe
2014-06-07 13:22 - 2011-06-04 07:35 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2277526583-1492975468-2897393942-1000UA.job
2014-06-07 12:53 - 2011-12-16 22:21 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-06-07 12:53 - 2011-06-15 22:29 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2014-06-07 12:45 - 2014-06-07 12:44 - 04485528 _____ (AVG Technologies) C:\Users\currys\Downloads\avg_free_stb_all_2014_4577_cnet.exe
2014-06-07 12:22 - 2011-06-04 07:35 - 00000860 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2277526583-1492975468-2897393942-1000Core.job
2014-05-31 15:27 - 2012-06-21 21:54 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-31 15:27 - 2012-06-21 21:54 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-05-31 15:27 - 2011-06-11 23:17 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-31 15:25 - 2010-09-16 09:53 - 00000000 ____D () C:\ProgramData\FLEXnet
2014-05-24 14:07 - 2011-06-04 07:36 - 00002377 _____ () C:\Users\currys\Desktop\Google Chrome.lnk
2014-05-15 08:42 - 2011-06-04 08:33 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-05-15 08:40 - 2013-08-15 22:33 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-15 08:36 - 2011-06-07 19:54 - 93223848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-05-13 14:20 - 2014-05-13 14:20 - 00273176 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgtdia.sys
2014-05-13 14:20 - 2014-05-13 14:20 - 00235800 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgldx64.sys
2014-05-13 14:06 - 2014-05-13 14:06 - 00323352 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgloga.sys
2014-05-13 14:05 - 2014-05-13 14:05 - 00191768 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsha.sys
2014-05-13 14:05 - 2014-05-13 14:05 - 00152344 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgdiska.sys
2014-05-13 14:05 - 2014-05-13 14:05 - 00130328 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgmfx64.sys
2014-05-13 14:04 - 2014-05-13 14:04 - 00236312 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdrivera.sys
2014-05-13 14:04 - 2014-05-13 14:04 - 00031512 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgrkx64.sys
2014-05-12 18:52 - 2012-08-12 09:29 - 00000000 ____D () C:\ProgramData\CanonIJPLM
2014-05-12 08:42 - 2013-08-17 13:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trusteer Endpoint Protection
2014-05-11 20:09 - 2009-07-14 06:13 - 00726444 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-11 16:17 - 2011-06-04 07:35 - 00003884 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2277526583-1492975468-2897393942-1000UA
2014-05-11 16:17 - 2011-06-04 07:35 - 00003488 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2277526583-1492975468-2897393942-1000Core
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-05-27 19:20
==================== End Of Log ============================
I have a problem that I've seen elsewhere on this forum, but I think it needs a personalised fix.
If I click AVG (2014 version), an error message pops up saying "This program is blocked by group policy".
I've downloaded Farbar to my desktop, and have run it. The log is below. 'd be really grateful if someone could tell me what to do next?
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 06-06-2014
Ran by currys (administrator) on JAMES-LAPTOP on 07-06-2014 16:48:13
Running from C:\Users\currys\Desktop\Farbar
Platform: Windows 7 Home Premium (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: Downloading Farbar Recovery Scan Tool
Download link for 64-Bit Version: Downloading Farbar Recovery Scan Tool
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials
==================== Processes (Whitelisted) =================
(Trusteer Ltd.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Motorola, Inc.) C:\Program Files\Motorola\Bluetooth\devmgrsrv.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(EasyBits Software AS) C:\Windows\SysWOW64\ezSharedSvcHost.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Trusteer Ltd.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
(Motorola, Inc.) C:\Program Files\Motorola\Bluetooth\obexsrv.exe
(Safer Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Spotify Ltd) C:\Users\currys\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(Google Inc.) C:\Users\currys\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\currys\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\currys\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\currys\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\currys\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\currys\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\prevhost.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2281256 2011-09-10] (Synaptics Incorporated)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [487424 2010-06-18] (IDT, Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-06-22] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-06] (Apple Inc.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5181456 2014-05-13] (AVG Technologies CZ, s.r.o.)
HKLM\...\RunOnce: [NCPluginUpdater] - "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update [21720 2014-05-27] (Hewlett-Packard)
HKLM Group Policy restriction on software: C:\Program Files (x86)\AVG <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files (x86)\AVG <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKU\S-1-5-21-2277526583-1492975468-2897393942-1000\...\Run: [Spotify Web Helper] => C:\Users\currys\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1140736 2013-10-29] (Spotify Ltd)
HKU\S-1-5-21-2277526583-1492975468-2897393942-1000\...\Policies\system: [DisableLockWorkstation] 0
HKU\S-1-5-21-2277526583-1492975468-2897393942-1000\...\Policies\system: [DisableChangePassword] 0
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.uk.msn.com/HPNOT/2
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Sign In
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.uk.msn.com/HPNOT/2
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPNOT/2
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://g.uk.msn.com/HPNOT/2
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {3EB3566F-8062-422F-B512-D5F2D076897F} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM - {AF84A143-EA59-44E2-BD9E-8B570B990B3A} URL = http://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {3EB3566F-8062-422F-B512-D5F2D076897F} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 - {AF84A143-EA59-44E2-BD9E-8B570B990B3A} URL = http://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKCU - {3EB3566F-8062-422F-B512-D5F2D076897F} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKCU - {AF84A143-EA59-44E2-BD9E-8B570B990B3A} URL = http://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKCU - {BBEC3412-EDFB-4DF1-B071-FFFC2D4CE71E} URL = http://search.avg.com/?d=4de9e28f&i=23&tp=chrome&q={searchTerms}&lng={language}&nt=1
BHO: No Name - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO-x32: No Name - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
BHO-x32: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: No Name - {95B7759C-8C7F-4BF1-B163-73684A933233} - No File
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
FireFox:
========
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @Motive.com/NpMotive,version=1.0 - C:\Program Files (x86)\Common Files\Motive\npMotive.dll (Motive, Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\currys\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\currys\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR DefaultSearchKeyword: google.co.uk
CHR Plugin: (Shockwave Flash) - C:\Users\currys\AppData\Local\Google\Chrome\Application\35.0.1916.114\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\currys\AppData\Local\Google\Chrome\Application\35.0.1916.114\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\currys\AppData\Local\Google\Chrome\Application\35.0.1916.114\pdf.dll ()
CHR Plugin: (AVG Internet Security) - C:\Users\currys\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2210_0\plugins/avgnpss.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Java(TM) Platform SE 6 U37) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.370.6) - C:\Windows\SysWOW64\npdeployJava1.dll No File
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Google Update) - C:\Users\currys\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (Shockwave for Director) - C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Extension: (YouTube) - C:\Users\currys\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-18]
CHR Extension: (Google Search) - C:\Users\currys\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-18]
CHR Extension: (Google Wallet) - C:\Users\currys\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
CHR Extension: (Late Night) - C:\Users\currys\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgbdhkpacgdhfabeceekiafonfkipohm [2011-06-15]
CHR Extension: (Gmail) - C:\Users\currys\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-18]
CHR StartMenuInternet: Google Chrome - C:\Users\currys\AppData\Local\Google\Chrome\Application\chrome.exe
==================== Services (Whitelisted) =================
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3644432 2014-05-13] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [292424 2014-05-13] (AVG Technologies CZ, s.r.o.)
S4 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [138192 2011-02-07] ()
S4 McciCMService64; C:\Program Files\Common Files\Motive\McciCMService.exe [517632 2012-01-26] (Alcatel-Lucent)
R2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [1882392 2014-05-03] (Trusteer Ltd.)
R2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
==================== Drivers (Whitelisted) ====================
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [152344 2014-05-13] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [236312 2014-05-13] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [191768 2014-05-13] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [235800 2014-05-13] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [323352 2014-05-13] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [130328 2014-05-13] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-05-13] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [273176 2014-05-13] (AVG Technologies CZ, s.r.o.)
R3 BTMNET; C:\Windows\System32\DRIVERS\btmnet.sys [28672 2010-06-18] (Motorola, Inc.)
S3 MREMP50; C:\Program Files (x86)\Common Files\Motive\MREMP50.sys [21248 2012-06-25] (Printing Communications Assoc., Inc. (PCAUSA))
S3 MRESP50; C:\Program Files (x86)\Common Files\Motive\MRESP50.sys [20096 2012-06-25] (Printing Communications Assoc., Inc. (PCAUSA))
R1 RapportCerberus_68261; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_68261.sys [631096 2014-05-12] ()
R1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [299512 2014-05-03] (Trusteer Ltd.)
R0 RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [358552 2014-05-03] (Trusteer Ltd.)
R1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [414232 2014-05-03] (Trusteer Ltd.)
S3 clwvd; system32\DRIVERS\clwvd.sys [X]
S3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [X]
S3 MREMPR5; \??\C:\PROGRA~2\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~2\COMMON~1\Motive\MRENDIS5.SYS [X]
S3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-06-07 16:38 - 2014-06-07 16:48 - 00000000 ____D () C:\Users\currys\Desktop\Farbar
2014-06-07 16:36 - 2014-06-07 16:37 - 02072576 _____ (Farbar) C:\Users\currys\Downloads\FRST64 (1).exe
2014-06-07 16:32 - 2014-06-07 16:32 - 00000000 ____D () C:\Users\currys\AppData\Roaming\AVG2014
2014-06-07 16:30 - 2014-06-07 16:31 - 00000000 ____D () C:\ProgramData\AVG2014
2014-06-07 16:30 - 2014-06-07 16:30 - 00000925 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
2014-06-07 16:30 - 2014-06-07 16:30 - 00000000 ___HD () C:\$AVG
2014-06-07 16:30 - 2014-06-07 16:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-06-07 16:26 - 2014-06-07 16:35 - 00000000 ____D () C:\ProgramData\MFAData
2014-06-07 16:26 - 2014-06-07 16:31 - 00000000 ____D () C:\Users\currys\AppData\Local\Avg2014
2014-06-07 16:26 - 2014-06-07 16:26 - 00000000 ____D () C:\Users\currys\AppData\Local\MFAData
2014-06-07 16:21 - 2014-06-07 16:23 - 00594537 _____ () C:\Users\currys\Downloads\avgremover.log
2014-06-07 16:20 - 2014-06-07 16:20 - 03386520 _____ (AVG Technologies CZ, s.r.o.) C:\Users\currys\Downloads\avg_remover_stf_x86_2014_4116.exe
2014-06-07 16:19 - 2014-06-07 16:19 - 00001181 _____ () C:\Users\currys\Downloads\Reset_Local_Group_Policy.vbs
2014-06-07 16:09 - 2014-06-07 16:09 - 00000000 ____D () C:\Users\TEMP\AppData\Local\temp
2014-06-07 16:09 - 2014-06-07 16:09 - 00000000 ____D () C:\Users\Default\AppData\Local\temp
2014-06-07 16:09 - 2014-06-07 16:09 - 00000000 ____D () C:\Users\Default User\AppData\Local\temp
2014-06-07 16:03 - 2014-06-07 16:09 - 00000000 ___SD () C:\ComboFix
2014-06-07 14:16 - 2014-06-07 15:42 - 00099391 _____ () C:\Users\currys\Desktop\avgrep.txt
2014-06-07 14:14 - 2014-06-07 16:24 - 00027508 _____ () C:\Windows\PFRO.log
2014-06-07 14:09 - 2014-06-07 16:11 - 00002908 _____ () C:\Users\currys\Desktop\Rkill.txt
2014-06-07 14:09 - 2014-06-07 14:09 - 01061112 _____ (Bleeping Computer, LLC) C:\Users\currys\Downloads\rkill64-17030.exe
2014-06-07 14:09 - 2014-06-07 14:09 - 01061112 _____ (Bleeping Computer, LLC) C:\Users\currys\Downloads\rkill64.exe
2014-06-07 14:08 - 2014-06-07 14:09 - 01940216 _____ (Bleeping Computer, LLC) C:\Users\currys\Downloads\rkill.exe
2014-06-07 13:30 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-06-07 13:30 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-06-07 13:30 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-06-07 13:30 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-06-07 13:30 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-06-07 13:30 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2014-06-07 13:30 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2014-06-07 13:30 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2014-06-07 13:29 - 2014-06-07 13:30 - 00000000 ____D () C:\Qoobox
2014-06-07 13:29 - 2014-06-07 13:29 - 00000000 ____D () C:\Windows\erdnt
2014-06-07 13:28 - 2014-06-07 13:28 - 05205146 ____R (Swearware) C:\Users\currys\Downloads\ComboFix.exe
2014-06-07 13:25 - 2014-06-07 16:48 - 00000000 ____D () C:\FRST
2014-06-07 13:25 - 2014-06-07 13:26 - 00038809 _____ () C:\Users\currys\Downloads\Addition.txt
2014-06-07 13:25 - 2014-06-07 13:26 - 00023733 _____ () C:\Users\currys\Downloads\FRST.txt
2014-06-07 13:24 - 2014-06-07 13:24 - 02072576 _____ (Farbar) C:\Users\currys\Downloads\FRST64.exe
2014-06-07 12:44 - 2014-06-07 12:45 - 04485528 _____ (AVG Technologies) C:\Users\currys\Downloads\avg_free_stb_all_2014_4577_cnet.exe
2014-05-13 14:20 - 2014-05-13 14:20 - 00273176 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgtdia.sys
2014-05-13 14:20 - 2014-05-13 14:20 - 00235800 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgldx64.sys
2014-05-13 14:06 - 2014-05-13 14:06 - 00323352 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgloga.sys
2014-05-13 14:05 - 2014-05-13 14:05 - 00191768 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsha.sys
2014-05-13 14:05 - 2014-05-13 14:05 - 00152344 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgdiska.sys
2014-05-13 14:05 - 2014-05-13 14:05 - 00130328 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgmfx64.sys
2014-05-13 14:04 - 2014-05-13 14:04 - 00236312 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdrivera.sys
2014-05-13 14:04 - 2014-05-13 14:04 - 00031512 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgrkx64.sys
==================== One Month Modified Files and Folders =======
2014-06-07 16:49 - 2011-02-08 06:35 - 00000000 ____D () C:\Users\currys\AppData\Local\Temp
2014-06-07 16:48 - 2014-06-07 16:38 - 00000000 ____D () C:\Users\currys\Desktop\Farbar
2014-06-07 16:48 - 2014-06-07 13:25 - 00000000 ____D () C:\FRST
2014-06-07 16:37 - 2014-06-07 16:36 - 02072576 _____ (Farbar) C:\Users\currys\Downloads\FRST64 (1).exe
2014-06-07 16:35 - 2014-06-07 16:26 - 00000000 ____D () C:\ProgramData\MFAData
2014-06-07 16:33 - 2009-07-14 05:45 - 00023248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-07 16:33 - 2009-07-14 05:45 - 00023248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-07 16:32 - 2014-06-07 16:32 - 00000000 ____D () C:\Users\currys\AppData\Roaming\AVG2014
2014-06-07 16:31 - 2014-06-07 16:30 - 00000000 ____D () C:\ProgramData\AVG2014
2014-06-07 16:31 - 2014-06-07 16:26 - 00000000 ____D () C:\Users\currys\AppData\Local\Avg2014
2014-06-07 16:30 - 2014-06-07 16:30 - 00000925 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
2014-06-07 16:30 - 2014-06-07 16:30 - 00000000 ___HD () C:\$AVG
2014-06-07 16:30 - 2014-06-07 16:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-06-07 16:28 - 2010-09-16 09:51 - 01871987 _____ () C:\Windows\WindowsUpdate.log
2014-06-07 16:26 - 2014-06-07 16:26 - 00000000 ____D () C:\Users\currys\AppData\Local\MFAData
2014-06-07 16:25 - 2014-03-01 20:50 - 00002800 _____ () C:\Windows\setupact.log
2014-06-07 16:25 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-07 16:24 - 2014-06-07 14:14 - 00027508 _____ () C:\Windows\PFRO.log
2014-06-07 16:23 - 2014-06-07 16:21 - 00594537 _____ () C:\Users\currys\Downloads\avgremover.log
2014-06-07 16:20 - 2014-06-07 16:20 - 03386520 _____ (AVG Technologies CZ, s.r.o.) C:\Users\currys\Downloads\avg_remover_stf_x86_2014_4116.exe
2014-06-07 16:19 - 2014-06-07 16:19 - 00001181 _____ () C:\Users\currys\Downloads\Reset_Local_Group_Policy.vbs
2014-06-07 16:13 - 2012-11-30 23:10 - 00000336 _____ () C:\Windows\Tasks\HPCeeScheduleForcurrys.job
2014-06-07 16:11 - 2014-06-07 14:09 - 00002908 _____ () C:\Users\currys\Desktop\Rkill.txt
2014-06-07 16:09 - 2014-06-07 16:09 - 00000000 ____D () C:\Users\TEMP\AppData\Local\temp
2014-06-07 16:09 - 2014-06-07 16:09 - 00000000 ____D () C:\Users\Default\AppData\Local\temp
2014-06-07 16:09 - 2014-06-07 16:09 - 00000000 ____D () C:\Users\Default User\AppData\Local\temp
2014-06-07 16:09 - 2014-06-07 16:03 - 00000000 ___SD () C:\ComboFix
2014-06-07 15:42 - 2014-06-07 14:16 - 00099391 _____ () C:\Users\currys\Desktop\avgrep.txt
2014-06-07 14:09 - 2014-06-07 14:09 - 01061112 _____ (Bleeping Computer, LLC) C:\Users\currys\Downloads\rkill64-17030.exe
2014-06-07 14:09 - 2014-06-07 14:09 - 01061112 _____ (Bleeping Computer, LLC) C:\Users\currys\Downloads\rkill64.exe
2014-06-07 14:09 - 2014-06-07 14:08 - 01940216 _____ (Bleeping Computer, LLC) C:\Users\currys\Downloads\rkill.exe
2014-06-07 14:05 - 2012-11-30 23:10 - 00003192 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForcurrys
2014-06-07 14:05 - 2011-02-08 06:35 - 00000000 ____D () C:\Users\currys
2014-06-07 13:58 - 2012-06-21 21:54 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-07 13:30 - 2014-06-07 13:29 - 00000000 ____D () C:\Qoobox
2014-06-07 13:29 - 2014-06-07 13:29 - 00000000 ____D () C:\Windows\erdnt
2014-06-07 13:28 - 2014-06-07 13:28 - 05205146 ____R (Swearware) C:\Users\currys\Downloads\ComboFix.exe
2014-06-07 13:26 - 2014-06-07 13:25 - 00038809 _____ () C:\Users\currys\Downloads\Addition.txt
2014-06-07 13:26 - 2014-06-07 13:25 - 00023733 _____ () C:\Users\currys\Downloads\FRST.txt
2014-06-07 13:24 - 2014-06-07 13:24 - 02072576 _____ (Farbar) C:\Users\currys\Downloads\FRST64.exe
2014-06-07 13:22 - 2011-06-04 07:35 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2277526583-1492975468-2897393942-1000UA.job
2014-06-07 12:53 - 2011-12-16 22:21 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-06-07 12:53 - 2011-06-15 22:29 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2014-06-07 12:45 - 2014-06-07 12:44 - 04485528 _____ (AVG Technologies) C:\Users\currys\Downloads\avg_free_stb_all_2014_4577_cnet.exe
2014-06-07 12:22 - 2011-06-04 07:35 - 00000860 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2277526583-1492975468-2897393942-1000Core.job
2014-05-31 15:27 - 2012-06-21 21:54 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-31 15:27 - 2012-06-21 21:54 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-05-31 15:27 - 2011-06-11 23:17 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-31 15:25 - 2010-09-16 09:53 - 00000000 ____D () C:\ProgramData\FLEXnet
2014-05-24 14:07 - 2011-06-04 07:36 - 00002377 _____ () C:\Users\currys\Desktop\Google Chrome.lnk
2014-05-15 08:42 - 2011-06-04 08:33 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-05-15 08:40 - 2013-08-15 22:33 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-15 08:36 - 2011-06-07 19:54 - 93223848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-05-13 14:20 - 2014-05-13 14:20 - 00273176 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgtdia.sys
2014-05-13 14:20 - 2014-05-13 14:20 - 00235800 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgldx64.sys
2014-05-13 14:06 - 2014-05-13 14:06 - 00323352 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgloga.sys
2014-05-13 14:05 - 2014-05-13 14:05 - 00191768 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsha.sys
2014-05-13 14:05 - 2014-05-13 14:05 - 00152344 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgdiska.sys
2014-05-13 14:05 - 2014-05-13 14:05 - 00130328 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgmfx64.sys
2014-05-13 14:04 - 2014-05-13 14:04 - 00236312 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdrivera.sys
2014-05-13 14:04 - 2014-05-13 14:04 - 00031512 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgrkx64.sys
2014-05-12 18:52 - 2012-08-12 09:29 - 00000000 ____D () C:\ProgramData\CanonIJPLM
2014-05-12 08:42 - 2013-08-17 13:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trusteer Endpoint Protection
2014-05-11 20:09 - 2009-07-14 06:13 - 00726444 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-11 16:17 - 2011-06-04 07:35 - 00003884 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2277526583-1492975468-2897393942-1000UA
2014-05-11 16:17 - 2011-06-04 07:35 - 00003488 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2277526583-1492975468-2897393942-1000Core
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-05-27 19:20
==================== End Of Log ============================