Hello, and thank you for taking the time to help me.
About two weeks ago, I went to move some files from my computer onto my Netgear WNDR4700 router's Readyshare.
That's when AVG popped up with a warning. I had a very bad infection of bloatware and keylogging trojans waiting for me on this external folder.
Photo.scr, img001.exe, info.zip, FakeAlert...
I ran not only AVG, but also Glary Malware Hunter. I ran them several times until the count went from 100K+ (not even kidding) to 0 detection.
I did the same with my PC. My fiancé did the same with his PC. Neither of us found detection at all on our PCs, so we gave a collected sigh of relief.
I also used Glary Utilities, CCleaner, ADW, and JRT. These latter only yielded some space clearing and some (what looked to be) old registry keys.
It seems that the viruses were isolated on the Readyshare because of our Firewalls and our anti-Malware programs.
That sigh of relief only lasted until this previous Saturday night. Router crashed. Got a bad feeling in my gut.
Went to check the Readyshare folder again. This time Photo.exe was populating the folders, hiding Generic36.AAVT within.
Again, ran AVG, Malware Hunter, and this time SuperAntiSpyware until the results went from 100 (much less this time!) to 0.
Did the same overhaul again on my PC, just to be safe. Not a single virus detection on my programs.
This time I made sure to lock down the Readyshare folder so that it can only be written to with username and password via local connection.
So far, so good. No new surprises populating the Readyshare, and nothing popping up on either house PC.
This is where I need some advice:
Where in the @#$% did this infection come from?!
I think it came from some old files from either of our PCs. I'm not wanting to blame either of us.
There's also the possibility, since Readyshare folders are vulnerable as heck, an outside source dropped the payload.
I'm thinking about scrubbing the files on the Readyshare by using a junk laptop, connected to the router.
I copy the files from the Readyshare onto the junk laptop (nobody uses this thing, seriously).
I run all the anti-malware programs on these files. Get in there deep, make sure they're clean.
I then plan to reset the router to factory default.
From my PC, I then plan to reinstall the newest firmware to my router.
Finally, I can place the cleaned files back into the locked down Readyshare.
OR you know, just not ever make a Readyshare folder an option ever again and get a new router.
These files do not just exist on the Readyshare that was infected.
They were only copies of files currently residing on other computers and storage devices.
(Except my fiancé's files. I have no clue about them.)
This is where I need your help:
I am running Windows 7, 64 bit, btw.
I'm still a little bit paranoid about there being traces of malware on my PC, even though I'm usually competent about this stuff.
I would appreciate it if somebody looked through these attached FRST logs with me, and gave me the green light.
((I would like to do the same, too, with my fiancé's PC, but only if he's agreeable to the idea of me doing all this to his computer.))
Thank you again for your time and help!
Edit: Added sfcdetails.txt in which sfc /scannow fixed "MigRegDB.exe.mui" and "comrepl.exe.mui"
Edit 2: Added JRT files before and after. Trying to find where I put my ADW logs.
Edit 3: Found them! Added ADWCleaner logs.
Edited by ThatGreenOx, 09 August 2016 - 08:48 PM.