Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Unable to run antivirus programs [Solved]

antiviral

  • This topic is locked This topic is locked

#1
dontknowenough

dontknowenough

    New Member

  • Member
  • Pip
  • 9 posts

Hi,

I see from the forum that I am not alone in recently finding my AVG, MacAfee or windows defender will not open. Initially I tried a system restore with no success.  I tried uninstalling the AVG or repairing it but neither works.  When I try to  download another anti-viral program as soon as I try to run it I get the message " Are you sure you want to let this program access your computer?" or something similar.  On pressing yes the box disappears but nothing happens.   I ran AdwCleaner and have attached the log.  i hope this helps.  Any help will be much appreciated.

 

cheers

Attached Files


  • 0

Advertisements


#2
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,589 posts

Hi. My name is Brian, and I would be happy to look into your issue.
 


- General Instructions -


  • Please read all instructions and fixes thoroughly. Read the ENTIRE post BEFORE performing any steps so you understand all that needs to be done.
  • I would advise printing any instructions for easy reference as some of the fixes may require you to boot in Safe mode. Access to these instructions may not be available in Safe Mode.
  • Any fixes provided by myself are for this log file only and should not be used on any other systems.
  • Do not run any other removal software or perform updates other than the ones I provide, as it will complicate the cleaning process.
  • It's very likely that part of our cleanup will include emptying your recycle bin. If you use your recycle bin as an archive and do not wish this to be emptied, please let me know.
  • It is also likely during our cleaning process that your internet browsing history will be removed. Your favorites will be untouched. If you don't want this to happen you need to let me know before running any steps so I can adjust my fixes accordingly.
  • You have 4 days to reply to each post or the topic will be closed. You will be able to request that the topic be re-opened by sending me a PM (Personal Message) or PM a moderator.
  • Please feel free to ask any questions, especially if you are having problems with my instructions.


- Save ALL Tools to your Desktop-



All tools that I have you download should be placed on the desktop unless otherwise stated. If you are familiar with how to save files to the desktop then you can skip this step.
 
Since you are continuing with this step then I assume you are unfamiliar with saving files to your desktop. As a result it's easiest if you configure your browser(s) to download any tools to the desktop by default. Please use the appropriate instructions below depending on the browser you are using.
Chrome.JPGGoogle Chrome - Click the "Customize and control Google Chrome" button in the upper right-corner of the browser.Settings.JPG Choose Settings. at the bottom of the screen click the
"Show advanced settings..." link. Scroll down to find the Downloads section and click the Change... button. Select your desktop and click OK.
Firefox.JPGMozilla Firefox - Click the "Open Menu" button in the upper right-corner of the browser. Settings.JPG Choose Options. In the downloads section, click the Browse button, click on the Desktop folder
and the click the "Select Folder" button. Click OK to get out of the Options menu.
IE.jpgInternet Explorer - Click the Tools menu in the upper right-corner of the browser. Tools.JPG Select View downloads. Select the Options link in the lower left of the window. Click Browse and
select the Desktop and then choose the Select Folder button. Click OK to get out of the download options screen and then click Close to get out of the View Downloads screen.
NOTE: IE8 Does not support changing download locations in this manner. You will need to download the tool(s) to the default folder, usually Downloads, then copy them to the desktop.
 

- Finally Before We Start-


 
Removing malware is a complicated multiple step process, Please stay with me until I have declared your system clean. I strongly recommend you backup your personal files and folders. Although rare, attempting to remove malware can render your machine unbootable or cause data loss. Having backups of your data is your responsibility. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.

 

 

 

Step#1 - FRST Scan
 
1. Please download Farbar Recovery Scan Tool and save it to your Desktop.
    Note: You need to run the 64-bit Version so please ensure you download that one.
2. Right click to run as administrator. When the tool opens click Yes to disclaimer.
3. Please ensure you place a check mark in the Addition.txt check box at the bottom of the form before running (if not already).
4. Press Scan button.
5. It will produce a log called FRST.txt in the same directory the tool is run from (which should now be the desktop)
6. Please copy and paste log back here.
7. Another log (Addition.txt - also located in the same directory as FRST64.exe) will be generated Please also paste that along with the FRST.txt into your reply.


  • 0

#3
dontknowenough

dontknowenough

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts

Hi Brian,

thanks very much for helping me with this.  It appears to be the same problem as Carolinachris that you helped.  I forgot to mention in my original post that there appears to be an issue with internet explorer so that might be affected or the source.

I was interested to read the FRST.txt addition under security it states all programs are disabled.

I feel a bit vulnerable posting all that info to a public forum on the web.  Is there a risk that is could be used to access my computer once this process is complete?  Should I edit out the FRST.txt documents once we have finished?

Thanks again for your help.

Cheers,

Adrian

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:11-10-2015 01
Ran by Owner (administrator) on OWNER-PC (12-10-2015 06:42:34)
Running from C:\Users\Owner\Desktop
Loaded Profiles: Owner (Available Profiles: Owner & David and Cecile & Guest)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS64.exe
() C:\Program Files (x86)\D-Link\DWA-131 revA\WlanWpsSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation
) C:\Windows\vVX6000.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
() C:\Users\Owner\AppData\Roaming\CoSoSys\HDDtoGO\HDDtoGOLaunch.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
(Canon Inc.) C:\Program Files (x86)\Canon\SELPHY Photo Print\CIC_SPPhelper.exe
(D-Link Corp.) C:\Program Files (x86)\D-Link\DWA-131 revA\wirelesscm.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11474024 2010-10-06] (Realtek Semiconductor)
HKLM\...\Run: [VX6000] => C:\Windows\vVX6000.exe [764784 2010-05-20] (Microsoft Corporation
)
HKLM\...\Run: [My Scrap Nook Home Page Guard 64 bit] => "C:\PROGRA~2\MYSCRA~2\bar\1.bin\AppIntegrator64.exe"
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [283160 2010-09-13] (Intel Corporation)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-04-27] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM-x32\...\Run: [LifeCam] => C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe [135536 2010-12-13] (Microsoft Corporation)
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [305088 2011-04-25] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642808 2012-12-19] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2013\avgui.exe [4430824 2015-07-10] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [InstallValidator.exe.FA87EC44_C38F_4148_93A1_FF4A64A2B707] => C:\Program Files (x86)\National Instruments\Shared\NIUninstaller\InstallValidator.exe [265096 2013-06-19] ()
HKLM-x32\...\Run: [My Scrap Nook EPM Support] => "C:\PROGRA~2\MYSCRA~2\bar\1.bin\12medint.exe" T8EPMSUP.DLL,S
HKLM-x32\...\Run: [My Scrap Nook Search Scope Monitor] => "C:\PROGRA~2\MYSCRA~2\bar\1.bin\12srchmn.exe" /m=2 /w /h
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [ApnTBMon] => "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe"
HKU\S-1-5-21-2322898750-3181205350-1402612105-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\Steam.exe [2889408 2015-04-14] (Valve Corporation)
HKU\S-1-5-21-2322898750-3181205350-1402612105-1000\...\Run: [MobileDocuments] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
HKU\S-1-5-21-2322898750-3181205350-1402612105-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2011-10-29] (Google Inc.)
HKU\S-1-5-21-2322898750-3181205350-1402612105-1000\...\Run: [HydraVisionDesktopManager] => C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [393216 2011-07-28] (AMD)
HKU\S-1-5-21-2322898750-3181205350-1402612105-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-11-21] (Apple Inc.)
HKU\S-1-5-21-2322898750-3181205350-1402612105-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [31682144 2015-03-25] (Skype Technologies S.A.)
HKU\S-1-5-21-2322898750-3181205350-1402612105-1000\...\Run: [Dropbox Update] => C:\Users\Owner\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-07-01] (Dropbox, Inc.)
HKU\S-1-5-21-2322898750-3181205350-1402612105-1000\...\Run: [HDDtoGOLaunch] => C:\Users\Owner\AppData\Roaming\CoSoSys\HDDtoGO\HDDtoGOLaunch.exe [172032 2013-09-16] ()
HKU\S-1-5-21-2322898750-3181205350-1402612105-1000\...\MountPoints2: {09a2b550-001c-11e1-9551-806e6f6e6963} - D:\AutoRun.exe
HKU\S-1-5-21-2322898750-3181205350-1402612105-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\PhotoScreensaver.scr [477696 2010-11-21] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-10-02] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-10-02] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-10-02] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-10-02] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-10-02] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-10-02] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-10-02] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2015-03-19]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.163\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SELPHY Photo Print Launcher.lnk [2012-06-10]
ShortcutTarget: SELPHY Photo Print Launcher.lnk -> C:\Program Files (x86)\Canon\SELPHY Photo Print\CIC_SPPhelper.exe (Canon Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Wireless Connection Manager.lnk [2013-07-06]
ShortcutTarget: Wireless Connection Manager.lnk -> C:\Program Files (x86)\D-Link\DWA-131 revA\wirelesscm.exe (D-Link Corp.)
Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2011-10-29]
ShortcutTarget: Dropbox.lnk -> C:\Users\Owner\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk [2012-01-11]
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: 0.0.0.1 mssplus.mcafee.com
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 0.0.0.0
Tcpip\..\Interfaces\{153D722E-A4FE-4B25-B051-DAD05C26B6F6}: [DhcpNameServer] 192.168.1.1 0.0.0.0
Tcpip\..\Interfaces\{7A850AB2-E4A7-47AA-A647-E590A13505F2}: [DhcpNameServer] 192.168.1.1 0.0.0.0
Tcpip\..\Interfaces\{869D593F-6F3D-45EB-A4E2-CC2F5EC265B7}: [DhcpNameServer] 202.27.156.72 202.27.158.40
 
Internet Explorer:
==================
HKU\S-1-5-21-2322898750-3181205350-1402612105-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.co.nz/
HKU\S-1-5-21-2322898750-3181205350-1402612105-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
HKU\S-1-5-21-2322898750-3181205350-1402612105-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
HKU\S-1-5-21-2322898750-3181205350-1402612105-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://msn.co.nz/?ocid=iehp
SearchScopes: HKLM-x32 -> DefaultScope {257AD9B7-5F2C-4ADA-859E-1B8D69EDF58F} URL = 
SearchScopes: HKU\S-1-5-21-2322898750-3181205350-1402612105-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2322898750-3181205350-1402612105-1000 -> {EA82D3EB-2820-4A32-97D2-969405F1948C} URL = hxxp://www.bing.com/search?FORM=UP97DF&PC=UP97&q={searchTerms}&src=IE-SearchBox
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-10-02] (Google Inc.)
BHO: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2013-05-14] (Skype Technologies S.A.)
BHO-x32: Toolbar BHO -> {0214754e-4e7d-4589-829d-e2523e6a3085} -> C:\PROGRA~2\MYSCRA~2\bar\1.bin\12bar.dll No File
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll [2015-03-16] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll [2012-03-08] (Microsoft Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-10-02] (Google Inc.)
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-05-14] (Skype Technologies S.A.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-03-16] (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-10-02] (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-10-02] (Google Inc.)
Toolbar: HKU\S-1-5-21-2322898750-3181205350-1402612105-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-10-02] (Google Inc.)
DPF: HKLM-x32 {4871A87A-BFDD-4106-8153-FFDE2BAC2967} hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.0.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll No File
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2013-05-14] (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-05-14] (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-04-25] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-04-25] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-04-25] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-04-25] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-04-25] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-04-25] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-04-25] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-04-25] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-04-25] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-04-25] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-04-25] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-04-25] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-04-25] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-04-25] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-04-25] (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-04-25] (Citrix Systems, Inc.)
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_19_0_0_185.dll [2015-09-24] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_185.dll [2015-09-24] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-02-14] (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-16] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-16] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-24] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-24] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2013-07-31] (VideoLAN)
FF Plugin-x32: @virtools.com/3DviaPlayer -> C:\Program Files (x86)\Virtools\3D Life Player\npvirtools.dll [2012-04-05] (Dassault Systèmes)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-30] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2322898750-3181205350-1402612105-1000: sony.com/MediaGoDetector -> C:\Program Files (x86)\Sony\Media Go\npMediaGoDetector.dll [2014-07-10] (Sony Network Entertainment International LLC)
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.msn.com/?pc=__PARAM__&ocid=__PARAM__DHP&osmkt=en-us
CHR DefaultSearchURL: Default -> hxxp://www.bing.com/search?FORM=__PARAM__DF&PC=__PARAM__&q={searchTerms}
CHR DefaultSearchKeyword: Default -> bing.com
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.101\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.101\pdf.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.101\gcswf32.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll => No File
CHR Plugin: (AVG Internet Security) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\plugins/avgnpss.dll => No File
CHR Plugin: (Skype Toolbars) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll => No File
CHR Plugin: (Java Deployment Toolkit 6.0.290.11) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll => No File
CHR Plugin: (Java™ Platform SE 6 U29) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll => No File
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Picasa) - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll => No File
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll => No File
CHR Profile: C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (YouTube) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-01-30]
CHR Extension: (Google Search) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-01-30]
CHR Extension: (Bing) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcfenmboojpjinhpgggodefccipikbpd [2015-10-11]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-13]
CHR Extension: (Skype Click to Call) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2012-05-16]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-21]
CHR Extension: (Gmail) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-01-30]
CHR HKU\S-1-5-21-2322898750-3181205350-1402612105-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ihenkjeihefokohmemphikjnjbmegdik] - "C:\Program Files (x86)\Sony\Media Go\MediaGoDetector.crx" <not found>
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-05-14]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 avgfws; C:\Program Files (x86)\AVG\AVG2013\avgfws.exe [1442344 2015-07-09] (AVG Technologies CZ, s.r.o.)
S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [4948456 2015-05-26] (AVG Technologies CZ, s.r.o.)
S2 avgwd; C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [283136 2013-11-20] (AVG Technologies CZ, s.r.o.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.163\McCHSvc.exe [289256 2015-08-01] (McAfee, Inc.)
S3 Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [836288 2015-04-14] (Valve Corporation) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)
R2 WlanWpsSvc; C:\Program Files (x86)\D-Link\DWA-131 revA\WlanWpsSvc.exe [167936 2008-06-26] () [File not signed]
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6a.sys [73688 2015-06-03] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [246072 2013-11-25] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [158160 2015-05-21] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [209720 2014-11-04] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [360400 2015-05-21] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [204704 2015-07-03] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [45880 2013-10-23] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [249296 2015-05-26] (AVG Technologies CZ, s.r.o.)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-11] (Broadcom Corporation)
R1 hugoio64; C:\Program Files (x86)\i-Menu\hugoio64.sys [13856 2008-04-29] ()
S3 Netaapl; C:\Windows\System32\DRIVERS\netaapl64.sys [22528 2011-08-02] (Apple Inc.) [File not signed]
S3 VX6000; C:\Windows\System32\DRIVERS\VX6000Xp.sys [2143600 2010-05-20] (Microsoft Corporation
)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-10-12 06:42 - 2015-10-12 06:43 - 00027907 _____ C:\Users\Owner\Desktop\FRST.txt
2015-10-12 06:42 - 2015-10-12 06:42 - 00000000 ____D C:\FRST
2015-10-12 06:41 - 2015-10-12 06:41 - 02195456 _____ (Farbar) C:\Users\Owner\Desktop\FRST64.exe
2015-10-11 18:14 - 2015-10-11 18:14 - 00027332 _____ C:\Users\Owner\Documents\AdwCleaner[C1].txt
2015-10-11 18:03 - 2015-10-11 18:03 - 01682432 _____ C:\Users\Owner\Downloads\AdwCleaner (1).exe
2015-10-11 18:02 - 2015-10-11 18:03 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\Owner\Downloads\mbam-setup-2.1.8.1057 (3).exe
2015-10-11 17:55 - 2015-10-11 17:56 - 00000000 ____D C:\AdwCleaner
2015-10-11 17:55 - 2015-10-11 17:55 - 01682432 _____ C:\Users\Owner\Downloads\AdwCleaner.exe
2015-10-11 17:48 - 2015-10-11 17:48 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\Owner\Downloads\mbam-setup-2.1.8.1057 (2).exe
2015-10-11 17:48 - 2015-10-11 17:48 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\Owner\Desktop\mbam-setup-2.1.8.1057 (2).exe
2015-10-11 17:44 - 2015-10-11 17:45 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\Owner\Downloads\mbam-setup-2.1.8.1057 (1).exe
2015-10-11 17:43 - 2015-10-11 17:43 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\Owner\Downloads\mbam-setup-2.1.8.1057.exe
2015-10-11 17:40 - 2015-10-11 17:41 - 04404952 _____ (Kaspersky Lab ZAO) C:\Users\Owner\Downloads\tdsskiller (2).exe
2015-10-11 17:39 - 2015-10-11 17:39 - 00001481 _____ C:\Users\Owner\Desktop\tdsskiller - Shortcut.lnk
2015-10-11 17:33 - 2015-10-11 17:34 - 04404952 _____ (Kaspersky Lab ZAO) C:\Users\Owner\Downloads\tdsskiller.exe
2015-10-11 06:40 - 2015-10-11 06:40 - 02894552 _____ (AVG Technologies) C:\Users\Owner\Downloads\AVG_Antivirus_739.exe
2015-10-11 06:39 - 2015-10-11 06:39 - 05051808 _____ (AVG Technologies) C:\Users\Owner\Downloads\avg_avc_stb_all_2015_ltst_531.exe
2015-10-10 22:26 - 2015-10-10 22:26 - 00022308 _____ C:\Windows\system32\CFG3965196100
2015-10-10 13:12 - 2015-10-10 13:12 - 00000000 ____D C:\Users\Owner\AppData\Local\{740DBE94-4496-44E4-8DF3-253E39C309F5}
2015-10-10 12:00 - 2015-10-10 12:01 - 00275832 _____ C:\Windows\Minidump\101015-37830-01.dmp
2015-10-10 11:59 - 2015-10-10 11:59 - 00000656 _____ C:\Users\Owner\AppData\LocalLow\494790445.tmp
2015-10-10 11:58 - 2015-10-10 11:58 - 00000581 _____ C:\Users\Owner\AppData\LocalLow\494765220.tmp
2015-10-10 11:58 - 2015-10-10 11:58 - 00000571 _____ C:\Users\Owner\AppData\LocalLow\494735205.tmp
2015-10-10 11:57 - 2015-10-10 11:59 - 00000656 _____ C:\Users\Owner\AppData\LocalLow\L3965196100
2015-10-10 11:57 - 2015-10-10 11:57 - 00005298 _____ C:\Users\Owner\AppData\LocalLow\494708061.tmp
2015-10-10 11:57 - 2015-10-10 11:57 - 00000529 _____ C:\Users\Owner\AppData\LocalLow\494710198.tmp
2015-10-10 11:57 - 2015-10-10 11:57 - 00000028 _____ C:\Users\Owner\AppData\LocalLow\494677688.tmp
2015-10-09 08:23 - 2015-10-09 08:23 - 00000000 ____D C:\Users\Owner\AppData\Local\{AAD6E1E2-53C2-4E84-ABDB-FBEB57CF0BB7}
2015-10-07 08:43 - 2015-10-07 08:43 - 00000000 ____D C:\Users\Owner\AppData\Local\{C632384F-F9B4-461A-86EB-F2491B96EDE7}
2015-10-07 07:17 - 2015-10-07 07:17 - 00000000 ____D C:\Users\Owner\AppData\Local\{7449324B-0B37-40DE-8B19-E9D22CCA1F62}
2015-10-06 20:23 - 2015-10-06 20:23 - 00000000 ____D C:\Users\Owner\AppData\Local\{3E4DECA6-35EB-41F9-A413-17B1BAAA659C}
2015-10-05 18:24 - 2015-10-05 18:24 - 00000000 ____D C:\Users\Owner\AppData\Local\{7C9D0432-F5B5-4002-ACEF-364F98E359FE}
2015-10-04 21:08 - 2015-10-04 21:08 - 00000000 ____D C:\Users\Owner\AppData\Local\{9DEEFCFE-3EE2-411B-98E3-11BDB45C88DB}
2015-10-04 20:41 - 2015-10-04 20:41 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-09-30 11:22 - 2015-09-30 11:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2015-09-30 11:22 - 2015-09-30 11:22 - 00000000 ____D C:\Program Files\McAfee Security Scan
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-10-12 06:35 - 2009-07-14 17:51 - 01019181 _____ C:\Windows\setupact.log
2015-10-12 06:29 - 2015-07-01 14:47 - 00000918 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2322898750-3181205350-1402612105-1000UA.job
2015-10-12 06:22 - 2014-07-02 17:40 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-10-12 06:04 - 2011-10-29 18:07 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-10-12 05:34 - 2011-10-27 15:58 - 01208793 _____ C:\Windows\WindowsUpdate.log
2015-10-11 20:29 - 2015-07-01 14:47 - 00000866 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2322898750-3181205350-1402612105-1000Core.job
2015-10-11 18:10 - 2009-07-14 17:45 - 00022064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-10-11 18:10 - 2009-07-14 17:45 - 00022064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-10-11 18:09 - 2011-10-29 11:31 - 00000000 ____D C:\Program Files (x86)\Steam
2015-10-11 18:01 - 2011-10-30 17:33 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Skype
2015-10-11 18:01 - 2011-10-29 18:16 - 00000000 ___RD C:\Users\Owner\Dropbox
2015-10-11 18:00 - 2011-10-29 18:14 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Dropbox
2015-10-11 17:59 - 2011-10-29 18:07 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-10-11 17:58 - 2009-07-14 18:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-10-11 17:23 - 2009-07-14 18:13 - 00779306 _____ C:\Windows\system32\PerfStringBackup.INI
2015-10-10 22:21 - 2015-07-16 11:50 - 00000000 ____D C:\Users\David and Cecile
2015-10-10 22:21 - 2011-10-27 15:59 - 00000000 ____D C:\Users\Owner
2015-10-10 22:19 - 2015-08-08 18:22 - 00000000 ____D C:\Users\Guest
2015-10-10 22:18 - 2015-07-16 12:20 - 00000000 ____D C:\Users\David and Cecile\AppData\Roaming\Adobe
2015-10-10 22:18 - 2015-07-16 11:50 - 00000000 ___RD C:\Users\David and Cecile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-10-10 22:18 - 2015-07-16 11:50 - 00000000 ___RD C:\Users\David and Cecile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-10-10 22:18 - 2015-07-16 11:50 - 00000000 ____D C:\Users\David and Cecile\AppData\Roaming\ICAClient
2015-10-10 22:18 - 2015-07-16 11:50 - 00000000 ____D C:\Users\David and Cecile\AppData\Roaming\AVG2013
2015-10-10 22:18 - 2015-07-16 11:50 - 00000000 ____D C:\Users\David and Cecile\AppData\Local\Google
2015-10-10 22:18 - 2015-03-19 08:11 - 00000000 ____D C:\ProgramData\McAfee Security Scan
2015-10-10 22:18 - 2011-11-01 07:38 - 00000000 ____D C:\ProgramData\MFAData
2015-10-10 22:18 - 2009-07-14 16:20 - 00000000 ____D C:\Windows\registration
2015-10-10 15:11 - 2014-04-05 20:58 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Awesomium
2015-10-09 16:53 - 2012-01-16 19:30 - 00002016 ____H C:\Users\Owner\Documents\Default.rdp
2015-10-04 20:36 - 2014-11-05 12:37 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-10-04 20:35 - 2015-03-19 08:00 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-10-04 20:26 - 2011-10-29 18:07 - 00000000 ____D C:\Users\Owner\AppData\Local\Google
2015-10-04 20:24 - 2015-07-01 14:47 - 00003888 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2322898750-3181205350-1402612105-1000UA
2015-10-04 20:24 - 2015-07-01 14:47 - 00003492 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2322898750-3181205350-1402612105-1000Core
2015-09-30 11:25 - 2012-01-30 18:30 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-09-30 11:22 - 2015-03-19 08:11 - 00001934 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2015-09-24 11:22 - 2014-07-02 17:40 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-09-24 11:22 - 2014-07-02 17:40 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-09-24 11:22 - 2014-07-02 17:40 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-09-24 10:59 - 2011-10-29 18:07 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-09-24 10:59 - 2011-10-29 18:07 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
 
==================== Files in the root of some directories =======
 
2009-07-14 12:19 - 2009-07-14 14:14 - 0479232 _____ () C:\Users\Owner\AppData\Roaming\BackUp3965196100.exe
2014-07-18 08:42 - 2014-10-13 18:45 - 0007601 _____ () C:\Users\Owner\AppData\Local\Resmon.ResmonCfg
2008-02-05 13:28 - 2008-02-05 13:28 - 0000051 _____ () C:\Users\Owner\AppData\Local\setup.txt
 
Some files in TEMP:
====================
C:\Users\Owner\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp4su09k.dll
C:\Users\Owner\AppData\Local\Temp\_is3928.exe
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-10-01 03:30
 
==================== End of FRST.txt ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:11-10-2015 01
Ran by Owner (2015-10-12 06:43:13)
Running from C:\Users\Owner\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2011-10-27 02:58:58)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2322898750-3181205350-1402612105-500 - Administrator - Disabled)
David and Cecile (S-1-5-21-2322898750-3181205350-1402612105-1003 - Limited - Enabled) => C:\Users\David and Cecile
Guest (S-1-5-21-2322898750-3181205350-1402612105-501 - Limited - Enabled) => C:\Users\Guest
HomeGroupUser$ (S-1-5-21-2322898750-3181205350-1402612105-1002 - Limited - Enabled)
Owner (S-1-5-21-2322898750-3181205350-1402612105-1000 - Administrator - Enabled) => C:\Users\Owner
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: AVG Internet Security 2013 (Disabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: AVG update module (Disabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG update module (Disabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}
AS: AVG Internet Security 2013 (Disabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}
FW: AVG update module (Disabled) {757AB44A-78C2-7D1A-E37F-CA42A037B368}
FW: AVG Internet Security 2013 (Disabled) {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
3DVIA player 5.0.0.20 (HKLM-x32\...\{F06365EC-061E-48C3-B761-E1816658D618}) (Version: 5.0.20 - 3DVIA)
Adobe Flash Player 19 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 19.0.0.185 - Adobe Systems Incorporated)
Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.185 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.12) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.12 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{5E03A267-415E-5383-FA8F-3CE4145663B9}) (Version: 8.0.903.0 - Advanced Micro Devices, Inc.)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AVG 2013 (HKLM\...\AVG) (Version: 2013.0.3532 - AVG Technologies)
AVG 2013 (Version: 13.0.3532 - AVG Technologies) Hidden
AVG 2013 (Version: 13.0.4365 - AVG Technologies) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Canon SELPHY CP780 (HKLM\...\Canon SELPHY CP780) (Version:  - )
Canon Utilities SELPHY Photo Print (HKLM-x32\...\SELPHY Photo Print) (Version: 1.0.1.5 - Canon Inc.)
Canon Utilities SELPHY Print Contents 1.0.0 (HKLM-x32\...\SELPHY Print Contents 100) (Version: 1.0.0.8 - Canon Inc.)
Citrix online plug-in - web (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 12.1.44.1 - Citrix Systems, Inc.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
D-Link DWA-131 Wireless N Nano USB Adapter (HKLM-x32\...\{D9198056-A296-4583-A790-C0E73694CFE8}) (Version:  - D-Link)
Dolby Axon - 1.5.1.1 (HKLM-x32\...\{17936630-5344-4F18-9970-616129E2A114}_is1) (Version: 1.5.1.1 - Dolby Laboratories)
Dropbox (HKU\S-1-5-21-2322898750-3181205350-1402612105-1000\...\Dropbox) (Version: 3.10.7 - Dropbox, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 45.0.2454.101 - Google Inc.)
Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6904.2028 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden
HydraVision (x32 Version: 4.2.210.0 - Advanced Micro Devices, Inc.) Hidden
iCloud (HKLM\...\{309768A4-A2BB-4930-A5A2-8169678C9B4C}) (Version: 4.0.6.28 - Apple Inc.)
i-Menu 2.2 (HKLM-x32\...\i-Menu_is1) (Version:  - AOC)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1118 - Intel Corporation)
Intel® Network Connections 15.6.25.0 (HKLM\...\PROSetDX) (Version: 15.6.25.0 - Intel)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.0.0.1046 - Intel Corporation)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 8 Update 40 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LEGO MINDSTORMS EV3 (HKLM-x32\...\LEGO_SW.{5B0CB826-E499-4E6B-94F0-75B6327ED934}) (Version: 1.0.0 - The LEGO Group)
LEGO MINDSTORMS EV3 Uninstaller (x32 Version: 1.0.11 - The LEGO Group) Hidden
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.163.2 - McAfee, Inc.)
Media Go (HKLM-x32\...\{AF06B8FA-B916-4001-AE51-6645488DEF09}) (Version: 2.8.303 - Sony)
Media Go Network Downloader (HKLM-x32\...\{5562F05F-908C-4F15-9B3C-98D5FD32DCAB}) (Version: 1.5.19.0 - Sony)
Media Go Video Playback Engine 2.12.102.06300 (HKLM-x32\...\{6E69B344-A081-487D-775B-F55A04DAF2E5}) (Version: 2.12.102.06300 - Sony)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft LifeCam (HKLM\...\{5CE7E3F5-9803-4F32-AA89-2D8848A80109}) (Version: 3.60.253.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
NI Uninstaller (x32 Version: 3.11.190 - National Instruments) Hidden
NWZ-W270S WALKMAN Guide (HKLM-x32\...\{2DD336BD-D504-4AD7-AA03-201114C24495}) (Version: 2.2.0.07230 - Sony Corporation)
OpenOffice.org 3.3 (HKLM-x32\...\{82AF3E91-57E1-4754-84D0-40A46E2479AB}) (Version: 3.3.9567 - OpenOffice.org)
Path of Exile (HKLM-x32\...\Steam App 238960) (Version:  - Grinding Gear Games)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6215 - Realtek Semiconductor Corp.)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.4.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.4.0 - Renesas Electronics Corporation) Hidden
Safari (HKLM-x32\...\{FA4C2D53-205F-4245-9717-F3761154824D}) (Version: 5.34.57.2 - Apple Inc.)
Screen+ 1.0 (HKLM-x32\...\Screen+_is1) (Version:  - AOC)
Search App by Ask (HKLM-x32\...\{4F524A2D-5350-4500-76A7-A758B70C2300}) (Version: 12.35.0.284 - APN, LLC) <==== ATTENTION
SketchUp 8 (HKLM-x32\...\{779D8CA1-03DD-4AD4-B21F-3E20BFE7BEDE}) (Version: 3.0.15158 - Trimble Navigation Limited)
Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.9.12585 - Skype Technologies S.A.)
Skype™ 7.3 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.3.101 - Skype Technologies S.A.)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve)
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
The Elder Scrolls Online (HKLM-x32\...\The Elder Scrolls Online) (Version: 1.0.0.0 - Zenimax Online Studios)
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version:  - Bethesda Game Studios)
Total War: SHOGUN 2 (HKLM-x32\...\Steam App 34330) (Version:  - The Creative Assembly)
Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
VLC media player 2.0.8 (HKLM-x32\...\VLC media player) (Version: 2.0.8 - VideoLAN)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-2322898750-3181205350-1402612105-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Owner\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2322898750-3181205350-1402612105-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2322898750-3181205350-1402612105-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2322898750-3181205350-1402612105-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2322898750-3181205350-1402612105-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2322898750-3181205350-1402612105-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2322898750-3181205350-1402612105-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2322898750-3181205350-1402612105-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2322898750-3181205350-1402612105-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2322898750-3181205350-1402612105-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2322898750-3181205350-1402612105-1000_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
 
==================== Restore Points =========================
 
07-10-2015 03:02:10 Windows Update
08-10-2015 03:02:32 Windows Update
09-10-2015 07:59:22 Windows Update
10-10-2015 03:02:34 Windows Update
10-10-2015 12:11:13 Windows Update
10-10-2015 20:34:11 Windows Update
10-10-2015 22:10:58 Restore Operation
12-10-2015 03:02:10 Windows Update
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 15:34 - 2015-09-30 11:22 - 00000856 ____A C:\Windows\system32\Drivers\etc\hosts
0.0.0.1 mssplus.mcafee.com
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {1C9C8D9E-9267-4D45-A19F-97EBAEE785C0} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2322898750-3181205350-1402612105-1000Core => C:\Users\Owner\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-07-01] (Dropbox, Inc.)
Task: {2C198CF9-F462-4537-ADE5-2DAAD42DC989} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2322898750-3181205350-1402612105-1000UA => C:\Users\Owner\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-07-01] (Dropbox, Inc.)
Task: {3CB2DA8B-11FD-4D29-BFC1-C1EF57621A2C} - System32\Tasks\{8F1768C8-6F98-45E1-9ABC-8DC68A585476} => C:\Program Files (x86)\Zenimax Online\Launcher\Bethesda.net_Launcher.exe [2015-03-13] (ZeniMax Online Studios)
Task: {5286C95B-89FA-4D72-B7EB-91C8238D51F7} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)
Task: {595BD0A0-1499-419E-9F36-4507B58863BD} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-06] (Google Inc.)
Task: {66C675DD-22EA-480B-9102-61DF172EDD96} - System32\Tasks\ROC_REG_JAN_DELETE => C:\ProgramData\AVG January 2013 Campaign\ROC.exe [2013-01-18] ()
Task: {74DD1818-7A13-4DBA-B4CA-EFFCA12C20FB} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-06] (Google Inc.)
Task: {9F8CBAD9-89E1-4C6C-A2B8-0252AD07F51E} - System32\Tasks\{77F3256D-A434-445C-8D51-BE85E57FE3A9} => Chrome.exe http://ui.skype.com/...?LastError=1618
Task: {AE458B66-EFA6-405A-8473-DFAD8783C7D1} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-09-24] (Adobe Systems Incorporated)
Task: {EF6E81CC-3F2E-4774-A13D-933473D43284} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2322898750-3181205350-1402612105-1000Core.job => C:\Users\Owner\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2322898750-3181205350-1402612105-1000UA.job => C:\Users\Owner\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\ROC_REG_JAN_DELETE.job => C:\ProgramData\AVG January 2013 Campaign\ROC.exe
 
==================== Loaded Modules (Whitelisted) ==============
 
2013-07-06 17:17 - 2008-06-26 20:09 - 00167936 _____ () C:\Program Files (x86)\D-Link\DWA-131 revA\WlanWpsSvc.exe
2015-07-14 09:28 - 2013-09-16 12:35 - 00172032 _____ () C:\Users\Owner\AppData\Roaming\CoSoSys\HDDtoGO\HDDtoGOLaunch.exe
2014-02-12 21:58 - 2014-02-12 21:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2008-07-14 10:52 - 2008-07-14 10:52 - 00270336 _____ () C:\Program Files (x86)\Canon\SELPHY Photo Print\EnoJPEG4.dll
2013-07-06 17:17 - 2009-08-06 17:15 - 00376832 _____ () C:\Program Files (x86)\D-Link\DWA-131 revA\WlanDll.dll
2014-01-11 18:40 - 2014-01-11 18:40 - 00169472 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\9a6476e0725c79a5e8787d0d2f83c458\IsdiInterop.ni.dll
2011-10-27 16:29 - 2010-09-13 18:28 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2015-09-30 11:25 - 2015-09-24 15:34 - 01501512 _____ () C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.101\libglesv2.dll
2015-09-30 11:25 - 2015-09-24 15:34 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.101\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2322898750-3181205350-1402612105-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [TCP Query User{E552B2A3-8BD4-4C2C-891C-F94B1166BAB3}C:\program files (x86)\steam\steam.exe] => (Allow) C:\program files (x86)\steam\steam.exe
FirewallRules: [UDP Query User{B673A14D-3A6C-42AB-AF93-CC4DC9D80D91}C:\program files (x86)\steam\steam.exe] => (Allow) C:\program files (x86)\steam\steam.exe
FirewallRules: [{B4C822D1-EC71-4FDF-9669-D290F5D9FA2C}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{17183ECB-B034-4AA9-9ACB-A0C589F52BF4}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{DCB315AD-2530-4885-AEA4-41F4AE10B261}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{33FE9AA5-4C73-4157-894C-DD20B1C49C91}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{8A676F7A-98A6-42DF-908C-B07678299C1A}] => (Allow) C:\Users\Owner\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{2BAEE285-8227-4298-AC74-401E6634910E}] => (Allow) C:\Users\Owner\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [TCP Query User{6BCE2743-8DF9-449A-9DA4-1BE2441B93EE}C:\users\owner\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\owner\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{B544082C-591B-415C-9DE0-D88AC5FB1732}C:\users\owner\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\owner\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{CC3DD999-0308-45B8-AD56-5FC9D3E7674B}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{F9AF8DF4-C633-4F4A-A2AD-C2C8A6147278}] => (Allow) LPort=2869
FirewallRules: [{5B25BF64-8D41-4DF4-B661-0FF65FD8425B}] => (Allow) LPort=1900
FirewallRules: [{6B28429D-E50D-4798-A534-D7140AE97629}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{2DA50703-2A20-4BF1-B806-810B1ECFF64C}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{11741321-D575-4C01-AC9A-590C8B1BE104}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{D97ECDA5-43C5-4517-AB48-48E98A0890F0}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgmfapx.exe
FirewallRules: [{0A84327C-E874-4EFC-A46D-9AD60FCBCE67}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgmfapx.exe
FirewallRules: [{47C59EAE-16F8-42D1-B47A-F2B5E31FE117}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeCam.exe
FirewallRules: [{47705470-8679-46E7-802F-93321C9FD336}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeCam.exe
FirewallRules: [{9D452EBA-65B9-4CD8-AEDC-30454D53171B}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeEnC2.exe
FirewallRules: [{27ED9D47-922C-4978-BEE0-7D17EF84E40B}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeEnC2.exe
FirewallRules: [{93FCF8A6-0B84-40B6-AC6B-493DC376B6DD}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe
FirewallRules: [{7B0EA1AA-E40A-4490-A944-7B65E573DBAB}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe
FirewallRules: [{1CF0762C-9B65-49ED-827D-3B371008EE34}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeTray.exe
FirewallRules: [{F9245310-412E-4E83-A187-248FE225A4D2}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeTray.exe
FirewallRules: [{D13D357E-BFF0-4879-9132-BE6C41A1BDDA}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgmfapx.exe
FirewallRules: [{3762A0F9-0C76-4307-B638-8F71BBA11664}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgmfapx.exe
FirewallRules: [{6F0931CE-CA8F-43A9-A673-3693854DD1FD}] => (Allow) C:\Program Files (x86)\Vuze\Azureus.exe
FirewallRules: [{9EC56335-D911-4AD7-BD42-DBB942A1994B}] => (Allow) C:\Program Files (x86)\Vuze\Azureus.exe
FirewallRules: [{87B868CB-1F4A-4239-8D0B-52472A729FFB}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\skyrim\SkyrimLauncher.exe
FirewallRules: [{FC2EFF9A-425E-4CD9-B778-81E0B55BD519}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\skyrim\SkyrimLauncher.exe
FirewallRules: [{882E36BE-0AB1-40AC-ADDA-88B38E07A385}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\total war shogun 2\Shogun2.exe
FirewallRules: [{1B168E33-C377-49AC-BEBF-8514AC1983B4}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\total war shogun 2\Shogun2.exe
FirewallRules: [{261BE20F-0D96-451A-B12B-2B5C0FA92DB4}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\total war shogun 2\data\encyclopedia\how_to_play.html
FirewallRules: [{DD57C6F9-B783-47D5-98F3-E0DD0805315F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\total war shogun 2\data\encyclopedia\how_to_play.html
FirewallRules: [{5E915AF8-71FE-44C9-8C05-A4C6D2BC6E2A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\total war shogun 2\benchmarks\benchmark_current_settings.bat
FirewallRules: [{43CD3A06-9125-47D8-A767-47DD65258D7F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\total war shogun 2\benchmarks\benchmark_current_settings.bat
FirewallRules: [{63305847-9563-46EF-851C-924E5135E52A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\total war shogun 2\benchmarks\benchmark_specify_properties.bat
FirewallRules: [{8853B181-E886-45E2-878D-96D54BFDEC6C}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\total war shogun 2\benchmarks\benchmark_specify_properties.bat
FirewallRules: [{CF8933C2-D45E-4E2E-9196-915B65C7DFA4}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Path of Exile\PathOfExileSteam.exe
FirewallRules: [{BC6BF4C9-F4B3-41DB-A20A-71B432E4BB27}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Path of Exile\PathOfExileSteam.exe
FirewallRules: [{044AC0B6-3EAF-45D8-AD30-802ABEABBB24}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Path of Exile\PathOfExileSteam.exe
FirewallRules: [{978B34B8-EBD6-4747-9FCB-532F7AD966A2}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Path of Exile\PathOfExileSteam.exe
FirewallRules: [{0CDBAC1A-00D7-422D-A792-B05EE11C1D26}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Path of Exile\PathOfExileSteam.exe
FirewallRules: [{B6CD8022-17B8-4BA4-8025-AA67934A2632}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Path of Exile\PathOfExileSteam.exe
FirewallRules: [{F561A39C-C5A0-4481-BCF6-D3874DF3F82F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Path of Exile\PathOfExileSteam.exe
FirewallRules: [{0C624B85-7FD6-42E8-A924-8886C45084E8}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Path of Exile\PathOfExileSteam.exe
FirewallRules: [{9E5C4D6C-938C-482C-BE99-F2F04BFCD859}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Path of Exile\PathOfExileSteam.exe
FirewallRules: [{3FC1D400-83D9-4575-A683-2DCEE35C980C}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Path of Exile\PathOfExileSteam.exe
FirewallRules: [{5CC22797-2514-49B8-9EC3-E94021FBD9FC}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{9A4BFB8C-7EAA-46BF-A8BE-6ED8BD349F12}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{B8C5B1E7-0BCA-448A-8504-824306818CD8}] => (Allow) C:\Program Files (x86)\DolbyAxon\Axon.exe
FirewallRules: [{48203608-29E0-4DFC-B40E-56DBFFAD8B81}] => (Allow) C:\Program Files (x86)\DolbyAxon\Axon.exe
FirewallRules: [{21E09B53-8CBC-4C43-94EC-8B191F2A2EEC}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [TCP Query User{B78744E0-3D67-4197-84E7-E2801C914D77}C:\program files (x86)\zenimax online\launcher\bethesda.net_launcher.exe] => (Allow) C:\program files (x86)\zenimax online\launcher\bethesda.net_launcher.exe
FirewallRules: [UDP Query User{BB3312A6-80FB-4B8D-BEAD-4EE20208CE13}C:\program files (x86)\zenimax online\launcher\bethesda.net_launcher.exe] => (Allow) C:\program files (x86)\zenimax online\launcher\bethesda.net_launcher.exe
FirewallRules: [{77C4C69D-4374-4F12-BFAA-6310A7E52759}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
FirewallRules: [{AFBC1EC4-4342-4EA1-82BE-7789A55AB5F1}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
FirewallRules: [{231E602D-8146-4527-ABA1-DD069B3FB3B9}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgdiagex.exe
FirewallRules: [{2A91F074-DF67-4B6D-BF50-043C50330B4F}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgdiagex.exe
FirewallRules: [{0187E1A1-0BB4-4BF5-B032-F81A5C72114A}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgemca.exe
FirewallRules: [{773B7641-E9BB-4B5D-83D0-556BE575B9CC}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgemca.exe
FirewallRules: [{349BC038-ECA8-436B-B899-B9B53C003BE4}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (10/11/2015 06:00:09 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (10/11/2015 05:18:31 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (10/11/2015 05:17:49 PM) (Source: Steam Client Service) (EventID: 1) (User: )
Description: Error: Failed to add firewall exception for C:\Program Files (x86)\Steam\steam.exe
 
Error: (10/11/2015 06:37:37 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 9.0.8112.16470, time stamp: 0x510c8801
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc00000fd
Fault offset: 0x10001a96
Faulting process id: 0x185c
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3
 
Error: (10/11/2015 06:37:36 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 9.0.8112.16470, time stamp: 0x510c8801
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00000000
Faulting process id: 0x142c
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3
 
Error: (10/11/2015 06:34:10 AM) (Source: Steam Client Service) (EventID: 1) (User: )
Description: Error: Failed to add firewall exception for C:\Program Files (x86)\Steam\steam.exe
 
Error: (10/11/2015 06:33:19 AM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: The backup did not complete because of an error writing to the backup location I:\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006).
 
Error: (10/11/2015 06:32:57 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 22346098
 
Error: (10/11/2015 06:32:57 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 22346098
 
Error: (10/11/2015 06:32:57 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
 
System errors:
=============
Error: (10/12/2015 05:33:56 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Modules Installer service terminated with the following error: 
%%126
 
Error: (10/12/2015 05:33:26 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Modules Installer service terminated with the following error: 
%%126
 
Error: (10/12/2015 05:32:56 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Modules Installer service terminated with the following error: 
%%126
 
Error: (10/12/2015 05:32:26 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Modules Installer service terminated with the following error: 
%%126
 
Error: (10/12/2015 05:31:56 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Modules Installer service terminated with the following error: 
%%126
 
Error: (10/12/2015 05:31:26 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Modules Installer service terminated with the following error: 
%%126
 
Error: (10/12/2015 05:30:56 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Modules Installer service terminated with the following error: 
%%126
 
Error: (10/12/2015 05:30:26 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Modules Installer service terminated with the following error: 
%%126
 
Error: (10/12/2015 05:29:56 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Modules Installer service terminated with the following error: 
%%126
 
Error: (10/12/2015 05:29:26 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Modules Installer service terminated with the following error: 
%%126
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-2600 CPU @ 3.40GHz
Percentage of memory in use: 29%
Total physical RAM: 8169.41 MB
Available physical RAM: 5776.84 MB
Total Virtual: 16338.83 MB
Available Virtual: 13287.29 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:931.41 GB) (Free:443.43 GB) NTFS
Drive d: (081231_0834) (CDROM) (Total:3.01 GB) (Free:0 GB) CDFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 6EB2ED16)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================

  • 0

#4
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,589 posts

 I forgot to mention in my original post that there appears to be an issue with internet explorer so that might be affected or the source.

 

Since you are not current on IE (you have version 9 and 11 is current) it's very possible that this could have been an infection point. I'll ensure we get this updated before we are done.

 was interested to read the FRST.txt addition under security it states all programs are disabled.

I feel a bit vulnerable posting all that info to a public forum on the web.  Is there a risk that is could be used to access my computer once this process is complete?  Should I edit out the FRST.txt documents once we have finished?

 

No, this information can't be used to access your computer.

 

Let's begin.

 

Step#1 - Uninstalls
 
Please uninstall the following programs one at a time. Instructions for doing so are here.
If any of the programs give you an error during the uninstall, notate it and move on to the next one. Just let me know which ones had issues. If you are asked to reboot, answer No until all the programs have been uninstalled and then you can reboot. All of these programs are either outdated, malware/adware, have a bad reputation or are not recommended. If you absolutely must have one of them I suggest that you wait until you are declared clean before reinstalling.
 

Adobe Flash Player 19 ActiveX
Adobe Flash Player 19 NPAPI
Adobe Reader XI (11.0.12)

McAfee Security Scan Plus
Search App by Ask
Skype Click to Call

 

Step#2 - Warnings
Windows Sidebar/Gadgets
I see that you use the Windows Sidebar with Gadgets. Microsoft deems these as a security vulnerability and recommends that they are disabled. Unless you have good reason not to, please download and install the Microsoft Fix-It from here. Note: Please ensure you reboot when prompted. If you don't and continue this could leave your machine in an unstable state.

 

Step#3 - FRST Fix
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
1. Download attached file and save it to the Desktop. Attached File  fixlist.txt   4.07KB   152 downloads
Note. It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work (in this case...the desktop).
2. Run FRST64 by Right-Clicking on the file and choosing Run as administrator.
3. Press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
4. When finished FRST64 will generate a log on the Desktop (Fixlog.txt). Please post the contents of it in your reply.

 

Step#4 - JRT by Malwarebytes
1. Download Junkware Removal Tool to your desktop.
2. Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
3. The tool will open. Press any key at the Disclaimer screen and the program will start scanning your system.
4. Please be patient as this can take a while to complete depending on your system's specifications.
5. On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
6. Close the text file and reboot your machine.
7. Post the contents of JRT.txt into your next message.

 

Items for your next post

1. Fixlog

2. Junkware log

 


  • 0

#5
dontknowenough

dontknowenough

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts

Hi Brian,

 

all the programs uninstalled easily EXCEPT McAfee.  There was simply no response to pressing the change/ uninstall button.  Well it disappeared as if the action was registered but the program did not uninstall.

After disabling the gadgets, on reboot there was a box that said " Desktop gadgets are managed by your system administrator", however I see my gadget clock has disappeared.

On clicking your link to JRT another tab opened in chrome but nothing seemed to open.  Looking on my desktop a JRT icon has appeared.  Double clicking that opened a box " Do you want the following program to make changes to your computer".  On clicking YES, the box disappears but no action appears to take place and no JRT.txt appears on my desktop.

 

Thanks again,

 

Adrian

 

The fixlog.txt is:

Fix result of Farbar Recovery Scan Tool (x64) Version:11-10-2015 02
Ran by Owner (2015-10-12 20:57:56) Run:1
Running from C:\Users\Owner\Desktop
Loaded Profiles: Owner (Available Profiles: Owner & David and Cecile & Guest)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CreateRestorePoint:
HKLM\...\Run: [My Scrap Nook Home Page Guard 64 bit] => "C:\PROGRA~2\MYSCRA~2\bar\1.bin\AppIntegrator64.exe"
HKLM-x32\...\Run: [My Scrap Nook EPM Support] => "C:\PROGRA~2\MYSCRA~2\bar\1.bin\12medint.exe" T8EPMSUP.DLL,S
HKLM-x32\...\Run: [My Scrap Nook Search Scope Monitor] => "C:\PROGRA~2\MYSCRA~2\bar\1.bin\12srchmn.exe" /m=2 /w /h
HKLM-x32\...\Run: [ApnTBMon] => "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe"
HKU\S-1-5-21-2322898750-3181205350-1402612105-1000\...\MountPoints2: {09a2b550-001c-11e1-9551-806e6f6e6963} - D:\AutoRun.exe
hosts:
BHO-x32: Toolbar BHO -> {0214754e-4e7d-4589-829d-e2523e6a3085} -> C:\PROGRA~2\MYSCRA~2\bar\1.bin\12bar.dll No File
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll No File
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.101\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.101\pdf.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.101\gcswf32.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll => No File
CHR Plugin: (AVG Internet Security) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\plugins/avgnpss.dll => No File
CHR Plugin: (Skype Toolbars) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll => No File
CHR Plugin: (Java Deployment Toolkit 6.0.290.11) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll => No File
CHR Plugin: (Java™ Platform SE 6 U29) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll => No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll => No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll => No File
CHR Extension: (Bing) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcfenmboojpjinhpgggodefccipikbpd [2015-10-11]
CHR HKU\S-1-5-21-2322898750-3181205350-1402612105-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ihenkjeihefokohmemphikjnjbmegdik] - "C:\Program Files (x86)\Sony\Media Go\MediaGoDetector.crx" <not found>
2015-10-10 22:26 - 2015-10-10 22:26 - 00022308 _____ C:\Windows\system32\CFG3965196100
2015-10-10 13:12 - 2015-10-10 13:12 - 00000000 ____D C:\Users\Owner\AppData\Local\{740DBE94-4496-44E4-8DF3-253E39C309F5}
2015-10-09 08:23 - 2015-10-09 08:23 - 00000000 ____D C:\Users\Owner\AppData\Local\{AAD6E1E2-53C2-4E84-ABDB-FBEB57CF0BB7}
2015-10-07 08:43 - 2015-10-07 08:43 - 00000000 ____D C:\Users\Owner\AppData\Local\{C632384F-F9B4-461A-86EB-F2491B96EDE7}
2015-10-07 07:17 - 2015-10-07 07:17 - 00000000 ____D C:\Users\Owner\AppData\Local\{7449324B-0B37-40DE-8B19-E9D22CCA1F62}
2015-10-06 20:23 - 2015-10-06 20:23 - 00000000 ____D C:\Users\Owner\AppData\Local\{3E4DECA6-35EB-41F9-A413-17B1BAAA659C}
2015-10-05 18:24 - 2015-10-05 18:24 - 00000000 ____D C:\Users\Owner\AppData\Local\{7C9D0432-F5B5-4002-ACEF-364F98E359FE}
2015-10-04 21:08 - 2015-10-04 21:08 - 00000000 ____D C:\Users\Owner\AppData\Local\{9DEEFCFE-3EE2-411B-98E3-11BDB45C88DB}
EmptyTemp:
*****************
 
Restore point was successfully created.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\My Scrap Nook Home Page Guard 64 bit => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\My Scrap Nook EPM Support => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\My Scrap Nook Search Scope Monitor => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ApnTBMon => value removed successfully
"HKU\S-1-5-21-2322898750-3181205350-1402612105-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{09a2b550-001c-11e1-9551-806e6f6e6963}" => key removed successfully
HKCR\CLSID\{09a2b550-001c-11e1-9551-806e6f6e6963} => key not found. 
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0214754e-4e7d-4589-829d-e2523e6a3085}" => key removed successfully
"HKCR\Wow6432Node\CLSID\{0214754e-4e7d-4589-829d-e2523e6a3085}" => key removed successfully
"HKCR\PROTOCOLS\Handler\linkscanner" => key removed successfully
"HKCR\CLSID\{F274614C-63F8-47D5-A4D1-FBDDE494F8D1}" => key removed successfully
"HKCR\PROTOCOLS\Handler\livecall" => key removed successfully
HKCR\CLSID\{828030A1-22C1-4009-854F-8E305202313F} => key not found. 
"HKCR\PROTOCOLS\Handler\msnim" => key removed successfully
HKCR\CLSID\{828030A1-22C1-4009-854F-8E305202313F} => key not found. 
C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.101\ppGoogleNaClPluginChrome.dll => not found.
C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.101\pdf.dll => not found.
C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.101\gcswf32.dll => not found.
C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll => not found.
C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\plugins/avgnpss.dll => not found.
C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll => not found.
C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll => not found.
C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll => not found.
C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll => not found.
C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll => not found.
C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll => not found.
C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll => not found.
c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll => not found.
C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcfenmboojpjinhpgggodefccipikbpd => moved successfully
"HKU\S-1-5-21-2322898750-3181205350-1402612105-1000\SOFTWARE\Google\Chrome\Extensions\fcfenmboojpjinhpgggodefccipikbpd" => key removed successfully
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ihenkjeihefokohmemphikjnjbmegdik" => key removed successfully
C:\Windows\system32\CFG3965196100 => moved successfully
C:\Users\Owner\AppData\Local\{740DBE94-4496-44E4-8DF3-253E39C309F5} => moved successfully
C:\Users\Owner\AppData\Local\{AAD6E1E2-53C2-4E84-ABDB-FBEB57CF0BB7} => moved successfully
C:\Users\Owner\AppData\Local\{C632384F-F9B4-461A-86EB-F2491B96EDE7} => moved successfully
C:\Users\Owner\AppData\Local\{7449324B-0B37-40DE-8B19-E9D22CCA1F62} => moved successfully
C:\Users\Owner\AppData\Local\{3E4DECA6-35EB-41F9-A413-17B1BAAA659C} => moved successfully
C:\Users\Owner\AppData\Local\{7C9D0432-F5B5-4002-ACEF-364F98E359FE} => moved successfully
C:\Users\Owner\AppData\Local\{9DEEFCFE-3EE2-411B-98E3-11BDB45C88DB} => moved successfully
EmptyTemp: => 14 GB temporary data Removed.
 
 
The system needed a reboot.
 
==== End of Fixlog 21:00:39 ====

  • 0

#6
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,589 posts

Thanks for the info. I suspected JRT wouldn't run but wanted to try. This is a nasty infection. Mysterious even. As you mentioned, just like the previous one I worked on. Please do the following.

 

Dr Web CureIt
1. Go to the link below and follow the instructions to run Dr Web CureIt

.http://free.drweb.com/cureit

2. Dr Web will scan your computer. When finished a report is generated.
3. Please open and copy and paste the contents back here.
Note: If the log is too long for one post just use as many as necessary or zip and upload as an attachment.


  • 0

#7
dontknowenough

dontknowenough

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts

Hi Brian,

Dr Web CureIt found Trojan.Mayachok.5 but could not "neutralise" it.  I opened the report and copied it but on trying to paste into the reply box the computer crashed to a blue screen.  I will try again 

Cheer,

Adrian


  • 0

#8
dontknowenough

dontknowenough

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts

On trying to run the scan again it crashed within a few minutes.  I managed to write down the virus was in HDDO Partition1:Active MBR NTFS\exFAT partition.  I cannot find the Dr. CureIt report on my desktop with the other reports.

 

i have restarted in Safe mode with networking and won't run the scan again unless you tell me you need me too.

 

Cheers,

 

Adrian


  • 0

#9
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,589 posts

Yes, please go ahead and attempt to run in Safe Mode with Networking. Thanks.


  • 0

#10
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,589 posts

After the run of Dr. Web, you should find the log file in %userprofile%\Dr Web

 

You can click the Start button and copy/paste the part in bold above and hit enter. This will bring you to the folder where you will find the log.

 

Thanks.


  • 0

Advertisements


#11
dontknowenough

dontknowenough

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts

unfortunately, it says file not found.  I did find this on the Dr. Web site which seems to fit the description of our culprit..   https://news.drweb.c.../?i=5929&lng=enand  this implys that Dr. Web could cure it in 2012  http://vms.drweb-av.es/virus/?i=1793774  so if this is a 3 year old virus how come my AVG didn't get it.  and Dr. Web states it cures it but now can't?  that's frustrating.  I am really grateful for your help.  cheers, Adrian


  • 0

#12
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,589 posts

unfortunately, it says file not found

 

Do you mean when you copy/pasted %userprofile%\Dr Web into the search box? Try putting it in quotation marks if that's what you mean. "%userprofile%\Dr Web"

 

so if this is a 3 year old virus how come my AVG didn't get it.  and Dr. Web states it cures it but now can't?

 

They are constantly evolving, changing detection, trying to become harder to remove. I'm really not surprised.


  • 0

#13
dontknowenough

dontknowenough

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts

Hi Brian,

putting the file name in quotes didn't find it.  So I tried to re-scan but on attempting to open the Dr. Web program on the desktop the computer crashed to  a blue screen.  I have re-booted in safe + networking and will wait for further instructions.  Can I ask why you do this?  Do you just hate malware or is there other motivation?

cheers,

Adrian


  • 0

#14
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,589 posts

Can I ask why you do this?  Do you just hate malware or is there other motivation?

 

I enjoy helping people and I love a challenge.

 

Please try doing the following from Safe Mode with Networking.

 

 
1. Download Malwarebytes Anti-Rootkit to your desktop from here.
2. Right-Click on the file that was downloaded and choose Run as administrator. Answer Yes if prompted to Allow.
3. Click OK at the installer screen that comes up.
4. The software will be extracted and will open.
5. Click Next at the first screen.
6. The Update Database screen will appear. Click the Update button.
7. Once updated, click the Next button.
8. On the Scan System screen, click the Scan button.
9. Once, the Scan is finished, even if rootkits were detected, don't click the Cleanup button. Just exit the program.
10. On your desktop, there will be a folder named mbar. Open this folder and you will find a log that begins with mbar-log-. Please open this file and copy the contents in to your next post.
 
 

 


  • 0

#15
dontknowenough

dontknowenough

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts

Hi Brian,

when I try and run as admin nothing happens.  When I double click the icon on the desktop I get the security prompt " Do you want to run this program?" and on clicking yes the box disappears but nothing happens.

Cheers,

Adrian


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP