Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

AVG Blocked by Group Policy/Chrome erratic behaviour - still spyware?


  • Please log in to reply
9 replies to this topic

#1 FranMar67

FranMar67

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:15 PM

Posted 07 November 2014 - 03:33 PM

Hi all

 

My father recently had a spyware problem with his laptop that I've tried my best to solve. Chrome seemed to be hijacked. On opening it, there was nothing but a white screen and no menus etc would load. A clean install of chrome resolved this. 

 

More sinister was AVG failing to load since it was 'blocked by a group policy'. Malwarebytes uncovered some threats, but AVG stayed non-functional. I edited the registry to get AVG to start and ran a scan on that that uncovered some examples of JS/Exploit and removed. Both AVG and MWB say the system is clean and all seems functional, but I'm not 100% convinced. 

 

Here are my logs...

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.17344  BrowserJavaVersion: 10.71.2
Run by Ronnie at 20:25:39 on 2014-11-07
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.44.1033.18.3767.1886 [GMT 0:00]
.
AV: AVG AntiVirus Free Edition 2015 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: McAfee VirusScan *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee VirusScan *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: AVG AntiVirus Free Edition 2015 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
FW: McAfee Personal Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
c:\PROGRA~2\AVG\AVG2015\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Launch Manager\dsiwmis.exe
C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
C:\Program Files\Acer\Acer Updater\UpdaterService.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files\Acer\Acer Updater\UpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\AVG\AVG2015\avgui.exe
C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
C:\Program Files (x86)\Launch Manager\LMworker.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\SysWOW64\ctfmon.exe
C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://acer.msn.com
uDefault_Page_URL = hxxp://acer.msn.com
uProxyServer = hxxp=localhost:8118;https=localhost:8118;ftp=localhost:8118;socks=localhost:9050
uProxyOverride = localhost;127.0.0.1;*.local
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: Adblock Plus for IE Browser Helper Object: {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll
uRun: [EPSON SX110 Series] C:\Windows\System32\spool\DRIVERS\x64\3\E_IATIFBE.EXE /FU "C:\Windows\TEMP\E_SF567.tmp" /EF "HKCU"
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe"
mRun: [SuiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d
mRun: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"
mRun: [EEventManager] C:\PROGRA~2\EPSONS~1\EVENTM~1\EEventManager.exe
mRun: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2015\avgui.exe" /TRAYONLY
StartupFolder: C:\Users\RONNIE~1.000\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\SYNTPE~1.LNK - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{021B3747-FBD9-49DE-AC76-06517C83F8CE} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{02786415-F61E-460C-B433-D11977E8B7C7} : DHCPNameServer = 192.168.42.129
TCP: Interfaces\{552EC32B-8CE0-48C7-ACCF-C681EB2AFF50} : DHCPNameServer = 192.168.1.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-BHO: Adblock Plus for IE Browser Helper Object: {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [mwlDaemon] C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2014-6-18 190744]
R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2014-7-18 313624]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2014-10-5 124184]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2014-6-18 31512]
R1 Avgdiska;AVG Disk Driver;C:\Windows\System32\drivers\avgdiska.sys [2014-6-18 153368]
R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2014-10-7 262424]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2014-8-28 243480]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2014-10-10 274200]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2013-7-24 283064]
R1 mwlPSDFilter;mwlPSDFilter;C:\Windows\System32\drivers\mwlPSDFilter.sys [2009-6-3 22576]
R1 mwlPSDNServ;mwlPSDNServ;C:\Windows\System32\drivers\mwlPSDNserv.sys [2009-6-3 20016]
R1 mwlPSDVDisk;mwlPSDVDisk;C:\Windows\System32\drivers\mwlPSDVDisk.sys [2009-6-3 60464]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [2014-10-16 3487248]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [2014-10-16 298080]
R2 DsiWMIService;Dritek WMI Service;C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2010-8-30 321104]
R2 ePowerSvc;Acer ePower Service;C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [2011-1-16 868896]
R2 GREGService;GREGService;C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [2010-1-8 23584]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-8-30 13336]
R2 Live Updater Service;Live Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2013-3-4 255376]
R2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2010-6-28 255744]
R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-8-30 2320920]
R2 Updater Service;Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2013-3-4 255376]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2010-8-30 56344]
R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2010-8-30 158976]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2011-8-23 317440]
R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2010-5-15 384040]
R3 seehcri;Sony Ericsson seehcri Device Driver;C:\Windows\System32\drivers\seehcri.sys [2014-8-7 34032]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S3 androidusb;ADB Interface Driver;C:\Windows\System32\drivers\ANDROIDUSB.sys [2009-11-2 33736]
S3 ggflt;SOMC USB Flash Driver Filter;C:\Windows\System32\drivers\ggflt.sys [2014-8-7 16088]
S3 ggsomc;SOMC USB Flash Driver;C:\Windows\System32\drivers\ggsomc.sys [2014-8-7 30424]
S3 HTCAND64;HTC Device Driver;C:\Windows\System32\drivers\ANDROIDUSB.sys [2009-11-2 33736]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-10-16 111616]
S3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2014-11-4 129752]
S3 MWLService;MyWinLocker Service;C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [2010-5-27 305520]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-3-4 19456]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2011-1-16 246376]
S3 Sony PC Companion;Sony PC Companion;C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe [2014-8-17 155824]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-11-14 56832]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2014-7-28 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-3-4 1255736]
.
=============== Created Last 30 ================
.
2014-11-07 18:51:34 -------- d-----w- C:\Users\Ronnie.Vikki-PC.000\AppData\Roaming\AVG2015
2014-11-07 18:50:53 9162192 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2014-11-07 18:50:49 11627712 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{AE6823DD-31EC-441F-B4C1-CE1CCA7569C4}\mpengine.dll
2014-11-07 18:50:27 -------- d--h--w- C:\$AVG
2014-11-07 18:50:15 -------- d-----w- C:\Program Files (x86)\AVG
2014-11-07 18:48:41 -------- d-----w- C:\Users\Ronnie.Vikki-PC.000\AppData\Local\Avg2015
2014-11-05 14:46:10 -------- d-----w- C:\Program Files (x86)\ESET
2014-11-04 19:36:28 129752 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-11-04 19:36:13 93400 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-11-04 19:36:13 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
2014-11-04 19:36:13 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-11-04 19:36:13 -------- d-----w- C:\ProgramData\Malwarebytes
2014-11-04 19:36:13 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-11-02 13:36:26 -------- d-----w- C:\Users\Ronnie.Vikki-PC.000\AppData\Local\Apps
2014-11-02 13:36:24 -------- d-----w- C:\Users\Ronnie.Vikki-PC.000\AppData\Local\Deployment
2014-11-02 13:18:17 37624 ----a-w- C:\Windows\System32\drivers\TrueSight.sys
2014-11-02 13:18:15 -------- d-----w- C:\ProgramData\RogueKiller
2014-11-02 12:24:26 -------- d-----w- C:\ProgramData\MuciYijl
2014-11-02 12:24:20 -------- d-----w- C:\ProgramData\JilujEsqoz
2014-11-02 12:05:08 -------- d-----w- C:\Users\Ronnie.Vikki-PC.000\AppData\Local\qqhwuvpg
2014-10-31 10:36:57 -------- d-----w- C:\Users\Ronnie.Vikki-PC.000\AppData\Roaming\Windows Live Writer
2014-10-31 10:36:57 -------- d-----w- C:\Users\Ronnie.Vikki-PC.000\AppData\Local\Windows Live Writer
2014-10-20 21:27:08 -------- d-----w- C:\Users\Ronnie.Vikki-PC.000\AppData\Local\Avg
2014-10-20 21:27:05 -------- d-----w- C:\ProgramData\AVG2015
2014-10-17 19:07:44 98216 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-10-16 20:20:57 3198976 ----a-w- C:\Windows\System32\win32k.sys
2014-10-16 20:20:36 81560 ----a-w- C:\Windows\SysWow64\mscories.dll
2014-10-16 20:20:36 73880 ----a-w- C:\Windows\System32\mscories.dll
2014-10-16 20:20:36 1943696 ----a-w- C:\Windows\System32\dfshim.dll
2014-10-16 20:20:36 156824 ----a-w- C:\Windows\SysWow64\mscorier.dll
2014-10-16 20:20:36 156312 ----a-w- C:\Windows\System32\mscorier.dll
2014-10-16 20:20:36 1131664 ----a-w- C:\Windows\SysWow64\dfshim.dll
2014-10-16 20:20:18 276480 ----a-w- C:\Windows\System32\generaltel.dll
2014-10-16 20:20:17 507392 ----a-w- C:\Windows\System32\aepdu.dll
2014-10-16 20:20:17 424448 ----a-w- C:\Windows\System32\aeinv.dll
2014-10-16 20:13:54 6584320 ----a-w- C:\Windows\System32\mstscax.dll
2014-10-16 20:13:53 77312 ----a-w- C:\Windows\System32\packager.dll
2014-10-16 20:13:53 5703168 ----a-w- C:\Windows\SysWow64\mstscax.dll
2014-10-16 20:13:52 67072 ----a-w- C:\Windows\SysWow64\packager.dll
2014-10-15 17:01:57 -------- d-----w- C:\Users\Ronnie.Vikki-PC.000\AppData\Local\Microsoft Games
2014-10-12 17:26:24 -------- d-----w- C:\Users\Ronnie.Vikki-PC.000\AppData\Roaming\iFunbox_UserCache
2014-10-12 17:12:32 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-10-12 17:09:56 -------- d-----w- C:\Program Files (x86)\iMobie
2014-10-10 15:14:32 274200 ----a-w- C:\Windows\System32\drivers\avgtdia.sys
.
==================== Find3M  ====================
.
2014-11-04 14:30:58 275080 ------w- C:\Windows\System32\MpSigStub.exe
2014-10-07 21:43:06 262424 ----a-w- C:\Windows\System32\drivers\avgidsdrivera.sys
2014-10-05 21:41:40 124184 ----a-w- C:\Windows\System32\drivers\avgmfx64.sys
2014-09-25 22:32:04 2017280 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-09-25 22:31:02 2108416 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-09-25 02:08:38 371712 ----a-w- C:\Windows\System32\qdvd.dll
2014-09-25 01:40:50 519680 ----a-w- C:\Windows\SysWow64\qdvd.dll
2014-09-24 09:04:09 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-09-24 09:04:09 701104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-09-24 09:04:04 3675824 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2014-09-19 01:56:02 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-09-19 01:55:49 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-09-19 01:40:43 66048 ----a-w- C:\Windows\System32\iesetup.dll
2014-09-19 01:40:03 547328 ----a-w- C:\Windows\System32\vbscript.dll
2014-09-19 01:39:58 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-09-19 01:38:27 83968 ----a-w- C:\Windows\System32\MshtmlDac.dll
2014-09-19 01:36:57 5829632 ----a-w- C:\Windows\System32\jscript9.dll
2014-09-19 01:26:00 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-09-19 01:25:49 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-09-19 01:25:12 4201472 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-09-19 01:25:09 758272 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-09-19 01:18:02 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-09-19 01:14:57 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-09-19 01:06:47 72704 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-09-19 01:02:07 454656 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-09-19 01:01:47 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-09-19 01:01:03 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-09-19 00:59:40 61952 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2014-09-19 00:50:16 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-09-19 00:49:31 597504 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-09-19 00:40:12 1249280 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2014-09-19 00:36:23 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-09-19 00:33:18 2309632 ----a-w- C:\Windows\System32\wininet.dll
2014-09-19 00:18:55 1068032 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2014-09-18 23:59:11 1810944 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-09-18 02:00:42 3241472 ----a-w- C:\Windows\System32\msi.dll
2014-09-18 01:32:52 2363904 ----a-w- C:\Windows\SysWow64\msi.dll
2014-09-09 22:11:04 2048 ----a-w- C:\Windows\System32\tzres.dll
2014-09-09 21:47:10 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2014-09-04 05:23:20 424448 ----a-w- C:\Windows\System32\rastls.dll
2014-09-04 05:04:15 372736 ----a-w- C:\Windows\SysWow64\rastls.dll
2014-08-29 02:07:13 3179520 ----a-w- C:\Windows\System32\rdpcorets.dll
2014-08-28 21:47:24 243480 ----a-w- C:\Windows\System32\drivers\avgldx64.sys
2014-08-28 18:06:45 111016 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll
2014-08-23 02:07:00 404480 ----a-w- C:\Windows\System32\gdi32.dll
2014-08-23 01:45:55 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll
.
============= FINISH: 20:26:29.54 ===============
 
 
Thanks in advance :)

Attached Files



BC AdBot (Login to Remove)

 


m

#2 shelf life

shelf life

  • Malware Response Team
  • 2,646 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:08:15 AM

Posted 10 November 2014 - 06:03 PM

Hi FranMar67

 

Your post is two days old. If you still need help-- download, run and post a FRST log and we will go from there and see whats going on.

 

Please download Farbar Recovery Scan Tool and save it to your Desktop.
 
http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/
 
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system, download both of them and try to run them. Only one of them will run on your system, that will be the right version. Looks like you can get the 64 bit version.
 
    Right-click FRST then click "Run as administrator" (XP users: click run after receipt of Windows Security Warning - Open File).
    When the tool opens
    click Yes to disclaimer.
    Press the Scan button.
    When finished, it will produce a log called FRST.txt in the same directory the tool was run from.
    Please copy and paste the log in your next reply.
 
The first time the tool is run it generates another log (Addition.txt - also located in the same directory the tool was run from). Please also paste that, along with the FRST.txt into your next reply.

 

Get this also:

Download
http://www.bleepingcomputer.com/download/minitoolbox/dl/65/
 
Checkmark following boxes:
 
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings

Click Go and post the result.


How Can I Reduce My Risk to Malware?


#3 FranMar67

FranMar67
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:15 PM

Posted 11 November 2014 - 08:49 AM

Hi. 

 

Thanks for your reply

 

Here are the logs.

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-11-2014
Ran by Ronnie (administrator) on VIKKI-PC on 11-11-2014 13:45:37
Running from C:\Users\Ronnie.Vikki-PC.000\Downloads
Loaded Profile: Ronnie (Available profiles: Vikki & Ronnie)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgrsa.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Nero AG) C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Nero AG) C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Nero AG) C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10920552 2010-06-22] (Realtek Semiconductor)
HKLM\...\Run: [mwlDaemon] => C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe [349552 2010-05-27] (Egis Technology Inc.)
HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [861216 2010-06-11] (Acer Incorporated)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1890088 2009-12-10] (Synaptics Incorporated)
HKLM-x32\...\Run: [SuiteTray] => C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [337264 2010-05-27] (Egis Technology Inc.)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [975952 2010-08-10] (Dritek System Inc.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2010-04-13] (Intel Corporation)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [EgisUpdate] => C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe [201584 2010-03-11] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisTecPMMUpdate] => C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe [407920 2010-03-11] (Egis Technology Inc.)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [665424 2008-12-04] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe [265984 2010-06-28] (NewTech Infosystems, Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [946352 2012-12-18] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3649040 2014-10-16] (AVG Technologies CZ, s.r.o.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-173961651-2804765292-983070366-1006\...\Run: [EPSON SX110 Series] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFBE.EXE [223232 2008-09-26] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-173961651-2804765292-983070366-1006\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3673184 2013-07-03] (Disc Soft Ltd)
HKU\S-1-5-21-173961651-2804765292-983070366-1006\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] => C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe [153136 2007-03-12] (Nero AG)
HKU\S-1-5-21-173961651-2804765292-983070366-1006\...\MountPoints2: F - F:\wubi.exe
Startup: C:\Users\Ronnie.Vikki-PC.000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SynTPEnh.exe.lnk
ShortcutTarget: SynTPEnh.exe.lnk -> C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics Incorporated)
ShellIconOverlayIdentifiers: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec MyWinLocker\x64\psdprotect.dll (Egis Technology Inc.)
ShellIconOverlayIdentifiers-x32: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec MyWinLocker\x86\psdprotect.dll (Egis Technology Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
ProxyServer: http=localhost:8118;https=localhost:8118;ftp=localhost:8118;socks=localhost:9050
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://acer.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com
SearchScopes: HKCU - DefaultScope {E493B72B-4AF8-4FBF-ADCC-619DE87E7146} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - {E493B72B-4AF8-4FBF-ADCC-619DE87E7146} URL = https://www.google.com/search?q={searchTerms}
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll (Adblock Plus)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll (Adblock Plus)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @garmin.com/GpsControl -> C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @garmin.com/GpsControl -> C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
Chrome: 
=======
CHR Profile: C:\Users\Ronnie.Vikki-PC.000\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Ronnie.Vikki-PC.000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-11-02]
CHR Extension: (Google Docs) - C:\Users\Ronnie.Vikki-PC.000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-11-02]
CHR Extension: (Google Drive) - C:\Users\Ronnie.Vikki-PC.000\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-11-02]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Ronnie.Vikki-PC.000\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-11-02]
CHR Extension: (YouTube) - C:\Users\Ronnie.Vikki-PC.000\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-11-02]
CHR Extension: (Google Search) - C:\Users\Ronnie.Vikki-PC.000\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-11-02]
CHR Extension: (AVG Do Not Track) - C:\Users\Ronnie.Vikki-PC.000\AppData\Local\Google\Chrome\User Data\Default\Extensions\epojjbofkhffmihobdncmbhdocjljhpi [2014-11-02]
CHR Extension: (Google Sheets) - C:\Users\Ronnie.Vikki-PC.000\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-11-02]
CHR Extension: (AdBlock) - C:\Users\Ronnie.Vikki-PC.000\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-11-02]
CHR Extension: (Google Wallet) - C:\Users\Ronnie.Vikki-PC.000\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-11-02]
CHR Extension: (Gmail) - C:\Users\Ronnie.Vikki-PC.000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-11-02]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3487248 2014-10-16] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [298080 2014-10-16] (AVG Technologies CZ, s.r.o.)
S3 MWLService; C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [305520 2010-05-27] (Egis Technology Inc.)
R3 NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [271920 2007-03-12] (Nero AG)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [262424 2014-10-07] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [190744 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [243480 2014-08-28] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [313624 2014-07-18] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [124184 2014-10-05] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [274200 2014-10-10] (AVG Technologies CZ, s.r.o.)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2013-07-24] (Disc Soft Ltd)
S3 ggsomc; C:\Windows\System32\DRIVERS\ggsomc.sys [30424 2014-08-07] (Sony Mobile Communications)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-11-07] (Malwarebytes Corporation)
R3 seehcri; C:\Windows\System32\DRIVERS\seehcri.sys [34032 2014-08-07] (Sony Ericsson Mobile Communications)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-11-11 13:45 - 2014-11-11 13:46 - 00017183 _____ () C:\Users\Ronnie.Vikki-PC.000\Downloads\FRST.txt
2014-11-11 13:45 - 2014-11-11 13:45 - 00000000 ____D () C:\FRST
2014-11-11 13:44 - 2014-11-11 13:44 - 02116096 _____ (Farbar) C:\Users\Ronnie.Vikki-PC.000\Downloads\FRST64.exe
2014-11-07 20:25 - 2014-11-07 20:25 - 00688992 ____R (Swearware) C:\Users\Ronnie.Vikki-PC.000\Downloads\dds.com
2014-11-07 19:04 - 2014-11-11 09:59 - 00000448 _____ () C:\Windows\setupact.log
2014-11-07 19:04 - 2014-11-07 19:04 - 00000000 _____ () C:\Windows\setuperr.log
2014-11-07 18:51 - 2014-11-07 18:51 - 00000000 ____D () C:\Users\Ronnie.Vikki-PC.000\AppData\Roaming\AVG2015
2014-11-07 18:50 - 2014-11-07 18:50 - 00000969 _____ () C:\Users\Public\Desktop\AVG 2015.lnk
2014-11-07 18:50 - 2014-11-07 18:50 - 00000000 ___HD () C:\$AVG
2014-11-07 18:50 - 2014-11-07 18:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-11-07 18:50 - 2014-11-07 18:50 - 00000000 ____D () C:\Program Files (x86)\AVG
2014-11-07 18:48 - 2014-11-07 19:04 - 00000000 ____D () C:\Users\Ronnie.Vikki-PC.000\AppData\Local\Avg2015
2014-11-07 18:48 - 2014-11-07 18:48 - 04637504 _____ (AVG Technologies) C:\Users\Ronnie.Vikki-PC.000\Downloads\avg_free_stb_all_2015_5557_cnet.exe
2014-11-05 14:46 - 2014-11-05 14:46 - 02347384 _____ (ESET) C:\Users\Ronnie.Vikki-PC.000\Downloads\esetsmartinstaller_enu.exe
2014-11-05 14:46 - 2014-11-05 14:46 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-11-04 19:36 - 2014-11-07 20:01 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-04 19:36 - 2014-11-07 20:01 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-11-04 19:36 - 2014-11-04 19:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-11-04 19:36 - 2014-11-04 19:36 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-11-04 19:36 - 2014-11-04 19:36 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-11-04 19:36 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-11-04 19:36 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-11-04 19:31 - 2014-11-04 19:31 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\Vikki\Downloads\mbam-setup-2.0.3.1025.exe
2014-11-04 19:27 - 2014-11-04 19:27 - 04637504 _____ (AVG Technologies) C:\Users\Vikki\Downloads\avg_free_stb_all_2015_5557_cnet.exe
2014-11-02 13:37 - 2014-11-02 13:37 - 00002259 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-11-02 13:37 - 2014-11-02 13:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-11-02 13:36 - 2014-11-11 13:41 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-02 13:36 - 2014-11-11 13:41 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-02 13:36 - 2014-11-02 13:36 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-11-02 13:36 - 2014-11-02 13:36 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-11-02 13:36 - 2014-11-02 13:36 - 00000000 ____D () C:\Users\Ronnie.Vikki-PC.000\AppData\Local\Deployment
2014-11-02 13:36 - 2014-11-02 13:36 - 00000000 ____D () C:\Users\Ronnie.Vikki-PC.000\AppData\Local\Apps\2.0
2014-11-02 13:18 - 2014-11-02 13:18 - 00037624 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2014-11-02 13:18 - 2014-11-02 13:18 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-11-02 12:59 - 2014-11-11 13:42 - 00213373 _____ () C:\Windows\WindowsUpdate.log
2014-11-02 12:24 - 2014-11-04 19:56 - 00000000 ____D () C:\ProgramData\MuciYijl
2014-11-02 12:24 - 2014-11-04 19:56 - 00000000 ____D () C:\ProgramData\JilujEsqoz
2014-11-02 12:24 - 2014-11-02 12:24 - 00000120 _____ () C:\Windows\SysWOW64\Ä
2014-11-02 12:08 - 2014-11-02 12:08 - 00375251 _____ () C:\Users\Ronnie.Vikki-PC.000\AppData\Local\cvntlukj.log
2014-11-02 12:08 - 2014-11-02 12:08 - 00002737 _____ () C:\Users\Ronnie.Vikki-PC.000\AppData\Local\aatayvgg.log
2014-11-02 12:08 - 2014-11-02 12:08 - 00001143 _____ () C:\Users\Ronnie.Vikki-PC.000\AppData\Local\gihhceny.log
2014-11-02 12:08 - 2014-11-02 12:08 - 00000217 _____ () C:\Users\Ronnie.Vikki-PC.000\AppData\Local\ghdjnekh.log
2014-11-02 12:05 - 2014-11-02 12:11 - 00000000 ____D () C:\Users\Ronnie.Vikki-PC.000\AppData\Local\qqhwuvpg
2014-11-02 12:05 - 2014-11-02 12:08 - 00000028 _____ () C:\Users\Ronnie.Vikki-PC.000\AppData\Local\swemddcy.log
2014-11-02 12:05 - 2014-11-02 12:05 - 00595440 _____ () C:\Users\Ronnie.Vikki-PC.000\AppData\Local\tniayajv.log
2014-11-02 12:05 - 2014-11-02 12:05 - 00000064 _____ () C:\ProgramData\gxmhbrja.log
2014-11-02 12:05 - 2014-11-02 12:05 - 00000054 _____ () C:\Users\Ronnie.Vikki-PC.000\AppData\Local\stqqhyok.log
2014-11-02 12:05 - 2014-11-02 12:05 - 00000000 ____D () C:\ProgramData\Windows Genuine Advantage
2014-11-02 12:05 - 2014-11-02 12:05 - 00000000 _____ () C:\Users\Ronnie.Vikki-PC.000\AppData\Local\wknnvlen.log
2014-11-02 12:05 - 2014-11-02 12:05 - 00000000 _____ () C:\Users\Ronnie.Vikki-PC.000\AppData\Local\owhlrals.log
2014-10-31 10:36 - 2014-10-31 10:37 - 00000000 ____D () C:\Users\Ronnie.Vikki-PC.000\AppData\Local\Windows Live Writer
2014-10-31 10:36 - 2014-10-31 10:36 - 00000000 ____D () C:\Users\Ronnie.Vikki-PC.000\AppData\Roaming\Windows Live Writer
2014-10-29 15:27 - 2014-10-29 15:27 - 00000000 ____D () C:\Windows\System32\Tasks\Games
2014-10-29 15:08 - 2014-10-29 15:08 - 00000000 ____D () C:\Users\Ronnie.Vikki-PC.000\Documents\refaorosalyn
2014-10-29 14:17 - 2014-10-29 14:17 - 00291983 _____ () C:\Users\Ronnie.Vikki-PC.000\Documents\refaorosalyn.zip
2014-10-20 21:27 - 2014-11-07 18:51 - 00000000 ____D () C:\ProgramData\AVG2015
2014-10-20 21:27 - 2014-10-20 21:27 - 00000000 ____D () C:\Users\Ronnie.Vikki-PC.000\AppData\Local\Avg
2014-10-17 19:07 - 2014-10-17 19:07 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-10-17 19:07 - 2014-10-17 19:07 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-10-17 19:07 - 2014-10-17 19:07 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-10-17 19:07 - 2014-10-17 19:07 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-10-17 19:07 - 2014-10-17 19:07 - 00000000 ____D () C:\Program Files (x86)\Java
2014-10-16 20:21 - 2014-10-07 02:54 - 00378552 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-10-16 20:21 - 2014-10-07 02:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-10-16 20:21 - 2014-09-25 22:50 - 13619200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-16 20:21 - 2014-09-25 22:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-10-16 20:21 - 2014-09-25 22:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-10-16 20:21 - 2014-09-25 22:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-10-16 20:21 - 2014-09-25 22:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-10-16 20:21 - 2014-09-25 22:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-10-16 20:21 - 2014-09-25 22:31 - 02108416 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-16 20:21 - 2014-09-19 02:25 - 23631360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-16 20:21 - 2014-09-19 01:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-16 20:21 - 2014-09-19 01:55 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-10-16 20:21 - 2014-09-19 01:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-10-16 20:21 - 2014-09-19 01:41 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-16 20:21 - 2014-09-19 01:40 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-16 20:21 - 2014-09-19 01:40 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-10-16 20:21 - 2014-09-19 01:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-10-16 20:21 - 2014-09-19 01:38 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-10-16 20:21 - 2014-09-19 01:36 - 05829632 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-16 20:21 - 2014-09-19 01:31 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-16 20:21 - 2014-09-19 01:30 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-10-16 20:21 - 2014-09-19 01:27 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-16 20:21 - 2014-09-19 01:26 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-10-16 20:21 - 2014-09-19 01:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-10-16 20:21 - 2014-09-19 01:25 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-10-16 20:21 - 2014-09-19 01:25 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-10-16 20:21 - 2014-09-19 01:18 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-10-16 20:21 - 2014-09-19 01:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-10-16 20:21 - 2014-09-19 01:14 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-16 20:21 - 2014-09-19 01:06 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-10-16 20:21 - 2014-09-19 01:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-10-16 20:21 - 2014-09-19 01:01 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-10-16 20:21 - 2014-09-19 01:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-10-16 20:21 - 2014-09-19 01:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-10-16 20:21 - 2014-09-19 01:00 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-16 20:21 - 2014-09-19 00:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-10-16 20:21 - 2014-09-19 00:58 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-16 20:21 - 2014-09-19 00:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-10-16 20:21 - 2014-09-19 00:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-10-16 20:21 - 2014-09-19 00:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-10-16 20:21 - 2014-09-19 00:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-10-16 20:21 - 2014-09-19 00:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-10-16 20:21 - 2014-09-19 00:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-10-16 20:21 - 2014-09-19 00:42 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-16 20:21 - 2014-09-19 00:42 - 00710656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-10-16 20:21 - 2014-09-19 00:40 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-10-16 20:21 - 2014-09-19 00:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-10-16 20:21 - 2014-09-19 00:33 - 02309632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-16 20:21 - 2014-09-19 00:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-10-16 20:21 - 2014-09-19 00:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-10-16 20:21 - 2014-09-19 00:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-10-16 20:21 - 2014-09-19 00:14 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-16 20:21 - 2014-09-18 23:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-10-16 20:21 - 2014-09-18 23:59 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-10-16 20:21 - 2014-09-18 23:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-10-16 20:21 - 2014-09-18 23:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-10-16 20:20 - 2014-10-10 02:05 - 00507392 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-10-16 20:20 - 2014-10-10 02:05 - 00276480 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-10-16 20:20 - 2014-10-10 02:00 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-10-16 20:20 - 2014-09-29 00:58 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-16 20:20 - 2014-06-18 22:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-16 20:20 - 2014-06-18 22:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2014-10-16 20:20 - 2014-06-18 22:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2014-10-16 20:20 - 2014-06-18 22:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-16 20:20 - 2014-06-18 22:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2014-10-16 20:20 - 2014-06-18 22:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-16 20:14 - 2014-09-18 02:00 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-10-16 20:14 - 2014-09-18 01:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-10-16 20:14 - 2014-09-04 05:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-16 20:14 - 2014-09-04 05:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2014-10-16 20:14 - 2014-08-29 02:07 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-10-16 20:14 - 2014-07-17 02:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-10-16 20:14 - 2014-07-17 02:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-10-16 20:14 - 2014-07-17 02:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-10-16 20:14 - 2014-07-17 02:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-10-16 20:14 - 2014-07-17 02:07 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-10-16 20:14 - 2014-07-17 02:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-10-16 20:14 - 2014-07-17 01:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2014-10-16 20:14 - 2014-07-17 01:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-10-16 20:14 - 2014-07-17 01:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-10-16 20:14 - 2014-07-17 01:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-10-16 20:14 - 2014-07-17 01:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-10-16 20:13 - 2014-09-13 01:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-16 20:13 - 2014-09-13 01:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-10-16 20:13 - 2014-09-05 02:11 - 06584320 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-10-16 20:13 - 2014-09-05 01:52 - 05703168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-10-15 17:01 - 2014-10-15 18:57 - 00000000 ____D () C:\Users\Ronnie.Vikki-PC.000\AppData\Local\Microsoft Games
2014-10-15 16:58 - 2014-10-15 16:58 - 00000000 ____D () C:\Users\Ronnie.Vikki-PC.000\AppData\Roaming\PlayFirst
2014-10-12 17:26 - 2014-10-12 17:26 - 00000000 ____D () C:\Users\Ronnie.Vikki-PC.000\AppData\Roaming\iFunbox_UserCache
2014-10-12 17:25 - 2014-10-12 17:26 - 18156869 _____ ( ) C:\Users\Ronnie.Vikki-PC.000\Downloads\ifunbox_setup.exe
2014-10-12 17:22 - 2014-10-12 17:22 - 06987152 _____ (iMobie Inc. ) C:\Users\Ronnie.Vikki-PC.000\Downloads\phoneclean-setup (4).exe
2014-10-12 17:14 - 2014-10-12 17:14 - 06987152 _____ (iMobie Inc. ) C:\Users\Ronnie.Vikki-PC.000\Downloads\phoneclean-setup (3).exe
2014-10-12 17:12 - 2014-10-12 17:40 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-10-12 17:09 - 2014-10-12 17:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iMobie
2014-10-12 17:09 - 2014-10-12 17:41 - 00000000 ____D () C:\Program Files (x86)\iMobie
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-11-11 13:04 - 2013-03-04 12:22 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-11 10:31 - 2009-07-14 05:13 - 00782470 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-11 10:06 - 2009-07-14 04:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-11 10:06 - 2009-07-14 04:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-11 10:04 - 2011-06-06 12:13 - 00000000 ____D () C:\ProgramData\MFAData
2014-11-11 09:59 - 2009-07-14 05:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-04 19:57 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\Help
2014-11-04 14:30 - 2013-03-02 12:04 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-11-02 13:37 - 2013-03-04 17:24 - 00000000 ____D () C:\Users\Ronnie.Vikki-PC.000\AppData\Local\Google
2014-11-02 13:37 - 2012-09-11 18:32 - 00000000 ____D () C:\Program Files (x86)\Google
2014-11-02 12:40 - 2013-10-28 21:59 - 00000000 ____D () C:\Users\Ronnie.Vikki-PC.000\AppData\Roaming\Azureus
2014-10-31 10:36 - 2014-08-05 12:58 - 00000000 ____D () C:\Users\Ronnie.Vikki-PC.000\AppData\Local\Windows Live
2014-10-29 13:52 - 2014-05-20 16:04 - 00000000 ____D () C:\Program Files\Speccy
2014-10-20 21:49 - 2013-10-05 09:16 - 00000000 ____D () C:\ProgramData\AVG2014
2014-10-17 19:08 - 2013-10-17 21:09 - 00000000 ____D () C:\ProgramData\Oracle
2014-10-17 18:32 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\rescache
2014-10-16 21:59 - 2014-04-30 21:07 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-10-16 21:40 - 2009-07-14 04:45 - 00410928 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-16 21:34 - 2011-06-06 12:19 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-10-16 21:31 - 2013-07-24 21:18 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-16 21:25 - 2013-03-04 13:05 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-10-15 17:00 - 2011-01-16 16:42 - 00000000 ____D () C:\ProgramData\Temp
 
Some content of TEMP:
====================
C:\Users\Vikki\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
C:\Users\Vikki\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\Vikki\AppData\Local\Temp\MSNAB9C.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-11-05 15:07
 
==================== End Of Log ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 10-11-2014
Ran by Ronnie at 2014-11-11 13:46:31
Running from C:\Users\Ronnie.Vikki-PC.000\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: McAfee VirusScan (Disabled - Up to date) {86355677-4064-3EA7-ABB3-1B136EB04637}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee VirusScan (Disabled - Up to date) {3D54B793-665E-3129-9103-206115370C8A}
AS: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}
FW: McAfee Personal Firewall (Disabled) {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
ABBYY FineReader 6.0 Sprint (HKLM-x32\...\{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}) (Version: 6.00.1395.4512 - ABBYY Software House)
Acer Backup Manager (HKLM-x32\...\InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}) (Version: 2.0.0.68 - NewTech Infosystems)
Acer Crystal Eye webcam (HKLM-x32\...\{51F026FA-5146-4232-A8BA-1364740BD053}) (Version: 1.0.4.5 - Liteon)
Acer ePower Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 5.00.3005 - Acer Incorporated)
Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3013 - Acer Incorporated)
Acer GameZone Console (HKLM-x32\...\{58F4D244-314F-4D26-B5EF-C28AB32E22CB}_is1) (Version: 6.1.0.9 - Oberon Media, Inc.)
Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.03.3003 - Acer Incorporated)
Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.1.0707.2010 - Acer Incorporated)
Acer Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.02.3502 - Acer Incorporated)
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adblock Plus for IE (32-bit and 64-bit) (HKLM\...\{5CEBB0CE-1783-40C2-A7E1-02EE705820F0}) (Version: 1.0 - Eyeo GmbH)
Adblock Plus for IE (HKLM-x32\...\{1ce01891-839b-4ad1-b629-2e608ba0c6ba}) (Version: 1.0 - )
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.5.0.880 - Adobe Systems Incorporated)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.02) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.02 - Adobe Systems Incorporated)
Airport Mania First Flight (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11505173}) (Version:  - Oberon Media)
Amazonia (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11273477}) (Version:  - Oberon Media)
Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{B678797F-DF38-4556-8A31-8B818E261868}) (Version: 8.0.0.23 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AVG 2015 (HKLM\...\AVG) (Version: 2015.0.5557 - AVG Technologies)
AVG 2015 (Version: 15.0.4213 - AVG Technologies) Hidden
AVG 2015 (Version: 15.0.5557 - AVG Technologies) Hidden
Backup Manager Basic (x32 Version: 2.0.0.68 - NewTech Infosystems) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Broadcom 802.11 Network Adapter (HKLM\...\Broadcom 802.11 Network Adapter) (Version: 5.100.82.95 - Broadcom Corporation)
Broadcom Gigabit NetLink Controller (HKLM\...\{A84DB02B-9C2B-4272-9D2D-A80E00A56513}) (Version: 14.0.2.3 - Broadcom Corporation)
Cake Mania (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}) (Version:  - Oberon Media)
CCleaner (HKLM\...\CCleaner) (Version: 4.14 - Piriform)
Cisco EAP-FAST Module (x32 Version: 2.2.14 - Cisco Systems, Inc.) Hidden
Cisco LEAP Module (x32 Version: 1.0.19 - Cisco Systems, Inc.) Hidden
Cisco PEAP Module (x32 Version: 1.1.6 - Cisco Systems, Inc.) Hidden
ConvertXtoDVD 4.1.2.336 (HKLM-x32\...\{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1) (Version: 4.1.2.336 - )
CyberLink PowerDVD 9 (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.0.3216.50 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.47.1.0335 - Disc Soft Ltd)
Defraggler (HKLM\...\Defraggler) (Version: 2.17 - Piriform)
DomaIQ (HKLM-x32\...\DomaIQ Uninstaller) (Version:  - Tuguu SLU) <==== ATTENTION
Dream Day First Home (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}) (Version:  - Oberon Media)
eBay Worldwide (HKLM-x32\...\{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}) (Version: 2.1.0901 - OEM)
Epson Easy Photo Print 2 (HKLM-x32\...\{87C2248A-C7DD-49ED-9BCD-B312A9D0819E}) (Version: 2.1.0.0 - SEIKO EPSON CORPORATION)
Epson Event Manager (HKLM-x32\...\{48F22622-1CC2-4A83-9C1E-644DD96F832D}) (Version: 2.20.00 - SEIKO EPSON Corporation)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - )
Epson Stylus SX110_TX110 Manual (HKLM-x32\...\Epson Stylus SX110_TX110 User’s Guide) (Version:  - )
EPSON SX110 Series Printer Uninstall (HKLM\...\EPSON SX110 Series) (Version:  - SEIKO EPSON Corporation)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
eSobi v2 (HKLM-x32\...\InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}) (Version: 2.0.4.000274 - esobi Inc.)
eSobi v2 (x32 Version: 2.0.4.000274 - esobi Inc.) Hidden
Farm Frenzy 2 (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11531173}) (Version:  - Oberon Media)
Galapago (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}) (Version:  - Oberon Media)
Garmin Communicator Plugin (HKLM-x32\...\{71DBFBF2-F7EB-4268-8485-9471D83C4E66}) (Version: 4.2.0 - Garmin Ltd or its subsidiaries)
Garmin Communicator Plugin x64 (HKLM\...\{70A381F1-C161-4D61-A20C-BE12FC6777DF}) (Version: 4.2.0 - Garmin Ltd or its subsidiaries)
Garmin USB Drivers (HKLM-x32\...\{3D5D6CFC-3097-425A-8D8F-7EAF5D57641D}) (Version: 2.3.1.0 - Garmin Ltd or its subsidiaries)
Garmin WebUpdater (HKLM-x32\...\{AE1EC58E-B2AC-4959-A4C2-C38202A25239}) (Version: 2.5.6 - Garmin Ltd or its subsidiaries)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 38.0.2125.111 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.5 - Google Inc.) Hidden
Heroes of Hellas (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113786380}) (Version:  - Oberon Media)
HTC BMP USB Driver (HKLM-x32\...\{31A559C1-9E4D-423B-9DD3-34A6C5398752}) (Version: 1.0.5375 - HTC)
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3003 - Acer Incorporated)
Image Analyzer (HKLM-x32\...\Image Analyzer) (Version:  - )
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2993 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.2.1001 - Intel Corporation)
iscsicli (HKLM\...\{f48a0c57-7c48-461c-9957-ab255ddc986e}.sdb) (Version:  - )
Java 7 Update 67 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417067FF}) (Version: 7.0.670 - Oracle)
Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Launch Manager (HKLM-x32\...\LManager) (Version: 4.0.14 - Acer Inc.)
Logitech Touch Mouse Server 1.0 (HKLM-x32\...\Logitech Touch Mouse Server) (Version: 1.0 - Logitech Inc.)
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Merriam Websters Spell Jam (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112662477}) (Version:  - Oberon Media)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MyWinLocker (x32 Version: 3.1.212.0 - Egis Technology Inc.) Hidden
MyWinLocker Suite (HKLM-x32\...\InstallShield_{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}) (Version: 3.1.212.0 - Egis Technology Inc.)
MyWinLocker Suite (x32 Version: 3.1.212.0 - Egis Technology Inc.) Hidden
Nero 7 Ultra Edition (HKLM-x32\...\{B8D98EC5-48BF-4811-AAFE-F343875F1033}) (Version: 7.02.6476 - Nero AG)
NTI Media Maker 9 (HKLM-x32\...\InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}) (Version: 9.0.2.8939 - NTI Corporation)
NTI Media Maker 9 (x32 Version: 9.0.2.8939 - NTI Corporation) Hidden
Poker Pop (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111355427}) (Version:  - Oberon Media)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6141 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30122 - Realtek Semiconductor Corp.)
Shredder (Version: 2.0.8.3 - Egis Technology Inc.) Hidden
Shredder (x32 Version: 2.0.8.3 - Egis Technology Inc.) Hidden
Sony Mobile Update Engine (HKLM-x32\...\Update Engine) (Version: 2.14.11.201408051401 - Sony Mobile Communications AB)
Sony PC Companion 2.10.211 (HKLM-x32\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.211 - Sony)
SopCast 3.8.3 (HKLM-x32\...\SopCast) (Version: 3.8.3 - www.sopcast.com)
Speccy (HKLM\...\Speccy) (Version: 1.26 - Piriform)
Spin & Win (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110300453}) (Version:  - Oberon Media)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 14.0.19.0 - Synaptics Incorporated)
System Requirements Lab CYRI (HKLM-x32\...\{F3FCB08B-E752-444D-86A0-0634A4F3B23D}) (Version: 6.0.8.0 - Husdawg, LLC)
System Requirements Lab for Intel (HKLM-x32\...\{1EBDF6D2-CEA0-484C-A23E-2DDAD7FD0DD0}) (Version: 4.5.22.0 - Husdawg, LLC)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
Vuze (HKLM-x32\...\8461-7759-5462-8226) (Version: 5.4.0.0 - Azureus Software, Inc.)
Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.02.3004 - Acer Incorporated)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (04/19/2012 2.3.1.0) (HKLM\...\98157A226B40B173301B0F53C8E98C47805D5152) (Version: 04/19/2012 2.3.1.0 - Garmin)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{B10914FD-8812-47A4-85A1-50FCDE7F1F33}) (Version: 14.0.8117.416 - Microsoft Corporation)
WinRAR 5.11 beta 1 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.11.1 - win.rar GmbH)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
 
==================== Restore Points  =========================
 
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 02:34 - 2009-06-10 21:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {543AAA9A-0270-4F61-BE63-7324E568656C} - System32\Tasks\UALU notificatin => C:\Program Files\Acer\Acer Updater\UALU.exe [2012-04-05] (Acer Incorporated)
Task: {59BFF57A-1B04-4F06-BA09-A5E9B8149419} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-05-20] (Piriform Ltd)
Task: {5D723A88-5336-47FA-A9D8-9B67761EFB6F} - System32\Tasks\Games\UpdateCheck_S-1-5-21-173961651-2804765292-983070366-1006
Task: {751C1D87-9C4C-46F0-A217-20C8E58441CB} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-02] (Google Inc.)
Task: {838FB763-7A75-4F3F-9B95-2886DAB0AD3D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-24] (Adobe Systems Incorporated)
Task: {F47E5ED7-D74E-4539-8D15-83DA165CFA96} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-02] (Google Inc.)
Task: {FB39166F-D5A8-49B3-8D4D-5BBFF3FF7F25} - System32\Tasks\0 => Iexplore.exe  <==== ATTENTION
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2012-01-10 21:12 - 2012-01-10 21:12 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-07-31 11:16 - 2014-07-31 11:16 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-07-31 11:16 - 2014-07-31 11:16 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2010-06-28 22:20 - 2010-06-28 22:20 - 00465576 _____ () C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll
2010-06-28 22:12 - 2010-06-28 22:12 - 01081600 _____ () C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\ACE.dll
2010-08-30 09:45 - 2009-05-20 06:02 - 00072200 _____ () C:\Program Files (x86)\Launch Manager\CdDirIo.dll
2013-07-18 17:38 - 2008-12-03 13:05 - 00135168 ____N () C:\Program Files (x86)\Epson Software\Event Manager\Assistants\Scan Assistant\ScanEngine.dll
2013-07-18 17:38 - 2008-11-26 09:56 - 00057344 ____N () C:\Program Files (x86)\Epson Software\Event Manager\Assistants\Scan Assistant\Satwain.dll
2014-11-02 13:37 - 2014-10-22 04:04 - 01042760 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\libglesv2.dll
2014-11-02 13:37 - 2014-10-22 04:04 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\libegl.dll
2014-11-02 13:37 - 2014-10-22 04:04 - 08910664 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\pdf.dll
2014-11-02 13:37 - 2014-10-22 04:04 - 01681224 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\ffmpegsumo.dll
2014-10-17 09:19 - 2014-10-17 09:19 - 00170496 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\89753abff3827095ec7f3d3fb79f744a\IsdiInterop.ni.dll
2010-08-30 09:03 - 2010-04-13 16:52 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\ProgramData\Temp:0B9176C0
AlternateDataStreams: C:\ProgramData\Temp:1A60DE96
AlternateDataStreams: C:\ProgramData\Temp:5D7E5A8F
AlternateDataStreams: C:\ProgramData\Temp:93EB7685
AlternateDataStreams: C:\ProgramData\Temp:E36F5B57
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupreg: Global Registration => "C:\Program Files (x86)\Acer\Registration\GREG.exe" /boot
MSCONFIG\startupreg: Norton Online Backup => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-173961651-2804765292-983070366-500 - Administrator - Disabled)
Guest (S-1-5-21-173961651-2804765292-983070366-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-173961651-2804765292-983070366-1002 - Limited - Enabled)
Ronnie (S-1-5-21-173961651-2804765292-983070366-1006 - Administrator - Enabled) => C:\Users\Ronnie.Vikki-PC.000
Vikki (S-1-5-21-173961651-2804765292-983070366-1001 - Administrator - Enabled) => C:\Users\Vikki
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (11/11/2014 01:45:17 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error: (11/11/2014 11:33:33 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error: (11/10/2014 10:42:37 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error: (11/09/2014 11:23:48 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error: (11/08/2014 00:32:51 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error: (11/07/2014 09:09:35 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error: (11/07/2014 06:46:57 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error: (11/05/2014 03:08:46 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error: (11/05/2014 02:46:10 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error: (11/02/2014 00:28:49 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: avgidsagent.exe, version: 15.0.0.5315, time stamp: 0x5409c9e8
Faulting module name: avgidsagent.exe, version: 15.0.0.5315, time stamp: 0x5409c9e8
Exception code: 0xc0000005
Fault offset: 0x001635b9
Faulting process id: 0x66c
Faulting application start time: 0xavgidsagent.exe0
Faulting application path: avgidsagent.exe1
Faulting module path: avgidsagent.exe2
Report Id: avgidsagent.exe3
 
 
System errors:
=============
Error: (11/07/2014 07:02:29 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (11/07/2014 07:02:29 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (11/07/2014 07:02:29 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (11/07/2014 07:00:21 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (11/07/2014 07:00:21 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (11/07/2014 07:00:21 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (11/07/2014 07:00:13 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (11/07/2014 07:00:13 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (11/07/2014 07:00:13 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (11/07/2014 07:00:13 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
 
Microsoft Office Sessions:
=========================
 
CodeIntegrity Errors:
===================================
  Date: 2014-11-07 18:52:24.389
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\AVG\AVG2015\avghooka.dll because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i3 CPU M 380 @ 2.53GHz
Percentage of memory in use: 55%
Total physical RAM: 3766.71 MB
Available physical RAM: 1684.99 MB
Total Pagefile: 7531.6 MB
Available Pagefile: 4817.32 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
 
==================== Drives ================================
 
Drive c: (Acer) (Fixed) (Total:284.99 GB) (Free:224.47 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 46CC9B00)
Partition 1: (Not Active) - (Size=13 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=285 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================
 
MiniToolBox by Farbar  Version: 21-07-2014
Ran by Ronnie (administrator) on 11-11-2014 at 13:49:30
Running from "C:\Users\Ronnie.Vikki-PC.000\Downloads"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
ProxyServer: http=localhost:8118;https=localhost:8118;ftp=localhost:8118;socks=localhost:9050
 
"Reset IE Proxy Settings": IE Proxy Settings were reset.
 
**** End of log ****
 
 
Thanks for your time :)


#4 shelf life

shelf life

  • Malware Response Team
  • 2,646 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:08:15 AM

Posted 11 November 2014 - 07:02 PM

Thanks for the info. With Internet Explorer open go to the "gear" icon or Tools then internet options>connections>LAN Settings and under Proxy Server make sure theres no checkmark next to Use a Proxy server for... If there is uncheck it and click OK.

 

Looks likes there may be some adware/toolbar leftovers so lets run  Adwcleaner first and also JRT.exe. Both target adware/toolbars:

 

Please download Adwcleaner.exe to your desktop.
    Right click on AdwCleaner.exe, select "run as admin"
    Click on the Scan button
    Once the scan is done click on the Report button

    Copy/paste the report log in your reply

    Exit Adwcleaner with File>Exit.
    You can also find the logfile at C:\AdwCleaner[R1].txt as well

Not everything it finds by default is bad, so we will selectively pick what to remove and use the Clean button later.
   

Please download Junkware Removal Tool to your desktop.

http://thisisudax.org/downloads/JRT.exe

    Double click the icon or Right click for Vista/W7,8 and select Run as administrator
    The tool will open and start scanning.
    Please be patient as this can take a while to complete.
    On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    Post the contents of JRT.txt into your next message

 

Lets see what those dig up and we will go from there.


How Can I Reduce My Risk to Malware?


#5 FranMar67

FranMar67
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:15 PM

Posted 12 November 2014 - 01:51 PM

Hi. Thanks for your help

 

Here are the logs

 

# AdwCleaner v4.101 - Report created 12/11/2014 at 18:36:50
# Updated 09/11/2014 by Xplode
# Database : 2014-11-12.1 [Live]
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Ronnie - VIKKI-PC
# Running from : C:\Users\Ronnie.Vikki-PC.000\Downloads\AdwCleaner.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
File Found : C:\Users\Public\Desktop\eBay.lnk
Folder Found : C:\Program Files (x86)\AVG Secure Search
Folder Found : C:\Program Files (x86)\Common Files\AVG Secure Search
Folder Found : C:\Program Files\DomaIQ Uninstaller
Folder Found : C:\ProgramData\Ask
Folder Found : C:\ProgramData\AVG Secure Search
Folder Found : C:\ProgramData\Tarma Installer
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Found : HKCU\Software\AVG Nation toolbar
Key Found : [x64] HKCU\Software\AVG Nation toolbar
Key Found : HKLM\SOFTWARE\AVG Nation toolbar
Key Found : HKLM\SOFTWARE\AVG Security Toolbar
Key Found : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DomaIQ Uninstaller
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Key Found : [x64] HKLM\SOFTWARE\Tarma Installer
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17344
 
 
-\\ Google Chrome v38.0.2125.111
 
 
*************************
 
AdwCleaner[R0].txt - [1517 octets] - [12/11/2014 18:36:50]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [1577 octets] ##########
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.7 (11.08.2014:1)
OS: Windows 7 Home Premium x64
Ran by Ronnie on 12/11/2014 at 18:39:46.95
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_for_windows-7-service-pack-1_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_for_windows-7-service-pack-1_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_for_windows-7-service-pack-1_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_for_windows-7-service-pack-1_RASMANCS
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\ProgramData\tarma installer"
Successfully deleted: [Folder] "C:\ProgramData\ask"
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 12/11/2014 at 18:45:30.11
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 


#6 shelf life

shelf life

  • Malware Response Team
  • 2,646 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:08:15 AM

Posted 12 November 2014 - 05:51 PM

hi,

 

Ok good. You can run adwcleaner again using Scan first then the Clean button. Just leave everything thats already checked and after the scan is done- click the Clean button. Machine may prompt for a reboot to finish removing things.

 

Next we will use FRST:

Open notepad. Please copy/paste the contents of the code box below into notepad

 

 

DomaIQ (HKLM-x32\...\DomaIQ Uninstaller) (Version:  - Tuguu SLU) <==== ATTENTION

Task: {FB39166F-D5A8-49B3-8D4D-5BBFF3FF7F25} - System32\Tasks\0 => Iexplore.exe  <==== ATTENTION

AlternateDataStreams: C:\ProgramData\Temp:0B9176C0
AlternateDataStreams: C:\ProgramData\Temp:1A60DE96
AlternateDataStreams: C:\ProgramData\Temp:5D7E5A8F
AlternateDataStreams: C:\ProgramData\Temp:93EB7685
AlternateDataStreams: C:\ProgramData\Temp:E36F5B57
2014-11-02 12:08 - 2014-11-02 12:08 - 00375251 _____ () C:\Users\Ronnie.Vikki-PC.000\AppData\Local\cvntlukj.log
2014-11-02 12:08 - 2014-11-02 12:08 - 00002737 _____ () C:\Users\Ronnie.Vikki-PC.000\AppData\Local\aatayvgg.log
2014-11-02 12:08 - 2014-11-02 12:08 - 00001143 _____ () C:\Users\Ronnie.Vikki-PC.000\AppData\Local\gihhceny.log
2014-11-02 12:08 - 2014-11-02 12:08 - 00000217 _____ () C:\Users\Ronnie.Vikki-PC.000\AppData\Local\ghdjnekh.log
2014-11-02 12:05 - 2014-11-02 12:11 - 00000000 ____D () C:\Users\Ronnie.Vikki-PC.000\AppData\Local\qqhwuvpg
2014-11-02 12:05 - 2014-11-02 12:08 - 00000028 _____ () C:\Users\Ronnie.Vikki-PC.000\AppData\Local\swemddcy.log
2014-11-02 12:05 - 2014-11-02 12:05 - 00595440 _____ () C:\Users\Ronnie.Vikki-PC.000\AppData\Local\tniayajv.log
2014-11-02 12:05 - 2014-11-02 12:05 - 00000064 _____ () C:\ProgramData\gxmhbrja.log
2014-11-02 12:05 - 2014-11-02 12:05 - 00000054 _____ () C:\Users\Ronnie.Vikki-PC.000\AppData\Local\stqqhyok.log
2014-11-02 12:24 - 2014-11-04 19:56 - 00000000 ____D () C:\ProgramData\MuciYijl
2014-11-02 12:24 - 2014-11-04 19:56 - 00000000 ____D () C:\ProgramData\JilujEsqoz
2014-11-02 12:24 - 2014-11-02 12:24 - 00000120 _____ () C:\Windows\SysWOW64\Ä
2014-11-02 12:05 - 2014-11-02 12:05 - 00000000 _____ () C:\Users\Ronnie.Vikki-PC.000\AppData\Local\wknnvlen.log
2014-11-02 12:05 - 2014-11-02 12:05 - 00000000 _____ () C:\Users\Ronnie.Vikki-PC.000\AppData\Local\owhlrals.log
2014-10-29 15:08 - 2014-10-29 15:08 - 00000000 ____D () C:\Users\Ronnie.Vikki-PC.000\Documents\refaorosalyn
2014-10-29 14:17 - 2014-10-29 14:17 - 00291983 _____ () C:\Users\Ronnie.Vikki-PC.000\Documents\refaorosalyn.zip
 
 
 

 

 

Save it in the same directory you have FRST as fixlist.txt  (C:\Users\Ronnie.Vikki-PC.000\Downloads)

Run FRST64 and press the Fix button just once and wait.
The tool will make a log in the same directory FRST is located-- (Fixlog.txt) please post it to your reply.

 

 

 


How Can I Reduce My Risk to Malware?


#7 FranMar67

FranMar67
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:15 PM

Posted 13 November 2014 - 05:53 AM

# AdwCleaner v4.101 - Report created 13/11/2014 at 10:43:21
# Updated 09/11/2014 by Xplode
# Database : 2014-11-12.2 [Live]
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Ronnie - VIKKI-PC
# Running from : C:\Users\Ronnie.Vikki-PC.000\Downloads\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\AVG Secure Search
Folder Deleted : C:\Program Files (x86)\AVG Secure Search
Folder Deleted : C:\Program Files (x86)\Common Files\AVG Secure Search
Folder Deleted : C:\Program Files\DomaIQ Uninstaller
File Deleted : C:\Users\Public\Desktop\eBay.lnk
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKCU\Software\AVG Nation toolbar
Key Deleted : HKLM\SOFTWARE\AVG Nation toolbar
Key Deleted : HKLM\SOFTWARE\AVG Security Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DomaIQ Uninstaller
Key Deleted : [x64] HKLM\SOFTWARE\Tarma Installer
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17420
 
 
-\\ Google Chrome v38.0.2125.111
 
 
*************************
 
AdwCleaner[R0].txt - [1669 octets] - [12/11/2014 18:36:50]
AdwCleaner[R1].txt - [1647 octets] - [13/11/2014 10:40:45]
AdwCleaner[R2].txt - [1707 octets] - [13/11/2014 10:41:52]
AdwCleaner[S0].txt - [1592 octets] - [13/11/2014 10:43:21]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1652 octets] ##########
 
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 10-11-2014
Ran by Ronnie at 2014-11-13 10:50:51 Run:1
Running from C:\Users\Ronnie.Vikki-PC.000\Downloads
Loaded Profile: Ronnie (Available profiles: Vikki & Ronnie)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
DomaIQ (HKLM-x32\...\DomaIQ Uninstaller) (Version:  - Tuguu SLU) <==== ATTENTION
 
Task: {FB39166F-D5A8-49B3-8D4D-5BBFF3FF7F25} - System32\Tasks\0 => Iexplore.exe  <==== ATTENTION
 
AlternateDataStreams: C:\ProgramData\Temp:0B9176C0
AlternateDataStreams: C:\ProgramData\Temp:1A60DE96
AlternateDataStreams: C:\ProgramData\Temp:5D7E5A8F
AlternateDataStreams: C:\ProgramData\Temp:93EB7685
AlternateDataStreams: C:\ProgramData\Temp:E36F5B57
2014-11-02 12:08 - 2014-11-02 12:08 - 00375251 _____ () C:\Users\Ronnie.Vikki-PC.000\AppData\Local\cvntlukj.log
2014-11-02 12:08 - 2014-11-02 12:08 - 00002737 _____ () C:\Users\Ronnie.Vikki-PC.000\AppData\Local\aatayvgg.log
2014-11-02 12:08 - 2014-11-02 12:08 - 00001143 _____ () C:\Users\Ronnie.Vikki-PC.000\AppData\Local\gihhceny.log
2014-11-02 12:08 - 2014-11-02 12:08 - 00000217 _____ () C:\Users\Ronnie.Vikki-PC.000\AppData\Local\ghdjnekh.log
2014-11-02 12:05 - 2014-11-02 12:11 - 00000000 ____D () C:\Users\Ronnie.Vikki-PC.000\AppData\Local\qqhwuvpg
2014-11-02 12:05 - 2014-11-02 12:08 - 00000028 _____ () C:\Users\Ronnie.Vikki-PC.000\AppData\Local\swemddcy.log
2014-11-02 12:05 - 2014-11-02 12:05 - 00595440 _____ () C:\Users\Ronnie.Vikki-PC.000\AppData\Local\tniayajv.log
2014-11-02 12:05 - 2014-11-02 12:05 - 00000064 _____ () C:\ProgramData\gxmhbrja.log
2014-11-02 12:05 - 2014-11-02 12:05 - 00000054 _____ () C:\Users\Ronnie.Vikki-PC.000\AppData\Local\stqqhyok.log
2014-11-02 12:24 - 2014-11-04 19:56 - 00000000 ____D () C:\ProgramData\MuciYijl
2014-11-02 12:24 - 2014-11-04 19:56 - 00000000 ____D () C:\ProgramData\JilujEsqoz
2014-11-02 12:24 - 2014-11-02 12:24 - 00000120 _____ () C:\Windows\SysWOW64\Ä
2014-11-02 12:05 - 2014-11-02 12:05 - 00000000 _____ () C:\Users\Ronnie.Vikki-PC.000\AppData\Local\wknnvlen.log
2014-11-02 12:05 - 2014-11-02 12:05 - 00000000 _____ () C:\Users\Ronnie.Vikki-PC.000\AppData\Local\owhlrals.log
2014-10-29 15:08 - 2014-10-29 15:08 - 00000000 ____D () C:\Users\Ronnie.Vikki-PC.000\Documents\refaorosalyn
2014-10-29 14:17 - 2014-10-29 14:17 - 00291983 _____ () C:\Users\Ronnie.Vikki-PC.000\Documents\refaorosalyn.zip
*****************
 
DomaIQ (HKLM-x32\...\DomaIQ Uninstaller) (Version:  - Tuguu SLU) <==== ATTENTION => Error: No automatic fix found for this entry.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FB39166F-D5A8-49B3-8D4D-5BBFF3FF7F25}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FB39166F-D5A8-49B3-8D4D-5BBFF3FF7F25}" => Key deleted successfully.
C:\Windows\System32\Tasks\0 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\0" => Key deleted successfully.
C:\ProgramData\Temp => ":0B9176C0" ADS removed successfully.
C:\ProgramData\Temp => ":1A60DE96" ADS removed successfully.
C:\ProgramData\Temp => ":5D7E5A8F" ADS removed successfully.
C:\ProgramData\Temp => ":93EB7685" ADS removed successfully.
C:\ProgramData\Temp => ":E36F5B57" ADS removed successfully.
C:\Users\Ronnie.Vikki-PC.000\AppData\Local\cvntlukj.log => Moved successfully.
C:\Users\Ronnie.Vikki-PC.000\AppData\Local\aatayvgg.log => Moved successfully.
C:\Users\Ronnie.Vikki-PC.000\AppData\Local\gihhceny.log => Moved successfully.
C:\Users\Ronnie.Vikki-PC.000\AppData\Local\ghdjnekh.log => Moved successfully.
C:\Users\Ronnie.Vikki-PC.000\AppData\Local\qqhwuvpg => Moved successfully.
C:\Users\Ronnie.Vikki-PC.000\AppData\Local\swemddcy.log => Moved successfully.
C:\Users\Ronnie.Vikki-PC.000\AppData\Local\tniayajv.log => Moved successfully.
C:\ProgramData\gxmhbrja.log => Moved successfully.
C:\Users\Ronnie.Vikki-PC.000\AppData\Local\stqqhyok.log => Moved successfully.
C:\ProgramData\MuciYijl => Moved successfully.
C:\ProgramData\JilujEsqoz => Moved successfully.
C:\Windows\SysWOW64\Ä => Moved successfully.
C:\Users\Ronnie.Vikki-PC.000\AppData\Local\wknnvlen.log => Moved successfully.
C:\Users\Ronnie.Vikki-PC.000\AppData\Local\owhlrals.log => Moved successfully.
C:\Users\Ronnie.Vikki-PC.000\Documents\refaorosalyn => Moved successfully.
C:\Users\Ronnie.Vikki-PC.000\Documents\refaorosalyn.zip => Moved successfully.
 
==== End of Fixlog ====


#8 shelf life

shelf life

  • Malware Response Team
  • 2,646 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:08:15 AM

Posted 13 November 2014 - 07:20 PM

Looks good. Hows it all looking on your end now?


How Can I Reduce My Risk to Malware?


#9 FranMar67

FranMar67
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:15 PM

Posted 14 November 2014 - 08:12 AM

All seems spot on :)

 

Thanks very much to all for your help and your time. Very much appreciated. 



#10 shelf life

shelf life

  • Malware Response Team
  • 2,646 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:08:15 AM

Posted 14 November 2014 - 06:40 PM

Ok your welcome. One more tool to get which will remove the tools we used then delete itself also:

 

    Please download Delfix.exe by Xplode and save it to your desktop.
    https://toolslib.net/downloads/viewdownload/2-delfix/
    Please start it and check the box next to "Remove disinfection tools" and click on the run button.
    The tool will delete itself once it finishes.

 

Happy safe surfing out there.


How Can I Reduce My Risk to Malware?





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users