Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

No Antivirus working on windows 8.1, chrome keeps showing 'Tremend

Started by aayanmirza , Jul 24 2015 09:41 PM

  • This topic is locked This topic is locked

#1
aayanmirza
Posted 24 July 2015 - 09:41 PM

aayanmirza

    New Member

  • Member
  • Pip
  • 5 posts

Hi there,

 

So from a month or two my browser (chrome) kept showing me these adware ads opening up voluntarily from time to time during my surfing. I disabled them and deleted them from the chrome's 'Extension' option and uninstalled those who also appeared in my control panel program removal option. They would disappear for sometime but would comeback later and I would follow the same procedure.

 

But more recently, this adware program named 'Tremendous Coupons' appears in between my surfing and won't go for that particular time unless I close that ad window. But this time it's different. There is nothing in Extensions and there is nothing appearing in Control panel's program removal options. 

 

I searched the problem on internet and it asked me to install an anti malware software, and I complied. I first downloaded MalwareBytes, the program installed and also started appearing on my desktop, but when I click its icon it takes me to User Account Control box which asks for permission to allow this particular program to run, I click 'yes', the message window disappears and nothing happens. Then I downloaded Adware, it installed correctly, even opened up and also ran the scan and showed results. After that it asked for permission to run boot-time scan and I allowed it, the laptop restarted but no boot-time scan was run and instead my windows gave a black screen at the startup after the windows was loaded, I turned it off from the laptop's 'switch off' button and restarted, it opened correctly this time but the computer showed no adware installed on it, the adware was gone, wasn't appearing on desktop or control panel, I didn't uninstall it. Next I installed Kaspersky, it took its time to install the 170+ MB file and as it completed it showed the message that the program couldn't install correctly. I then downloaded Avast, the antivirus installed fine, I opened it up, it opened, it showed me the message in 'Red' that my computer is unprotected, I clicked on the 'start now' button, it took me to User Account Control and asked permission to allow it to run, I did and then the box disappeared while avast still showed the message in red. I then went to its scan options, and tried running quick scan, but apparently 'no endpoints are available,' I then tried running a full system scan but it won't run at all, just loads the cursor when it is at the scan button and if I move it away, the loading disappears.

 

I can't run any antivirus, the virus doesn't seem to be leaving my computer or at least appearing on it. And its irritating, and also slow to surf on internet with that 'Tremendous Coupon' and other similar stuff appearing from time to time in between my surfing or running in background all the time. Please help me, I would be really thankful. I have got windows 8.1 and I am using it on my Acer with Core I3. Please help!!


  • 0

Advertisements

#2
Pyxis
Posted 24 July 2015 - 10:01 PM

Pyxis

    Trusted Helper

  • Malware Removal
  • 1,228 posts
Greetings,

Welcome to Geeks to Go--the friendliest online community dedicated to the sole goal of helping people from all around the world! :) I am Pyxis and I will be assisting you. As such, I would like to stress the following reminders:
  • It is important that you do not install anything unless asked while the process is ongoing. Doing so may hinder or even complicate the cleaning of your system. You will get the chance to install things as you would like after the process has been completed.
  • Ensure you take extra caution to precisely follow my instructions. Please only use the tools I have asked you to. The instructions for your computer are unique and should therefore only apply to your system.
  • Since the cleaning process is quite delicate, your timely response is crucial. Topics are marked inactive and thus closed within 3 full days of no activity. If you deem I have overlooked your thread--which is in a matter of more than 48 hours--please send me a PM and I will get back to you shortly.
I hope you keep in mind these reminders. Let's get to work! :thumbsup:
 

I can't run any antivirus, the virus doesn't seem to be leaving my computer or at least appearing on it. And its irritating, and also slow to surf on internet with that 'Tremendous Coupon' and other similar stuff appearing from time to time in between my surfing or running in background all the time. Please help me, I would be really thankful. I have got windows 8.1 and I am using it on my Acer with Core I3. Please help!!


Let's see whether we can get this one to run. Do you have a spare flash drive, by the way? We might need it.
  • Step 1

    Download both versions of Farbar Recovery Scan Tool by Farbar from the links below and save them to your desktop.

    '32-bit'
    '64-bit'
    • Simply double-click the program icon to run it. It will ask for administrator privileges. If the first one you tried does not work, try the other version.
    • The program will initialize. Press Yes to accept the disclaimer.
    • Put a check on Addition.
    • Press the Scan button after.
    • It will produce FRST.txt and Addition.txt on your desktop once done.
    • Copy (CTRL + A and CTRL + C) and paste (CTRL + V) the content of the logs in your next reply.
  • Logs to Post

    In summary of the above, I will need you to post the following log(s):
    • Addition.txt (Farbar Recovery Scan Tool)
    • FRST.txt (Farbar Recovery Scan Tool)

  • 0

#3
aayanmirza
Posted 24 July 2015 - 10:34 PM

aayanmirza

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts

Hi Pyxis,

 

Thank You so much for your prompt reply. I have understood your conditions and comply to it fully. Just help me get this menace removed from my system. And yes I have a spare USB.

 

Okay I so downloaded the 64 bit file of the software you asked me to download, and it ran. Didn't need to download the other. It did exactly as you said and I am posting its report here:

 

Addition:

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:20-07-2015

Ran by Aacer at 2015-07-25 09:28:38
Running from C:\Users\Aacer\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Aacer (S-1-5-21-3430386607-3475805158-3186237351-1001 - Administrator - Enabled) => C:\Users\Aacer
Administrator (S-1-5-21-3430386607-3475805158-3186237351-500 - Administrator - Disabled)
Guest (S-1-5-21-3430386607-3475805158-3186237351-501 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-3430386607-3475805158-3186237351-1001\...\uTorrent) (Version: 3.4.3.40298 - BitTorrent Inc.)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.3.2223 - AVAST Software)
Broadband (HKLM-x32\...\Broadband) (Version: 21.005.22.00.172 - Huawei Technologies Co.,Ltd)
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.132 - Google Inc.)
Google Talk Plugin (HKLM-x32\...\{CA3DD97D-1FD7-37A7-BD5C-FC4430C8B8E6}) (Version: 5.41.2.0 - Google)
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
Kingo ROOT version 1.3.6.2289 (HKLM-x32\...\{AE7675D6-0B31-494F-ABFA-822E1A0FDF17}_is1) (Version: 1.3.6.2289 - Kingosoft Technology Ltd.)
MCShield ::Anti-Malware Tool:: (HKLM-x32\...\MCShield) (Version: 3.0.5.28 - MyCity)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Motorola Device Manager (HKLM-x32\...\{28DB8373-C1BB-444F-A427-A55585A12ED7}) (Version: 2.4.5 - Motorola Mobility)
Motorola Device Software Update (x32 Version: 13.09.3001 - Motorola Mobility) Hidden
Motorola Mobile Drivers Installation 6.3.0 (HKLM\...\{759E6A2F-1F01-45EF-A0C4-22F1B56CB975}) (Version: 6.3.0 - Motorola Mobility LLC)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.3.15024.5 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.6.3.15024.5 - Samsung Electronics Co., Ltd.) Hidden
Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.15041.2 - Samsung Electronics Co., Ltd.)
Samsung Kies3 (x32 Version: 3.2.15041.2 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.51.0 - SAMSUNG Electronics Co., Ltd.)
Skype™ 7.3 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.3.101 - Skype Technologies S.A.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.10.19 - Synaptics Incorporated)
TampaMonitor (HKLM-x32\...\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{229c2d9f}) (Version:  - Software Publisher) <==== ATTENTION
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WinRAR 5.11 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-3430386607-3475805158-3186237351-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Aacer\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3430386607-3475805158-3186237351-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Aacer\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3430386607-3475805158-3186237351-1001_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Aacer\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3430386607-3475805158-3186237351-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Aacer\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3430386607-3475805158-3186237351-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Aacer\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3430386607-3475805158-3186237351-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Aacer\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3430386607-3475805158-3186237351-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Aacer\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll (Google Inc.)
 
==================== Restore Points =========================
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 18:25 - 2013-08-22 18:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0BDD1B50-819E-40A6-BF8F-7FDE45B95962} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3430386607-3475805158-3186237351-1001Core => C:\Users\Aacer\AppData\Local\Google\Update\GoogleUpdate.exe [2014-08-16] (Google Inc.)
Task: {1B2E81A0-A1D8-48A4-8560-16A92DC0EAD1} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-07-25] (AVAST Software)
Task: {1C3B410F-B198-4AC6-ACB0-660595CC903C} - System32\Tasks\{328BE588-43D1-441C-9EBB-62B46E6CB52E} => pcalua.exe -a "D:\Roshan\Android Root\Kingo ROOT\unins000.exe"
Task: {1EA9DC15-5F78-48E3-A1C5-BFE154230A1A} - System32\Tasks\WarriorOne => c:\programdata\{94b3e9b0-f533-4253-94b3-3e9b0f53a6c3}\6254054569876868221b.exe [2014-07-11] () <==== ATTENTION
Task: {32A4C93E-7252-48C7-B517-D1CEF680D68C} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3430386607-3475805158-3186237351-1001UA => C:\Users\Aacer\AppData\Local\Google\Update\GoogleUpdate.exe [2014-08-16] (Google Inc.)
Task: {4D1AECB1-F0EA-4DE2-BC85-E588BBFB40B4} - System32\Tasks\{3621783D-6972-4E47-9D6E-A2BE5259FBF5} => pcalua.exe -a "D:\Roshan\New folder (6)\New folder\SAMSUNG_USB_Driver_for_Mobile_Phones.exe" -d "D:\Roshan\New folder (6)\New folder"
Task: {5675C73D-B4E4-4A35-8A17-F40582027073} - System32\Tasks\{D8777E68-AAF4-4841-BF3C-935A05430D4B} => pcalua.exe -a "C:\Program Files (x86)\Picexa\uninstall.exe"
Task: {5BCF5DA3-2F96-4D5F-A945-BBAD33B42109} - System32\Tasks\SleekScreen => c:\programdata\{3fa30c40-d8cb-18b4-3fa3-30c40d8c3103}\bad blood (ft.exe [2014-06-30] () <==== ATTENTION
Task: {5DC89FF5-CC17-459E-A61E-CD88DC400517} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3430386607-3475805158-3186237351-1001Core => C:\Users\Aacer\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-08-13] (Facebook Inc.)
Task: {6766D930-B8F4-4141-9955-1433F3C5B4AC} - System32\Tasks\Motorola Device Manager Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2013-10-31] ()
Task: {7F3EB4A7-2F50-4E05-A34B-41A6432D6639} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3430386607-3475805158-3186237351-1001UA => C:\Users\Aacer\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-08-13] (Facebook Inc.)
Task: {82CC91FB-29AC-4CCF-AA0E-F8B6BF657EF2} - System32\Tasks\Motorola Device Manager Engine => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2013-10-31] ()
Task: {89B19FFB-041D-4978-A59B-1BF74C0B7FDF} - System32\Tasks\Motorola Device Manager Initial Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2013-10-31] ()
Task: {8A959F26-E257-4C3A-90D4-B7951E89142C} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-14] (Adobe Systems Incorporated)
Task: {8DAC418D-9B1A-463D-BCAC-F32D5CF9AE07} - System32\Tasks\PhotoSharpener => c:\programdata\{d3bb0745-0af1-9ca2-d3bb-b07450af1d14}\sarakti jaye hai rukh se naqab.exe [2014-07-06] () <==== ATTENTION
Task: {A576BE7F-B5DB-4F5E-ABF1-0FDA31ECF8BB} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [2014-08-12] (Synaptics Incorporated)
Task: {B6316612-9947-4B73-8912-254DE3A9F95C} - System32\Tasks\SnoozeNoMore => c:\programdata\{be8b68f5-ed6b-e1fd-be8b-b68f5ed6a3d7}\7002301141314949535b.exe [2014-07-13] () <==== ATTENTION
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3430386607-3475805158-3186237351-1001Core.job => C:\Users\Aacer\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3430386607-3475805158-3186237351-1001UA.job => C:\Users\Aacer\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3430386607-3475805158-3186237351-1001Core.job => C:\Users\Aacer\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3430386607-3475805158-3186237351-1001UA.job => C:\Users\Aacer\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\PhotoSharpener.job => 0x03060100003FD50A000AE14292F621FE34A2F6AC46004E01000000003C000A0020000000FEFFFFFF000000000013040000208021DF070700050018001700000000002A000000590063003A005C00700072006F006700720061006D0064006100740061005C007B00640033006200620030003700340035002D0030006100660031002D0039006300610032002D0064003300620062002D006200300037003400350030006100660031006400310034007D005C0073006100720061006B007400690020006A0061007900650020006800610069002000720075006B00680020007300650020006E0061007100610062002E00650078006500000015002D002D0073007400610072007400750070003D00310020002D002D00730069006E0067006C006500000000000B0061006300650072005C004100610063006500720000000000000008000000000000000000010030000000DF070600190000000000000017000000A0050000680100000000000001000000010000000000000000000000
Task: C:\Windows\Tasks\SleekScreen.job => c:\programdata\{3fa30c40-d8cb-18b4-3fa3-30c40d8c3103}\bad blood (ft.exe <==== ATTENTION
Task: C:\Windows\Tasks\SnoozeNoMore.job => c:\programdata\{be8b68f5-ed6b-e1fd-be8b-b68f5ed6a3d7}\7002301141314949535b.exe <==== ATTENTION
Task: C:\Windows\Tasks\WarriorOne.job => c:\programdata\{94b3e9b0-f533-4253-94b3-3e9b0f53a6c3}\6254054569876868221b.exe <==== ATTENTION
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-07-10 06:44 - 2015-07-10 06:43 - 08016176 _____ () C:\Program Files (x86)\Blushing Collection\Blushing Collection.exe
2015-02-22 14:11 - 2015-02-22 14:09 - 00655712 _____ () C:\ProgramData\Broadband\OnlineUpdate\ouc.exe
2011-03-14 20:27 - 2011-03-14 20:27 - 00346976 _____ () C:\ProgramData\DatacardService\HWDeviceService64.exe
2015-07-24 17:33 - 2015-07-24 17:33 - 08016023 _____ () C:\Program Files (x86)\Thoughtless Lack\Thoughtless Lack.exe
2015-07-10 18:19 - 2015-07-10 18:19 - 00567296 _____ () C:\Program Files (x86)\SFK\SFKEX64.dll
2015-07-10 18:19 - 2015-07-10 18:19 - 00122880 _____ () C:\Program Files (x86)\SFK\SFKEX64.exe
2014-08-12 04:34 - 2012-11-27 00:54 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2015-07-24 00:20 - 2015-07-24 00:20 - 01596928 _____ () c:\Program Files (x86)\TampaMonitor\TampaMonitor.dll
2015-02-22 14:11 - 2015-02-22 14:09 - 00011362 _____ () C:\ProgramData\Broadband\OnlineUpdate\mingwm10.dll
2015-02-22 14:11 - 2015-02-22 14:09 - 00043008 _____ () C:\ProgramData\Broadband\OnlineUpdate\libgcc_s_dw2-1.dll
2015-02-22 14:11 - 2015-02-22 14:09 - 02415104 _____ () C:\ProgramData\Broadband\OnlineUpdate\QtCore4.dll
2015-02-22 14:11 - 2015-02-22 14:09 - 01148416 _____ () C:\ProgramData\Broadband\OnlineUpdate\QtNetwork4.dll
2015-02-22 14:11 - 2015-02-22 14:09 - 00835072 _____ () C:\ProgramData\Broadband\OnlineUpdate\QueryStrategy.dll
2015-02-22 14:11 - 2015-02-22 14:09 - 00398336 _____ () C:\ProgramData\Broadband\OnlineUpdate\QtXml4.dll
2013-10-31 20:05 - 2013-10-31 20:05 - 00172032 _____ () C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\css_core.dll
2015-07-25 07:40 - 2015-07-25 07:40 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2015-07-25 07:40 - 2015-07-25 07:40 - 00102864 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-07-25 07:40 - 2015-07-25 07:40 - 00123976 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-07-08 02:37 - 2015-07-07 08:49 - 01281864 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.132\libglesv2.dll
2015-07-08 02:37 - 2015-07-07 08:49 - 00080712 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.132\libegl.dll
2006-10-27 01:56 - 2006-10-27 01:56 - 00757008 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Users\Aacer\OneDrive:ms-properties
AlternateDataStreams: C:\Users\Aacer\OneDrive.old:ms-properties
AlternateDataStreams: C:\Users\Aacer\SkyDrive:ms-properties
 
==================== Safe Mode (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3430386607-3475805158-3186237351-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
HKLM\...\StartupApproved\Run32: => "KiesTrayAgent"
HKU\S-1-5-21-3430386607-3475805158-3186237351-1001\...\StartupApproved\StartupFolder: => "OneNote 2007 Screen Clipper and Launcher.lnk"
HKU\S-1-5-21-3430386607-3475805158-3186237351-1001\...\StartupApproved\StartupFolder: => "k.lnk"
HKU\S-1-5-21-3430386607-3475805158-3186237351-1001\...\StartupApproved\Run: => "Facebook Update"
HKU\S-1-5-21-3430386607-3475805158-3186237351-1001\...\StartupApproved\Run: => "Google Update"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppextcomobj.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppextcomobj.exe
FirewallRules: [{B13D3A41-BBEA-4BBB-9663-7215E84B06BF}] => (Allow) C:\Users\Aacer\AppData\Local\Facebook\Video\Skype\FacebookVideoCalling.exe
FirewallRules: [{A08AE397-B714-4A40-AA2C-11F22CF54BA3}] => (Allow) C:\Software\Skype\Phone\Skype.exe
FirewallRules: [{A37DAD55-9046-4A20-841C-0AA4E3003AF1}] => (Allow) C:\Users\Aacer\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{B6428D9C-663D-4E92-B914-290AFF80AA88}] => (Allow) C:\Users\Aacer\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [TCP Query User{9403C7F1-A4E1-4C12-AEDE-7D644629E03C}C:\users\aacer\appdata\roaming\utorrent\updates\3.4.2_39710.exe] => (Block) C:\users\aacer\appdata\roaming\utorrent\updates\3.4.2_39710.exe
FirewallRules: [UDP Query User{3522E072-2F26-4C8C-B584-F23AD2052E92}C:\users\aacer\appdata\roaming\utorrent\updates\3.4.2_39710.exe] => (Block) C:\users\aacer\appdata\roaming\utorrent\updates\3.4.2_39710.exe
FirewallRules: [TCP Query User{F76322E2-882B-48B3-AAE8-7BB95994E437}C:\program files (x86)\paltalk messenger\paltalk.exe] => (Allow) C:\program files (x86)\paltalk messenger\paltalk.exe
FirewallRules: [UDP Query User{04751363-174E-4B51-A311-CD3C72E5B8D9}C:\program files (x86)\paltalk messenger\paltalk.exe] => (Allow) C:\program files (x86)\paltalk messenger\paltalk.exe
FirewallRules: [{2B21E0E2-22CB-492D-B742-0C4BBF9D4BD0}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{2F3BD811-84C3-4F18-9443-186544FDD8FC}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{8EA5719A-4227-48FF-820A-393786494C43}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (07/25/2015 06:12:26 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable
 
Error: (07/25/2015 06:12:26 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable
 
Error: (07/25/2015 06:12:20 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable
 
Error: (07/25/2015 06:12:03 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=UserLogon;SessionId=2
 
Error: (07/24/2015 11:35:25 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005
 
Error: (07/24/2015 10:30:40 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable
 
Error: (07/24/2015 10:30:38 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable
 
Error: (07/24/2015 10:29:24 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable
 
Error: (07/24/2015 10:28:31 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable
 
Error: (07/24/2015 10:27:31 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable
 
 
System errors:
=============
Error: (07/25/2015 07:41:10 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Avast Antivirus service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service.
 
Error: (07/25/2015 07:37:13 AM) (Source: DCOM) (EventID: 10010) (User: acer)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}
 
Error: (07/25/2015 07:36:43 AM) (Source: DCOM) (EventID: 10010) (User: acer)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
 
Error: (07/25/2015 07:26:32 AM) (Source: DCOM) (EventID: 10010) (User: acer)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
 
Error: (07/25/2015 07:26:02 AM) (Source: DCOM) (EventID: 10010) (User: acer)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}
 
Error: (07/25/2015 07:03:19 AM) (Source: DCOM) (EventID: 10010) (User: acer)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}
 
Error: (07/25/2015 07:02:49 AM) (Source: DCOM) (EventID: 10010) (User: acer)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
 
Error: (07/25/2015 06:53:03 AM) (Source: DCOM) (EventID: 10010) (User: acer)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
 
Error: (07/25/2015 06:52:33 AM) (Source: DCOM) (EventID: 10010) (User: acer)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}
 
Error: (07/25/2015 06:45:43 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Windows Defender Service service terminated unexpectedly.  It has done this 7 time(s).
 
 
Microsoft Office:
=========================
 
CodeIntegrity Errors:
===================================
  Date: 2015-06-20 19:59:48.427
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-04-27 04:36:07.745
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-04-23 18:08:41.756
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-04-21 22:02:35.000
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-04-12 21:24:38.338
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-04-11 15:32:19.366
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-04-09 18:27:09.483
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-03-30 20:41:18.935
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-03-19 13:42:17.670
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-03-07 10:34:07.112
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i3 CPU M 370 @ 2.40GHz
Percentage of memory in use: 37%
Total physical RAM: 5814.81 MB
Available physical RAM: 3612.6 MB
Total Virtual: 12982.81 MB
Available Virtual: 10366.35 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:243.8 GB) (Free:212.13 GB) NTFS
Drive d: () (Fixed) (Total:687.37 GB) (Free:423.31 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 7472F312)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=243.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=687.4 GB) - (Type=07 NTFS)
 
==================== End of log ============================
 
 
FRST:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:20-07-2015
Ran by Aacer (administrator) on ACER on 25-07-2015 09:27:14
Running from C:\Users\Aacer\Desktop
Loaded Profiles: Aacer (Available Profiles: Aacer)
Platform: Windows 8.1 Pro (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(DTools LIMITED) C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
() C:\Program Files (x86)\Blushing Collection\Blushing Collection.exe
() C:\ProgramData\Broadband\OnlineUpdate\ouc.exe
() C:\ProgramData\DatacardService\HWDeviceService64.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
(Motorola) C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
(TODO: <公司名>) C:\Program Files (x86)\SFK\SSFK.exe
(DEVGURU Co., LTD.) C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe
() C:\Program Files (x86)\Thoughtless Lack\Thoughtless Lack.exe
(Microsoft Corporation) C:\Users\Aacer\AppData\Roaming\Microsoft\SystemCertificates\VSSVC.exe
(Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Program Files (x86)\SFK\SFKEX64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Reader_6.3.9654.17499_x64__8wekyb3d8bbwe\glcnd.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311616 2015-02-24] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [6109776 2015-07-25] (AVAST Software)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [TaskbarNoNotification] 1
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-3430386607-3475805158-3186237351-1001\...\Run: [Facebook Update] => C:\Users\Aacer\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2014-08-13] (Facebook Inc.)
HKU\S-1-5-21-3430386607-3475805158-3186237351-1001\...\Run: [Google Update] => C:\Users\Aacer\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2014-08-16] (Google Inc.)
HKU\S-1-5-21-3430386607-3475805158-3186237351-1001\...\Run: [MCShield Monitor] => C:\Program Files (x86)\MCShield\mcshieldrtm.exe [650816 2014-04-11] (MyCity)
Startup: C:\Users\Aacer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\k.lnk [2015-05-29]
ShortcutTarget: k.lnk -> C:\Users\Aacer\AppData\Roaming\obvkhvsexs.exe (handhisprotect dividemateriallaugh)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-07-25] (AVAST Software)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.oursurfin...q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.oursurfin...q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.oursurfin...q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.oursurfin...q={searchTerms}
HKU\S-1-5-21-3430386607-3475805158-3186237351-1001\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.delta-...q={searchTerms}
HKU\S-1-5-21-3430386607-3475805158-3186237351-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3430386607-3475805158-3186237351-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://arabia.msn.com/
SearchScopes: HKU\S-1-5-21-3430386607-3475805158-3186237351-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://do-search.com...q={searchTerms}
SearchScopes: HKU\S-1-5-21-3430386607-3475805158-3186237351-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://do-search.com...q={searchTerms}
SearchScopes: HKU\S-1-5-21-3430386607-3475805158-3186237351-1001 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = http://do-search.com...q={searchTerms}
SearchScopes: HKU\S-1-5-21-3430386607-3475805158-3186237351-1001 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = http://do-search.com...q={searchTerms}
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-07-25] (AVAST Software)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-07-25] (AVAST Software)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{F1DCDEBF-D22F-428E-B8CE-62A5AA190457}: [DhcpNameServer] 192.168.1.1
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_209.dll [2015-07-14] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-07-14] ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-02-13] (Google, Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin HKU\S-1-5-21-3430386607-3475805158-3186237351-1001: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Aacer\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-25] (Skype Limited)
FF Plugin HKU\S-1-5-21-3430386607-3475805158-3186237351-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\Aacer\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-3430386607-3475805158-3186237351-1001: @talk.google.com/O1DPlugin -> C:\Users\Aacer\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-3430386607-3475805158-3186237351-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Aacer\AppData\Local\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-17] (Google Inc.)
FF Plugin HKU\S-1-5-21-3430386607-3475805158-3186237351-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Aacer\AppData\Local\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-17] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Aacer\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Aacer\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-07-25]
 
Chrome: 
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\Aacer\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (eye perform) - C:\Users\Aacer\AppData\Local\Google\Chrome\User Data\Default\Extensions\nodekcgolphhlampolknphjfkjpkghhd [2015-07-12]
CHR Profile: C:\Users\Aacer\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Profile: C:\Users\Aacer\AppData\Local\Google\Chrome\User Data\Profile 3
CHR Extension: (Google Slides) - C:\Users\Aacer\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-07-24]
CHR Extension: (Google Docs) - C:\Users\Aacer\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\aohghmighlieiainnegkcijnfilokake [2015-07-24]
CHR Extension: (Google Drive) - C:\Users\Aacer\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-07-24]
CHR Extension: (YouTube) - C:\Users\Aacer\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-07-24]
CHR Extension: (Google Search) - C:\Users\Aacer\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-07-24]
CHR Extension: (Google Sheets) - C:\Users\Aacer\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-07-24]
CHR Extension: (Avast Online Security) - C:\Users\Aacer\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-07-25]
CHR Extension: (Gmail) - C:\Users\Aacer\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-07-24]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-07-25]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 229c2d9f; c:\Program Files (x86)\TampaMonitor\TampaMonitor.dll [1596928 2015-07-24] () [File not signed]
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4047768 2015-07-25] (Avast Software)
R2 Blushing Collection; C:\Program Files (x86)\Blushing Collection\Blushing Collection.exe [8016176 2015-07-10] () [File not signed] <==== ATTENTION
S2 Broadband. RunOuc; C:\Program Files (x86)\Broadband\UpdateDog\ouc.exe [655712 2015-02-22] ()
R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] ()
R2 Motorola Device Manager; C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [137528 2013-11-15] (Motorola Mobility LLC)
R2 PST Service; C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [65657 2011-09-02] (Motorola) [File not signed]
S2 SkypeUpdate; C:\Software\Skype\Updater\Updater.exe [315488 2015-02-18] (Skype Technologies)
R2 SSFK; C:\Program Files (x86)\SFK\SSFK.exe [459464 2015-07-21] (TODO: <公司名>)
R2 ss_conn_service; C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2014-12-03] (DEVGURU Co., LTD.)
R2 Thoughtless Lack; C:\Program Files (x86)\Thoughtless Lack\Thoughtless Lack.exe [8016023 2015-07-24] () [File not signed] <==== ATTENTION
R2 VSSS; C:\Users\Aacer\AppData\Roaming\Microsoft\SystemCertificates\VSSVC.exe [106678144 2015-06-24] (Microsoft Corporation) [File not signed] <==== ATTENTION
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation)
S2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation)
R2 WindowsMangerProtect; C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe [707240 2015-07-12] (DTools LIMITED) <==== ATTENTION
S4 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S4 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-07-25] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [90968 2015-07-25] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-07-25] (AVAST Software)
S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-07-25] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1048856 2015-07-25] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [447944 2015-07-25] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [150160 2015-07-25] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [274808 2015-07-25] (AVAST Software)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [146856 2013-06-04] (Windows ® Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [21928 2013-06-04] (Windows ® Win 7 DDK provider)
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2014-12-16] ()
U5 ew_hwusbdev; C:\Windows\System32\Drivers\ew_hwusbdev.sys [117248 2015-02-22] (Huawei Technologies Co., Ltd.)
R0 ngvss; C:\Windows\System32\Drivers\ngvss.sys [115152 2015-07-25] (AVAST Software)
S3 RTL8187B; C:\Windows\system32\DRIVERS\rtl8187B.sys [459336 2013-06-18] (Realtek Semiconductor Corporation                           )
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [43832 2014-08-12] (Synaptics Incorporated)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [273824 2015-07-25] (Avast Software)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation)
R1 {027aeb7e-f8c3-4c10-be2c-627699fea100}Gw64; C:\Windows\System32\drivers\{027aeb7e-f8c3-4c10-be2c-627699fea100}Gw64.sys [48784 2015-07-11] (StdLib)
R4 cm_km_w; system32\DRIVERS\cm_km_w.sys [X]
R4 kl1; system32\DRIVERS\kl1.sys [X]
R4 kldisk; \SystemRoot\system32\DRIVERS\kldisk.sys [X]
R4 klflt; \SystemRoot\system32\DRIVERS\klflt.sys [X]
R4 klhk; \SystemRoot\system32\DRIVERS\klhk.sys [X]
R4 KLIF; system32\DRIVERS\klif.sys [X]
R4 klkbdflt2; \SystemRoot\system32\DRIVERS\klkbdflt2.sys [X]
R4 klpd; \SystemRoot\system32\DRIVERS\klpd.sys [X]
R4 klwfp; \SystemRoot\system32\DRIVERS\klwfp.sys [X]
R4 kneps; \SystemRoot\system32\DRIVERS\kneps.sys [X]
R4 KProcessHacker2; \??\C:\Program Files\kprocesshacker.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-07-25 09:27 - 2015-07-25 09:27 - 00017604 _____ C:\Users\Aacer\Desktop\FRST.txt
2015-07-25 09:26 - 2015-07-25 09:27 - 00000000 ____D C:\FRST
2015-07-25 09:25 - 2015-07-25 09:25 - 02135552 _____ (Farbar) C:\Users\Aacer\Desktop\FRST64.exe
2015-07-25 07:58 - 2015-07-25 07:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MCShield
2015-07-25 07:58 - 2015-07-25 07:58 - 00000000 ____D C:\ProgramData\MCShield
2015-07-25 07:58 - 2015-07-25 07:58 - 00000000 ____D C:\Program Files (x86)\MCShield
2015-07-25 07:57 - 2015-07-25 07:58 - 02856736 _____ (MyCity) C:\Users\Aacer\Downloads\MCShield-Setup.exe
2015-07-25 07:44 - 2015-07-25 07:44 - 00000000 ____D C:\Users\Aacer\AppData\Roaming\AVAST Software
2015-07-25 07:41 - 2015-07-25 07:41 - 00001938 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2015-07-25 07:41 - 2015-07-25 07:41 - 00000000 ____D C:\Windows\SysWOW64\vbox
2015-07-25 07:41 - 2015-07-25 07:41 - 00000000 ____D C:\Windows\system32\vbox
2015-07-25 07:41 - 2015-07-25 07:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-07-25 07:40 - 2015-07-25 07:40 - 01048856 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2015-07-25 07:40 - 2015-07-25 07:40 - 00447944 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2015-07-25 07:40 - 2015-07-25 07:40 - 00378880 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2015-07-25 07:40 - 2015-07-25 07:40 - 00274808 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2015-07-25 07:40 - 2015-07-25 07:40 - 00150160 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2015-07-25 07:40 - 2015-07-25 07:40 - 00115152 _____ (AVAST Software) C:\Windows\system32\Drivers\ngvss.sys
2015-07-25 07:40 - 2015-07-25 07:40 - 00093528 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2015-07-25 07:40 - 2015-07-25 07:40 - 00090968 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2015-07-25 07:40 - 2015-07-25 07:40 - 00065224 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2015-07-25 07:40 - 2015-07-25 07:40 - 00043112 _____ (AVAST Software) C:\Windows\avastSS.scr
2015-07-25 07:40 - 2015-07-25 07:40 - 00028656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2015-07-25 07:40 - 2015-07-25 07:40 - 00003924 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2015-07-25 07:21 - 2015-07-25 07:21 - 00000000 ____D C:\Program Files\AVAST Software
2015-07-25 07:18 - 2015-07-25 07:18 - 00000000 ____D C:\ProgramData\AVAST Software
2015-07-25 07:17 - 2015-07-25 07:18 - 05481336 _____ (Avast Software s.r.o.) C:\Users\Aacer\Downloads\avast_free_antivirus_setup_online_cnet.exe
2015-07-25 06:47 - 2015-07-25 06:47 - 02140480 _____ (Kaspersky Lab) C:\Users\Aacer\Downloads\kav15.0.1.415aben_ar_7639.exe
2015-07-25 06:47 - 2015-07-25 06:47 - 00000000 ____D C:\ProgramData\Kaspersky Lab Setup Files
2015-07-24 17:33 - 2015-07-24 17:33 - 00000000 ____D C:\Program Files (x86)\Thoughtless Lack
2015-07-24 07:08 - 2015-07-24 07:11 - 00002364 _____ C:\Users\Aacer\Desktop\Google Chrome.lnk
2015-07-24 06:33 - 2015-07-24 06:33 - 543659474 _____ C:\Windows\MEMORY.DMP
2015-07-24 06:33 - 2015-07-24 06:33 - 00262144 _____ C:\Windows\Minidump\072415-17828-01.dmp
2015-07-24 06:33 - 2015-07-24 06:33 - 00000000 ____D C:\Windows\Minidump
2015-07-24 06:30 - 2015-07-24 06:31 - 00000000 ____D C:\AdwCleaner
2015-07-24 05:49 - 2015-07-24 05:49 - 01415680 _____ (wj32) C:\Program Files\TNZ9J3DD.exe
2015-07-24 00:41 - 2015-07-24 00:41 - 00000000 ____D C:\Program Files (x86)\SSaVeNEWaAAppz
2015-07-24 00:41 - 2015-07-24 00:41 - 00000000 ____D C:\Program Files (x86)\SaveNewaAPPpz
2015-07-24 00:41 - 2015-07-24 00:41 - 00000000 ____D C:\Program Files (x86)\SaevENewaAppz
2015-07-24 00:20 - 2015-07-24 00:20 - 00000000 ____D C:\Program Files (x86)\TampaMonitor
2015-07-22 22:09 - 2015-07-22 22:09 - 00000464 __RSH C:\ProgramData\ntuser.pol
2015-07-21 16:32 - 2015-07-24 20:32 - 00000000 ____D C:\Program Files (x86)\SFK
2015-07-21 15:54 - 2015-07-21 17:36 - 00000000 ____D C:\Users\Aacer\Desktop\kcn
2015-07-21 15:41 - 2015-07-21 15:41 - 01415680 _____ (wj32) C:\Program Files\II2Y8IEI.exe
2015-07-21 15:09 - 2015-07-21 15:09 - 01415680 _____ (wj32) C:\Program Files\0KGGK006.exe
2015-07-18 09:37 - 2015-07-18 09:37 - 01415680 _____ (wj32) C:\Program Files\SCWG2MW2.exe
2015-07-17 17:20 - 2015-07-17 17:20 - 01415680 _____ (wj32) C:\Program Files\YYYYYI84.exe
2015-07-17 05:05 - 2015-07-17 05:05 - 01415680 _____ (wj32) C:\Program Files\W6KWWG0K.exe
2015-07-17 04:09 - 2015-07-17 04:09 - 01415680 _____ (wj32) C:\Program Files\AG66W6MA.exe
2015-07-15 17:58 - 2015-07-15 17:58 - 01415680 _____ (wj32) C:\Program Files\AKGG6UKG.exe
2015-07-15 03:27 - 2015-07-15 03:27 - 01415680 _____ (wj32) C:\Program Files\3N7HH77D.exe
2015-07-14 14:33 - 2015-07-14 14:33 - 01415680 _____ (wj32) C:\Program Files\DXJ3N7TX.exe
2015-07-13 06:43 - 2015-07-25 06:43 - 00000364 _____ C:\Windows\Tasks\SnoozeNoMore.job
2015-07-13 06:43 - 2015-07-13 06:43 - 00003250 _____ C:\Windows\System32\Tasks\SnoozeNoMore
2015-07-13 06:43 - 2015-07-13 06:43 - 00000000 ____D C:\ProgramData\{be8b68f5-ed6b-e1fd-be8b-b68f5ed6a3d7}
2015-07-13 03:29 - 2015-07-13 03:29 - 01415680 _____ (wj32) C:\Program Files\AE4AKAUO.exe
2015-07-12 08:33 - 2015-07-11 19:05 - 00048784 _____ (StdLib) C:\Windows\system32\Drivers\{027aeb7e-f8c3-4c10-be2c-627699fea100}Gw64.sys
2015-07-12 08:27 - 2015-07-12 08:27 - 00000000 ____D C:\ProgramData\WindowsMangerProtect
2015-07-11 18:08 - 2015-07-11 18:08 - 01415680 _____ (wj32) C:\Program Files\SCMWISS8.exe
2015-07-11 14:18 - 2015-07-11 14:18 - 01415680 _____ (wj32) C:\Program Files\EYI4O8IO.exe
2015-07-11 14:18 - 2015-07-11 14:18 - 01415680 _____ (wj32) C:\Program Files\EYI2O8SY.exe
2015-07-11 03:53 - 2015-07-24 00:20 - 00000000 ____D C:\ProgramData\2a7eb6c200004524
2015-07-11 03:52 - 2015-07-11 03:52 - 00000000 _____ C:\Users\Aacer\AppData\Local\Temp.dat
2015-07-11 00:45 - 2015-07-25 00:12 - 00000024 _____ C:\Users\Aacer\AppData\Roaming\appdataFr25.bin
2015-07-11 00:44 - 2015-07-24 00:42 - 00000000 ____D C:\ProgramData\3477940395795006226
2015-07-11 00:43 - 2015-07-25 06:43 - 00000364 _____ C:\Windows\Tasks\WarriorOne.job
2015-07-11 00:43 - 2015-07-11 00:43 - 00003250 _____ C:\Windows\System32\Tasks\WarriorOne
2015-07-11 00:43 - 2015-07-11 00:43 - 00000000 ____D C:\ProgramData\{94b3e9b0-f533-4253-94b3-3e9b0f53a6c3}
2015-07-10 15:11 - 2015-07-10 15:11 - 01415680 _____ (wj32) C:\Program Files\ZL5P9VFL.exe
2015-07-10 15:11 - 2015-07-10 15:11 - 01415680 _____ (wj32) C:\Program Files\ZD39N9NT.exe
2015-07-10 15:11 - 2015-07-10 15:11 - 01415680 _____ (wj32) C:\Program Files\RL77H1HH.exe
2015-07-10 15:11 - 2015-07-10 15:11 - 01415680 _____ (wj32) C:\Program Files\BLL7RVL7.exe
2015-07-10 15:11 - 2015-07-10 15:11 - 01415680 _____ (wj32) C:\Program Files\5P95Z5PV.exe
2015-07-10 06:44 - 2015-07-10 06:44 - 00000000 ____D C:\Program Files (x86)\Blushing Collection
2015-07-10 06:43 - 2015-07-10 06:43 - 08016176 _____ C:\Windows\SysWOW64\1.exe
2015-07-09 20:39 - 2015-07-09 20:39 - 01415680 _____ (wj32) C:\Program Files\JJ5T5TTP.exe
2015-07-09 13:50 - 2015-07-09 13:50 - 01415680 _____ (wj32) C:\Program Files\NHDXH7NX.exe
2015-07-08 17:44 - 2015-07-08 17:44 - 01415680 _____ (wj32) C:\Program Files\71R71LBH.exe
2015-07-08 03:48 - 2015-07-08 03:48 - 01415680 _____ (wj32) C:\Program Files\V11V717L.exe
2015-07-07 18:06 - 2015-07-07 18:06 - 01415680 _____ (wj32) C:\Program Files\ISC8SMSM.exe
2015-07-07 17:42 - 2015-07-07 17:42 - 01415680 _____ (wj32) C:\Program Files\8YIUO8YO.exe
2015-07-07 17:07 - 2015-07-07 17:07 - 01415680 _____ (wj32) C:\Program Files\0AUKAKG4.exe
2015-07-06 14:31 - 2015-07-06 14:31 - 01415680 _____ (wj32) C:\Program Files\MSIW2WI6.exe
2015-07-04 08:14 - 2015-07-04 08:14 - 01415680 _____ (wj32) C:\Program Files\VVL5V1B5.exe
2015-07-03 01:17 - 2015-07-03 01:17 - 01415680 _____ (wj32) C:\Program Files\OAUEYK4Y.exe
2015-07-01 15:03 - 2015-07-01 15:03 - 01415680 _____ (wj32) C:\Program Files\CWG2M66C.exe
2015-07-01 06:18 - 2015-07-01 06:18 - 01415680 _____ (wj32) C:\Program Files\AYYAAEOK.exe
2015-07-01 06:18 - 2015-07-01 06:18 - 01415680 _____ (wj32) C:\Program Files\4U4EOA4U.exe
2015-07-01 05:49 - 2015-07-01 05:49 - 01415680 _____ (wj32) C:\Program Files\8EISY2OE.exe
2015-07-01 04:07 - 2015-07-01 04:07 - 01415680 _____ (wj32) C:\Program Files\2C2II8MY.exe
2015-06-30 03:14 - 2015-06-30 03:14 - 01415680 _____ (wj32) C:\Program Files\YOEI4Y48.exe
2015-06-30 03:14 - 2015-06-30 03:14 - 01415680 _____ (wj32) C:\Program Files\AK0EEK04.exe
2015-06-30 00:43 - 2015-07-25 06:43 - 00000350 _____ C:\Windows\Tasks\SleekScreen.job
2015-06-30 00:43 - 2015-07-01 00:43 - 00000000 ____D C:\ProgramData\{3fa30c40-d8cb-18b4-3fa3-30c40d8c3103}
2015-06-30 00:43 - 2015-06-30 00:43 - 00003236 _____ C:\Windows\System32\Tasks\SleekScreen
2015-06-29 17:08 - 2015-06-29 17:08 - 01415680 _____ (wj32) C:\Program Files\BB7LL71B.exe
2015-06-29 17:08 - 2015-06-29 17:08 - 01415680 _____ (wj32) C:\Program Files\BB1RVLRH.exe
2015-06-29 04:26 - 2015-06-29 04:33 - 00000000 ____D C:\Users\Aacer\AppData\Roaming\PhotoScape
2015-06-29 04:24 - 2015-06-29 04:26 - 18376624 _____ (Mooii) C:\Users\Aacer\Downloads\PhotoScape_V3.6.2.exe
2015-06-28 19:27 - 2015-06-28 19:27 - 01415680 _____ (wj32) C:\Program Files\SC2MY8IC.exe
2015-06-27 02:42 - 2015-06-27 02:42 - 01415680 _____ (wj32) C:\Program Files\6KAYEYUE.exe
2015-06-27 02:28 - 2015-06-27 02:28 - 01415680 _____ (wj32) C:\Program Files\SWSWWW8C.exe
2015-06-26 17:45 - 2015-06-26 17:45 - 01415680 _____ (wj32) C:\Program Files\28Y2YCY8.exe
2015-06-26 17:11 - 2015-06-26 17:11 - 01415680 _____ (wj32) C:\Program Files\44E4OYKA.exe
2015-06-25 22:43 - 2015-07-24 23:00 - 00000384 _____ C:\Windows\Tasks\PhotoSharpener.job
2015-06-25 22:43 - 2015-06-26 05:00 - 00000000 ____D C:\ProgramData\{d3bb0745-0af1-9ca2-d3bb-b07450af1d14}
2015-06-25 22:43 - 2015-06-25 23:00 - 00003270 _____ C:\Windows\System32\Tasks\PhotoSharpener
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-07-25 09:20 - 2015-04-16 22:59 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-07-25 09:04 - 2014-08-12 04:22 - 02042216 _____ C:\Windows\WindowsUpdate.log
2015-07-25 09:00 - 2013-08-22 20:36 - 00000000 ____D C:\Windows\system32\sru
2015-07-25 08:57 - 2014-08-12 04:28 - 00003600 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3430386607-3475805158-3186237351-1001
2015-07-25 08:40 - 2014-08-16 00:58 - 00000918 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3430386607-3475805158-3186237351-1001UA.job
2015-07-25 07:41 - 2014-08-13 04:36 - 00000938 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3430386607-3475805158-3186237351-1001UA.job
2015-07-25 07:14 - 2013-08-22 20:36 - 00000000 ___HD C:\Windows\ELAMBKUP
2015-07-25 07:14 - 2013-08-22 18:25 - 00262144 ___SH C:\Windows\system32\config\ELAM
2015-07-25 06:14 - 2014-08-12 05:34 - 00003910 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{B6A01099-DBC5-4B9D-A299-6EBCFFB4C89F}
2015-07-25 06:11 - 2014-11-22 14:46 - 00000000 ____D C:\Temp
2015-07-25 01:35 - 2014-08-15 11:30 - 00000000 ____D C:\Users\Aacer\AppData\Roaming\uTorrent
2015-07-25 01:01 - 2014-08-15 13:55 - 00000000 ____D C:\Users\Aacer\AppData\Roaming\vlc
2015-07-24 20:31 - 2013-09-30 09:02 - 00049352 _____ C:\Windows\PFRO.log
2015-07-24 20:31 - 2013-08-22 19:46 - 00079231 _____ C:\Windows\setupact.log
2015-07-24 20:31 - 2013-08-22 19:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-07-24 16:41 - 2014-08-13 04:36 - 00000916 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3430386607-3475805158-3186237351-1001Core.job
2015-07-24 07:15 - 2014-08-12 04:22 - 00000000 ____D C:\Users\Aacer
2015-07-24 07:02 - 2014-08-12 05:36 - 00000000 ____D C:\Software
2015-07-24 03:40 - 2014-08-16 00:58 - 00000866 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3430386607-3475805158-3186237351-1001Core.job
2015-07-21 16:32 - 2015-06-17 17:07 - 00000000 ____D C:\Users\Aacer\AppData\Everything
2015-07-17 03:35 - 2014-08-16 00:58 - 00003864 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3430386607-3475805158-3186237351-1001UA
2015-07-17 03:35 - 2014-08-16 00:58 - 00003484 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3430386607-3475805158-3186237351-1001Core
2015-07-14 23:24 - 2015-04-16 22:59 - 00003718 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-07-14 06:04 - 2014-08-13 15:19 - 00000000 ____D C:\Users\Aacer\AppData\Roaming\Skype
2015-07-14 02:19 - 2013-09-30 09:14 - 00818732 _____ C:\Windows\system32\PerfStringBackup.INI
2015-07-14 02:12 - 2014-11-25 17:59 - 00000000 ____D C:\Users\Aacer\AppData\Roaming\dvdcss
2015-07-12 11:30 - 2013-08-22 18:25 - 00000269 _____ C:\Windows\win.ini
2015-07-12 09:27 - 2013-08-22 20:36 - 00000000 ____D C:\Windows\system32\GroupPolicy
2015-07-09 12:10 - 2013-08-22 20:20 - 00000000 ____D C:\Windows\CbsTemp
2015-07-08 15:34 - 2013-08-22 20:36 - 00000000 ____D C:\Windows\AppReadiness
2015-07-08 02:20 - 2013-08-22 20:36 - 00000000 ____D C:\Windows\LiveKernelReports
2015-06-27 03:07 - 2014-12-06 16:36 - 00000000 ____D C:\Program Files (x86)\Hard Disk Sentinel
 
==================== Files in the root of some directories =======
 
2015-07-07 17:07 - 2015-07-07 17:07 - 1415680 _____ (wj32) C:\Program Files\0AUKAKG4.exe
2015-07-21 15:09 - 2015-07-21 15:09 - 1415680 _____ (wj32) C:\Program Files\0KGGK006.exe
2015-06-26 17:45 - 2015-06-26 17:45 - 1415680 _____ (wj32) C:\Program Files\28Y2YCY8.exe
2015-07-01 04:07 - 2015-07-01 04:07 - 1415680 _____ (wj32) C:\Program Files\2C2II8MY.exe
2015-07-15 03:27 - 2015-07-15 03:27 - 1415680 _____ (wj32) C:\Program Files\3N7HH77D.exe
2015-06-26 17:11 - 2015-06-26 17:11 - 1415680 _____ (wj32) C:\Program Files\44E4OYKA.exe
2015-07-01 06:18 - 2015-07-01 06:18 - 1415680 _____ (wj32) C:\Program Files\4U4EOA4U.exe
2015-07-10 15:11 - 2015-07-10 15:11 - 1415680 _____ (wj32) C:\Program Files\5P95Z5PV.exe
2015-06-27 02:42 - 2015-06-27 02:42 - 1415680 _____ (wj32) C:\Program Files\6KAYEYUE.exe
2015-07-08 17:44 - 2015-07-08 17:44 - 1415680 _____ (wj32) C:\Program Files\71R71LBH.exe
2015-07-01 05:49 - 2015-07-01 05:49 - 1415680 _____ (wj32) C:\Program Files\8EISY2OE.exe
2015-07-07 17:42 - 2015-07-07 17:42 - 1415680 _____ (wj32) C:\Program Files\8YIUO8YO.exe
2015-07-13 03:29 - 2015-07-13 03:29 - 1415680 _____ (wj32) C:\Program Files\AE4AKAUO.exe
2015-07-17 04:09 - 2015-07-17 04:09 - 1415680 _____ (wj32) C:\Program Files\AG66W6MA.exe
2015-06-30 03:14 - 2015-06-30 03:14 - 1415680 _____ (wj32) C:\Program Files\AK0EEK04.exe
2015-07-15 17:58 - 2015-07-15 17:58 - 1415680 _____ (wj32) C:\Program Files\AKGG6UKG.exe
2015-07-01 06:18 - 2015-07-01 06:18 - 1415680 _____ (wj32) C:\Program Files\AYYAAEOK.exe
2015-06-29 17:08 - 2015-06-29 17:08 - 1415680 _____ (wj32) C:\Program Files\BB1RVLRH.exe
2015-06-29 17:08 - 2015-06-29 17:08 - 1415680 _____ (wj32) C:\Program Files\BB7LL71B.exe
2015-07-10 15:11 - 2015-07-10 15:11 - 1415680 _____ (wj32) C:\Program Files\BLL7RVL7.exe
2015-07-01 15:03 - 2015-07-01 15:03 - 1415680 _____ (wj32) C:\Program Files\CWG2M66C.exe
2015-07-14 14:33 - 2015-07-14 14:33 - 1415680 _____ (wj32) C:\Program Files\DXJ3N7TX.exe
2015-06-24 20:25 - 2015-06-24 20:29 - 1415680 _____ (wj32) C:\Program Files\EUUK6IEE.exe
2015-07-11 14:18 - 2015-07-11 14:18 - 1415680 _____ (wj32) C:\Program Files\EYI2O8SY.exe
2015-07-11 14:18 - 2015-07-11 14:18 - 1415680 _____ (wj32) C:\Program Files\EYI4O8IO.exe
2015-07-21 15:41 - 2015-07-21 15:41 - 1415680 _____ (wj32) C:\Program Files\II2Y8IEI.exe
2015-07-07 18:06 - 2015-07-07 18:06 - 1415680 _____ (wj32) C:\Program Files\ISC8SMSM.exe
2015-07-09 20:39 - 2015-07-09 20:39 - 1415680 _____ (wj32) C:\Program Files\JJ5T5TTP.exe
2015-07-06 14:31 - 2015-07-06 14:31 - 1415680 _____ (wj32) C:\Program Files\MSIW2WI6.exe
2015-07-09 13:50 - 2015-07-09 13:50 - 1415680 _____ (wj32) C:\Program Files\NHDXH7NX.exe
2015-07-03 01:17 - 2015-07-03 01:17 - 1415680 _____ (wj32) C:\Program Files\OAUEYK4Y.exe
2015-07-10 15:11 - 2015-07-10 15:11 - 1415680 _____ (wj32) C:\Program Files\RL77H1HH.exe
2015-06-24 20:38 - 2015-06-24 20:38 - 1415680 _____ (wj32) C:\Program Files\S004C00K.exe
2015-06-28 19:27 - 2015-06-28 19:27 - 1415680 _____ (wj32) C:\Program Files\SC2MY8IC.exe
2015-07-11 18:08 - 2015-07-11 18:08 - 1415680 _____ (wj32) C:\Program Files\SCMWISS8.exe
2015-07-18 09:37 - 2015-07-18 09:37 - 1415680 _____ (wj32) C:\Program Files\SCWG2MW2.exe
2015-06-27 02:28 - 2015-06-27 02:28 - 1415680 _____ (wj32) C:\Program Files\SWSWWW8C.exe
2015-07-24 05:49 - 2015-07-24 05:49 - 1415680 _____ (wj32) C:\Program Files\TNZ9J3DD.exe
2015-07-08 03:48 - 2015-07-08 03:48 - 1415680 _____ (wj32) C:\Program Files\V11V717L.exe
2015-07-04 08:14 - 2015-07-04 08:14 - 1415680 _____ (wj32) C:\Program Files\VVL5V1B5.exe
2015-07-17 05:05 - 2015-07-17 05:05 - 1415680 _____ (wj32) C:\Program Files\W6KWWG0K.exe
2015-06-30 03:14 - 2015-06-30 03:14 - 1415680 _____ (wj32) C:\Program Files\YOEI4Y48.exe
2015-07-17 17:20 - 2015-07-17 17:20 - 1415680 _____ (wj32) C:\Program Files\YYYYYI84.exe
2015-07-10 15:11 - 2015-07-10 15:11 - 1415680 _____ (wj32) C:\Program Files\ZD39N9NT.exe
2015-07-10 15:11 - 2015-07-10 15:11 - 1415680 _____ (wj32) C:\Program Files\ZL5P9VFL.exe
2015-07-11 00:45 - 2015-07-25 00:12 - 0000024 _____ () C:\Users\Aacer\AppData\Roaming\appdataFr25.bin
2015-05-29 12:22 - 2015-05-29 12:22 - 95518720 __RSH (handhisprotect dividemateriallaugh) C:\Users\Aacer\AppData\Roaming\obvkhvsexs.exe
2015-07-11 03:52 - 2015-07-11 03:52 - 0000000 _____ () C:\Users\Aacer\AppData\Local\Temp.dat
2013-08-22 08:56 - 2013-08-22 08:56 - 96509952 ___SH () C:\ProgramData\msmnno.exe
 
Files to move or delete:
====================
C:\ProgramData\msmnno.exe
 
 
Some files in TEMP:
====================
C:\Users\Aacer\AppData\Local\Temp\73820.exe.exe
C:\Users\Aacer\AppData\Local\Temp\cdo1127892611.dll
C:\Users\Aacer\AppData\Local\Temp\cdo1156963098.dll
C:\Users\Aacer\AppData\Local\Temp\cdo1166464295.dll
C:\Users\Aacer\AppData\Local\Temp\cdo1237743810.dll
C:\Users\Aacer\AppData\Local\Temp\cdo1487407296.dll
C:\Users\Aacer\AppData\Local\Temp\cdo1583078445.dll
C:\Users\Aacer\AppData\Local\Temp\cdo1598698571.dll
C:\Users\Aacer\AppData\Local\Temp\cdo160232521.dll
C:\Users\Aacer\AppData\Local\Temp\cdo1630703822.dll
C:\Users\Aacer\AppData\Local\Temp\cdo1685883978.dll
C:\Users\Aacer\AppData\Local\Temp\cdo1744916647.dll
C:\Users\Aacer\AppData\Local\Temp\cdo1939778535.dll
C:\Users\Aacer\AppData\Local\Temp\cdo2060087090.dll
C:\Users\Aacer\AppData\Local\Temp\cdo213521456.dll
C:\Users\Aacer\AppData\Local\Temp\cdo2562004436.dll
C:\Users\Aacer\AppData\Local\Temp\cdo2663984662.dll
C:\Users\Aacer\AppData\Local\Temp\cdo272328154.dll
C:\Users\Aacer\AppData\Local\Temp\cdo287019699.dll
C:\Users\Aacer\AppData\Local\Temp\cdo2889827080.dll
C:\Users\Aacer\AppData\Local\Temp\cdo2918067613.dll
C:\Users\Aacer\AppData\Local\Temp\cdo3133621892.dll
C:\Users\Aacer\AppData\Local\Temp\cdo3328159305.dll
C:\Users\Aacer\AppData\Local\Temp\cdo3477340407.dll
C:\Users\Aacer\AppData\Local\Temp\cdo3509560942.dll
C:\Users\Aacer\AppData\Local\Temp\cdo3598614108.dll
C:\Users\Aacer\AppData\Local\Temp\cdo3777291429.dll
C:\Users\Aacer\AppData\Local\Temp\cdo3839858687.dll
C:\Users\Aacer\AppData\Local\Temp\cdo4062945074.dll
C:\Users\Aacer\AppData\Local\Temp\cdo4076597047.dll
C:\Users\Aacer\AppData\Local\Temp\cdo4083752747.dll
C:\Users\Aacer\AppData\Local\Temp\cdo777067644.dll
C:\Users\Aacer\AppData\Local\Temp\cdo802043537.dll
C:\Users\Aacer\AppData\Local\Temp\cdo901560291.dll
C:\Users\Aacer\AppData\Local\Temp\E449.exe
C:\Users\Aacer\AppData\Local\Temp\EsgInstallerx64Stub.exe
C:\Users\Aacer\AppData\Local\Temp\KMPAddedCode_KMP_adpageopen_Step1.exe
C:\Users\Aacer\AppData\Local\Temp\MotoCast_Installer_2.0405.exe
C:\Users\Aacer\AppData\Local\Temp\Quarantine.exe
C:\Users\Aacer\AppData\Local\Temp\Runner2.exe
C:\Users\Aacer\AppData\Local\Temp\Runner4.exe
C:\Users\Aacer\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Aacer\AppData\Local\Temp\smarter.exe
C:\Users\Aacer\AppData\Local\Temp\sqlite3.dll
C:\Users\Aacer\AppData\Local\Temp\WinSvrsve.exe
C:\Users\Aacer\AppData\Local\Temp\{03F05190-481D-4783-9FAA-5D32BE65B68C}-GoogleUpdateSetup.exe
C:\Users\Aacer\AppData\Local\Temp\~dl7D27.tmp.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-07-22 23:58
 
==================== End of log ============================

Edited by aayanmirza, 24 July 2015 - 11:01 PM.

  • 0

#4
Pyxis
Posted 24 July 2015 - 11:12 PM

Pyxis

    Trusted Helper

  • Malware Removal
  • 1,228 posts
Hello aayanmirza,
 

Thank You so much for your prompt reply. I have understood your conditions and comply to it fully. Just help me get this menace removed from my system.


You are welcome! :) Well, you have quite a nasty infection. Please do not do anything sensitive until we get your anti-virus sorted out. Note that the first step below may trigger a Blue Screen of Death (BSoD) and I ask you not to worry. In case that it does, simply reboot and let me know. We'll remove the infection in another way.
  • Step 1

    Copy and paste the following into Notepad and save as fixlist.txt to your desktop:
    CreateRestorePoint:
2015-07-07 17:07 - 2015-07-07 17:07 - 1415680 _____ (wj32) C:\Program Files\0AUKAKG4.exe
2015-07-21 15:09 - 2015-07-21 15:09 - 1415680 _____ (wj32) C:\Program Files\0KGGK006.exe
2015-06-26 17:45 - 2015-06-26 17:45 - 1415680 _____ (wj32) C:\Program Files\28Y2YCY8.exe
2015-07-01 04:07 - 2015-07-01 04:07 - 1415680 _____ (wj32) C:\Program Files\2C2II8MY.exe
2015-07-15 03:27 - 2015-07-15 03:27 - 1415680 _____ (wj32) C:\Program Files\3N7HH77D.exe
2015-06-26 17:11 - 2015-06-26 17:11 - 1415680 _____ (wj32) C:\Program Files\44E4OYKA.exe
2015-07-01 06:18 - 2015-07-01 06:18 - 1415680 _____ (wj32) C:\Program Files\4U4EOA4U.exe
2015-07-10 15:11 - 2015-07-10 15:11 - 1415680 _____ (wj32) C:\Program Files\5P95Z5PV.exe
2015-06-27 02:42 - 2015-06-27 02:42 - 1415680 _____ (wj32) C:\Program Files\6KAYEYUE.exe
2015-07-08 17:44 - 2015-07-08 17:44 - 1415680 _____ (wj32) C:\Program Files\71R71LBH.exe
2015-07-01 05:49 - 2015-07-01 05:49 - 1415680 _____ (wj32) C:\Program Files\8EISY2OE.exe
2015-07-07 17:42 - 2015-07-07 17:42 - 1415680 _____ (wj32) C:\Program Files\8YIUO8YO.exe
2015-07-13 03:29 - 2015-07-13 03:29 - 1415680 _____ (wj32) C:\Program Files\AE4AKAUO.exe
2015-07-17 04:09 - 2015-07-17 04:09 - 1415680 _____ (wj32) C:\Program Files\AG66W6MA.exe
2015-06-30 03:14 - 2015-06-30 03:14 - 1415680 _____ (wj32) C:\Program Files\AK0EEK04.exe
2015-07-15 17:58 - 2015-07-15 17:58 - 1415680 _____ (wj32) C:\Program Files\AKGG6UKG.exe
2015-07-01 06:18 - 2015-07-01 06:18 - 1415680 _____ (wj32) C:\Program Files\AYYAAEOK.exe
2015-06-29 17:08 - 2015-06-29 17:08 - 1415680 _____ (wj32) C:\Program Files\BB1RVLRH.exe
2015-06-29 17:08 - 2015-06-29 17:08 - 1415680 _____ (wj32) C:\Program Files\BB7LL71B.exe
2015-07-10 15:11 - 2015-07-10 15:11 - 1415680 _____ (wj32) C:\Program Files\BLL7RVL7.exe
2015-07-01 15:03 - 2015-07-01 15:03 - 1415680 _____ (wj32) C:\Program Files\CWG2M66C.exe
2015-07-14 14:33 - 2015-07-14 14:33 - 1415680 _____ (wj32) C:\Program Files\DXJ3N7TX.exe
2015-06-24 20:25 - 2015-06-24 20:29 - 1415680 _____ (wj32) C:\Program Files\EUUK6IEE.exe
2015-07-11 14:18 - 2015-07-11 14:18 - 1415680 _____ (wj32) C:\Program Files\EYI2O8SY.exe
2015-07-11 14:18 - 2015-07-11 14:18 - 1415680 _____ (wj32) C:\Program Files\EYI4O8IO.exe
2015-07-21 15:41 - 2015-07-21 15:41 - 1415680 _____ (wj32) C:\Program Files\II2Y8IEI.exe
2015-07-07 18:06 - 2015-07-07 18:06 - 1415680 _____ (wj32) C:\Program Files\ISC8SMSM.exe
2015-07-09 20:39 - 2015-07-09 20:39 - 1415680 _____ (wj32) C:\Program Files\JJ5T5TTP.exe
2015-07-06 14:31 - 2015-07-06 14:31 - 1415680 _____ (wj32) C:\Program Files\MSIW2WI6.exe
2015-07-09 13:50 - 2015-07-09 13:50 - 1415680 _____ (wj32) C:\Program Files\NHDXH7NX.exe
2015-07-03 01:17 - 2015-07-03 01:17 - 1415680 _____ (wj32) C:\Program Files\OAUEYK4Y.exe
2015-07-10 15:11 - 2015-07-10 15:11 - 1415680 _____ (wj32) C:\Program Files\RL77H1HH.exe
2015-06-24 20:38 - 2015-06-24 20:38 - 1415680 _____ (wj32) C:\Program Files\S004C00K.exe
2015-06-28 19:27 - 2015-06-28 19:27 - 1415680 _____ (wj32) C:\Program Files\SC2MY8IC.exe
2015-07-11 18:08 - 2015-07-11 18:08 - 1415680 _____ (wj32) C:\Program Files\SCMWISS8.exe
2015-07-18 09:37 - 2015-07-18 09:37 - 1415680 _____ (wj32) C:\Program Files\SCWG2MW2.exe
2015-06-27 02:28 - 2015-06-27 02:28 - 1415680 _____ (wj32) C:\Program Files\SWSWWW8C.exe
2015-07-24 05:49 - 2015-07-24 05:49 - 1415680 _____ (wj32) C:\Program Files\TNZ9J3DD.exe
2015-07-08 03:48 - 2015-07-08 03:48 - 1415680 _____ (wj32) C:\Program Files\V11V717L.exe
2015-07-04 08:14 - 2015-07-04 08:14 - 1415680 _____ (wj32) C:\Program Files\VVL5V1B5.exe
2015-07-17 05:05 - 2015-07-17 05:05 - 1415680 _____ (wj32) C:\Program Files\W6KWWG0K.exe
2015-06-30 03:14 - 2015-06-30 03:14 - 1415680 _____ (wj32) C:\Program Files\YOEI4Y48.exe
2015-07-17 17:20 - 2015-07-17 17:20 - 1415680 _____ (wj32) C:\Program Files\YYYYYI84.exe
2015-07-10 15:11 - 2015-07-10 15:11 - 1415680 _____ (wj32) C:\Program Files\ZD39N9NT.exe
2015-07-10 15:11 - 2015-07-10 15:11 - 1415680 _____ (wj32) C:\Program Files\ZL5P9VFL.exe
2015-07-11 00:45 - 2015-07-25 00:12 - 0000024 _____ () C:\Users\Aacer\AppData\Roaming\appdataFr25.bin
2015-05-29 12:22 - 2015-05-29 12:22 - 95518720 __RSH (handhisprotect dividemateriallaugh) C:\Users\Aacer\AppData\Roaming\obvkhvsexs.exe
2015-07-11 03:52 - 2015-07-11 03:52 - 0000000 _____ () C:\Users\Aacer\AppData\Local\Temp.dat
2013-08-22 08:56 - 2013-08-22 08:56 - 96509952 ___SH () C:\ProgramData\msmnno.exe
2015-06-25 22:43 - 2015-07-24 23:00 - 00000384 _____ C:\Windows\Tasks\PhotoSharpener.job
2015-06-25 22:43 - 2015-06-26 05:00 - 00000000 ____D C:\ProgramData\{d3bb0745-0af1-9ca2-d3bb-b07450af1d14}
2015-06-25 22:43 - 2015-06-25 23:00 - 00003270 _____ C:\Windows\System32\Tasks\PhotoSharpener
2015-06-30 00:43 - 2015-07-25 06:43 - 00000350 _____ C:\Windows\Tasks\SleekScreen.job
2015-06-30 00:43 - 2015-07-01 00:43 - 00000000 ____D C:\ProgramData\{3fa30c40-d8cb-18b4-3fa3-30c40d8c3103}
2015-06-30 00:43 - 2015-06-30 00:43 - 00003236 _____ C:\Windows\System32\Tasks\SleekScreen
2015-07-10 06:44 - 2015-07-10 06:44 - 00000000 ____D C:\Program Files (x86)\Blushing Collection
2015-07-10 06:43 - 2015-07-10 06:43 - 08016176 _____ C:\Windows\SysWOW64\1.exe
2015-07-11 03:53 - 2015-07-24 00:20 - 00000000 ____D C:\ProgramData\2a7eb6c200004524
2015-07-11 03:52 - 2015-07-11 03:52 - 00000000 _____ C:\Users\Aacer\AppData\Local\Temp.dat
2015-07-11 00:45 - 2015-07-25 00:12 - 00000024 _____ C:\Users\Aacer\AppData\Roaming\appdataFr25.bin
2015-07-11 00:44 - 2015-07-24 00:42 - 00000000 ____D C:\ProgramData\3477940395795006226
2015-07-11 00:43 - 2015-07-25 06:43 - 00000364 _____ C:\Windows\Tasks\WarriorOne.job
2015-07-11 00:43 - 2015-07-11 00:43 - 00003250 _____ C:\Windows\System32\Tasks\WarriorOne
2015-07-11 00:43 - 2015-07-11 00:43 - 00000000 ____D C:\ProgramData\{94b3e9b0-f533-4253-94b3-3e9b0f53a6c3}
2015-07-12 08:27 - 2015-07-12 08:27 - 00000000 ____D C:\ProgramData\WindowsMangerProtect
2015-07-12 08:33 - 2015-07-11 19:05 - 00048784 _____ (StdLib) C:\Windows\system32\Drivers\{027aeb7e-f8c3-4c10-be2c-627699fea100}Gw64.sys
2015-07-13 06:43 - 2015-07-25 06:43 - 00000364 _____ C:\Windows\Tasks\SnoozeNoMore.job
2015-07-13 06:43 - 2015-07-13 06:43 - 00003250 _____ C:\Windows\System32\Tasks\SnoozeNoMore
2015-07-13 06:43 - 2015-07-13 06:43 - 00000000 ____D C:\ProgramData\{be8b68f5-ed6b-e1fd-be8b-b68f5ed6a3d7}
2015-07-21 16:32 - 2015-07-24 20:32 - 00000000 ____D C:\Program Files (x86)\SFK
2015-07-24 00:41 - 2015-07-24 00:41 - 00000000 ____D C:\Program Files (x86)\SSaVeNEWaAAppz
2015-07-24 00:41 - 2015-07-24 00:41 - 00000000 ____D C:\Program Files (x86)\SaveNewaAPPpz
2015-07-24 00:41 - 2015-07-24 00:41 - 00000000 ____D C:\Program Files (x86)\SaevENewaAppz
2015-07-24 00:20 - 2015-07-24 00:20 - 00000000 ____D C:\Program Files (x86)\TampaMonitor
2015-07-24 17:33 - 2015-07-24 17:33 - 00000000 ____D C:\Program Files (x86)\Thoughtless Lack
R1 {027aeb7e-f8c3-4c10-be2c-627699fea100}Gw64; C:\Windows\System32\drivers\{027aeb7e-f8c3-4c10-be2c-627699fea100}Gw64.sys [48784 2015-07-11] (StdLib)
R4 cm_km_w; system32\DRIVERS\cm_km_w.sys [X]
R4 kl1; system32\DRIVERS\kl1.sys [X]
R4 kldisk; \SystemRoot\system32\DRIVERS\kldisk.sys [X]
R4 klflt; \SystemRoot\system32\DRIVERS\klflt.sys [X]
R4 klhk; \SystemRoot\system32\DRIVERS\klhk.sys [X]
R4 KLIF; system32\DRIVERS\klif.sys [X]
R4 klkbdflt2; \SystemRoot\system32\DRIVERS\klkbdflt2.sys [X]
R4 klpd; \SystemRoot\system32\DRIVERS\klpd.sys [X]
R4 klwfp; \SystemRoot\system32\DRIVERS\klwfp.sys [X]
R4 kneps; \SystemRoot\system32\DRIVERS\kneps.sys [X]
R4 KProcessHacker2; \??\C:\Program Files\kprocesshacker.sys [X]
R2 229c2d9f; c:\Program Files (x86)\TampaMonitor\TampaMonitor.dll [1596928 2015-07-24] () [File not signed]
R2 Blushing Collection; C:\Program Files (x86)\Blushing Collection\Blushing Collection.exe [8016176 2015-07-10] () [File not signed] <==== ATTENTION
R2 SSFK; C:\Program Files (x86)\SFK\SSFK.exe [459464 2015-07-21] (TODO: <公司名>)
R2 Thoughtless Lack; C:\Program Files (x86)\Thoughtless Lack\Thoughtless Lack.exe [8016023 2015-07-24] () [File not signed] <==== ATTENTION
R2 VSSS; C:\Users\Aacer\AppData\Roaming\Microsoft\SystemCertificates\VSSVC.exe [106678144 2015-06-24] (Microsoft Corporation) [File not signed] <==== ATTENTION
R2 WindowsMangerProtect; C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe [707240 2015-07-12] (DTools LIMITED) <==== ATTENTION
S4 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S4 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
SearchScopes: HKU\S-1-5-21-3430386607-3475805158-3186237351-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://do-search.com...q={searchTerms}
SearchScopes: HKU\S-1-5-21-3430386607-3475805158-3186237351-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://do-search.com...q={searchTerms}
SearchScopes: HKU\S-1-5-21-3430386607-3475805158-3186237351-1001 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = http://do-search.com...q={searchTerms}
SearchScopes: HKU\S-1-5-21-3430386607-3475805158-3186237351-1001 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = http://do-search.com...q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.oursurfin...q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.oursurfin...q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.oursurfin...q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.oursurfin...q={searchTerms}
HKU\S-1-5-21-3430386607-3475805158-3186237351-1001\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.delta-...q={searchTerms}
HKU\S-1-5-21-3430386607-3475805158-3186237351-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3430386607-3475805158-3186237351-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://arabia.msn.com/
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
Startup: C:\Users\Aacer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\k.lnk [2015-05-29]
ShortcutTarget: k.lnk -> C:\Users\Aacer\AppData\Roaming\obvkhvsexs.exe (handhisprotect dividemateriallaugh)
Task: C:\Windows\Tasks\PhotoSharpener.job => 0x03060100003FD50A000AE14292F621FE34A2F6AC46004E01000000003C000A0020000000FEFFFFFF000000000013040000208021DF070700050018001700000000002A000000590063003A005C00700072006F006700720061006D0064006100740061005C007B00640033006200620030003700340035002D0030006100660031002D0039006300610032002D0064003300620062002D006200300037003400350030006100660031006400310034007D005C0073006100720061006B007400690020006A0061007900650020006800610069002000720075006B00680020007300650020006E0061007100610062002E00650078006500000015002D002D0073007400610072007400750070003D00310020002D002D00730069006E0067006C006500000000000B0061006300650072005C004100610063006500720000000000000008000000000000000000010030000000DF070600190000000000000017000000A0050000680100000000000001000000010000000000000000000000
Task: C:\Windows\Tasks\SleekScreen.job => c:\programdata\{3fa30c40-d8cb-18b4-3fa3-30c40d8c3103}\bad blood (ft.exe <==== ATTENTION
Task: C:\Windows\Tasks\SnoozeNoMore.job => c:\programdata\{be8b68f5-ed6b-e1fd-be8b-b68f5ed6a3d7}\7002301141314949535b.exe <==== ATTENTION
Task: C:\Windows\Tasks\WarriorOne.job => c:\programdata\{94b3e9b0-f533-4253-94b3-3e9b0f53a6c3}\6254054569876868221b.exe <==== ATTENTION
Task: {B6316612-9947-4B73-8912-254DE3A9F95C} - System32\Tasks\SnoozeNoMore => c:\programdata\{be8b68f5-ed6b-e1fd-be8b-b68f5ed6a3d7}\7002301141314949535b.exe [2014-07-13] () <==== ATTENTION
Task: {8DAC418D-9B1A-463D-BCAC-F32D5CF9AE07} - System32\Tasks\PhotoSharpener => c:\programdata\{d3bb0745-0af1-9ca2-d3bb-b07450af1d14}\sarakti jaye hai rukh se naqab.exe [2014-07-06] () <==== ATTENTION
Task: {4D1AECB1-F0EA-4DE2-BC85-E588BBFB40B4} - System32\Tasks\{3621783D-6972-4E47-9D6E-A2BE5259FBF5} => pcalua.exe -a "D:\Roshan\New folder (6)\New folder\SAMSUNG_USB_Driver_for_Mobile_Phones.exe" -d "D:\Roshan\New folder (6)\New folder"
Task: {5675C73D-B4E4-4A35-8A17-F40582027073} - System32\Tasks\{D8777E68-AAF4-4841-BF3C-935A05430D4B} => pcalua.exe -a "C:\Program Files (x86)\Picexa\uninstall.exe"
Task: {5BCF5DA3-2F96-4D5F-A945-BBAD33B42109} - System32\Tasks\SleekScreen => c:\programdata\{3fa30c40-d8cb-18b4-3fa3-30c40d8c3103}\bad blood (ft.exe [2014-06-30] () <==== ATTENTION
Task: {1C3B410F-B198-4AC6-ACB0-660595CC903C} - System32\Tasks\{328BE588-43D1-441C-9EBB-62B46E6CB52E} => pcalua.exe -a "D:\Roshan\Android Root\Kingo ROOT\unins000.exe"
Task: {1EA9DC15-5F78-48E3-A1C5-BFE154230A1A} - System32\Tasks\WarriorOne => c:\programdata\{94b3e9b0-f533-4253-94b3-3e9b0f53a6c3}\6254054569876868221b.exe [2014-07-11] () <==== ATTENTION
RemoveProxy:
EmptyTemp:
CMD: bitsadmin /reset /allusers
    • Run your copy of FRST. It is important to ensure it is located in your desktop.
    • Press the Fix button.
    • It will produce a log (fixlog.txt) once done.
    • Copy (CTRL + A and CTRL + C) and paste (CTRL + V) the content of the log in your next reply.
  • Step 2

    Download 'AdwCleaner by Xplode' and save it to your desktop.
    • Simply double-click the program icon to run it. It will ask for administrator privileges.
    • Read the Terms of Use and click I Agree.
    • Click Scan and choose Clean after.
    • Wait for it to finish. It won't take long.
    • Click OK for the next prompts. Your system will automatically reboot.
    • A log will automatically pop-up after rebooting. Alternatively, you can find it at C:\AdwCleaner\AdwCleaner[S*].txt.
    • Copy (CTRL + A and CTRL + C) and paste (CTRL + V) the content of the log in your next reply.
  • Logs to Post

    In summary of the above, I will need you to post the following log(s):
    • fixlog.txt (Farbar Recovery Scan Tool)
    • AdwCleaner[S*].txt (AdwCleaner)

  • 0

#5
aayanmirza
Posted 24 July 2015 - 11:38 PM

aayanmirza

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts

Okay so I did as you asked, thankfully no BSoD. Here are the log results:

 

Fixlog.txt:

 

Fix result of Farbar Recovery Scan Tool (x64) Version:20-07-2015
Ran by Aacer at 2015-07-25 10:17:03 Run:1
Running from C:\Users\Aacer\Desktop
Loaded Profiles: Aacer (Available Profiles: Aacer)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CreateRestorePoint:
2015-07-07 17:07 - 2015-07-07 17:07 - 1415680 _____ (wj32) C:\Program Files\0AUKAKG4.exe
2015-07-21 15:09 - 2015-07-21 15:09 - 1415680 _____ (wj32) C:\Program Files\0KGGK006.exe
2015-06-26 17:45 - 2015-06-26 17:45 - 1415680 _____ (wj32) C:\Program Files\28Y2YCY8.exe
2015-07-01 04:07 - 2015-07-01 04:07 - 1415680 _____ (wj32) C:\Program Files\2C2II8MY.exe
2015-07-15 03:27 - 2015-07-15 03:27 - 1415680 _____ (wj32) C:\Program Files\3N7HH77D.exe
2015-06-26 17:11 - 2015-06-26 17:11 - 1415680 _____ (wj32) C:\Program Files\44E4OYKA.exe
2015-07-01 06:18 - 2015-07-01 06:18 - 1415680 _____ (wj32) C:\Program Files\4U4EOA4U.exe
2015-07-10 15:11 - 2015-07-10 15:11 - 1415680 _____ (wj32) C:\Program Files\5P95Z5PV.exe
2015-06-27 02:42 - 2015-06-27 02:42 - 1415680 _____ (wj32) C:\Program Files\6KAYEYUE.exe
2015-07-08 17:44 - 2015-07-08 17:44 - 1415680 _____ (wj32) C:\Program Files\71R71LBH.exe
2015-07-01 05:49 - 2015-07-01 05:49 - 1415680 _____ (wj32) C:\Program Files\8EISY2OE.exe
2015-07-07 17:42 - 2015-07-07 17:42 - 1415680 _____ (wj32) C:\Program Files\8YIUO8YO.exe
2015-07-13 03:29 - 2015-07-13 03:29 - 1415680 _____ (wj32) C:\Program Files\AE4AKAUO.exe
2015-07-17 04:09 - 2015-07-17 04:09 - 1415680 _____ (wj32) C:\Program Files\AG66W6MA.exe
2015-06-30 03:14 - 2015-06-30 03:14 - 1415680 _____ (wj32) C:\Program Files\AK0EEK04.exe
2015-07-15 17:58 - 2015-07-15 17:58 - 1415680 _____ (wj32) C:\Program Files\AKGG6UKG.exe
2015-07-01 06:18 - 2015-07-01 06:18 - 1415680 _____ (wj32) C:\Program Files\AYYAAEOK.exe
2015-06-29 17:08 - 2015-06-29 17:08 - 1415680 _____ (wj32) C:\Program Files\BB1RVLRH.exe
2015-06-29 17:08 - 2015-06-29 17:08 - 1415680 _____ (wj32) C:\Program Files\BB7LL71B.exe
2015-07-10 15:11 - 2015-07-10 15:11 - 1415680 _____ (wj32) C:\Program Files\BLL7RVL7.exe
2015-07-01 15:03 - 2015-07-01 15:03 - 1415680 _____ (wj32) C:\Program Files\CWG2M66C.exe
2015-07-14 14:33 - 2015-07-14 14:33 - 1415680 _____ (wj32) C:\Program Files\DXJ3N7TX.exe
2015-06-24 20:25 - 2015-06-24 20:29 - 1415680 _____ (wj32) C:\Program Files\EUUK6IEE.exe
2015-07-11 14:18 - 2015-07-11 14:18 - 1415680 _____ (wj32) C:\Program Files\EYI2O8SY.exe
2015-07-11 14:18 - 2015-07-11 14:18 - 1415680 _____ (wj32) C:\Program Files\EYI4O8IO.exe
2015-07-21 15:41 - 2015-07-21 15:41 - 1415680 _____ (wj32) C:\Program Files\II2Y8IEI.exe
2015-07-07 18:06 - 2015-07-07 18:06 - 1415680 _____ (wj32) C:\Program Files\ISC8SMSM.exe
2015-07-09 20:39 - 2015-07-09 20:39 - 1415680 _____ (wj32) C:\Program Files\JJ5T5TTP.exe
2015-07-06 14:31 - 2015-07-06 14:31 - 1415680 _____ (wj32) C:\Program Files\MSIW2WI6.exe
2015-07-09 13:50 - 2015-07-09 13:50 - 1415680 _____ (wj32) C:\Program Files\NHDXH7NX.exe
2015-07-03 01:17 - 2015-07-03 01:17 - 1415680 _____ (wj32) C:\Program Files\OAUEYK4Y.exe
2015-07-10 15:11 - 2015-07-10 15:11 - 1415680 _____ (wj32) C:\Program Files\RL77H1HH.exe
2015-06-24 20:38 - 2015-06-24 20:38 - 1415680 _____ (wj32) C:\Program Files\S004C00K.exe
2015-06-28 19:27 - 2015-06-28 19:27 - 1415680 _____ (wj32) C:\Program Files\SC2MY8IC.exe
2015-07-11 18:08 - 2015-07-11 18:08 - 1415680 _____ (wj32) C:\Program Files\SCMWISS8.exe
2015-07-18 09:37 - 2015-07-18 09:37 - 1415680 _____ (wj32) C:\Program Files\SCWG2MW2.exe
2015-06-27 02:28 - 2015-06-27 02:28 - 1415680 _____ (wj32) C:\Program Files\SWSWWW8C.exe
2015-07-24 05:49 - 2015-07-24 05:49 - 1415680 _____ (wj32) C:\Program Files\TNZ9J3DD.exe
2015-07-08 03:48 - 2015-07-08 03:48 - 1415680 _____ (wj32) C:\Program Files\V11V717L.exe
2015-07-04 08:14 - 2015-07-04 08:14 - 1415680 _____ (wj32) C:\Program Files\VVL5V1B5.exe
2015-07-17 05:05 - 2015-07-17 05:05 - 1415680 _____ (wj32) C:\Program Files\W6KWWG0K.exe
2015-06-30 03:14 - 2015-06-30 03:14 - 1415680 _____ (wj32) C:\Program Files\YOEI4Y48.exe
2015-07-17 17:20 - 2015-07-17 17:20 - 1415680 _____ (wj32) C:\Program Files\YYYYYI84.exe
2015-07-10 15:11 - 2015-07-10 15:11 - 1415680 _____ (wj32) C:\Program Files\ZD39N9NT.exe
2015-07-10 15:11 - 2015-07-10 15:11 - 1415680 _____ (wj32) C:\Program Files\ZL5P9VFL.exe
2015-07-11 00:45 - 2015-07-25 00:12 - 0000024 _____ () C:\Users\Aacer\AppData\Roaming\appdataFr25.bin
2015-05-29 12:22 - 2015-05-29 12:22 - 95518720 __RSH (handhisprotect dividemateriallaugh) C:\Users\Aacer\AppData\Roaming\obvkhvsexs.exe
2015-07-11 03:52 - 2015-07-11 03:52 - 0000000 _____ () C:\Users\Aacer\AppData\Local\Temp.dat
2013-08-22 08:56 - 2013-08-22 08:56 - 96509952 ___SH () C:\ProgramData\msmnno.exe
2015-06-25 22:43 - 2015-07-24 23:00 - 00000384 _____ C:\Windows\Tasks\PhotoSharpener.job
2015-06-25 22:43 - 2015-06-26 05:00 - 00000000 ____D C:\ProgramData\{d3bb0745-0af1-9ca2-d3bb-b07450af1d14}
2015-06-25 22:43 - 2015-06-25 23:00 - 00003270 _____ C:\Windows\System32\Tasks\PhotoSharpener
2015-06-30 00:43 - 2015-07-25 06:43 - 00000350 _____ C:\Windows\Tasks\SleekScreen.job
2015-06-30 00:43 - 2015-07-01 00:43 - 00000000 ____D C:\ProgramData\{3fa30c40-d8cb-18b4-3fa3-30c40d8c3103}
2015-06-30 00:43 - 2015-06-30 00:43 - 00003236 _____ C:\Windows\System32\Tasks\SleekScreen
2015-07-10 06:44 - 2015-07-10 06:44 - 00000000 ____D C:\Program Files (x86)\Blushing Collection
2015-07-10 06:43 - 2015-07-10 06:43 - 08016176 _____ C:\Windows\SysWOW64\1.exe
2015-07-11 03:53 - 2015-07-24 00:20 - 00000000 ____D C:\ProgramData\2a7eb6c200004524
2015-07-11 03:52 - 2015-07-11 03:52 - 00000000 _____ C:\Users\Aacer\AppData\Local\Temp.dat
2015-07-11 00:45 - 2015-07-25 00:12 - 00000024 _____ C:\Users\Aacer\AppData\Roaming\appdataFr25.bin
2015-07-11 00:44 - 2015-07-24 00:42 - 00000000 ____D C:\ProgramData\3477940395795006226
2015-07-11 00:43 - 2015-07-25 06:43 - 00000364 _____ C:\Windows\Tasks\WarriorOne.job
2015-07-11 00:43 - 2015-07-11 00:43 - 00003250 _____ C:\Windows\System32\Tasks\WarriorOne
2015-07-11 00:43 - 2015-07-11 00:43 - 00000000 ____D C:\ProgramData\{94b3e9b0-f533-4253-94b3-3e9b0f53a6c3}
2015-07-12 08:27 - 2015-07-12 08:27 - 00000000 ____D C:\ProgramData\WindowsMangerProtect
2015-07-12 08:33 - 2015-07-11 19:05 - 00048784 _____ (StdLib) C:\Windows\system32\Drivers\{027aeb7e-f8c3-4c10-be2c-627699fea100}Gw64.sys
2015-07-13 06:43 - 2015-07-25 06:43 - 00000364 _____ C:\Windows\Tasks\SnoozeNoMore.job
2015-07-13 06:43 - 2015-07-13 06:43 - 00003250 _____ C:\Windows\System32\Tasks\SnoozeNoMore
2015-07-13 06:43 - 2015-07-13 06:43 - 00000000 ____D C:\ProgramData\{be8b68f5-ed6b-e1fd-be8b-b68f5ed6a3d7}
2015-07-21 16:32 - 2015-07-24 20:32 - 00000000 ____D C:\Program Files (x86)\SFK
2015-07-24 00:41 - 2015-07-24 00:41 - 00000000 ____D C:\Program Files (x86)\SSaVeNEWaAAppz
2015-07-24 00:41 - 2015-07-24 00:41 - 00000000 ____D C:\Program Files (x86)\SaveNewaAPPpz
2015-07-24 00:41 - 2015-07-24 00:41 - 00000000 ____D C:\Program Files (x86)\SaevENewaAppz
2015-07-24 00:20 - 2015-07-24 00:20 - 00000000 ____D C:\Program Files (x86)\TampaMonitor
2015-07-24 17:33 - 2015-07-24 17:33 - 00000000 ____D C:\Program Files (x86)\Thoughtless Lack
R1 {027aeb7e-f8c3-4c10-be2c-627699fea100}Gw64; C:\Windows\System32\drivers\{027aeb7e-f8c3-4c10-be2c-627699fea100}Gw64.sys [48784 2015-07-11] (StdLib)
R4 cm_km_w; system32\DRIVERS\cm_km_w.sys [X]
R4 kl1; system32\DRIVERS\kl1.sys [X]
R4 kldisk; \SystemRoot\system32\DRIVERS\kldisk.sys [X]
R4 klflt; \SystemRoot\system32\DRIVERS\klflt.sys [X]
R4 klhk; \SystemRoot\system32\DRIVERS\klhk.sys [X]
R4 KLIF; system32\DRIVERS\klif.sys [X]
R4 klkbdflt2; \SystemRoot\system32\DRIVERS\klkbdflt2.sys [X]
R4 klpd; \SystemRoot\system32\DRIVERS\klpd.sys [X]
R4 klwfp; \SystemRoot\system32\DRIVERS\klwfp.sys [X]
R4 kneps; \SystemRoot\system32\DRIVERS\kneps.sys [X]
R4 KProcessHacker2; \??\C:\Program Files\kprocesshacker.sys [X]
R2 229c2d9f; c:\Program Files (x86)\TampaMonitor\TampaMonitor.dll [1596928 2015-07-24] () [File not signed]
R2 Blushing Collection; C:\Program Files (x86)\Blushing Collection\Blushing Collection.exe [8016176 2015-07-10] () [File not signed] <==== ATTENTION
R2 SSFK; C:\Program Files (x86)\SFK\SSFK.exe [459464 2015-07-21] (TODO: <公司名>)
R2 Thoughtless Lack; C:\Program Files (x86)\Thoughtless Lack\Thoughtless Lack.exe [8016023 2015-07-24] () [File not signed] <==== ATTENTION
R2 VSSS; C:\Users\Aacer\AppData\Roaming\Microsoft\SystemCertificates\VSSVC.exe [106678144 2015-06-24] (Microsoft Corporation) [File not signed] <==== ATTENTION
R2 WindowsMangerProtect; C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe [707240 2015-07-12] (DTools LIMITED) <==== ATTENTION
S4 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S4 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
SearchScopes: HKU\S-1-5-21-3430386607-3475805158-3186237351-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://do-search.com...q={searchTerms}
SearchScopes: HKU\S-1-5-21-3430386607-3475805158-3186237351-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://do-search.com...q={searchTerms}
SearchScopes: HKU\S-1-5-21-3430386607-3475805158-3186237351-1001 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = http://do-search.com...q={searchTerms}
SearchScopes: HKU\S-1-5-21-3430386607-3475805158-3186237351-1001 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = http://do-search.com...q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.oursurfin...q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.oursurfin...q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.oursurfin...q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.oursurfin...q={searchTerms}
HKU\S-1-5-21-3430386607-3475805158-3186237351-1001\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.delta-...q={searchTerms}
HKU\S-1-5-21-3430386607-3475805158-3186237351-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3430386607-3475805158-3186237351-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://arabia.msn.com/
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
Startup: C:\Users\Aacer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\k.lnk [2015-05-29]
ShortcutTarget: k.lnk -> C:\Users\Aacer\AppData\Roaming\obvkhvsexs.exe (handhisprotect dividemateriallaugh)
Task: C:\Windows\Tasks\PhotoSharpener.job => 0x03060100003FD50A000AE14292F621FE34A2F6AC46004E01000000003C000A0020000000FEFFFFFF000000000013040000208021DF070700050018001700000000002A000000590063003A005C00700072006F006700720061006D0064006100740061005C007B00640033006200620030003700340035002D0030006100660031002D0039006300610032002D0064003300620062002D006200300037003400350030006100660031006400310034007D005C0073006100720061006B007400690020006A0061007900650020006800610069002000720075006B00680020007300650020006E0061007100610062002E00650078006500000015002D002D0073007400610072007400750070003D00310020002D002D00730069006E0067006C006500000000000B0061006300650072005C004100610063006500720000000000000008000000000000000000010030000000DF070600190000000000000017000000A0050000680100000000000001000000010000000000000000000000
Task: C:\Windows\Tasks\SleekScreen.job => c:\programdata\{3fa30c40-d8cb-18b4-3fa3-30c40d8c3103}\bad blood (ft.exe <==== ATTENTION
Task: C:\Windows\Tasks\SnoozeNoMore.job => c:\programdata\{be8b68f5-ed6b-e1fd-be8b-b68f5ed6a3d7}\7002301141314949535b.exe <==== ATTENTION
Task: C:\Windows\Tasks\WarriorOne.job => c:\programdata\{94b3e9b0-f533-4253-94b3-3e9b0f53a6c3}\6254054569876868221b.exe <==== ATTENTION
Task: {B6316612-9947-4B73-8912-254DE3A9F95C} - System32\Tasks\SnoozeNoMore => c:\programdata\{be8b68f5-ed6b-e1fd-be8b-b68f5ed6a3d7}\7002301141314949535b.exe [2014-07-13] () <==== ATTENTION
Task: {8DAC418D-9B1A-463D-BCAC-F32D5CF9AE07} - System32\Tasks\PhotoSharpener => c:\programdata\{d3bb0745-0af1-9ca2-d3bb-b07450af1d14}\sarakti jaye hai rukh se naqab.exe [2014-07-06] () <==== ATTENTION
Task: {4D1AECB1-F0EA-4DE2-BC85-E588BBFB40B4} - System32\Tasks\{3621783D-6972-4E47-9D6E-A2BE5259FBF5} => pcalua.exe -a "D:\Roshan\New folder (6)\New folder\SAMSUNG_USB_Driver_for_Mobile_Phones.exe" -d "D:\Roshan\New folder (6)\New folder"
Task: {5675C73D-B4E4-4A35-8A17-F40582027073} - System32\Tasks\{D8777E68-AAF4-4841-BF3C-935A05430D4B} => pcalua.exe -a "C:\Program Files (x86)\Picexa\uninstall.exe"
Task: {5BCF5DA3-2F96-4D5F-A945-BBAD33B42109} - System32\Tasks\SleekScreen => c:\programdata\{3fa30c40-d8cb-18b4-3fa3-30c40d8c3103}\bad blood (ft.exe [2014-06-30] () <==== ATTENTION
Task: {1C3B410F-B198-4AC6-ACB0-660595CC903C} - System32\Tasks\{328BE588-43D1-441C-9EBB-62B46E6CB52E} => pcalua.exe -a "D:\Roshan\Android Root\Kingo ROOT\unins000.exe"
Task: {1EA9DC15-5F78-48E3-A1C5-BFE154230A1A} - System32\Tasks\WarriorOne => c:\programdata\{94b3e9b0-f533-4253-94b3-3e9b0f53a6c3}\6254054569876868221b.exe [2014-07-11] () <==== ATTENTION
RemoveProxy:
EmptyTemp:
CMD: bitsadmin /reset /allusers
*****************
 
Restore point was successfully created.
C:\Program Files\0AUKAKG4.exe => moved successfully.
C:\Program Files\0KGGK006.exe => moved successfully.
C:\Program Files\28Y2YCY8.exe => moved successfully.
C:\Program Files\2C2II8MY.exe => moved successfully.
C:\Program Files\3N7HH77D.exe => moved successfully.
C:\Program Files\44E4OYKA.exe => moved successfully.
C:\Program Files\4U4EOA4U.exe => moved successfully.
C:\Program Files\5P95Z5PV.exe => moved successfully.
C:\Program Files\6KAYEYUE.exe => moved successfully.
C:\Program Files\71R71LBH.exe => moved successfully.
C:\Program Files\8EISY2OE.exe => moved successfully.
C:\Program Files\8YIUO8YO.exe => moved successfully.
C:\Program Files\AE4AKAUO.exe => moved successfully.
C:\Program Files\AG66W6MA.exe => moved successfully.
C:\Program Files\AK0EEK04.exe => moved successfully.
C:\Program Files\AKGG6UKG.exe => moved successfully.
C:\Program Files\AYYAAEOK.exe => moved successfully.
C:\Program Files\BB1RVLRH.exe => moved successfully.
C:\Program Files\BB7LL71B.exe => moved successfully.
C:\Program Files\BLL7RVL7.exe => moved successfully.
C:\Program Files\CWG2M66C.exe => moved successfully.
C:\Program Files\DXJ3N7TX.exe => moved successfully.
C:\Program Files\EUUK6IEE.exe => moved successfully.
C:\Program Files\EYI2O8SY.exe => moved successfully.
C:\Program Files\EYI4O8IO.exe => moved successfully.
C:\Program Files\II2Y8IEI.exe => moved successfully.
C:\Program Files\ISC8SMSM.exe => moved successfully.
C:\Program Files\JJ5T5TTP.exe => moved successfully.
C:\Program Files\MSIW2WI6.exe => moved successfully.
C:\Program Files\NHDXH7NX.exe => moved successfully.
C:\Program Files\OAUEYK4Y.exe => moved successfully.
C:\Program Files\RL77H1HH.exe => moved successfully.
C:\Program Files\S004C00K.exe => moved successfully.
C:\Program Files\SC2MY8IC.exe => moved successfully.
C:\Program Files\SCMWISS8.exe => moved successfully.
C:\Program Files\SCWG2MW2.exe => moved successfully.
C:\Program Files\SWSWWW8C.exe => moved successfully.
C:\Program Files\TNZ9J3DD.exe => moved successfully.
C:\Program Files\V11V717L.exe => moved successfully.
C:\Program Files\VVL5V1B5.exe => moved successfully.
C:\Program Files\W6KWWG0K.exe => moved successfully.
C:\Program Files\YOEI4Y48.exe => moved successfully.
C:\Program Files\YYYYYI84.exe => moved successfully.
C:\Program Files\ZD39N9NT.exe => moved successfully.
C:\Program Files\ZL5P9VFL.exe => moved successfully.
C:\Users\Aacer\AppData\Roaming\appdataFr25.bin => moved successfully.
C:\Users\Aacer\AppData\Roaming\obvkhvsexs.exe => moved successfully.
C:\Users\Aacer\AppData\Local\Temp.dat => moved successfully.
Could not move "C:\ProgramData\msmnno.exe" => Scheduled to move on reboot.
C:\Windows\Tasks\PhotoSharpener.job => moved successfully.
C:\ProgramData\{d3bb0745-0af1-9ca2-d3bb-b07450af1d14} => moved successfully.
C:\Windows\System32\Tasks\PhotoSharpener => moved successfully.
C:\Windows\Tasks\SleekScreen.job => moved successfully.
C:\ProgramData\{3fa30c40-d8cb-18b4-3fa3-30c40d8c3103} => moved successfully.
C:\Windows\System32\Tasks\SleekScreen => moved successfully.
C:\Program Files (x86)\Blushing Collection => moved successfully.
C:\Windows\SysWOW64\1.exe => moved successfully.
C:\ProgramData\2a7eb6c200004524 => moved successfully.
"C:\Users\Aacer\AppData\Local\Temp.dat" => File/Folder not found.
"C:\Users\Aacer\AppData\Roaming\appdataFr25.bin" => File/Folder not found.
C:\ProgramData\3477940395795006226 => moved successfully.
C:\Windows\Tasks\WarriorOne.job => moved successfully.
C:\Windows\System32\Tasks\WarriorOne => moved successfully.
C:\ProgramData\{94b3e9b0-f533-4253-94b3-3e9b0f53a6c3} => moved successfully.
C:\ProgramData\WindowsMangerProtect => moved successfully.
C:\Windows\system32\Drivers\{027aeb7e-f8c3-4c10-be2c-627699fea100}Gw64.sys => moved successfully.
C:\Windows\Tasks\SnoozeNoMore.job => moved successfully.
C:\Windows\System32\Tasks\SnoozeNoMore => moved successfully.
C:\ProgramData\{be8b68f5-ed6b-e1fd-be8b-b68f5ed6a3d7} => moved successfully.
C:\Program Files (x86)\SFK => moved successfully.
C:\Program Files (x86)\SSaVeNEWaAAppz => moved successfully.
C:\Program Files (x86)\SaveNewaAPPpz => moved successfully.
C:\Program Files (x86)\SaevENewaAppz => moved successfully.
C:\Program Files (x86)\TampaMonitor => moved successfully.
C:\Program Files (x86)\Thoughtless Lack => moved successfully.
{027aeb7e-f8c3-4c10-be2c-627699fea100}Gw64 => Unable to stop service.
{027aeb7e-f8c3-4c10-be2c-627699fea100}Gw64 => Service removed successfully
cm_km_w => Unable to stop service.
cm_km_w => Service removed successfully
kl1 => Unable to stop service.
kl1 => Service removed successfully
kldisk => Unable to stop service.
kldisk => Service removed successfully
klflt => Unable to stop service.
klflt => Service removed successfully
klhk => Unable to stop service.
klhk => Service removed successfully
KLIF => Unable to stop service.
KLIF => Service removed successfully
klkbdflt2 => Unable to stop service.
klkbdflt2 => Service removed successfully
klpd => Unable to stop service.
klpd => Service removed successfully
klwfp => Unable to stop service.
klwfp => Service removed successfully
kneps => Unable to stop service.
kneps => Service removed successfully
KProcessHacker2 => Unable to stop service.
KProcessHacker2 => Service removed successfully
229c2d9f => Unable to stop service.
229c2d9f => Service removed successfully
Blushing Collection => Service removed successfully
SSFK => Unable to stop service.
SSFK => Service removed successfully
Thoughtless Lack => Service removed successfully
VSSS => Unable to stop service.
VSSS => Service removed successfully
WindowsMangerProtect => Unable to stop service.
WindowsMangerProtect => Service removed successfully
gupdate => Service removed successfully
gupdatem => Service removed successfully
HKU\S-1-5-21-3430386607-3475805158-3186237351-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
"HKU\S-1-5-21-3430386607-3475805158-3186237351-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found. 
"HKU\S-1-5-21-3430386607-3475805158-3186237351-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}" => key removed successfully
HKCR\CLSID\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} => key not found. 
"HKU\S-1-5-21-3430386607-3475805158-3186237351-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E733165D-CBCF-4FDA-883E-ADEF965B476C}" => key removed successfully
HKCR\CLSID\{E733165D-CBCF-4FDA-883E-ADEF965B476C} => key not found. 
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully
HKU\S-1-5-21-3430386607-3475805158-3186237351-1001\Software\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
HKU\S-1-5-21-3430386607-3475805158-3186237351-1001\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKU\S-1-5-21-3430386607-3475805158-3186237351-1001\Software\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache => value removed successfully
C:\Windows\system32\GroupPolicy\Machine => moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully.
"HKLM\SOFTWARE\Policies\Google" => key removed successfully
C:\Users\Aacer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\k.lnk => moved successfully.
C:\Users\Aacer\AppData\Roaming\obvkhvsexs.exe not found.
C:\Windows\Tasks\PhotoSharpener.job not found.
C:\Windows\Tasks\SleekScreen.job not found.
C:\Windows\Tasks\SnoozeNoMore.job not found.
C:\Windows\Tasks\WarriorOne.job not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B6316612-9947-4B73-8912-254DE3A9F95C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B6316612-9947-4B73-8912-254DE3A9F95C}" => key removed successfully
C:\Windows\System32\Tasks\SnoozeNoMore not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SnoozeNoMore" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8DAC418D-9B1A-463D-BCAC-F32D5CF9AE07}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8DAC418D-9B1A-463D-BCAC-F32D5CF9AE07}" => key removed successfully
C:\Windows\System32\Tasks\PhotoSharpener not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PhotoSharpener" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4D1AECB1-F0EA-4DE2-BC85-E588BBFB40B4}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4D1AECB1-F0EA-4DE2-BC85-E588BBFB40B4}" => key removed successfully
C:\Windows\System32\Tasks\{3621783D-6972-4E47-9D6E-A2BE5259FBF5} => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{3621783D-6972-4E47-9D6E-A2BE5259FBF5}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5675C73D-B4E4-4A35-8A17-F40582027073}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5675C73D-B4E4-4A35-8A17-F40582027073}" => key removed successfully
C:\Windows\System32\Tasks\{D8777E68-AAF4-4841-BF3C-935A05430D4B} => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{D8777E68-AAF4-4841-BF3C-935A05430D4B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5BCF5DA3-2F96-4D5F-A945-BBAD33B42109}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5BCF5DA3-2F96-4D5F-A945-BBAD33B42109}" => key removed successfully
C:\Windows\System32\Tasks\SleekScreen not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SleekScreen" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1C3B410F-B198-4AC6-ACB0-660595CC903C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1C3B410F-B198-4AC6-ACB0-660595CC903C}" => key removed successfully
C:\Windows\System32\Tasks\{328BE588-43D1-441C-9EBB-62B46E6CB52E} => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{328BE588-43D1-441C-9EBB-62B46E6CB52E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1EA9DC15-5F78-48E3-A1C5-BFE154230A1A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1EA9DC15-5F78-48E3-A1C5-BFE154230A1A}" => key removed successfully
C:\Windows\System32\Tasks\WarriorOne not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WarriorOne" => key removed successfully
 
========= RemoveProxy: =========
 
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-3430386607-3475805158-3186237351-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-3430386607-3475805158-3186237351-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
 
 
========= End of RemoveProxy: =========
 
 
=========  bitsadmin /reset /allusers =========
 
 
BITSADMIN version 3.0 [ 7.7.9600 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.
 
BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.
 
Unable to cancel {CF266615-CF95-4B36-9B73-E845C2596760}.
Unable to cancel {F37E8BEF-F650-43B9-B541-ED4D81CA52CE}.
Unable to cancel {4BF80C8B-0A45-4A38-B462-30CE593B8FED}.
Unable to cancel {ED56DDEA-690A-48CA-89BD-65AC6C3F4AAF}.
Unable to cancel {B0674E0E-A234-4CE5-AE88-C15E0928603F}.
Unable to cancel {46BA8AA1-8DC8-48E5-A855-184FC32240FD}.
Unable to cancel {BBFD5B57-6CD8-4937-A426-6584E1BBB43A}.
Unable to cancel {F7A85DDD-A569-4FC3-859D-723160691D7E}.
Unable to cancel {9B5F6100-9478-4D14-BA33-1F57986FBCA2}.
Unable to cancel {18274FDB-37B9-4997-8FA4-86FD3EAB5912}.
Unable to cancel {11651223-8868-48D8-A7D3-E6B61FC48515}.
Unable to cancel {103EAFBC-B628-48A7-8FBC-DAD9BE9C309E}.
Unable to cancel {FB247757-36BC-4F46-92DE-9451CCD0C4DC}.
Unable to cancel {6F51AE36-6AE3-4140-B297-74E7C2C85A4E}.
Unable to cancel {790ED9B5-9EF8-4361-B8BD-374CC574E2D2}.
Unable to cancel {CF43BEE2-8F87-4E77-8B20-B231FC684836}.
Unable to cancel {01BABC39-147C-485D-B9E0-DFAB355D00ED}.
Unable to cancel {1E8ABD4C-65B6-4E28-B86A-5B7B6B5049F4}.
Unable to cancel {4BAD0D5B-0DC5-44F8-B013-E36DDF2E90A4}.
Unable to cancel {7672B976-9830-4388-8F15-673EA2F0D7B7}.
Unable to cancel {98EEBFA0-51EE-4BAA-8969-0811E31692AA}.
Unable to cancel {BA87F8A5-A370-4340-84B4-50BBF4092258}.
Unable to cancel {630F43EB-3B57-4ADB-8E50-4CAC9D28C561}.
Unable to cancel {2705C0A2-3B5C-415D-B2E3-44CBC06FF3D5}.
Unable to cancel {B64B3C51-CF98-4394-AA67-2C24FE7E3F09}.
Unable to cancel {498ECD95-B28B-431F-BC44-9E5F9C4302C8}.
Unable to cancel {80752A40-9D99-4DD2-AC6A-13B872F86B89}.
Unable to cancel {F0B3B95B-AE36-4E34-80F3-2F285E7213E6}.
Unable to cancel {6C8DA0AA-2991-4B6E-96B0-42CEA4055E98}.
Unable to cancel {F292CE01-4384-46A3-870E-FE2CDD771575}.
Unable to cancel {D904C698-C712-4253-95C9-DA8D322616D7}.
Unable to cancel {C17E4D3D-C24A-4AA3-8FD5-4922E4C0EFA7}.
Unable to cancel {460AF983-3C46-48FA-8A08-0668D2B0EAD3}.
Unable to cancel {53D03A5F-AC9A-439D-9D0B-2FF1597B41E7}.
Unable to cancel {944973D4-0318-4986-B02B-477517ED4EE3}.
Unable to cancel {09D90177-D704-4D67-B6DB-6094B34963D2}.
Unable to cancel {576F4E25-662E-4AE9-8183-71FA87F9917E}.
Unable to cancel {1E30D57B-A1C7-4C67-AC47-C80C1C8B974F}.
Unable to cancel {85D86D4A-DC38-4AB4-B1C5-09CF39C3F280}.
Unable to cancel {35995215-58C1-4574-96D7-1AFFC680305F}.
Unable to cancel {4C4D5A15-36EA-40B2-AC70-52AF2ECE3237}.
Unable to cancel {B1090418-EF0E-47E5-B246-A720ABD11142}.
{B0FAF26B-6E67-43BA-A08B-F61DB3B8F842} canceled.
{BFBD72BD-260C-472C-A390-8F82FCA7EFCB} canceled.
{C4757901-CFFD-4A42-B0A4-319B82948345} canceled.
{3F9D852E-8113-44ED-B4EC-6C912C4D8D88} canceled.
{146D3C1F-0389-47F4-96F0-144A9564D8D1} canceled.
{9B9C21A7-E686-4C68-AFDF-47823D1BD9BB} canceled.
{2D9EB2FA-FFAB-4263-84DF-6EA19D938A31} canceled.
{784378AE-7E76-40E7-A79A-B6B6DDE9B054} canceled.
{FE7256E5-5D94-46DA-9B38-A8B8468151D5} canceled.
{8A1F433F-7F67-46C7-B8D1-96FAE881D756} canceled.
Unable to cancel {25787C65-09F5-42D0-A21A-79850E925FA8}.
Unable to cancel {6F91D8CB-D0E2-4EBB-ABEB-8A1F79120DC9}.
Unable to cancel {54294310-6897-4984-9908-7A7AE76C77F3}.
Unable to cancel {195F5F66-6763-42C9-BAFA-33252334105A}.
Unable to cancel {F9A3DF41-5940-4A9F-B995-D50F28D74F0E}.
Unable to cancel {80AE9D1C-2562-4176-B4D2-985DB5022712}.
Unable to cancel {EA1FBEE4-D135-442C-B695-EBB18819664B}.
Unable to cancel {21B115DC-7B54-46CC-83CD-90CD31A668AD}.
Unable to cancel {5018CD0E-EF9F-4E87-A2D7-31D6BF3634E1}.
Unable to cancel {15BDE6B4-7378-45FF-BEF8-F5F8DFEDD257}.
Unable to cancel {E2B6CFE1-BC94-49DA-B2E1-9F4A8FF069D5}.
Unable to cancel {7208044F-8723-4EB9-8A39-1F823777EC03}.
Unable to cancel {29BD81E1-44C4-4416-B355-6B952F21DB3B}.
Unable to cancel {FD318183-1E7B-4A85-8629-A85B4F0446B7}.
Unable to cancel {E7018C8B-0357-416D-93E3-0B9CF6E4F601}.
Unable to cancel {873FE4B6-A393-4A37-9E70-27598482F085}.
Unable to cancel {B3DAC3CF-3F56-4CCC-8EAB-B27BCD634181}.
Unable to cancel {4D29A7ED-EB86-4148-8821-5D190481CD3B}.
Unable to cancel {1B2CCF8F-C176-4C18-B884-79BDC1465477}.
Unable to cancel {AECF01DD-7A7E-4E27-BBF1-EDEBA87965BB}.
Unable to cancel {E073D649-CC00-4336-9C6E-6FFC47A516BB}.
Unable to cancel {D9A1B575-266D-49E7-AFC0-254909929C47}.
Unable to cancel {0CDFEBC6-78FA-49DB-8A7B-7552F0ACF8E4}.
Unable to cancel {F2278FFD-21DF-484C-B084-FF516798F1CC}.
Unable to cancel {CE84B625-05AB-4525-850C-10D2D1EE3F4E}.
Unable to cancel {313CC138-CFAE-49A4-BF92-CD9204FADBBF}.
Unable to cancel {F83D302F-BBE9-4B92-A5AB-E1370FE29291}.
Unable to cancel {87AB46A4-6CAC-4218-9F53-9BF23D45422F}.
Unable to cancel {BEA6671E-CEB4-4C7C-8506-63001F094240}.
Unable to cancel {D0DE9E2E-9C0E-4581-8506-A03F489914CB}.
Unable to cancel {B1E1B3E2-0484-4CD8-A394-A16558A87562}.
Unable to cancel {EFDFC568-94E2-4DF0-83A5-490043D302F2}.
Unable to cancel {B374998C-BA8D-4008-9521-1AD466DB1BBB}.
Unable to cancel {283739F3-195A-40CF-9030-76194368033D}.
Unable to cancel {3650830E-4758-46CF-87D7-98AD587BE4EA}.
Unable to cancel {BDBB8CDF-133D-4610-A45F-9A8D87A6D400}.
Unable to cancel {42E6580D-38C7-42C7-98E8-9FD315A6547C}.
Unable to cancel {A6E2710F-AA3F-445C-A584-EBACDA564083}.
Unable to cancel {00A8E768-41AB-49D4-B97B-834FE04A7E87}.
Unable to cancel {FBC7C001-0E01-472C-B825-CC87FB1ABCBF}.
Unable to cancel {F31B9365-A255-437D-A2A9-0BA46592CB8B}.
Unable to cancel {B8D69AA3-CDEC-49F8-A417-65FED82648E1}.
Unable to cancel {874BC779-015C-4489-92BB-A0BEC59CA0F5}.
Unable to cancel {6E7279CA-8676-4A14-AADD-38B54D4DB422}.
Unable to cancel {E2963D30-FD44-4FBE-A92C-EB9E2B308538}.
Unable to cancel {E20F88DF-B847-4627-8B1B-7E1253C19C1F}.
Unable to cancel {A86AEAAE-5B99-44F4-B9C0-E0C51744CEEF}.
Unable to cancel {7AA9FDA8-7CED-40E3-9CD6-601A08EB8F9A}.
Unable to cancel {A49ED43D-E3CA-4215-BD96-1296C3C3961A}.
Unable to cancel {B18584EB-16D7-491E-B7E7-3C718432F720}.
Unable to cancel {9581C29E-A661-449E-80D7-C906F16BCE06}.
Unable to cancel {CC05ADD2-1257-4967-9796-07B9679C85CC}.
Unable to cancel {ED371469-13D2-44B3-9C2A-21C4B6810BAC}.
Unable to cancel {58906ACF-EC40-4DF8-911D-7067F7EA770C}.
Unable to cancel {0DD77033-29E3-4343-8F1B-B0486F0A462F}.
Unable to cancel {08568669-4786-43A0-BDAB-49E8175439AB}.
Unable to cancel {B8832B2F-3C8B-4071-A3DC-3EEAF4E8E84E}.
Unable to cancel {40D1B9EB-D165-46D7-B713-2A102E2B5777}.
Unable to cancel {B8293CE5-F428-49C0-956C-9B8CB279C586}.
Unable to cancel {4A0D95E0-26B1-417E-BE24-A558D6DCA57D}.
Unable to cancel {96646778-3510-4B8D-8561-D5E3D0C4EC70}.
Unable to cancel {4549717E-BE3B-4B71-8082-168EE7B23C59}.
Unable to cancel {7AB18C6D-915D-4CE5-9946-8900AA9AC142}.
Unable to cancel {5D9DB038-2768-4C25-9101-93424C0C9209}.
Unable to cancel {692DE96B-4DD4-4B23-AE61-E9E2BDE60922}.
Unable to cancel {3E9FC3CB-51D9-4696-A68F-119560265AA4}.
Unable to cancel {707225B7-953B-4F01-918E-42DD296AACD3}.
Unable to cancel {4C7F8830-943C-4629-BF51-E002CA70FE77}.
Unable to cancel {AA6B6BA7-86EA-46AC-A2DD-3FE1DEF502E8}.
Unable to cancel {E95BF07A-4753-4521-A639-34CB3B05B934}.
Unable to cancel {8AD5D8F5-EAE1-4EFD-9724-4F29D0BE66AF}.
Unable to cancel {20706ECD-979F-49E0-9587-7C4E8DEAE113}.
Unable to cancel {775753EA-553E-4B70-9542-1A37539477C2}.
Unable to cancel {BD7431DE-6A51-46F2-BB83-8582A0B1D78F}.
Unable to cancel {EB777BF2-492E-4C7D-B124-11C4B288802F}.
Unable to cancel {AAE811A7-D778-4D63-8681-21F2B048C369}.
Unable to cancel {F5B74A55-AC98-4852-B8B9-BD362E8C851B}.
Unable to cancel {E1899630-E727-4F1C-9C11-595FBA25744D}.
Unable to cancel {D1EF0A64-80E4-4596-A9C5-FA5EEC866728}.
Unable to cancel {987696D1-86C8-4642-9312-0D9D6E34497A}.
Unable to cancel {0DBCC615-4609-4DAF-965B-57430F40599E}.
Unable to cancel {245F631C-7785-4BD2-A8DF-7C869349D2C8}.
Unable to cancel {B243685C-B9F1-4550-B7F2-7438FAF8567F}.
Unable to cancel {B25C0A6A-D22C-41DE-A64E-A7E3F0E4EEB7}.
Unable to cancel {C564FD79-8A08-4071-8D1E-451D47D50156}.
Unable to cancel {1B94D088-FB98-416D-8D8F-C6AE821C031B}.
Unable to cancel {E73FCFBA-7C24-4BC2-BF05-427774CE9BAD}.
Unable to cancel {47BA44BC-9196-45D2-BE91-C4A86C948423}.
Unable to cancel {6571C4A1-F259-458B-A7C6-A6CFBDD1CE43}.
Unable to cancel {BC62356C-28CA-4DE6-9AAB-CDE41ACEC436}.
Unable to cancel {1366188B-DE06-46B5-81FF-EF64A195EABB}.
Unable to cancel {A49DE6BF-63CB-47AF-8D6B-271FEC93F593}.
Unable to cancel {426B4E55-7E5F-4835-A30D-9E8F5097DBDD}.
Unable to cancel {C2A35EA6-92FF-4954-8A0F-4E6511292149}.
Unable to cancel {9EBB19FF-C734-4756-AB75-F58AFEC7E592}.
Unable to cancel {F78B694D-56A3-4AA7-968E-400C1C7F716D}.
Unable to cancel {5C4A9667-890B-45A3-9CCD-182E82CFCFF2}.
10 out of 149 jobs canceled.
 
========= End of CMD: =========
 
EmptyTemp: => 2.2 GB temporary data Removed.
 
Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 2015-07-25 10:21:46)<=
 
C:\ProgramData\msmnno.exe => Is moved successfully
 
==== End of Fixlog 10:21:46 ====

 

ADW Cleaner:

 

# AdwCleaner v4.208 - Logfile created 25/07/2015 at 10:30:40

# Updated 09/07/2015 by Xplode
# Database : 2015-07-15.1 [Server]
# Operating system : Windows 8.1 Pro  (x64)
# Username : Aacer - ACER
# Running from : C:\Users\Aacer\Desktop\AdwCleaner.exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\Program Files (x86)\globalUpdate
Folder Deleted : C:\Program Files (x86)\STab
Folder Deleted : C:\Program Files (x86)\miuitab
Folder Deleted : C:\Users\Aacer\AppData\Local\cool_mirage
Folder Deleted : C:\Users\Aacer\AppData\Local\globalUpdate
 
***** [ Scheduled tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WindowsMangerProtect
Key Deleted : HKLM\SOFTWARE\27dc909b-c193-861c-11df-6a46c48f4bb3
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{229c2d9f}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{51D26BB4-4D2C-4AE4-9873-5FF41B6DED1F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{DC4101EC-F2D3-4648-A1F6-B4EECC52443A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{51D26BB4-4D2C-4AE4-9873-5FF41B6DED1F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{51D26BB4-4D2C-4AE4-9873-5FF41B6DED1F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Key Deleted : HKCU\Software\GlobalUpdate
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\GlobalUpdate
Key Deleted : HKLM\SOFTWARE\hdcode
Key Deleted : HKLM\SOFTWARE\SupDp
Key Deleted : HKLM\SOFTWARE\supWindowsMangerProtect
Key Deleted : HKLM\SOFTWARE\{12A61307-94CD-4F8E-94BC-918E511FAA81}
Key Deleted : HKLM\SOFTWARE\oursurfingSoftware
Key Deleted : HKLM\SOFTWARE\PicexaSvc
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17416
 
 
-\\ Google Chrome v43.0.2357.132
 
 
*************************
 
AdwCleaner[R0].txt - [6024 bytes] - [24/07/2015 06:30:43]
AdwCleaner[R1].txt - [3163 bytes] - [25/07/2015 10:27:53]
AdwCleaner[R2].txt - [3222 bytes] - [25/07/2015 10:30:00]
AdwCleaner[S0].txt - [3155 bytes] - [25/07/2015 10:30:40]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3214  bytes] ##########
 
 
 
 
 
By the way, you guys really friendly, aren't you? Not to forget prompt also, very prompt. Believe me, you have earned one more fan already. :)

Edited by aayanmirza, 24 July 2015 - 11:39 PM.

  • 0

#6
Pyxis
Posted 25 July 2015 - 12:08 AM

Pyxis

    Trusted Helper

  • Malware Removal
  • 1,228 posts

Okay so I did as you asked, thankfully no BSoD. By the way, you guys really friendly, aren't you? Not to forget prompt also, very prompt. Believe me, you have earned one more fan already. :)


Thank you for the kind words. :yeah: Looks like luck is on our side... I'd love to start the party, but it is a little too early for that so bear with me as we fix some broken components.
  • Step 1

    After examining your logs, I have seen that you currently have one or more P2P Programs installed. I would recommend their removal as the networks these programs are involved in are breeding places for malware. The things you are downloading are not one hundred percent safe as they can be uploaded by anyone on the Internet, some possibly aiding in the propagation of malware.

    More can be read from the following sources:You are advised to remove the following programs by uninstalling them:
    • µTorrent
    Note: This step is optional. You may or may not remove the programs, however I strongly suggest getting rid or disabling them before we continue with the process.
  • Step 2

    Download 'Junkware Removal Tool by thisisu' and save it to your desktop.
    • Ensure all programs and windows are closed before proceeding.
    • Simply double-click the program icon to run it. It will ask for administrator privileges.
    • A black window will appear. Press any key to continue.
    • Wait for it to finish. It won't take long.
    • A log will automatically pop-up once done. Alternatively, you can find JRT.txt at your desktop.
    • Copy (CTRL + A and CTRL + C) and paste (CTRL + V) the content of the log in your next reply.
  • Step 3

    Part of the removal process necessitates the removal and re-installation of certain security programs. Kindly follow the below steps to proceed.
    • Fully uninstall the Kaspersky Lab product you installed earlier. This can be done by following 'this' guide.
    • Attempt to uninstall Avast normally via Programs and Features.
    If you run into any errors, let me know.
  • Step 4

    Run your copy of Farbar Recovery Scan Tool by double-clicking it.
    • Put a check on Addition.
    • Press the Scan button after.
    • It will produce FRST.txt and Addition.txt on your desktop once done.
    • Copy (CTRL + A and CTRL + C) and paste (CTRL + V) the content of the logs in your next reply.
  • Logs to Post

    In summary of the above, I will need you to post the following log(s):
    • Addition.txt (Farbar Recovery Scan Tool)
    • FRST.txt (Farbar Recovery Scan Tool)
    • JRT.txt (Junkware Removal Tool)

  • 0

#7
aayanmirza
Posted 25 July 2015 - 01:17 AM

aayanmirza

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts

So, did all as you asked. Didn't uninstall utorrent though, but I didn't do it because there are two programs put on hold in middle of their install. Will get rid of it as soon as those programs install. For the log reports you demanded, here they are. please check.

 

FRST:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:20-07-2015

Ran by Aacer (administrator) on ACER on 25-07-2015 12:10:32
Running from C:\Users\Aacer\Desktop
Loaded Profiles: Aacer (Available Profiles: Aacer)
Platform: Windows 8.1 Pro (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
() C:\ProgramData\Broadband\OnlineUpdate\ouc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
() C:\ProgramData\DatacardService\HWDeviceService64.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
(Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
(Motorola) C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
(DEVGURU Co., LTD.) C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(MyCity) C:\Program Files (x86)\MCShield\MCShieldRTM.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngtool.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngtool.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311616 2015-02-24] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [6109776 2015-07-25] (AVAST Software)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [TaskbarNoNotification] 1
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-3430386607-3475805158-3186237351-1001\...\Run: [Facebook Update] => C:\Users\Aacer\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2014-08-13] (Facebook Inc.)
HKU\S-1-5-21-3430386607-3475805158-3186237351-1001\...\Run: [Google Update] => C:\Users\Aacer\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2014-08-16] (Google Inc.)
HKU\S-1-5-21-3430386607-3475805158-3186237351-1001\...\Run: [MCShield Monitor] => C:\Program Files (x86)\MCShield\mcshieldrtm.exe [650816 2014-04-11] (MyCity)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-07-25] (AVAST Software)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-07-25] (AVAST Software)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-07-25] (AVAST Software)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{F1DCDEBF-D22F-428E-B8CE-62A5AA190457}: [DhcpNameServer] 192.168.1.1
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_209.dll [2015-07-14] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-07-14] ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-02-13] (Google, Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin HKU\S-1-5-21-3430386607-3475805158-3186237351-1001: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Aacer\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-25] (Skype Limited)
FF Plugin HKU\S-1-5-21-3430386607-3475805158-3186237351-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\Aacer\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-3430386607-3475805158-3186237351-1001: @talk.google.com/O1DPlugin -> C:\Users\Aacer\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-3430386607-3475805158-3186237351-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Aacer\AppData\Local\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-17] (Google Inc.)
FF Plugin HKU\S-1-5-21-3430386607-3475805158-3186237351-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Aacer\AppData\Local\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-17] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Aacer\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Aacer\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-07-25]
 
Chrome: 
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\Aacer\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (eye perform) - C:\Users\Aacer\AppData\Local\Google\Chrome\User Data\Default\Extensions\nodekcgolphhlampolknphjfkjpkghhd [2015-07-12]
CHR Profile: C:\Users\Aacer\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Profile: C:\Users\Aacer\AppData\Local\Google\Chrome\User Data\Profile 3
CHR Extension: (Google Slides) - C:\Users\Aacer\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-07-24]
CHR Extension: (Google Docs) - C:\Users\Aacer\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\aohghmighlieiainnegkcijnfilokake [2015-07-24]
CHR Extension: (Google Drive) - C:\Users\Aacer\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-07-24]
CHR Extension: (YouTube) - C:\Users\Aacer\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-07-24]
CHR Extension: (Google Search) - C:\Users\Aacer\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-07-24]
CHR Extension: (Google Sheets) - C:\Users\Aacer\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-07-24]
CHR Extension: (Gmail) - C:\Users\Aacer\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-07-24]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-07-25]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [146600 2015-07-25] (AVAST Software)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4047768 2015-07-25] (Avast Software)
S2 Broadband. RunOuc; C:\Program Files (x86)\Broadband\UpdateDog\ouc.exe [655712 2015-02-22] ()
R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] ()
R2 Motorola Device Manager; C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [137528 2013-11-15] (Motorola Mobility LLC)
R2 PST Service; C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [65657 2011-09-02] (Motorola) [File not signed]
S2 SkypeUpdate; C:\Software\Skype\Updater\Updater.exe [315488 2015-02-18] (Skype Technologies)
R2 ss_conn_service; C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2014-12-03] (DEVGURU Co., LTD.)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-07-25] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [90968 2015-07-25] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-07-25] (AVAST Software)
S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-07-25] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1048856 2015-07-25] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [447944 2015-07-25] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [150160 2015-07-25] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [274808 2015-07-25] (AVAST Software)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [146856 2013-06-04] (Windows ® Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [21928 2013-06-04] (Windows ® Win 7 DDK provider)
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2014-12-16] ()
U5 ew_hwusbdev; C:\Windows\System32\Drivers\ew_hwusbdev.sys [117248 2015-02-22] (Huawei Technologies Co., Ltd.)
R0 ngvss; C:\Windows\System32\Drivers\ngvss.sys [115152 2015-07-25] (AVAST Software)
S3 RTL8187B; C:\Windows\system32\DRIVERS\rtl8187B.sys [459336 2013-06-18] (Realtek Semiconductor Corporation                           )
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [43832 2014-08-12] (Synaptics Incorporated)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [273824 2015-07-25] (Avast Software)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-07-25 12:10 - 2015-07-25 12:11 - 00012492 _____ C:\Users\Aacer\Desktop\FRST.txt
2015-07-25 12:10 - 2015-07-25 12:10 - 00000000 ____D C:\Users\Aacer\AppData\Roaming\AVAST Software
2015-07-25 12:09 - 2015-07-25 12:09 - 00001938 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2015-07-25 12:09 - 2015-07-25 12:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-07-25 12:08 - 2015-07-25 12:08 - 01048856 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2015-07-25 12:08 - 2015-07-25 12:08 - 00447944 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2015-07-25 12:08 - 2015-07-25 12:08 - 00378880 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2015-07-25 12:08 - 2015-07-25 12:08 - 00274808 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2015-07-25 12:08 - 2015-07-25 12:08 - 00150160 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2015-07-25 12:08 - 2015-07-25 12:08 - 00115152 _____ (AVAST Software) C:\Windows\system32\Drivers\ngvss.sys
2015-07-25 12:08 - 2015-07-25 12:08 - 00093528 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2015-07-25 12:08 - 2015-07-25 12:08 - 00090968 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2015-07-25 12:08 - 2015-07-25 12:08 - 00065224 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2015-07-25 12:08 - 2015-07-25 12:08 - 00043112 _____ (AVAST Software) C:\Windows\avastSS.scr
2015-07-25 12:08 - 2015-07-25 12:08 - 00028656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2015-07-25 12:08 - 2015-07-25 12:08 - 00003924 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2015-07-25 11:52 - 2015-07-25 11:52 - 00000000 ____D C:\Program Files\AVAST Software
2015-07-25 11:51 - 2015-07-25 11:52 - 00000000 ____D C:\ProgramData\AVAST Software
2015-07-25 11:38 - 2015-07-25 11:38 - 05961024 _____ (AVAST Software) C:\Users\Aacer\Desktop\avastclear.exe
2015-07-25 11:26 - 2015-07-25 11:30 - 00053940 _____ C:\Users\Aacer\Desktop\kavremvr 2015-07-25 11-26-21 (pid 3412).log
2015-07-25 11:26 - 2015-04-29 19:44 - 07373624 _____ (Kaspersky Lab ZAO) C:\Users\Aacer\Desktop\kavremover.exe
2015-07-25 11:25 - 2015-07-25 11:25 - 03279147 _____ C:\Users\Aacer\Desktop\kavremover.zip
2015-07-25 11:21 - 2015-07-25 11:35 - 00000024 _____ C:\Users\Aacer\AppData\Roaming\appdataFr25.bin
2015-07-25 11:21 - 2015-07-25 11:21 - 00001309 _____ C:\Users\Aacer\Desktop\JRT.txt
2015-07-25 11:15 - 2015-07-25 11:15 - 01798288 _____ (Malwarebytes Corporation) C:\Users\Aacer\Desktop\JRT.exe
2015-07-25 10:27 - 2015-07-25 10:27 - 02248704 _____ C:\Users\Aacer\Desktop\AdwCleaner.exe
2015-07-25 09:26 - 2015-07-25 12:10 - 00000000 ____D C:\FRST
2015-07-25 09:25 - 2015-07-25 09:25 - 02135552 _____ (Farbar) C:\Users\Aacer\Desktop\FRST64.exe
2015-07-25 07:58 - 2015-07-25 11:48 - 00000000 ____D C:\ProgramData\MCShield
2015-07-25 07:58 - 2015-07-25 07:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MCShield
2015-07-25 07:58 - 2015-07-25 07:58 - 00000000 ____D C:\Program Files (x86)\MCShield
2015-07-25 07:57 - 2015-07-25 07:58 - 02856736 _____ (MyCity) C:\Users\Aacer\Downloads\MCShield-Setup.exe
2015-07-25 07:41 - 2015-07-25 07:41 - 00000000 ____D C:\Windows\SysWOW64\vbox
2015-07-25 07:41 - 2015-07-25 07:41 - 00000000 ____D C:\Windows\system32\vbox
2015-07-25 06:47 - 2015-07-25 06:47 - 00000000 ____D C:\ProgramData\Kaspersky Lab Setup Files
2015-07-24 07:08 - 2015-07-24 07:11 - 00002364 _____ C:\Users\Aacer\Desktop\Google Chrome.lnk
2015-07-24 06:33 - 2015-07-24 06:33 - 543659474 _____ C:\Windows\MEMORY.DMP
2015-07-24 06:33 - 2015-07-24 06:33 - 00262144 _____ C:\Windows\Minidump\072415-17828-01.dmp
2015-07-24 06:33 - 2015-07-24 06:33 - 00000000 ____D C:\Windows\Minidump
2015-07-24 06:30 - 2015-07-25 10:30 - 00000000 ____D C:\AdwCleaner
2015-07-21 15:54 - 2015-07-21 17:36 - 00000000 ____D C:\Users\Aacer\Desktop\kcn
2015-06-29 04:26 - 2015-06-29 04:33 - 00000000 ____D C:\Users\Aacer\AppData\Roaming\PhotoScape
2015-06-29 04:24 - 2015-06-29 04:26 - 18376624 _____ (Mooii) C:\Users\Aacer\Downloads\PhotoScape_V3.6.2.exe
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-07-25 12:09 - 2014-08-12 04:22 - 01587046 _____ C:\Windows\WindowsUpdate.log
2015-07-25 12:02 - 2013-08-22 20:36 - 00000000 ____D C:\Windows\system32\sru
2015-07-25 11:53 - 2014-08-12 04:28 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3430386607-3475805158-3186237351-1001
2015-07-25 11:51 - 2014-08-12 05:36 - 00000000 ____D C:\Software
2015-07-25 11:48 - 2014-11-22 14:46 - 00000000 ____D C:\Temp
2015-07-25 11:48 - 2013-08-22 19:46 - 00079695 _____ C:\Windows\setupact.log
2015-07-25 11:48 - 2013-08-22 19:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-07-25 11:47 - 2013-09-30 09:02 - 00548496 _____ C:\Windows\PFRO.log
2015-07-25 11:40 - 2014-08-16 00:58 - 00000918 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3430386607-3475805158-3186237351-1001UA.job
2015-07-25 11:20 - 2015-04-16 22:59 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-07-25 11:17 - 2013-08-22 20:36 - 00000000 ____D C:\Windows\AppReadiness
2015-07-25 11:16 - 2014-08-15 11:30 - 00000000 ____D C:\Users\Aacer\AppData\Roaming\uTorrent
2015-07-25 11:12 - 2013-08-22 20:20 - 00000000 ____D C:\Windows\CbsTemp
2015-07-25 10:41 - 2014-08-13 04:36 - 00000938 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3430386607-3475805158-3186237351-1001UA.job
2015-07-25 10:18 - 2013-08-22 20:36 - 00000000 ____D C:\Windows\system32\GroupPolicy
2015-07-25 07:14 - 2013-08-22 20:36 - 00000000 ___HD C:\Windows\ELAMBKUP
2015-07-25 07:14 - 2013-08-22 18:25 - 00262144 ___SH C:\Windows\system32\config\ELAM
2015-07-25 06:14 - 2014-08-12 05:34 - 00003910 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{B6A01099-DBC5-4B9D-A299-6EBCFFB4C89F}
2015-07-25 01:01 - 2014-08-15 13:55 - 00000000 ____D C:\Users\Aacer\AppData\Roaming\vlc
2015-07-24 16:41 - 2014-08-13 04:36 - 00000916 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3430386607-3475805158-3186237351-1001Core.job
2015-07-24 07:15 - 2014-08-12 04:22 - 00000000 ____D C:\Users\Aacer
2015-07-24 03:40 - 2014-08-16 00:58 - 00000866 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3430386607-3475805158-3186237351-1001Core.job
2015-07-21 16:32 - 2015-06-17 17:07 - 00000000 ____D C:\Users\Aacer\AppData\Everything
2015-07-17 03:35 - 2014-08-16 00:58 - 00003864 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3430386607-3475805158-3186237351-1001UA
2015-07-17 03:35 - 2014-08-16 00:58 - 00003484 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3430386607-3475805158-3186237351-1001Core
2015-07-14 23:24 - 2015-04-16 22:59 - 00003718 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-07-14 06:04 - 2014-08-13 15:19 - 00000000 ____D C:\Users\Aacer\AppData\Roaming\Skype
2015-07-14 02:19 - 2013-09-30 09:14 - 00818732 _____ C:\Windows\system32\PerfStringBackup.INI
2015-07-14 02:12 - 2014-11-25 17:59 - 00000000 ____D C:\Users\Aacer\AppData\Roaming\dvdcss
2015-07-12 11:30 - 2013-08-22 18:25 - 00000269 _____ C:\Windows\win.ini
2015-07-08 02:20 - 2013-08-22 20:36 - 00000000 ____D C:\Windows\LiveKernelReports
2015-06-27 03:07 - 2014-12-06 16:36 - 00000000 ____D C:\Program Files (x86)\Hard Disk Sentinel
 
==================== Files in the root of some directories =======
 
2015-07-25 11:21 - 2015-07-25 11:35 - 0000024 _____ () C:\Users\Aacer\AppData\Roaming\appdataFr25.bin
 
Some files in TEMP:
====================
C:\Users\Aacer\AppData\Local\Temp\Quarantine.exe
C:\Users\Aacer\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-07-22 23:58
 
==================== End of log ============================
 
 
Addition:
 
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Aacer (S-1-5-21-3430386607-3475805158-3186237351-1001 - Administrator - Enabled) => C:\Users\Aacer
Administrator (S-1-5-21-3430386607-3475805158-3186237351-500 - Administrator - Disabled)
Guest (S-1-5-21-3430386607-3475805158-3186237351-501 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-3430386607-3475805158-3186237351-1001\...\uTorrent) (Version: 3.4.3.40298 - BitTorrent Inc.)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.3.2223 - AVAST Software)
Broadband (HKLM-x32\...\Broadband) (Version: 21.005.22.00.172 - Huawei Technologies Co.,Ltd)
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.132 - Google Inc.)
Google Talk Plugin (HKLM-x32\...\{CA3DD97D-1FD7-37A7-BD5C-FC4430C8B8E6}) (Version: 5.41.2.0 - Google)
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
Kingo ROOT version 1.3.6.2289 (HKLM-x32\...\{AE7675D6-0B31-494F-ABFA-822E1A0FDF17}_is1) (Version: 1.3.6.2289 - Kingosoft Technology Ltd.)
MCShield ::Anti-Malware Tool:: (HKLM-x32\...\MCShield) (Version: 3.0.5.28 - MyCity)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Motorola Device Manager (HKLM-x32\...\{28DB8373-C1BB-444F-A427-A55585A12ED7}) (Version: 2.4.5 - Motorola Mobility)
Motorola Device Software Update (x32 Version: 13.09.3001 - Motorola Mobility) Hidden
Motorola Mobile Drivers Installation 6.3.0 (HKLM\...\{759E6A2F-1F01-45EF-A0C4-22F1B56CB975}) (Version: 6.3.0 - Motorola Mobility LLC)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.3.15024.5 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.6.3.15024.5 - Samsung Electronics Co., Ltd.) Hidden
Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.15041.2 - Samsung Electronics Co., Ltd.)
Samsung Kies3 (x32 Version: 3.2.15041.2 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.51.0 - SAMSUNG Electronics Co., Ltd.)
Skype™ 7.3 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.3.101 - Skype Technologies S.A.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.10.19 - Synaptics Incorporated)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WinRAR 5.11 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-3430386607-3475805158-3186237351-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Aacer\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3430386607-3475805158-3186237351-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Aacer\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3430386607-3475805158-3186237351-1001_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Aacer\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3430386607-3475805158-3186237351-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Aacer\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3430386607-3475805158-3186237351-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Aacer\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3430386607-3475805158-3186237351-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Aacer\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3430386607-3475805158-3186237351-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Aacer\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll (Google Inc.)
 
==================== Restore Points =========================
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 18:25 - 2013-08-22 18:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {08851C2F-1EFA-4AAA-9ABC-A23586FB7145} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-07-25] (AVAST Software)
Task: {0BDD1B50-819E-40A6-BF8F-7FDE45B95962} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3430386607-3475805158-3186237351-1001Core => C:\Users\Aacer\AppData\Local\Google\Update\GoogleUpdate.exe [2014-08-16] (Google Inc.)
Task: {32A4C93E-7252-48C7-B517-D1CEF680D68C} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3430386607-3475805158-3186237351-1001UA => C:\Users\Aacer\AppData\Local\Google\Update\GoogleUpdate.exe [2014-08-16] (Google Inc.)
Task: {5DC89FF5-CC17-459E-A61E-CD88DC400517} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3430386607-3475805158-3186237351-1001Core => C:\Users\Aacer\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-08-13] (Facebook Inc.)
Task: {6766D930-B8F4-4141-9955-1433F3C5B4AC} - System32\Tasks\Motorola Device Manager Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2013-10-31] ()
Task: {7F3EB4A7-2F50-4E05-A34B-41A6432D6639} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3430386607-3475805158-3186237351-1001UA => C:\Users\Aacer\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-08-13] (Facebook Inc.)
Task: {82CC91FB-29AC-4CCF-AA0E-F8B6BF657EF2} - System32\Tasks\Motorola Device Manager Engine => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2013-10-31] ()
Task: {89B19FFB-041D-4978-A59B-1BF74C0B7FDF} - System32\Tasks\Motorola Device Manager Initial Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2013-10-31] ()
Task: {8A959F26-E257-4C3A-90D4-B7951E89142C} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-14] (Adobe Systems Incorporated)
Task: {A576BE7F-B5DB-4F5E-ABF1-0FDA31ECF8BB} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [2014-08-12] (Synaptics Incorporated)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3430386607-3475805158-3186237351-1001Core.job => C:\Users\Aacer\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3430386607-3475805158-3186237351-1001UA.job => C:\Users\Aacer\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3430386607-3475805158-3186237351-1001Core.job => C:\Users\Aacer\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3430386607-3475805158-3186237351-1001UA.job => C:\Users\Aacer\AppData\Local\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-02-22 14:11 - 2015-02-22 14:09 - 00655712 _____ () C:\ProgramData\Broadband\OnlineUpdate\ouc.exe
2011-03-14 20:27 - 2011-03-14 20:27 - 00346976 _____ () C:\ProgramData\DatacardService\HWDeviceService64.exe
2014-08-12 04:34 - 2012-11-27 00:54 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2015-02-22 14:11 - 2015-02-22 14:09 - 00011362 _____ () C:\ProgramData\Broadband\OnlineUpdate\mingwm10.dll
2015-02-22 14:11 - 2015-02-22 14:09 - 00043008 _____ () C:\ProgramData\Broadband\OnlineUpdate\libgcc_s_dw2-1.dll
2015-02-22 14:11 - 2015-02-22 14:09 - 02415104 _____ () C:\ProgramData\Broadband\OnlineUpdate\QtCore4.dll
2015-02-22 14:11 - 2015-02-22 14:09 - 01148416 _____ () C:\ProgramData\Broadband\OnlineUpdate\QtNetwork4.dll
2015-02-22 14:11 - 2015-02-22 14:09 - 00835072 _____ () C:\ProgramData\Broadband\OnlineUpdate\QueryStrategy.dll
2015-02-22 14:11 - 2015-02-22 14:09 - 00398336 _____ () C:\ProgramData\Broadband\OnlineUpdate\QtXml4.dll
2013-10-31 20:05 - 2013-10-31 20:05 - 00172032 _____ () C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\css_core.dll
2015-07-08 02:37 - 2015-07-07 08:49 - 01281864 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.132\libglesv2.dll
2015-07-08 02:37 - 2015-07-07 08:49 - 00080712 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.132\libegl.dll
2015-07-15 16:21 - 2015-07-13 10:14 - 16307888 _____ () C:\Users\Aacer\AppData\Local\Google\Chrome\User Data\PepperFlash\18.0.0.209\pepflashplayer.dll
2015-07-25 12:08 - 2015-07-25 12:08 - 00102864 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-07-25 12:08 - 2015-07-25 12:08 - 00123976 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-07-25 12:08 - 2015-07-25 12:08 - 02960384 _____ () C:\Program Files\AVAST Software\Avast\defs\15072402\algo.dll
2015-07-25 12:08 - 2015-07-25 12:08 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Users\Aacer\OneDrive:ms-properties
AlternateDataStreams: C:\Users\Aacer\OneDrive.old:ms-properties
AlternateDataStreams: C:\Users\Aacer\SkyDrive:ms-properties
 
==================== Safe Mode (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3430386607-3475805158-3186237351-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
HKLM\...\StartupApproved\Run32: => "KiesTrayAgent"
HKU\S-1-5-21-3430386607-3475805158-3186237351-1001\...\StartupApproved\StartupFolder: => "OneNote 2007 Screen Clipper and Launcher.lnk"
HKU\S-1-5-21-3430386607-3475805158-3186237351-1001\...\StartupApproved\StartupFolder: => "k.lnk"
HKU\S-1-5-21-3430386607-3475805158-3186237351-1001\...\StartupApproved\Run: => "Facebook Update"
HKU\S-1-5-21-3430386607-3475805158-3186237351-1001\...\StartupApproved\Run: => "Google Update"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppextcomobj.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppextcomobj.exe
FirewallRules: [{B13D3A41-BBEA-4BBB-9663-7215E84B06BF}] => (Allow) C:\Users\Aacer\AppData\Local\Facebook\Video\Skype\FacebookVideoCalling.exe
FirewallRules: [{A08AE397-B714-4A40-AA2C-11F22CF54BA3}] => (Allow) C:\Software\Skype\Phone\Skype.exe
FirewallRules: [{A37DAD55-9046-4A20-841C-0AA4E3003AF1}] => (Allow) C:\Users\Aacer\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{B6428D9C-663D-4E92-B914-290AFF80AA88}] => (Allow) C:\Users\Aacer\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [TCP Query User{9403C7F1-A4E1-4C12-AEDE-7D644629E03C}C:\users\aacer\appdata\roaming\utorrent\updates\3.4.2_39710.exe] => (Block) C:\users\aacer\appdata\roaming\utorrent\updates\3.4.2_39710.exe
FirewallRules: [UDP Query User{3522E072-2F26-4C8C-B584-F23AD2052E92}C:\users\aacer\appdata\roaming\utorrent\updates\3.4.2_39710.exe] => (Block) C:\users\aacer\appdata\roaming\utorrent\updates\3.4.2_39710.exe
FirewallRules: [TCP Query User{F76322E2-882B-48B3-AAE8-7BB95994E437}C:\program files (x86)\paltalk messenger\paltalk.exe] => (Allow) C:\program files (x86)\paltalk messenger\paltalk.exe
FirewallRules: [UDP Query User{04751363-174E-4B51-A311-CD3C72E5B8D9}C:\program files (x86)\paltalk messenger\paltalk.exe] => (Allow) C:\program files (x86)\paltalk messenger\paltalk.exe
FirewallRules: [{2B21E0E2-22CB-492D-B742-0C4BBF9D4BD0}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{E4C4006D-07AF-4D60-990C-91854DFB0CDE}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{70D32770-13F6-4064-BBFF-708345307244}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (07/25/2015 11:49:30 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable
 
Error: (07/25/2015 11:49:07 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=UserLogon;SessionId=1
 
Error: (07/25/2015 11:35:10 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable
 
Error: (07/25/2015 11:34:44 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=UserLogon;SessionId=1
 
Error: (07/25/2015 10:33:34 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable
 
Error: (07/25/2015 10:33:11 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=UserLogon;SessionId=1
 
Error: (07/25/2015 10:22:45 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable
 
Error: (07/25/2015 10:22:21 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=UserLogon;SessionId=1
 
Error: (07/25/2015 10:18:10 AM) (Source: _unNamed) (EventID: 242) (User: )
Description: 6The handle is invalid.
 
Error: (07/25/2015 10:18:10 AM) (Source: _unNamed) (EventID: 3) (User: )
Description: Traceback (most recent call last):
  File "win32serviceutil.pyc", line 839, in SvcRun
  File "win32serviceutil.pyc", line 797, in ReportServiceStatus
error: (6, 'SetServiceStatus', 'The handle is invalid.')
 
 
System errors:
=============
Error: (07/25/2015 11:48:11 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Broadband. OUC service failed to start due to the following error: 
%%1053
 
Error: (07/25/2015 11:48:11 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Broadband. OUC service to connect.
 
Error: (07/25/2015 11:47:37 AM) (Source: DCOM) (EventID: 10005) (User: acer)
Description: 1084WSearchUnavailable{9E175B68-F52A-11D8-B9A5-505054503030}
 
Error: (07/25/2015 11:47:36 AM) (Source: DCOM) (EventID: 10005) (User: acer)
Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}
 
Error: (07/25/2015 11:47:07 AM) (Source: DCOM) (EventID: 10005) (User: acer)
Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}
 
Error: (07/25/2015 11:47:05 AM) (Source: DCOM) (EventID: 10005) (User: acer)
Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}
 
Error: (07/25/2015 11:47:05 AM) (Source: DCOM) (EventID: 10005) (User: acer)
Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}
 
Error: (07/25/2015 11:46:55 AM) (Source: DCOM) (EventID: 10005) (User: acer)
Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}
 
Error: (07/25/2015 11:46:55 AM) (Source: DCOM) (EventID: 10005) (User: acer)
Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}
 
Error: (07/25/2015 11:46:55 AM) (Source: DCOM) (EventID: 10005) (User: acer)
Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}
 
 
Microsoft Office:
=========================
 
CodeIntegrity Errors:
===================================
  Date: 2015-06-20 19:59:48.427
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-04-27 04:36:07.745
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-04-23 18:08:41.756
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-04-21 22:02:35.000
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-04-12 21:24:38.338
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-04-11 15:32:19.366
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-04-09 18:27:09.483
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-03-30 20:41:18.935
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-03-19 13:42:17.670
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-03-07 10:34:07.112
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i3 CPU M 370 @ 2.40GHz
Percentage of memory in use: 28%
Total physical RAM: 5814.81 MB
Available physical RAM: 4170.45 MB
Total Virtual: 12982.81 MB
Available Virtual: 11189.42 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:243.8 GB) (Free:215.39 GB) NTFS
Drive d: () (Fixed) (Total:687.37 GB) (Free:423.31 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 7472F312)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=243.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=687.4 GB) - (Type=07 NTFS)
 
==================== End of log ============================
 
 
JRT:
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.5.1 (07.16.2015:1)
OS: Windows 8.1 Pro x64
Ran by Aacer on Sat 07/25/2015 at 11:17:20.36
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Tasks
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
Successfully deleted: [File] C:\Users\Aacer\AppData\Roaming\microsoft\systemcertificates\vssvc.exe
Successfully deleted: [File] C:\Users\Aacer\AppData\Roaming\appdataFr25.bin
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] C:\Program Files (x86)\myfree codec
 
 
 
~~~ Chrome
 
 
[C:\Users\Aacer\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - default search provider reset
 
[C:\Users\Aacer\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:
 
[C:\Users\Aacer\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset
 
[C:\Users\Aacer\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 07/25/2015 at 11:21:00.89
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

  • 0

#8
Pyxis
Posted 25 July 2015 - 09:46 AM

Pyxis

    Trusted Helper

  • Malware Removal
  • 1,228 posts
A few things:
  • Are you using or have used a Huawei modem by any chance?
  • Are you using the Facebook Video Calling program?
  • Could you visit chrome://version on Google Chrome and post back the results here?
Lastly, how is your computer performing? :)
  • Step 1
    • Go to 'VirusTotal' and open a number of tabs corresponding to the number of files listed below:
      • C:\Program Files (x86)\Broadband\UpdateDog\ouc.exe
      • C:\ProgramData\DatacardService\HWDeviceService64.exe
    • Press the Choose File button.
    • Select one of the files listed above and choose Open.
    • Press the Scan it! button.
    • Repeat the 4th step on the other tab(s) as necessary.
    • Once the scan is finished, copy and paste the URL of the tab(s) in your next reply.
  • Step 2

    Download the free version of 'Malwarebytes Anti-Malware by Malwarebytes Corporation' and save it to your desktop.
    • Double-click mbam-setup-*.exe and proceed to installing the program.
      • Accept the License Agreement.
      • At the end, untick Enable free trial of Malwarebytes Anti-Malware Premium and ensure Launch Malwarebytes' Anti-Malware is checked.
      • Click Finish after.
    • Once the program has loaded, navigate to the Settings tab and select Detection and Protection.
      • Tick the Scan For Rootkits box.
    • Go back to the Dashboard and select Update Now. Click Scan Now after.
      • Updates can sometimes still be present. Be sure to select Update Now again if you are prompted.
      • Once the scan is complete, click Apply Actions.
      • If you are prompted to reboot, allow it by pressing Yes.
    • Navigate to the program's History tab to retrieve the log.
      • Click Application Logs and double-click on the most recent Scan Log.
      • Export the log to your desktop as a .TXT file.
      • You can also choose to directly copy the log by selecting Copy to Clipboard.
    • Copy (CTRL + A and CTRL + C) and paste (CTRL + V) the content of the log in your next reply.
  • Step 3

    Run a free 'ESET Online Scan by ESET' by firstly saving the file to your desktop.
    • Double-click esetsmartinstaller_enu.exe. Accept the Terms of Use then click on Start.
    • Ensure the following settings are followed before clicking Start (you may or may not see the software warning at the very bottom):

      nvMhqop.png

    • The virus signature database will begin to download. Wait for the scan to end--it may take several hours.
    • Upon completion, select List of found threats > Export to text file....
    • Press Back and put a check on the following:
      • Uninstall application on close
      • Delete quarantined files
    • Click Finish.
    • Copy (CTRL + A and CTRL + C) and paste (CTRL + V) the content of the log in your next reply.
  • Step 4

    Download 'SecurityCheck by screen317' and save it to your desktop.
    • Simply double-click the program icon to run it. It will ask for administrator privileges.
    • A black window will appear. Press any key to continue.
    • Wait for it to finish. It won't take long.
    • A log will automatically pop-up after once done.
    • Copy (CTRL + A and CTRL + C) and paste (CTRL + V) the content of the log in your next reply.
    Note: If you get an error about an unsupported operating system, please reboot your computer and try again.
  • Logs to Post

    In summary of the above, I will need you to post the following log(s):
    • checkup.txt (SecurityCheck)
    • log.txt (ESET Online Scan)
    • mbam-log-YYYY-MM-DD (HH-MM-SS).xml (Malwarebytes Anti-Malware)
    • VirusTotal Link(s) (VirusTotal)

  • 0

#9
Pyxis
Posted 28 July 2015 - 10:28 PM

Pyxis

    Trusted Helper

  • Malware Removal
  • 1,228 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a new topic.
  • 0

#10
aayanmirza
Posted 30 July 2015 - 12:36 PM

aayanmirza

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts

In answer to your three queries.

 

  • No I am not using Huawei Modem.
  • Yes I frequently use Facebook video calling
  • Here are the results of Chrome://version

Google Chrome 43.0.2357.132 (Official Builddev-m (32-bit) Revision 7df48020529f8b262116e261b3d2bdc91edcfdc7-refs/branch-heads/2357@{#494} OS Windows Blink 537.36 (@197431) JavaScript V8 4.3.61.34 Flash 18.0.0.209 User Agent Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.132 Safari/537.36 Command Line "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --flag-switches-begin --flag-switches-end Executable Path C:\Program Files (x86)\Google\Chrome\Application\chrome.exe Profile Path C:\Users\Aacer\AppData\Local\Google\Chrome\User Data\Profile 3 Variations 74785582-3f4a17df
22fd1d6c-7461cf66
e9f4800b-39c30599
8afebf76-41e080dc
19f73432-ca7d8d80
76b48ab8-a2567007
c70841c8-a2567007
9d315c2-ca7d8d80
a3e00cc3-c06ea9a9
b2638b4d-f23d1dea
1d3ad72e-3f4a17df
f79cb77b-3f4a17df
ca65a9fe-91ac3782
61544484-ca7d8d80
7aa46da5-669a04e0
9736de91-ca7d8d80
5c3cc7b1-3d47f4f4
b2612322-8a9180b2
3ac60855-486e2a9c
f296190c-610f13e6
4442aae2-6e597ede
ed1d377-e1cc0f14
75f0f0a0-e1cc0f14
e2b18481-5c63917a
e7e71889-e1cc0f14
b39ea213-3d47f4f4
cbf0c14e-bf3e6cfd
2cdf235f-3f4a17df
9d45295a-ca7d8d80

 

 

And my computer is performing great. No ads now. Thank you very much. Will post other demanded results soon.


Edited by aayanmirza, 30 July 2015 - 12:38 PM.

  • 0

#11
Pyxis
Posted 31 July 2015 - 04:32 AM

Pyxis

    Trusted Helper

  • Malware Removal
  • 1,228 posts
Take your time. ;) You do not recognize this software then?

Broadband (HKLM-x32\...\Broadband) (Version: 21.005.22.00.172 - Huawei Technologies Co.,Ltd)


You can find this installed in your system as listed in Programs and Features.
  • 0

#12
Pyxis
Posted 07 August 2015 - 10:29 PM

Pyxis

    Trusted Helper

  • Malware Removal
  • 1,228 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a new topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP