Hi Pyxis,
Thank You so much for your prompt reply. I have understood your conditions and comply to it fully. Just help me get this menace removed from my system. And yes I have a spare USB.
Okay I so downloaded the 64 bit file of the software you asked me to download, and it ran. Didn't need to download the other. It did exactly as you said and I am posting its report here:
Addition:
Additional scan result of Farbar Recovery Scan Tool (x64) Version:20-07-2015
Ran by Aacer at 2015-07-25 09:28:38
Running from C:\Users\Aacer\Desktop
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Aacer (S-1-5-21-3430386607-3475805158-3186237351-1001 - Administrator - Enabled) => C:\Users\Aacer
Administrator (S-1-5-21-3430386607-3475805158-3186237351-500 - Administrator - Disabled)
Guest (S-1-5-21-3430386607-3475805158-3186237351-501 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
µTorrent (HKU\S-1-5-21-3430386607-3475805158-3186237351-1001\...\uTorrent) (Version: 3.4.3.40298 - BitTorrent Inc.)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.3.2223 - AVAST Software)
Broadband (HKLM-x32\...\Broadband) (Version: 21.005.22.00.172 - Huawei Technologies Co.,Ltd)
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.132 - Google Inc.)
Google Talk Plugin (HKLM-x32\...\{CA3DD97D-1FD7-37A7-BD5C-FC4430C8B8E6}) (Version: 5.41.2.0 - Google)
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
Kingo ROOT version 1.3.6.2289 (HKLM-x32\...\{AE7675D6-0B31-494F-ABFA-822E1A0FDF17}_is1) (Version: 1.3.6.2289 - Kingosoft Technology Ltd.)
MCShield ::Anti-Malware Tool:: (HKLM-x32\...\MCShield) (Version: 3.0.5.28 - MyCity)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Motorola Device Manager (HKLM-x32\...\{28DB8373-C1BB-444F-A427-A55585A12ED7}) (Version: 2.4.5 - Motorola Mobility)
Motorola Device Software Update (x32 Version: 13.09.3001 - Motorola Mobility) Hidden
Motorola Mobile Drivers Installation 6.3.0 (HKLM\...\{759E6A2F-1F01-45EF-A0C4-22F1B56CB975}) (Version: 6.3.0 - Motorola Mobility LLC)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.3.15024.5 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.6.3.15024.5 - Samsung Electronics Co., Ltd.) Hidden
Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.15041.2 - Samsung Electronics Co., Ltd.)
Samsung Kies3 (x32 Version: 3.2.15041.2 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.51.0 - SAMSUNG Electronics Co., Ltd.)
Skype™ 7.3 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.3.101 - Skype Technologies S.A.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.10.19 - Synaptics Incorporated)
TampaMonitor (HKLM-x32\...\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{229c2d9f}) (Version: - Software Publisher) <==== ATTENTION
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WinRAR 5.11 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-3430386607-3475805158-3186237351-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Aacer\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3430386607-3475805158-3186237351-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Aacer\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3430386607-3475805158-3186237351-1001_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Aacer\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3430386607-3475805158-3186237351-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Aacer\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3430386607-3475805158-3186237351-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Aacer\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3430386607-3475805158-3186237351-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Aacer\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3430386607-3475805158-3186237351-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Aacer\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll (Google Inc.)
==================== Restore Points =========================
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 18:25 - 2013-08-22 18:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {0BDD1B50-819E-40A6-BF8F-7FDE45B95962} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3430386607-3475805158-3186237351-1001Core => C:\Users\Aacer\AppData\Local\Google\Update\GoogleUpdate.exe [2014-08-16] (Google Inc.)
Task: {1B2E81A0-A1D8-48A4-8560-16A92DC0EAD1} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-07-25] (AVAST Software)
Task: {1C3B410F-B198-4AC6-ACB0-660595CC903C} - System32\Tasks\{328BE588-43D1-441C-9EBB-62B46E6CB52E} => pcalua.exe -a "D:\Roshan\Android Root\Kingo ROOT\unins000.exe"
Task: {1EA9DC15-5F78-48E3-A1C5-BFE154230A1A} - System32\Tasks\WarriorOne => c:\programdata\{94b3e9b0-f533-4253-94b3-3e9b0f53a6c3}\6254054569876868221b.exe [2014-07-11] () <==== ATTENTION
Task: {32A4C93E-7252-48C7-B517-D1CEF680D68C} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3430386607-3475805158-3186237351-1001UA => C:\Users\Aacer\AppData\Local\Google\Update\GoogleUpdate.exe [2014-08-16] (Google Inc.)
Task: {4D1AECB1-F0EA-4DE2-BC85-E588BBFB40B4} - System32\Tasks\{3621783D-6972-4E47-9D6E-A2BE5259FBF5} => pcalua.exe -a "D:\Roshan\New folder (6)\New folder\SAMSUNG_USB_Driver_for_Mobile_Phones.exe" -d "D:\Roshan\New folder (6)\New folder"
Task: {5675C73D-B4E4-4A35-8A17-F40582027073} - System32\Tasks\{D8777E68-AAF4-4841-BF3C-935A05430D4B} => pcalua.exe -a "C:\Program Files (x86)\Picexa\uninstall.exe"
Task: {5BCF5DA3-2F96-4D5F-A945-BBAD33B42109} - System32\Tasks\SleekScreen => c:\programdata\{3fa30c40-d8cb-18b4-3fa3-30c40d8c3103}\bad blood (ft.exe [2014-06-30] () <==== ATTENTION
Task: {5DC89FF5-CC17-459E-A61E-CD88DC400517} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3430386607-3475805158-3186237351-1001Core => C:\Users\Aacer\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-08-13] (Facebook Inc.)
Task: {6766D930-B8F4-4141-9955-1433F3C5B4AC} - System32\Tasks\Motorola Device Manager Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2013-10-31] ()
Task: {7F3EB4A7-2F50-4E05-A34B-41A6432D6639} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3430386607-3475805158-3186237351-1001UA => C:\Users\Aacer\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-08-13] (Facebook Inc.)
Task: {82CC91FB-29AC-4CCF-AA0E-F8B6BF657EF2} - System32\Tasks\Motorola Device Manager Engine => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2013-10-31] ()
Task: {89B19FFB-041D-4978-A59B-1BF74C0B7FDF} - System32\Tasks\Motorola Device Manager Initial Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2013-10-31] ()
Task: {8A959F26-E257-4C3A-90D4-B7951E89142C} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-14] (Adobe Systems Incorporated)
Task: {8DAC418D-9B1A-463D-BCAC-F32D5CF9AE07} - System32\Tasks\PhotoSharpener => c:\programdata\{d3bb0745-0af1-9ca2-d3bb-b07450af1d14}\sarakti jaye hai rukh se naqab.exe [2014-07-06] () <==== ATTENTION
Task: {A576BE7F-B5DB-4F5E-ABF1-0FDA31ECF8BB} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [2014-08-12] (Synaptics Incorporated)
Task: {B6316612-9947-4B73-8912-254DE3A9F95C} - System32\Tasks\SnoozeNoMore => c:\programdata\{be8b68f5-ed6b-e1fd-be8b-b68f5ed6a3d7}\7002301141314949535b.exe [2014-07-13] () <==== ATTENTION
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3430386607-3475805158-3186237351-1001Core.job => C:\Users\Aacer\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3430386607-3475805158-3186237351-1001UA.job => C:\Users\Aacer\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3430386607-3475805158-3186237351-1001Core.job => C:\Users\Aacer\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3430386607-3475805158-3186237351-1001UA.job => C:\Users\Aacer\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\PhotoSharpener.job => 0x03060100003FD50A000AE14292F621FE34A2F6AC46004E01000000003C000A0020000000FEFFFFFF000000000013040000208021DF070700050018001700000000002A000000590063003A005C00700072006F006700720061006D0064006100740061005C007B00640033006200620030003700340035002D0030006100660031002D0039006300610032002D0064003300620062002D006200300037003400350030006100660031006400310034007D005C0073006100720061006B007400690020006A0061007900650020006800610069002000720075006B00680020007300650020006E0061007100610062002E00650078006500000015002D002D0073007400610072007400750070003D00310020002D002D00730069006E0067006C006500000000000B0061006300650072005C004100610063006500720000000000000008000000000000000000010030000000DF070600190000000000000017000000A0050000680100000000000001000000010000000000000000000000
Task: C:\Windows\Tasks\SleekScreen.job => c:\programdata\{3fa30c40-d8cb-18b4-3fa3-30c40d8c3103}\bad blood (ft.exe <==== ATTENTION
Task: C:\Windows\Tasks\SnoozeNoMore.job => c:\programdata\{be8b68f5-ed6b-e1fd-be8b-b68f5ed6a3d7}\7002301141314949535b.exe <==== ATTENTION
Task: C:\Windows\Tasks\WarriorOne.job => c:\programdata\{94b3e9b0-f533-4253-94b3-3e9b0f53a6c3}\6254054569876868221b.exe <==== ATTENTION
==================== Loaded Modules (Whitelisted) ==============
2015-07-10 06:44 - 2015-07-10 06:43 - 08016176 _____ () C:\Program Files (x86)\Blushing Collection\Blushing Collection.exe
2015-02-22 14:11 - 2015-02-22 14:09 - 00655712 _____ () C:\ProgramData\Broadband\OnlineUpdate\ouc.exe
2011-03-14 20:27 - 2011-03-14 20:27 - 00346976 _____ () C:\ProgramData\DatacardService\HWDeviceService64.exe
2015-07-24 17:33 - 2015-07-24 17:33 - 08016023 _____ () C:\Program Files (x86)\Thoughtless Lack\Thoughtless Lack.exe
2015-07-10 18:19 - 2015-07-10 18:19 - 00567296 _____ () C:\Program Files (x86)\SFK\SFKEX64.dll
2015-07-10 18:19 - 2015-07-10 18:19 - 00122880 _____ () C:\Program Files (x86)\SFK\SFKEX64.exe
2014-08-12 04:34 - 2012-11-27 00:54 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2015-07-24 00:20 - 2015-07-24 00:20 - 01596928 _____ () c:\Program Files (x86)\TampaMonitor\TampaMonitor.dll
2015-02-22 14:11 - 2015-02-22 14:09 - 00011362 _____ () C:\ProgramData\Broadband\OnlineUpdate\mingwm10.dll
2015-02-22 14:11 - 2015-02-22 14:09 - 00043008 _____ () C:\ProgramData\Broadband\OnlineUpdate\libgcc_s_dw2-1.dll
2015-02-22 14:11 - 2015-02-22 14:09 - 02415104 _____ () C:\ProgramData\Broadband\OnlineUpdate\QtCore4.dll
2015-02-22 14:11 - 2015-02-22 14:09 - 01148416 _____ () C:\ProgramData\Broadband\OnlineUpdate\QtNetwork4.dll
2015-02-22 14:11 - 2015-02-22 14:09 - 00835072 _____ () C:\ProgramData\Broadband\OnlineUpdate\QueryStrategy.dll
2015-02-22 14:11 - 2015-02-22 14:09 - 00398336 _____ () C:\ProgramData\Broadband\OnlineUpdate\QtXml4.dll
2013-10-31 20:05 - 2013-10-31 20:05 - 00172032 _____ () C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\css_core.dll
2015-07-25 07:40 - 2015-07-25 07:40 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2015-07-25 07:40 - 2015-07-25 07:40 - 00102864 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-07-25 07:40 - 2015-07-25 07:40 - 00123976 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-07-08 02:37 - 2015-07-07 08:49 - 01281864 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.132\libglesv2.dll
2015-07-08 02:37 - 2015-07-07 08:49 - 00080712 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.132\libegl.dll
2006-10-27 01:56 - 2006-10-27 01:56 - 00757008 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\Users\Aacer\OneDrive:ms-properties
AlternateDataStreams: C:\Users\Aacer\OneDrive.old:ms-properties
AlternateDataStreams: C:\Users\Aacer\SkyDrive:ms-properties
==================== Safe Mode (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-3430386607-3475805158-3186237351-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
HKLM\...\StartupApproved\Run32: => "KiesTrayAgent"
HKU\S-1-5-21-3430386607-3475805158-3186237351-1001\...\StartupApproved\StartupFolder: => "OneNote 2007 Screen Clipper and Launcher.lnk"
HKU\S-1-5-21-3430386607-3475805158-3186237351-1001\...\StartupApproved\StartupFolder: => "k.lnk"
HKU\S-1-5-21-3430386607-3475805158-3186237351-1001\...\StartupApproved\Run: => "Facebook Update"
HKU\S-1-5-21-3430386607-3475805158-3186237351-1001\...\StartupApproved\Run: => "Google Update"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppextcomobj.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppextcomobj.exe
FirewallRules: [{B13D3A41-BBEA-4BBB-9663-7215E84B06BF}] => (Allow) C:\Users\Aacer\AppData\Local\Facebook\Video\Skype\FacebookVideoCalling.exe
FirewallRules: [{A08AE397-B714-4A40-AA2C-11F22CF54BA3}] => (Allow) C:\Software\Skype\Phone\Skype.exe
FirewallRules: [{A37DAD55-9046-4A20-841C-0AA4E3003AF1}] => (Allow) C:\Users\Aacer\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{B6428D9C-663D-4E92-B914-290AFF80AA88}] => (Allow) C:\Users\Aacer\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [TCP Query User{9403C7F1-A4E1-4C12-AEDE-7D644629E03C}C:\users\aacer\appdata\roaming\utorrent\updates\3.4.2_39710.exe] => (Block) C:\users\aacer\appdata\roaming\utorrent\updates\3.4.2_39710.exe
FirewallRules: [UDP Query User{3522E072-2F26-4C8C-B584-F23AD2052E92}C:\users\aacer\appdata\roaming\utorrent\updates\3.4.2_39710.exe] => (Block) C:\users\aacer\appdata\roaming\utorrent\updates\3.4.2_39710.exe
FirewallRules: [TCP Query User{F76322E2-882B-48B3-AAE8-7BB95994E437}C:\program files (x86)\paltalk messenger\paltalk.exe] => (Allow) C:\program files (x86)\paltalk messenger\paltalk.exe
FirewallRules: [UDP Query User{04751363-174E-4B51-A311-CD3C72E5B8D9}C:\program files (x86)\paltalk messenger\paltalk.exe] => (Allow) C:\program files (x86)\paltalk messenger\paltalk.exe
FirewallRules: [{2B21E0E2-22CB-492D-B742-0C4BBF9D4BD0}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{2F3BD811-84C3-4F18-9443-186544FDD8FC}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{8EA5719A-4227-48FF-820A-393786494C43}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (07/25/2015 06:12:26 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable
Error: (07/25/2015 06:12:26 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable
Error: (07/25/2015 06:12:20 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable
Error: (07/25/2015 06:12:03 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=UserLogon;SessionId=2
Error: (07/24/2015 11:35:25 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005
Error: (07/24/2015 10:30:40 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable
Error: (07/24/2015 10:30:38 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable
Error: (07/24/2015 10:29:24 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable
Error: (07/24/2015 10:28:31 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable
Error: (07/24/2015 10:27:31 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable
System errors:
=============
Error: (07/25/2015 07:41:10 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Avast Antivirus service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
Error: (07/25/2015 07:37:13 AM) (Source: DCOM) (EventID: 10010) (User: acer)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}
Error: (07/25/2015 07:36:43 AM) (Source: DCOM) (EventID: 10010) (User: acer)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
Error: (07/25/2015 07:26:32 AM) (Source: DCOM) (EventID: 10010) (User: acer)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
Error: (07/25/2015 07:26:02 AM) (Source: DCOM) (EventID: 10010) (User: acer)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}
Error: (07/25/2015 07:03:19 AM) (Source: DCOM) (EventID: 10010) (User: acer)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}
Error: (07/25/2015 07:02:49 AM) (Source: DCOM) (EventID: 10010) (User: acer)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
Error: (07/25/2015 06:53:03 AM) (Source: DCOM) (EventID: 10010) (User: acer)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
Error: (07/25/2015 06:52:33 AM) (Source: DCOM) (EventID: 10010) (User: acer)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}
Error: (07/25/2015 06:45:43 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Windows Defender Service service terminated unexpectedly. It has done this 7 time(s).
Microsoft Office:
=========================
CodeIntegrity Errors:
===================================
Date: 2015-06-20 19:59:48.427
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-04-27 04:36:07.745
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-04-23 18:08:41.756
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-04-21 22:02:35.000
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-04-12 21:24:38.338
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-04-11 15:32:19.366
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-04-09 18:27:09.483
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-03-30 20:41:18.935
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-03-19 13:42:17.670
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-03-07 10:34:07.112
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
==================== Memory info ===========================
Processor: Intel® Core i3 CPU M 370 @ 2.40GHz
Percentage of memory in use: 37%
Total physical RAM: 5814.81 MB
Available physical RAM: 3612.6 MB
Total Virtual: 12982.81 MB
Available Virtual: 10366.35 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:243.8 GB) (Free:212.13 GB) NTFS
Drive d: () (Fixed) (Total:687.37 GB) (Free:423.31 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 7472F312)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=243.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=687.4 GB) - (Type=07 NTFS)
==================== End of log ============================
FRST:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:20-07-2015
Ran by Aacer (administrator) on ACER on 25-07-2015 09:27:14
Running from C:\Users\Aacer\Desktop
Loaded Profiles: Aacer (Available Profiles: Aacer)
Platform: Windows 8.1 Pro (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(DTools LIMITED) C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
() C:\Program Files (x86)\Blushing Collection\Blushing Collection.exe
() C:\ProgramData\Broadband\OnlineUpdate\ouc.exe
() C:\ProgramData\DatacardService\HWDeviceService64.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
(Motorola) C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
(TODO: <公司名>) C:\Program Files (x86)\SFK\SSFK.exe
(DEVGURU Co., LTD.) C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe
() C:\Program Files (x86)\Thoughtless Lack\Thoughtless Lack.exe
(Microsoft Corporation) C:\Users\Aacer\AppData\Roaming\Microsoft\SystemCertificates\VSSVC.exe
(Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Program Files (x86)\SFK\SFKEX64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Reader_6.3.9654.17499_x64__8wekyb3d8bbwe\glcnd.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311616 2015-02-24] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [6109776 2015-07-25] (AVAST Software)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [TaskbarNoNotification] 1
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-3430386607-3475805158-3186237351-1001\...\Run: [Facebook Update] => C:\Users\Aacer\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2014-08-13] (Facebook Inc.)
HKU\S-1-5-21-3430386607-3475805158-3186237351-1001\...\Run: [Google Update] => C:\Users\Aacer\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2014-08-16] (Google Inc.)
HKU\S-1-5-21-3430386607-3475805158-3186237351-1001\...\Run: [MCShield Monitor] => C:\Program Files (x86)\MCShield\mcshieldrtm.exe [650816 2014-04-11] (MyCity)
Startup: C:\Users\Aacer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\k.lnk [2015-05-29]
ShortcutTarget: k.lnk -> C:\Users\Aacer\AppData\Roaming\obvkhvsexs.exe (handhisprotect dividemateriallaugh)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-07-25] (AVAST Software)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKU\S-1-5-21-3430386607-3475805158-3186237351-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3430386607-3475805158-3186237351-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache =
http://arabia.msn.com/
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-07-25] (AVAST Software)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-07-25] (AVAST Software)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{F1DCDEBF-D22F-428E-B8CE-62A5AA190457}: [DhcpNameServer] 192.168.1.1
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_209.dll [2015-07-14] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-07-14] ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-02-13] (Google, Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin HKU\S-1-5-21-3430386607-3475805158-3186237351-1001: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Aacer\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-25] (Skype Limited)
FF Plugin HKU\S-1-5-21-3430386607-3475805158-3186237351-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\Aacer\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-3430386607-3475805158-3186237351-1001: @talk.google.com/O1DPlugin -> C:\Users\Aacer\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-3430386607-3475805158-3186237351-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Aacer\AppData\Local\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-17] (Google Inc.)
FF Plugin HKU\S-1-5-21-3430386607-3475805158-3186237351-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Aacer\AppData\Local\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-17] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Aacer\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Aacer\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF HKLM-x32\...\Firefox\Extensions: [
[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-07-25]
Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\Aacer\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (eye perform) - C:\Users\Aacer\AppData\Local\Google\Chrome\User Data\Default\Extensions\nodekcgolphhlampolknphjfkjpkghhd [2015-07-12]
CHR Profile: C:\Users\Aacer\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Profile: C:\Users\Aacer\AppData\Local\Google\Chrome\User Data\Profile 3
CHR Extension: (Google Slides) - C:\Users\Aacer\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-07-24]
CHR Extension: (Google Docs) - C:\Users\Aacer\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\aohghmighlieiainnegkcijnfilokake [2015-07-24]
CHR Extension: (Google Drive) - C:\Users\Aacer\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-07-24]
CHR Extension: (YouTube) - C:\Users\Aacer\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-07-24]
CHR Extension: (Google Search) - C:\Users\Aacer\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-07-24]
CHR Extension: (Google Sheets) - C:\Users\Aacer\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-07-24]
CHR Extension: (Avast Online Security) - C:\Users\Aacer\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-07-25]
CHR Extension: (Gmail) - C:\Users\Aacer\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-07-24]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-07-25]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 229c2d9f; c:\Program Files (x86)\TampaMonitor\TampaMonitor.dll [1596928 2015-07-24] () [File not signed]
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4047768 2015-07-25] (Avast Software)
R2 Blushing Collection; C:\Program Files (x86)\Blushing Collection\Blushing Collection.exe [8016176 2015-07-10] () [File not signed] <==== ATTENTION
S2 Broadband. RunOuc; C:\Program Files (x86)\Broadband\UpdateDog\ouc.exe [655712 2015-02-22] ()
R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] ()
R2 Motorola Device Manager; C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [137528 2013-11-15] (Motorola Mobility LLC)
R2 PST Service; C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [65657 2011-09-02] (Motorola) [File not signed]
S2 SkypeUpdate; C:\Software\Skype\Updater\Updater.exe [315488 2015-02-18] (Skype Technologies)
R2 SSFK; C:\Program Files (x86)\SFK\SSFK.exe [459464 2015-07-21] (TODO: <公司名>)
R2 ss_conn_service; C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2014-12-03] (DEVGURU Co., LTD.)
R2 Thoughtless Lack; C:\Program Files (x86)\Thoughtless Lack\Thoughtless Lack.exe [8016023 2015-07-24] () [File not signed] <==== ATTENTION
R2 VSSS; C:\Users\Aacer\AppData\Roaming\Microsoft\SystemCertificates\VSSVC.exe [106678144 2015-06-24] (Microsoft Corporation) [File not signed] <==== ATTENTION
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation)
S2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation)
R2 WindowsMangerProtect; C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe [707240 2015-07-12] (DTools LIMITED) <==== ATTENTION
S4 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S4 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-07-25] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [90968 2015-07-25] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-07-25] (AVAST Software)
S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-07-25] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1048856 2015-07-25] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [447944 2015-07-25] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [150160 2015-07-25] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [274808 2015-07-25] (AVAST Software)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [146856 2013-06-04] (Windows ® Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [21928 2013-06-04] (Windows ® Win 7 DDK provider)
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2014-12-16] ()
U5 ew_hwusbdev; C:\Windows\System32\Drivers\ew_hwusbdev.sys [117248 2015-02-22] (Huawei Technologies Co., Ltd.)
R0 ngvss; C:\Windows\System32\Drivers\ngvss.sys [115152 2015-07-25] (AVAST Software)
S3 RTL8187B; C:\Windows\system32\DRIVERS\rtl8187B.sys [459336 2013-06-18] (Realtek Semiconductor Corporation )
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [43832 2014-08-12] (Synaptics Incorporated)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [273824 2015-07-25] (Avast Software)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation)
R1 {027aeb7e-f8c3-4c10-be2c-627699fea100}Gw64; C:\Windows\System32\drivers\{027aeb7e-f8c3-4c10-be2c-627699fea100}Gw64.sys [48784 2015-07-11] (StdLib)
R4 cm_km_w; system32\DRIVERS\cm_km_w.sys [X]
R4 kl1; system32\DRIVERS\kl1.sys [X]
R4 kldisk; \SystemRoot\system32\DRIVERS\kldisk.sys [X]
R4 klflt; \SystemRoot\system32\DRIVERS\klflt.sys [X]
R4 klhk; \SystemRoot\system32\DRIVERS\klhk.sys [X]
R4 KLIF; system32\DRIVERS\klif.sys [X]
R4 klkbdflt2; \SystemRoot\system32\DRIVERS\klkbdflt2.sys [X]
R4 klpd; \SystemRoot\system32\DRIVERS\klpd.sys [X]
R4 klwfp; \SystemRoot\system32\DRIVERS\klwfp.sys [X]
R4 kneps; \SystemRoot\system32\DRIVERS\kneps.sys [X]
R4 KProcessHacker2; \??\C:\Program Files\kprocesshacker.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-07-25 09:27 - 2015-07-25 09:27 - 00017604 _____ C:\Users\Aacer\Desktop\FRST.txt
2015-07-25 09:26 - 2015-07-25 09:27 - 00000000 ____D C:\FRST
2015-07-25 09:25 - 2015-07-25 09:25 - 02135552 _____ (Farbar) C:\Users\Aacer\Desktop\FRST64.exe
2015-07-25 07:58 - 2015-07-25 07:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MCShield
2015-07-25 07:58 - 2015-07-25 07:58 - 00000000 ____D C:\ProgramData\MCShield
2015-07-25 07:58 - 2015-07-25 07:58 - 00000000 ____D C:\Program Files (x86)\MCShield
2015-07-25 07:57 - 2015-07-25 07:58 - 02856736 _____ (MyCity) C:\Users\Aacer\Downloads\MCShield-Setup.exe
2015-07-25 07:44 - 2015-07-25 07:44 - 00000000 ____D C:\Users\Aacer\AppData\Roaming\AVAST Software
2015-07-25 07:41 - 2015-07-25 07:41 - 00001938 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2015-07-25 07:41 - 2015-07-25 07:41 - 00000000 ____D C:\Windows\SysWOW64\vbox
2015-07-25 07:41 - 2015-07-25 07:41 - 00000000 ____D C:\Windows\system32\vbox
2015-07-25 07:41 - 2015-07-25 07:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-07-25 07:40 - 2015-07-25 07:40 - 01048856 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2015-07-25 07:40 - 2015-07-25 07:40 - 00447944 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2015-07-25 07:40 - 2015-07-25 07:40 - 00378880 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2015-07-25 07:40 - 2015-07-25 07:40 - 00274808 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2015-07-25 07:40 - 2015-07-25 07:40 - 00150160 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2015-07-25 07:40 - 2015-07-25 07:40 - 00115152 _____ (AVAST Software) C:\Windows\system32\Drivers\ngvss.sys
2015-07-25 07:40 - 2015-07-25 07:40 - 00093528 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2015-07-25 07:40 - 2015-07-25 07:40 - 00090968 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2015-07-25 07:40 - 2015-07-25 07:40 - 00065224 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2015-07-25 07:40 - 2015-07-25 07:40 - 00043112 _____ (AVAST Software) C:\Windows\avastSS.scr
2015-07-25 07:40 - 2015-07-25 07:40 - 00028656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2015-07-25 07:40 - 2015-07-25 07:40 - 00003924 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2015-07-25 07:21 - 2015-07-25 07:21 - 00000000 ____D C:\Program Files\AVAST Software
2015-07-25 07:18 - 2015-07-25 07:18 - 00000000 ____D C:\ProgramData\AVAST Software
2015-07-25 07:17 - 2015-07-25 07:18 - 05481336 _____ (Avast Software s.r.o.) C:\Users\Aacer\Downloads\avast_free_antivirus_setup_online_cnet.exe
2015-07-25 06:47 - 2015-07-25 06:47 - 02140480 _____ (Kaspersky Lab) C:\Users\Aacer\Downloads\kav15.0.1.415aben_ar_7639.exe
2015-07-25 06:47 - 2015-07-25 06:47 - 00000000 ____D C:\ProgramData\Kaspersky Lab Setup Files
2015-07-24 17:33 - 2015-07-24 17:33 - 00000000 ____D C:\Program Files (x86)\Thoughtless Lack
2015-07-24 07:08 - 2015-07-24 07:11 - 00002364 _____ C:\Users\Aacer\Desktop\Google Chrome.lnk
2015-07-24 06:33 - 2015-07-24 06:33 - 543659474 _____ C:\Windows\MEMORY.DMP
2015-07-24 06:33 - 2015-07-24 06:33 - 00262144 _____ C:\Windows\Minidump\072415-17828-01.dmp
2015-07-24 06:33 - 2015-07-24 06:33 - 00000000 ____D C:\Windows\Minidump
2015-07-24 06:30 - 2015-07-24 06:31 - 00000000 ____D C:\AdwCleaner
2015-07-24 05:49 - 2015-07-24 05:49 - 01415680 _____ (wj32) C:\Program Files\TNZ9J3DD.exe
2015-07-24 00:41 - 2015-07-24 00:41 - 00000000 ____D C:\Program Files (x86)\SSaVeNEWaAAppz
2015-07-24 00:41 - 2015-07-24 00:41 - 00000000 ____D C:\Program Files (x86)\SaveNewaAPPpz
2015-07-24 00:41 - 2015-07-24 00:41 - 00000000 ____D C:\Program Files (x86)\SaevENewaAppz
2015-07-24 00:20 - 2015-07-24 00:20 - 00000000 ____D C:\Program Files (x86)\TampaMonitor
2015-07-22 22:09 - 2015-07-22 22:09 - 00000464 __RSH C:\ProgramData\ntuser.pol
2015-07-21 16:32 - 2015-07-24 20:32 - 00000000 ____D C:\Program Files (x86)\SFK
2015-07-21 15:54 - 2015-07-21 17:36 - 00000000 ____D C:\Users\Aacer\Desktop\kcn
2015-07-21 15:41 - 2015-07-21 15:41 - 01415680 _____ (wj32) C:\Program Files\II2Y8IEI.exe
2015-07-21 15:09 - 2015-07-21 15:09 - 01415680 _____ (wj32) C:\Program Files\0KGGK006.exe
2015-07-18 09:37 - 2015-07-18 09:37 - 01415680 _____ (wj32) C:\Program Files\SCWG2MW2.exe
2015-07-17 17:20 - 2015-07-17 17:20 - 01415680 _____ (wj32) C:\Program Files\YYYYYI84.exe
2015-07-17 05:05 - 2015-07-17 05:05 - 01415680 _____ (wj32) C:\Program Files\W6KWWG0K.exe
2015-07-17 04:09 - 2015-07-17 04:09 - 01415680 _____ (wj32) C:\Program Files\AG66W6MA.exe
2015-07-15 17:58 - 2015-07-15 17:58 - 01415680 _____ (wj32) C:\Program Files\AKGG6UKG.exe
2015-07-15 03:27 - 2015-07-15 03:27 - 01415680 _____ (wj32) C:\Program Files\3N7HH77D.exe
2015-07-14 14:33 - 2015-07-14 14:33 - 01415680 _____ (wj32) C:\Program Files\DXJ3N7TX.exe
2015-07-13 06:43 - 2015-07-25 06:43 - 00000364 _____ C:\Windows\Tasks\SnoozeNoMore.job
2015-07-13 06:43 - 2015-07-13 06:43 - 00003250 _____ C:\Windows\System32\Tasks\SnoozeNoMore
2015-07-13 06:43 - 2015-07-13 06:43 - 00000000 ____D C:\ProgramData\{be8b68f5-ed6b-e1fd-be8b-b68f5ed6a3d7}
2015-07-13 03:29 - 2015-07-13 03:29 - 01415680 _____ (wj32) C:\Program Files\AE4AKAUO.exe
2015-07-12 08:33 - 2015-07-11 19:05 - 00048784 _____ (StdLib) C:\Windows\system32\Drivers\{027aeb7e-f8c3-4c10-be2c-627699fea100}Gw64.sys
2015-07-12 08:27 - 2015-07-12 08:27 - 00000000 ____D C:\ProgramData\WindowsMangerProtect
2015-07-11 18:08 - 2015-07-11 18:08 - 01415680 _____ (wj32) C:\Program Files\SCMWISS8.exe
2015-07-11 14:18 - 2015-07-11 14:18 - 01415680 _____ (wj32) C:\Program Files\EYI4O8IO.exe
2015-07-11 14:18 - 2015-07-11 14:18 - 01415680 _____ (wj32) C:\Program Files\EYI2O8SY.exe
2015-07-11 03:53 - 2015-07-24 00:20 - 00000000 ____D C:\ProgramData\2a7eb6c200004524
2015-07-11 03:52 - 2015-07-11 03:52 - 00000000 _____ C:\Users\Aacer\AppData\Local\Temp.dat
2015-07-11 00:45 - 2015-07-25 00:12 - 00000024 _____ C:\Users\Aacer\AppData\Roaming\appdataFr25.bin
2015-07-11 00:44 - 2015-07-24 00:42 - 00000000 ____D C:\ProgramData\3477940395795006226
2015-07-11 00:43 - 2015-07-25 06:43 - 00000364 _____ C:\Windows\Tasks\WarriorOne.job
2015-07-11 00:43 - 2015-07-11 00:43 - 00003250 _____ C:\Windows\System32\Tasks\WarriorOne
2015-07-11 00:43 - 2015-07-11 00:43 - 00000000 ____D C:\ProgramData\{94b3e9b0-f533-4253-94b3-3e9b0f53a6c3}
2015-07-10 15:11 - 2015-07-10 15:11 - 01415680 _____ (wj32) C:\Program Files\ZL5P9VFL.exe
2015-07-10 15:11 - 2015-07-10 15:11 - 01415680 _____ (wj32) C:\Program Files\ZD39N9NT.exe
2015-07-10 15:11 - 2015-07-10 15:11 - 01415680 _____ (wj32) C:\Program Files\RL77H1HH.exe
2015-07-10 15:11 - 2015-07-10 15:11 - 01415680 _____ (wj32) C:\Program Files\BLL7RVL7.exe
2015-07-10 15:11 - 2015-07-10 15:11 - 01415680 _____ (wj32) C:\Program Files\5P95Z5PV.exe
2015-07-10 06:44 - 2015-07-10 06:44 - 00000000 ____D C:\Program Files (x86)\Blushing Collection
2015-07-10 06:43 - 2015-07-10 06:43 - 08016176 _____ C:\Windows\SysWOW64\1.exe
2015-07-09 20:39 - 2015-07-09 20:39 - 01415680 _____ (wj32) C:\Program Files\JJ5T5TTP.exe
2015-07-09 13:50 - 2015-07-09 13:50 - 01415680 _____ (wj32) C:\Program Files\NHDXH7NX.exe
2015-07-08 17:44 - 2015-07-08 17:44 - 01415680 _____ (wj32) C:\Program Files\71R71LBH.exe
2015-07-08 03:48 - 2015-07-08 03:48 - 01415680 _____ (wj32) C:\Program Files\V11V717L.exe
2015-07-07 18:06 - 2015-07-07 18:06 - 01415680 _____ (wj32) C:\Program Files\ISC8SMSM.exe
2015-07-07 17:42 - 2015-07-07 17:42 - 01415680 _____ (wj32) C:\Program Files\8YIUO8YO.exe
2015-07-07 17:07 - 2015-07-07 17:07 - 01415680 _____ (wj32) C:\Program Files\0AUKAKG4.exe
2015-07-06 14:31 - 2015-07-06 14:31 - 01415680 _____ (wj32) C:\Program Files\MSIW2WI6.exe
2015-07-04 08:14 - 2015-07-04 08:14 - 01415680 _____ (wj32) C:\Program Files\VVL5V1B5.exe
2015-07-03 01:17 - 2015-07-03 01:17 - 01415680 _____ (wj32) C:\Program Files\OAUEYK4Y.exe
2015-07-01 15:03 - 2015-07-01 15:03 - 01415680 _____ (wj32) C:\Program Files\CWG2M66C.exe
2015-07-01 06:18 - 2015-07-01 06:18 - 01415680 _____ (wj32) C:\Program Files\AYYAAEOK.exe
2015-07-01 06:18 - 2015-07-01 06:18 - 01415680 _____ (wj32) C:\Program Files\4U4EOA4U.exe
2015-07-01 05:49 - 2015-07-01 05:49 - 01415680 _____ (wj32) C:\Program Files\8EISY2OE.exe
2015-07-01 04:07 - 2015-07-01 04:07 - 01415680 _____ (wj32) C:\Program Files\2C2II8MY.exe
2015-06-30 03:14 - 2015-06-30 03:14 - 01415680 _____ (wj32) C:\Program Files\YOEI4Y48.exe
2015-06-30 03:14 - 2015-06-30 03:14 - 01415680 _____ (wj32) C:\Program Files\AK0EEK04.exe
2015-06-30 00:43 - 2015-07-25 06:43 - 00000350 _____ C:\Windows\Tasks\SleekScreen.job
2015-06-30 00:43 - 2015-07-01 00:43 - 00000000 ____D C:\ProgramData\{3fa30c40-d8cb-18b4-3fa3-30c40d8c3103}
2015-06-30 00:43 - 2015-06-30 00:43 - 00003236 _____ C:\Windows\System32\Tasks\SleekScreen
2015-06-29 17:08 - 2015-06-29 17:08 - 01415680 _____ (wj32) C:\Program Files\BB7LL71B.exe
2015-06-29 17:08 - 2015-06-29 17:08 - 01415680 _____ (wj32) C:\Program Files\BB1RVLRH.exe
2015-06-29 04:26 - 2015-06-29 04:33 - 00000000 ____D C:\Users\Aacer\AppData\Roaming\PhotoScape
2015-06-29 04:24 - 2015-06-29 04:26 - 18376624 _____ (Mooii) C:\Users\Aacer\Downloads\PhotoScape_V3.6.2.exe
2015-06-28 19:27 - 2015-06-28 19:27 - 01415680 _____ (wj32) C:\Program Files\SC2MY8IC.exe
2015-06-27 02:42 - 2015-06-27 02:42 - 01415680 _____ (wj32) C:\Program Files\6KAYEYUE.exe
2015-06-27 02:28 - 2015-06-27 02:28 - 01415680 _____ (wj32) C:\Program Files\SWSWWW8C.exe
2015-06-26 17:45 - 2015-06-26 17:45 - 01415680 _____ (wj32) C:\Program Files\28Y2YCY8.exe
2015-06-26 17:11 - 2015-06-26 17:11 - 01415680 _____ (wj32) C:\Program Files\44E4OYKA.exe
2015-06-25 22:43 - 2015-07-24 23:00 - 00000384 _____ C:\Windows\Tasks\PhotoSharpener.job
2015-06-25 22:43 - 2015-06-26 05:00 - 00000000 ____D C:\ProgramData\{d3bb0745-0af1-9ca2-d3bb-b07450af1d14}
2015-06-25 22:43 - 2015-06-25 23:00 - 00003270 _____ C:\Windows\System32\Tasks\PhotoSharpener
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-07-25 09:20 - 2015-04-16 22:59 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-07-25 09:04 - 2014-08-12 04:22 - 02042216 _____ C:\Windows\WindowsUpdate.log
2015-07-25 09:00 - 2013-08-22 20:36 - 00000000 ____D C:\Windows\system32\sru
2015-07-25 08:57 - 2014-08-12 04:28 - 00003600 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3430386607-3475805158-3186237351-1001
2015-07-25 08:40 - 2014-08-16 00:58 - 00000918 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3430386607-3475805158-3186237351-1001UA.job
2015-07-25 07:41 - 2014-08-13 04:36 - 00000938 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3430386607-3475805158-3186237351-1001UA.job
2015-07-25 07:14 - 2013-08-22 20:36 - 00000000 ___HD C:\Windows\ELAMBKUP
2015-07-25 07:14 - 2013-08-22 18:25 - 00262144 ___SH C:\Windows\system32\config\ELAM
2015-07-25 06:14 - 2014-08-12 05:34 - 00003910 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{B6A01099-DBC5-4B9D-A299-6EBCFFB4C89F}
2015-07-25 06:11 - 2014-11-22 14:46 - 00000000 ____D C:\Temp
2015-07-25 01:35 - 2014-08-15 11:30 - 00000000 ____D C:\Users\Aacer\AppData\Roaming\uTorrent
2015-07-25 01:01 - 2014-08-15 13:55 - 00000000 ____D C:\Users\Aacer\AppData\Roaming\vlc
2015-07-24 20:31 - 2013-09-30 09:02 - 00049352 _____ C:\Windows\PFRO.log
2015-07-24 20:31 - 2013-08-22 19:46 - 00079231 _____ C:\Windows\setupact.log
2015-07-24 20:31 - 2013-08-22 19:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-07-24 16:41 - 2014-08-13 04:36 - 00000916 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3430386607-3475805158-3186237351-1001Core.job
2015-07-24 07:15 - 2014-08-12 04:22 - 00000000 ____D C:\Users\Aacer
2015-07-24 07:02 - 2014-08-12 05:36 - 00000000 ____D C:\Software
2015-07-24 03:40 - 2014-08-16 00:58 - 00000866 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3430386607-3475805158-3186237351-1001Core.job
2015-07-21 16:32 - 2015-06-17 17:07 - 00000000 ____D C:\Users\Aacer\AppData\Everything
2015-07-17 03:35 - 2014-08-16 00:58 - 00003864 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3430386607-3475805158-3186237351-1001UA
2015-07-17 03:35 - 2014-08-16 00:58 - 00003484 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3430386607-3475805158-3186237351-1001Core
2015-07-14 23:24 - 2015-04-16 22:59 - 00003718 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-07-14 06:04 - 2014-08-13 15:19 - 00000000 ____D C:\Users\Aacer\AppData\Roaming\Skype
2015-07-14 02:19 - 2013-09-30 09:14 - 00818732 _____ C:\Windows\system32\PerfStringBackup.INI
2015-07-14 02:12 - 2014-11-25 17:59 - 00000000 ____D C:\Users\Aacer\AppData\Roaming\dvdcss
2015-07-12 11:30 - 2013-08-22 18:25 - 00000269 _____ C:\Windows\win.ini
2015-07-12 09:27 - 2013-08-22 20:36 - 00000000 ____D C:\Windows\system32\GroupPolicy
2015-07-09 12:10 - 2013-08-22 20:20 - 00000000 ____D C:\Windows\CbsTemp
2015-07-08 15:34 - 2013-08-22 20:36 - 00000000 ____D C:\Windows\AppReadiness
2015-07-08 02:20 - 2013-08-22 20:36 - 00000000 ____D C:\Windows\LiveKernelReports
2015-06-27 03:07 - 2014-12-06 16:36 - 00000000 ____D C:\Program Files (x86)\Hard Disk Sentinel
==================== Files in the root of some directories =======
2015-07-07 17:07 - 2015-07-07 17:07 - 1415680 _____ (wj32) C:\Program Files\0AUKAKG4.exe
2015-07-21 15:09 - 2015-07-21 15:09 - 1415680 _____ (wj32) C:\Program Files\0KGGK006.exe
2015-06-26 17:45 - 2015-06-26 17:45 - 1415680 _____ (wj32) C:\Program Files\28Y2YCY8.exe
2015-07-01 04:07 - 2015-07-01 04:07 - 1415680 _____ (wj32) C:\Program Files\2C2II8MY.exe
2015-07-15 03:27 - 2015-07-15 03:27 - 1415680 _____ (wj32) C:\Program Files\3N7HH77D.exe
2015-06-26 17:11 - 2015-06-26 17:11 - 1415680 _____ (wj32) C:\Program Files\44E4OYKA.exe
2015-07-01 06:18 - 2015-07-01 06:18 - 1415680 _____ (wj32) C:\Program Files\4U4EOA4U.exe
2015-07-10 15:11 - 2015-07-10 15:11 - 1415680 _____ (wj32) C:\Program Files\5P95Z5PV.exe
2015-06-27 02:42 - 2015-06-27 02:42 - 1415680 _____ (wj32) C:\Program Files\6KAYEYUE.exe
2015-07-08 17:44 - 2015-07-08 17:44 - 1415680 _____ (wj32) C:\Program Files\71R71LBH.exe
2015-07-01 05:49 - 2015-07-01 05:49 - 1415680 _____ (wj32) C:\Program Files\8EISY2OE.exe
2015-07-07 17:42 - 2015-07-07 17:42 - 1415680 _____ (wj32) C:\Program Files\8YIUO8YO.exe
2015-07-13 03:29 - 2015-07-13 03:29 - 1415680 _____ (wj32) C:\Program Files\AE4AKAUO.exe
2015-07-17 04:09 - 2015-07-17 04:09 - 1415680 _____ (wj32) C:\Program Files\AG66W6MA.exe
2015-06-30 03:14 - 2015-06-30 03:14 - 1415680 _____ (wj32) C:\Program Files\AK0EEK04.exe
2015-07-15 17:58 - 2015-07-15 17:58 - 1415680 _____ (wj32) C:\Program Files\AKGG6UKG.exe
2015-07-01 06:18 - 2015-07-01 06:18 - 1415680 _____ (wj32) C:\Program Files\AYYAAEOK.exe
2015-06-29 17:08 - 2015-06-29 17:08 - 1415680 _____ (wj32) C:\Program Files\BB1RVLRH.exe
2015-06-29 17:08 - 2015-06-29 17:08 - 1415680 _____ (wj32) C:\Program Files\BB7LL71B.exe
2015-07-10 15:11 - 2015-07-10 15:11 - 1415680 _____ (wj32) C:\Program Files\BLL7RVL7.exe
2015-07-01 15:03 - 2015-07-01 15:03 - 1415680 _____ (wj32) C:\Program Files\CWG2M66C.exe
2015-07-14 14:33 - 2015-07-14 14:33 - 1415680 _____ (wj32) C:\Program Files\DXJ3N7TX.exe
2015-06-24 20:25 - 2015-06-24 20:29 - 1415680 _____ (wj32) C:\Program Files\EUUK6IEE.exe
2015-07-11 14:18 - 2015-07-11 14:18 - 1415680 _____ (wj32) C:\Program Files\EYI2O8SY.exe
2015-07-11 14:18 - 2015-07-11 14:18 - 1415680 _____ (wj32) C:\Program Files\EYI4O8IO.exe
2015-07-21 15:41 - 2015-07-21 15:41 - 1415680 _____ (wj32) C:\Program Files\II2Y8IEI.exe
2015-07-07 18:06 - 2015-07-07 18:06 - 1415680 _____ (wj32) C:\Program Files\ISC8SMSM.exe
2015-07-09 20:39 - 2015-07-09 20:39 - 1415680 _____ (wj32) C:\Program Files\JJ5T5TTP.exe
2015-07-06 14:31 - 2015-07-06 14:31 - 1415680 _____ (wj32) C:\Program Files\MSIW2WI6.exe
2015-07-09 13:50 - 2015-07-09 13:50 - 1415680 _____ (wj32) C:\Program Files\NHDXH7NX.exe
2015-07-03 01:17 - 2015-07-03 01:17 - 1415680 _____ (wj32) C:\Program Files\OAUEYK4Y.exe
2015-07-10 15:11 - 2015-07-10 15:11 - 1415680 _____ (wj32) C:\Program Files\RL77H1HH.exe
2015-06-24 20:38 - 2015-06-24 20:38 - 1415680 _____ (wj32) C:\Program Files\S004C00K.exe
2015-06-28 19:27 - 2015-06-28 19:27 - 1415680 _____ (wj32) C:\Program Files\SC2MY8IC.exe
2015-07-11 18:08 - 2015-07-11 18:08 - 1415680 _____ (wj32) C:\Program Files\SCMWISS8.exe
2015-07-18 09:37 - 2015-07-18 09:37 - 1415680 _____ (wj32) C:\Program Files\SCWG2MW2.exe
2015-06-27 02:28 - 2015-06-27 02:28 - 1415680 _____ (wj32) C:\Program Files\SWSWWW8C.exe
2015-07-24 05:49 - 2015-07-24 05:49 - 1415680 _____ (wj32) C:\Program Files\TNZ9J3DD.exe
2015-07-08 03:48 - 2015-07-08 03:48 - 1415680 _____ (wj32) C:\Program Files\V11V717L.exe
2015-07-04 08:14 - 2015-07-04 08:14 - 1415680 _____ (wj32) C:\Program Files\VVL5V1B5.exe
2015-07-17 05:05 - 2015-07-17 05:05 - 1415680 _____ (wj32) C:\Program Files\W6KWWG0K.exe
2015-06-30 03:14 - 2015-06-30 03:14 - 1415680 _____ (wj32) C:\Program Files\YOEI4Y48.exe
2015-07-17 17:20 - 2015-07-17 17:20 - 1415680 _____ (wj32) C:\Program Files\YYYYYI84.exe
2015-07-10 15:11 - 2015-07-10 15:11 - 1415680 _____ (wj32) C:\Program Files\ZD39N9NT.exe
2015-07-10 15:11 - 2015-07-10 15:11 - 1415680 _____ (wj32) C:\Program Files\ZL5P9VFL.exe
2015-07-11 00:45 - 2015-07-25 00:12 - 0000024 _____ () C:\Users\Aacer\AppData\Roaming\appdataFr25.bin
2015-05-29 12:22 - 2015-05-29 12:22 - 95518720 __RSH (handhisprotect dividemateriallaugh) C:\Users\Aacer\AppData\Roaming\obvkhvsexs.exe
2015-07-11 03:52 - 2015-07-11 03:52 - 0000000 _____ () C:\Users\Aacer\AppData\Local\Temp.dat
2013-08-22 08:56 - 2013-08-22 08:56 - 96509952 ___SH () C:\ProgramData\msmnno.exe
Files to move or delete:
====================
C:\ProgramData\msmnno.exe
Some files in TEMP:
====================
C:\Users\Aacer\AppData\Local\Temp\73820.exe.exe
C:\Users\Aacer\AppData\Local\Temp\cdo1127892611.dll
C:\Users\Aacer\AppData\Local\Temp\cdo1156963098.dll
C:\Users\Aacer\AppData\Local\Temp\cdo1166464295.dll
C:\Users\Aacer\AppData\Local\Temp\cdo1237743810.dll
C:\Users\Aacer\AppData\Local\Temp\cdo1487407296.dll
C:\Users\Aacer\AppData\Local\Temp\cdo1583078445.dll
C:\Users\Aacer\AppData\Local\Temp\cdo1598698571.dll
C:\Users\Aacer\AppData\Local\Temp\cdo160232521.dll
C:\Users\Aacer\AppData\Local\Temp\cdo1630703822.dll
C:\Users\Aacer\AppData\Local\Temp\cdo1685883978.dll
C:\Users\Aacer\AppData\Local\Temp\cdo1744916647.dll
C:\Users\Aacer\AppData\Local\Temp\cdo1939778535.dll
C:\Users\Aacer\AppData\Local\Temp\cdo2060087090.dll
C:\Users\Aacer\AppData\Local\Temp\cdo213521456.dll
C:\Users\Aacer\AppData\Local\Temp\cdo2562004436.dll
C:\Users\Aacer\AppData\Local\Temp\cdo2663984662.dll
C:\Users\Aacer\AppData\Local\Temp\cdo272328154.dll
C:\Users\Aacer\AppData\Local\Temp\cdo287019699.dll
C:\Users\Aacer\AppData\Local\Temp\cdo2889827080.dll
C:\Users\Aacer\AppData\Local\Temp\cdo2918067613.dll
C:\Users\Aacer\AppData\Local\Temp\cdo3133621892.dll
C:\Users\Aacer\AppData\Local\Temp\cdo3328159305.dll
C:\Users\Aacer\AppData\Local\Temp\cdo3477340407.dll
C:\Users\Aacer\AppData\Local\Temp\cdo3509560942.dll
C:\Users\Aacer\AppData\Local\Temp\cdo3598614108.dll
C:\Users\Aacer\AppData\Local\Temp\cdo3777291429.dll
C:\Users\Aacer\AppData\Local\Temp\cdo3839858687.dll
C:\Users\Aacer\AppData\Local\Temp\cdo4062945074.dll
C:\Users\Aacer\AppData\Local\Temp\cdo4076597047.dll
C:\Users\Aacer\AppData\Local\Temp\cdo4083752747.dll
C:\Users\Aacer\AppData\Local\Temp\cdo777067644.dll
C:\Users\Aacer\AppData\Local\Temp\cdo802043537.dll
C:\Users\Aacer\AppData\Local\Temp\cdo901560291.dll
C:\Users\Aacer\AppData\Local\Temp\E449.exe
C:\Users\Aacer\AppData\Local\Temp\EsgInstallerx64Stub.exe
C:\Users\Aacer\AppData\Local\Temp\KMPAddedCode_KMP_adpageopen_Step1.exe
C:\Users\Aacer\AppData\Local\Temp\MotoCast_Installer_2.0405.exe
C:\Users\Aacer\AppData\Local\Temp\Quarantine.exe
C:\Users\Aacer\AppData\Local\Temp\Runner2.exe
C:\Users\Aacer\AppData\Local\Temp\Runner4.exe
C:\Users\Aacer\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Aacer\AppData\Local\Temp\smarter.exe
C:\Users\Aacer\AppData\Local\Temp\sqlite3.dll
C:\Users\Aacer\AppData\Local\Temp\WinSvrsve.exe
C:\Users\Aacer\AppData\Local\Temp\{03F05190-481D-4783-9FAA-5D32BE65B68C}-GoogleUpdateSetup.exe
C:\Users\Aacer\AppData\Local\Temp\~dl7D27.tmp.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-07-22 23:58
==================== End of log ============================
Edited by aayanmirza, 24 July 2015 - 11:01 PM.