[Hana23]

I could not use my antivirus. I have unistalled it and installed it again but it did not work. I tried to install another antivirus but it also did not work. I looked for a solution. I found that Farbar Recovery Scan Tool can fix my problem. But, I didn't know what should I did after scan. Here the logs. Someone who understand this, please help what should I do next. Thank you so much.

Attached Files

•  FRST.txt   19.9KB   518 downloads
•  Addition.txt   25.94KB   531 downloads

Edited by Hana23, 02 August 2015 - 10:58 AM.

[Advertisements]

Greetings,

Welcome to Geeks to Go--the friendliest online community dedicated to the sole goal of helping people from all around the world! I am Pyxis and I will be assisting you. As such, I would like to stress the following reminders:

• It is important that you do not install anything unless asked while the process is ongoing. Doing so may hinder or even complicate the cleaning of your system. You will get the chance to install things as you would like after the process has been completed.
• Ensure you take extra caution to precisely follow my instructions. Please only use the tools I have asked you to. The instructions for your computer are unique and should therefore only apply to your system.
• Since the cleaning process is quite delicate, your timely response is crucial. Topics are marked inactive and thus closed within 3 full days of no activity. If you deem I have overlooked your thread--which is in a matter of more than 48 hours--please send me a PM and I will get back to you shortly.

I hope you keep in mind these reminders. Let's get to work!

• Step 1
  
  Upon careful inspection, your log indicates that the program(s) listed below is installed on your computer. I would like to request for the removal of the program(s) as it is associated with malware, adware or spyware. Please proceed to uninstalling by going to Control Panel (Windows XP) or Programs and Features (Windows Vista or Windows 7). If Windows says it cannot locate the program(s) and that it prompts for it to be removed from the list instead, do so by allowing it.
  • SpyHunter 4
  Inform me if you encounter problems in the removal process.

• Step 2
  
  Copy and paste the following into Notepad and save as fixlist.txt to your desktop:
  

  CloseProcesses:
  EmptyTemp:
  
  HKLM-x32\...\Run: [syshost32] => C:\Windows\Installer\{D71F1B9D-1236-6558-1064-93EEF051C6E8}\syshost.exe [448000 2015-08-01] ()
  HKLM\...\Policies\Explorer: [TaskbarNoNotification] 1
  HKLM\...\Policies\Explorer: [HideSCAHealth] 1
  Startup: C:\Users\103096\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\k.lnk [2015-05-12]
  ShortcutTarget: k.lnk -> C:\Users\103096\AppData\Roaming\obyfgbrqcy.exe (Miva Merchant)
  ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
  HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
  HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.mystartsearch.com/?type=hp&ts=1429933783&from=wpc&uid=HitachiXHTS547564A9E384_J2180053E9UNZDE9UNZDX
  HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
  HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
  HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
  HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
  HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
  HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
  HKU\S-1-5-21-1591615944-4240288302-870138075-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://u.msn.com/id-id/?ocid=iehp
  SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
  SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.mystartsearch.com/web/?type=ds&ts=1429933783&from=wpc&uid=HitachiXHTS547564A9E384_J2180053E9UNZDE9UNZDX&q={searchTerms}
  SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.mystartsearch.com/web/?type=ds&ts=1429933783&from=wpc&uid=HitachiXHTS547564A9E384_J2180053E9UNZDE9UNZDX&q={searchTerms}
  SearchScopes: HKU\S-1-5-21-1591615944-4240288302-870138075-1000 -> DefaultScope {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = http://www.mystartsearch.com/web/?utm_source=b&utm_medium=wpc&utm_campaign=install_ie&utm_content=ds&from=wpc&uid=HitachiXHTS547564A9E384_J2180053E9UNZDE9UNZDX&ts=1429933814&type=default&q={searchTerms}
  SearchScopes: HKU\S-1-5-21-1591615944-4240288302-870138075-1000 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = http://www.mystartsearch.com/web/?utm_source=b&utm_medium=wpc&utm_campaign=install_ie&utm_content=ds&from=wpc&uid=HitachiXHTS547564A9E384_J2180053E9UNZDE9UNZDX&ts=1429933814&type=default&q={searchTerms}
  SearchScopes: HKU\S-1-5-21-1591615944-4240288302-870138075-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.mystartsearch.com/web/?utm_source=b&utm_medium=wpc&utm_campaign=install_ie&utm_content=ds&from=wpc&uid=HitachiXHTS547564A9E384_J2180053E9UNZDE9UNZDX&ts=1429933814&type=default&q={searchTerms}
  SearchScopes: HKU\S-1-5-21-1591615944-4240288302-870138075-1000 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = http://www.mystartsearch.com/web/?utm_source=b&utm_medium=wpc&utm_campaign=install_ie&utm_content=ds&from=wpc&uid=HitachiXHTS547564A9E384_J2180053E9UNZDE9UNZDX&ts=1429933814&type=default&q={searchTerms}
  BHO-x32: IETabPage Class -> {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} -> C:\Program Files (x86)\XTab\SupTab.dll [2015-04-20] (Thinknice Co. Limited)
  C:\Program Files (x86)\XTab
  StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe http://www.mystartsearch.com/?type=sc&ts=1429933783&from=wpc&uid=HitachiXHTS547564A9E384_J2180053E9UNZDE9UNZDX
  FF user.js: detected! => C:\Users\103096\AppData\Roaming\Mozilla\Firefox\Profiles\2c98fm30.default-1430297367737\user.js [2015-04-29]
  FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\mystartsearch.xml [2015-04-25]
  FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\wtu-secure-search.xml [2014-10-10]
  FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Users\103096\AppData\Roaming\Mozilla\Firefox\Profiles\58adn3ys.default\extensions\[email protected]
  CHR HKLM\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [Not Found]
  CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [Not Found]
  CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [Not Found]
  R2 VSSS; C:\Users\103096\AppData\Roaming\Microsoft\SystemCertificates\VSSVC.exe [104761024 2015-06-23] (Microsoft Corporation) [File not signed] <==== ATTENTION
  S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2015-04-25] ()
  S3 swmsflt; \SystemRoot\System32\drivers\swmsflt.sys [X]
  2015-08-01 23:37 - 2015-08-01 23:37 - 01415680 _____ (wj32) C:\Program Files\LNPRWY02.exe
  2015-08-01 22:51 - 2015-08-01 22:51 - 00000000 ____D C:\Users\103096\AppData\Local\Avg2015
  2015-08-01 22:41 - 2015-08-01 22:41 - 05021528 _____ (AVG Technologies) C:\Users\103096\Downloads\avg_free_stb_all_6086p1_177.exe
  2015-07-08 13:16 - 2015-07-08 13:16 - 00003168 _____ C:\Windows\System32\Tasks\{E3551B81-70A9-4B5E-871A-54E1CDFC5C27}
  2015-08-01 23:17 - 2014-09-18 16:08 - 00000000 ____D C:\ProgramData\MFAData
  2015-08-01 22:50 - 2014-09-18 16:24 - 00000000 ____D C:\ProgramData\AVG2015
  2015-07-19 22:44 - 2015-02-03 23:28 - 00000000 ____D C:\ProgramData\AVG
  2015-02-05 08:23 - 2015-02-20 18:21 - 0000000 _____ () C:\Users\103096\AppData\Roaming\droid4xinstaller.log
  2015-05-12 08:45 - 2015-05-12 08:45 - 80957440 __RSH (Miva Merchant) C:\Users\103096\AppData\Roaming\obyfgbrqcy.exe
  C:\windows\installer\{d71f1b9d-1236-6558-1064-93eef051c6e8}
  Task: {5047E8BF-6F13-46DC-9F15-3E0ACC6E7EDA} - System32\Tasks\{C82F1C9E-C499-462A-B833-70FA54842221} => pcalua.exe -a "D:\Backup\Support for VAIO® Notebook &amp; Computer\Drivers\Intel Graphics Driver.EXE" -d "D:\Backup\Support for VAIO® Notebook &amp; Computer\Drivers"
  Task: {B2135A00-4570-4AB5-BA5C-1EA9EEF327C6} - System32\Tasks\{3415363B-0EF8-41FC-A8E7-533A565607FD} => pcalua.exe -a D:\jojos_setup.exe -d D:\
  Task: {C35447C8-5549-4B74-BB5A-79DEC4633FD3} - System32\Tasks\{E3551B81-70A9-4B5E-871A-54E1CDFC5C27} => pcalua.exe -a "C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe" -c /AppMode=SETUP /Uninstall /UDS=1
  2015-08-01 22:17 - 2015-08-01 22:16 - 00448000 _____ () C:\Windows\Installer\{D71F1B9D-1236-6558-1064-93EEF051C6E8}\syshost.exe
  AlternateDataStreams: C:\ProgramData\TEMP:0860D6D6
  
  RemoveProxy:
  CMD: bitsadmin /reset /allusers
  CMD: netsh advfirewall reset
  CMD: netsh advfirewall set allprofiles state ON

  • Run your copy of FRST. It is important to ensure it is located in your desktop.
  • Press the Fix button.
  • It will produce a log (fixlog.txt) once done.
  • Copy (CTRL + A and CTRL + C) and paste (CTRL + V) the content of the log in your next reply.

• Step 3
  
  Download 'AdwCleaner by Xplode' and save it to your desktop.
  • Simply double-click the program icon to run it. It will ask for administrator privileges.
  • Read the Terms of Use and click I Agree.
  • Click Scan and choose Clean after.
  • Wait for it to finish. It won't take long.
  • Click OK for the next prompts. Your system will automatically reboot.
  • A log will automatically pop-up after rebooting. Alternatively, you can find it at C:\AdwCleaner\AdwCleaner[S*].txt.
  • Copy (CTRL + A and CTRL + C) and paste (CTRL + V) the content of the log in your next reply.

• Logs to Post
  
  In summary of the above, I will need you to post the following log(s):
  • fixlog.txt (Farbar Recovery Scan Tool)
  • AdwCleaner[S*].txt (AdwCleaner)

[Pyxis]

Greetings,

Welcome to Geeks to Go--the friendliest online community dedicated to the sole goal of helping people from all around the world! I am Pyxis and I will be assisting you. As such, I would like to stress the following reminders:

• It is important that you do not install anything unless asked while the process is ongoing. Doing so may hinder or even complicate the cleaning of your system. You will get the chance to install things as you would like after the process has been completed.
• Ensure you take extra caution to precisely follow my instructions. Please only use the tools I have asked you to. The instructions for your computer are unique and should therefore only apply to your system.
• Since the cleaning process is quite delicate, your timely response is crucial. Topics are marked inactive and thus closed within 3 full days of no activity. If you deem I have overlooked your thread--which is in a matter of more than 48 hours--please send me a PM and I will get back to you shortly.

I hope you keep in mind these reminders. Let's get to work!

• Step 1
  
  Upon careful inspection, your log indicates that the program(s) listed below is installed on your computer. I would like to request for the removal of the program(s) as it is associated with malware, adware or spyware. Please proceed to uninstalling by going to Control Panel (Windows XP) or Programs and Features (Windows Vista or Windows 7). If Windows says it cannot locate the program(s) and that it prompts for it to be removed from the list instead, do so by allowing it.
  • SpyHunter 4
  Inform me if you encounter problems in the removal process.

• Step 2
  
  Copy and paste the following into Notepad and save as fixlist.txt to your desktop:
  

  CloseProcesses:
  EmptyTemp:
  
  HKLM-x32\...\Run: [syshost32] => C:\Windows\Installer\{D71F1B9D-1236-6558-1064-93EEF051C6E8}\syshost.exe [448000 2015-08-01] ()
  HKLM\...\Policies\Explorer: [TaskbarNoNotification] 1
  HKLM\...\Policies\Explorer: [HideSCAHealth] 1
  Startup: C:\Users\103096\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\k.lnk [2015-05-12]
  ShortcutTarget: k.lnk -> C:\Users\103096\AppData\Roaming\obyfgbrqcy.exe (Miva Merchant)
  ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
  HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
  HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.mystartsearch.com/?type=hp&ts=1429933783&from=wpc&uid=HitachiXHTS547564A9E384_J2180053E9UNZDE9UNZDX
  HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
  HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
  HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
  HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
  HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
  HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
  HKU\S-1-5-21-1591615944-4240288302-870138075-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://u.msn.com/id-id/?ocid=iehp
  SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
  SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.mystartsearch.com/web/?type=ds&ts=1429933783&from=wpc&uid=HitachiXHTS547564A9E384_J2180053E9UNZDE9UNZDX&q={searchTerms}
  SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.mystartsearch.com/web/?type=ds&ts=1429933783&from=wpc&uid=HitachiXHTS547564A9E384_J2180053E9UNZDE9UNZDX&q={searchTerms}
  SearchScopes: HKU\S-1-5-21-1591615944-4240288302-870138075-1000 -> DefaultScope {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = http://www.mystartsearch.com/web/?utm_source=b&utm_medium=wpc&utm_campaign=install_ie&utm_content=ds&from=wpc&uid=HitachiXHTS547564A9E384_J2180053E9UNZDE9UNZDX&ts=1429933814&type=default&q={searchTerms}
  SearchScopes: HKU\S-1-5-21-1591615944-4240288302-870138075-1000 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = http://www.mystartsearch.com/web/?utm_source=b&utm_medium=wpc&utm_campaign=install_ie&utm_content=ds&from=wpc&uid=HitachiXHTS547564A9E384_J2180053E9UNZDE9UNZDX&ts=1429933814&type=default&q={searchTerms}
  SearchScopes: HKU\S-1-5-21-1591615944-4240288302-870138075-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.mystartsearch.com/web/?utm_source=b&utm_medium=wpc&utm_campaign=install_ie&utm_content=ds&from=wpc&uid=HitachiXHTS547564A9E384_J2180053E9UNZDE9UNZDX&ts=1429933814&type=default&q={searchTerms}
  SearchScopes: HKU\S-1-5-21-1591615944-4240288302-870138075-1000 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = http://www.mystartsearch.com/web/?utm_source=b&utm_medium=wpc&utm_campaign=install_ie&utm_content=ds&from=wpc&uid=HitachiXHTS547564A9E384_J2180053E9UNZDE9UNZDX&ts=1429933814&type=default&q={searchTerms}
  BHO-x32: IETabPage Class -> {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} -> C:\Program Files (x86)\XTab\SupTab.dll [2015-04-20] (Thinknice Co. Limited)
  C:\Program Files (x86)\XTab
  StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe http://www.mystartsearch.com/?type=sc&ts=1429933783&from=wpc&uid=HitachiXHTS547564A9E384_J2180053E9UNZDE9UNZDX
  FF user.js: detected! => C:\Users\103096\AppData\Roaming\Mozilla\Firefox\Profiles\2c98fm30.default-1430297367737\user.js [2015-04-29]
  FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\mystartsearch.xml [2015-04-25]
  FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\wtu-secure-search.xml [2014-10-10]
  FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Users\103096\AppData\Roaming\Mozilla\Firefox\Profiles\58adn3ys.default\extensions\[email protected]
  CHR HKLM\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [Not Found]
  CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [Not Found]
  CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [Not Found]
  R2 VSSS; C:\Users\103096\AppData\Roaming\Microsoft\SystemCertificates\VSSVC.exe [104761024 2015-06-23] (Microsoft Corporation) [File not signed] <==== ATTENTION
  S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2015-04-25] ()
  S3 swmsflt; \SystemRoot\System32\drivers\swmsflt.sys [X]
  2015-08-01 23:37 - 2015-08-01 23:37 - 01415680 _____ (wj32) C:\Program Files\LNPRWY02.exe
  2015-08-01 22:51 - 2015-08-01 22:51 - 00000000 ____D C:\Users\103096\AppData\Local\Avg2015
  2015-08-01 22:41 - 2015-08-01 22:41 - 05021528 _____ (AVG Technologies) C:\Users\103096\Downloads\avg_free_stb_all_6086p1_177.exe
  2015-07-08 13:16 - 2015-07-08 13:16 - 00003168 _____ C:\Windows\System32\Tasks\{E3551B81-70A9-4B5E-871A-54E1CDFC5C27}
  2015-08-01 23:17 - 2014-09-18 16:08 - 00000000 ____D C:\ProgramData\MFAData
  2015-08-01 22:50 - 2014-09-18 16:24 - 00000000 ____D C:\ProgramData\AVG2015
  2015-07-19 22:44 - 2015-02-03 23:28 - 00000000 ____D C:\ProgramData\AVG
  2015-02-05 08:23 - 2015-02-20 18:21 - 0000000 _____ () C:\Users\103096\AppData\Roaming\droid4xinstaller.log
  2015-05-12 08:45 - 2015-05-12 08:45 - 80957440 __RSH (Miva Merchant) C:\Users\103096\AppData\Roaming\obyfgbrqcy.exe
  C:\windows\installer\{d71f1b9d-1236-6558-1064-93eef051c6e8}
  Task: {5047E8BF-6F13-46DC-9F15-3E0ACC6E7EDA} - System32\Tasks\{C82F1C9E-C499-462A-B833-70FA54842221} => pcalua.exe -a "D:\Backup\Support for VAIO® Notebook &amp; Computer\Drivers\Intel Graphics Driver.EXE" -d "D:\Backup\Support for VAIO® Notebook &amp; Computer\Drivers"
  Task: {B2135A00-4570-4AB5-BA5C-1EA9EEF327C6} - System32\Tasks\{3415363B-0EF8-41FC-A8E7-533A565607FD} => pcalua.exe -a D:\jojos_setup.exe -d D:\
  Task: {C35447C8-5549-4B74-BB5A-79DEC4633FD3} - System32\Tasks\{E3551B81-70A9-4B5E-871A-54E1CDFC5C27} => pcalua.exe -a "C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe" -c /AppMode=SETUP /Uninstall /UDS=1
  2015-08-01 22:17 - 2015-08-01 22:16 - 00448000 _____ () C:\Windows\Installer\{D71F1B9D-1236-6558-1064-93EEF051C6E8}\syshost.exe
  AlternateDataStreams: C:\ProgramData\TEMP:0860D6D6
  
  RemoveProxy:
  CMD: bitsadmin /reset /allusers
  CMD: netsh advfirewall reset
  CMD: netsh advfirewall set allprofiles state ON

  • Run your copy of FRST. It is important to ensure it is located in your desktop.
  • Press the Fix button.
  • It will produce a log (fixlog.txt) once done.
  • Copy (CTRL + A and CTRL + C) and paste (CTRL + V) the content of the log in your next reply.

• Step 3
  
  Download 'AdwCleaner by Xplode' and save it to your desktop.
  • Simply double-click the program icon to run it. It will ask for administrator privileges.
  • Read the Terms of Use and click I Agree.
  • Click Scan and choose Clean after.
  • Wait for it to finish. It won't take long.
  • Click OK for the next prompts. Your system will automatically reboot.
  • A log will automatically pop-up after rebooting. Alternatively, you can find it at C:\AdwCleaner\AdwCleaner[S*].txt.
  • Copy (CTRL + A and CTRL + C) and paste (CTRL + V) the content of the log in your next reply.

• Logs to Post
  
  In summary of the above, I will need you to post the following log(s):
  • fixlog.txt (Farbar Recovery Scan Tool)
  • AdwCleaner[S*].txt (AdwCleaner)

[Hana23]

Hello Pyxis. Thank you so much for being my savior. I am really greatful for your help.
Well... Here's my reply
 
Step 1
I cannot uninstall this program.
 
Step 2
Fix result of Farbar Recovery Scan Tool (x64) Version:02-08-2015
Ran by 103096 (2015-08-02 17:08:19) Run:1
Running from C:\Users\103096\Desktop
Loaded Profiles: 103096 (Available Profiles: 103096)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CloseProcesses:
EmptyTemp:

HKLM-x32\...\Run: [syshost32] => C:\Windows\Installer\{D71F1B9D-1236-6558-1064-93EEF051C6E8}\syshost.exe [448000 2015-08-01] ()
HKLM\...\Policies\Explorer: [TaskbarNoNotification] 1
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
Startup: C:\Users\103096\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\k.lnk [2015-05-12]
ShortcutTarget: k.lnk -> C:\Users\103096\AppData\Roaming\obyfgbrqcy.exe (Miva Merchant)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.mystartse...53E9UNZDE9UNZDX
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-1591615944-4240288302-870138075-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://u.msn.com/id-id/?ocid=iehp
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.mystartse...q={searchTerms}
SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.mystartse...q={searchTerms}
SearchScopes: HKU\S-1-5-21-1591615944-4240288302-870138075-1000 -> DefaultScope {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = http://www.mystartse...q={searchTerms}
SearchScopes: HKU\S-1-5-21-1591615944-4240288302-870138075-1000 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = http://www.mystartse...q={searchTerms}
SearchScopes: HKU\S-1-5-21-1591615944-4240288302-870138075-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.mystartse...q={searchTerms}
SearchScopes: HKU\S-1-5-21-1591615944-4240288302-870138075-1000 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = http://www.mystartse...q={searchTerms}
BHO-x32: IETabPage Class -> {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} -> C:\Program Files (x86)\XTab\SupTab.dll [2015-04-20] (Thinknice Co. Limited)
C:\Program Files (x86)\XTab
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe http://www.mystartse...53E9UNZDE9UNZDX
FF user.js: detected! => C:\Users\103096\AppData\Roaming\Mozilla\Firefox\Profiles\2c98fm30.default-1430297367737\user.js [2015-04-29]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\mystartsearch.xml [2015-04-25]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\wtu-secure-search.xml [2014-10-10]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Users\103096\AppData\Roaming\Mozilla\Firefox\Profiles\58adn3ys.default\extensions\[email protected]
CHR HKLM\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [Not Found]
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [Not Found]
R2 VSSS; C:\Users\103096\AppData\Roaming\Microsoft\SystemCertificates\VSSVC.exe [104761024 2015-06-23] (Microsoft Corporation) [File not signed] <==== ATTENTION
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2015-04-25] ()
S3 swmsflt; \SystemRoot\System32\drivers\swmsflt.sys [X]
2015-08-01 23:37 - 2015-08-01 23:37 - 01415680 _____ (wj32) C:\Program Files\LNPRWY02.exe
2015-08-01 22:51 - 2015-08-01 22:51 - 00000000 ____D C:\Users\103096\AppData\Local\Avg2015
2015-08-01 22:41 - 2015-08-01 22:41 - 05021528 _____ (AVG Technologies) C:\Users\103096\Downloads\avg_free_stb_all_6086p1_177.exe
2015-07-08 13:16 - 2015-07-08 13:16 - 00003168 _____ C:\Windows\System32\Tasks\{E3551B81-70A9-4B5E-871A-54E1CDFC5C27}
2015-08-01 23:17 - 2014-09-18 16:08 - 00000000 ____D C:\ProgramData\MFAData
2015-08-01 22:50 - 2014-09-18 16:24 - 00000000 ____D C:\ProgramData\AVG2015
2015-07-19 22:44 - 2015-02-03 23:28 - 00000000 ____D C:\ProgramData\AVG
2015-02-05 08:23 - 2015-02-20 18:21 - 0000000 _____ () C:\Users\103096\AppData\Roaming\droid4xinstaller.log
2015-05-12 08:45 - 2015-05-12 08:45 - 80957440 __RSH (Miva Merchant) C:\Users\103096\AppData\Roaming\obyfgbrqcy.exe
C:\windows\installer\{d71f1b9d-1236-6558-1064-93eef051c6e8}
Task: {5047E8BF-6F13-46DC-9F15-3E0ACC6E7EDA} - System32\Tasks\{C82F1C9E-C499-462A-B833-70FA54842221} => pcalua.exe -a "D:\Backup\Support for VAIO® Notebook &amp; Computer\Drivers\Intel Graphics Driver.EXE" -d "D:\Backup\Support for VAIO® Notebook &amp; Computer\Drivers"
Task: {B2135A00-4570-4AB5-BA5C-1EA9EEF327C6} - System32\Tasks\{3415363B-0EF8-41FC-A8E7-533A565607FD} => pcalua.exe -a D:\jojos_setup.exe -d D:\
Task: {C35447C8-5549-4B74-BB5A-79DEC4633FD3} - System32\Tasks\{E3551B81-70A9-4B5E-871A-54E1CDFC5C27} => pcalua.exe -a "C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe" -c /AppMode=SETUP /Uninstall /UDS=1
2015-08-01 22:17 - 2015-08-01 22:16 - 00448000 _____ () C:\Windows\Installer\{D71F1B9D-1236-6558-1064-93EEF051C6E8}\syshost.exe
AlternateDataStreams: C:\ProgramData\TEMP:0860D6D6

RemoveProxy:
CMD: bitsadmin /reset /allusers
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
*****************

Processes closed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\syshost32 => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\TaskbarNoNotification => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\HideSCAHealth => value removed successfully
C:\Users\103096\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\k.lnk => moved successfully.
C:\Users\103096\AppData\Roaming\obyfgbrqcy.exe => moved successfully.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast" => key removed successfully
HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully
HKU\S-1-5-21-1591615944-4240288302-870138075-1000\Software\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache => value removed successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}" => key removed successfully
HKCR\Wow6432Node\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => key not found.
HKU\S-1-5-21-1591615944-4240288302-870138075-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
"HKU\S-1-5-21-1591615944-4240288302-870138075-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}" => key removed successfully
HKCR\CLSID\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} => key not found.
"HKU\S-1-5-21-1591615944-4240288302-870138075-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}" => key removed successfully
HKCR\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => key not found.
"HKU\S-1-5-21-1591615944-4240288302-870138075-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E733165D-CBCF-4FDA-883E-ADEF965B476C}" => key removed successfully
HKCR\CLSID\{E733165D-CBCF-4FDA-883E-ADEF965B476C} => key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}" => key removed successfully
"HKCR\Wow6432Node\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}" => key removed successfully
C:\Program Files (x86)\XTab => moved successfully.
HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\\Default => value restored successfully
C:\Users\103096\AppData\Roaming\Mozilla\Firefox\Profiles\2c98fm30.default-1430297367737\user.js => moved successfully.
C:\Program Files (x86)\mozilla firefox\browser\searchplugins\mystartsearch.xml => moved successfully.
C:\Program Files (x86)\mozilla firefox\browser\searchplugins\wtu-secure-search.xml => moved successfully.
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\[email protected] => value removed successfully
"HKLM\SOFTWARE\Google\Chrome\Extensions\jeaohhlajejodfjadcponpnjgkiikocn" => key removed successfully
"HKLM\SOFTWARE\Google\Chrome\Extensions\ngpampappnmepgilojfohadhhmbhlaek" => key removed successfully
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ngpampappnmepgilojfohadhhmbhlaek" => key removed successfully
VSSS => service removed successfully
EsgScanner => service removed successfully
swmsflt => service removed successfully
C:\Program Files\LNPRWY02.exe => moved successfully.
C:\Users\103096\AppData\Local\Avg2015 => moved successfully.
C:\Users\103096\Downloads\avg_free_stb_all_6086p1_177.exe => moved successfully.
C:\Windows\System32\Tasks\{E3551B81-70A9-4B5E-871A-54E1CDFC5C27} => moved successfully.
C:\ProgramData\MFAData => moved successfully.
C:\ProgramData\AVG2015 => moved successfully.
C:\ProgramData\AVG => moved successfully.
C:\Users\103096\AppData\Roaming\droid4xinstaller.log => moved successfully.
"C:\Users\103096\AppData\Roaming\obyfgbrqcy.exe" => File/Folder not found.
C:\windows\installer\{d71f1b9d-1236-6558-1064-93eef051c6e8} => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5047E8BF-6F13-46DC-9F15-3E0ACC6E7EDA}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5047E8BF-6F13-46DC-9F15-3E0ACC6E7EDA}" => key removed successfully
C:\Windows\System32\Tasks\{C82F1C9E-C499-462A-B833-70FA54842221} => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{C82F1C9E-C499-462A-B833-70FA54842221}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B2135A00-4570-4AB5-BA5C-1EA9EEF327C6}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B2135A00-4570-4AB5-BA5C-1EA9EEF327C6}" => key removed successfully
C:\Windows\System32\Tasks\{3415363B-0EF8-41FC-A8E7-533A565607FD} => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{3415363B-0EF8-41FC-A8E7-533A565607FD}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C35447C8-5549-4B74-BB5A-79DEC4633FD3}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C35447C8-5549-4B74-BB5A-79DEC4633FD3}" => key removed successfully
C:\Windows\System32\Tasks\{E3551B81-70A9-4B5E-871A-54E1CDFC5C27} not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{E3551B81-70A9-4B5E-871A-54E1CDFC5C27}" => key removed successfully
"C:\Windows\Installer\{D71F1B9D-1236-6558-1064-93EEF051C6E8}\syshost.exe" => File/Folder not found.
C:\ProgramData\TEMP => ":0860D6D6" ADS removed successfully.

========= RemoveProxy: =========

HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-1591615944-4240288302-870138075-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-1591615944-4240288302-870138075-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully


========= End of RemoveProxy: =========


=========  bitsadmin /reset /allusers =========


BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

0 out of 0 jobs canceled.

========= End of CMD: =========


=========  netsh advfirewall reset =========

Ok.


========= End of CMD: =========


=========  netsh advfirewall set allprofiles state ON =========

Ok.


========= End of CMD: =========

EmptyTemp: => 413.3 MB temporary data Removed.


The system needed a reboot..

==== End of Fixlog 17:08:38 ====
 
Step 3
# AdwCleaner v4.208 - Logfile created 02/08/2015 at 17:14:11
# Updated 09/07/2015 by Xplode
# Database : 2015-08-01.1 [Server]
# Operating system : Windows 7 Professional Service Pack 1 (x64)
# Username : 103096 - 103096-PC
# Running from : C:\Users\103096\Desktop\AdwCleaner.exe
# Option : Cleaning

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\apn
Folder Deleted : C:\ProgramData\AVG Security Toolbar
Folder Deleted : C:\ProgramData\IHProtectUpDate
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\B1 Free Archiver
Folder Deleted : C:\Users\Public\Documents\MyPlayCity
Folder Deleted : C:\Program Files (x86)\B1 Free Archiver
Folder Deleted : C:\Program Files (x86)\SalEPllus
Folder Deleted : C:\Program Files (x86)\SalePlus
File Deleted : C:\Users\103096\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Goodgame Empire.lnk
File Deleted : C:\Users\103096\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Goodgame Empire.lnk
File Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\yahoo.xml

***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****

Shortcut Disinfected : C:\Users\103096\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
Shortcut Disinfected : C:\Users\103096\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Shortcut Disinfected : C:\Users\103096\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
Shortcut Disinfected : C:\Users\103096\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

***** [ Registry ] *****

Key Deleted : HKCU\Software\Mozilla\Extends
Key Deleted : HKCU\Software\7d601e2799347f40
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Key Deleted : HKCU\Software\b1.org
Key Deleted : HKCU\Software\OCS
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\TNT2
Key Deleted : HKCU\Software\Avg Secure Update
Key Deleted : HKLM\SOFTWARE\b1.org
Key Deleted : HKLM\SOFTWARE\SupDp
Key Deleted : HKLM\SOFTWARE\SupTab
Key Deleted : HKLM\SOFTWARE\IHProtect
Key Deleted : HKU\.DEFAULT\Software\Avg Secure Update
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\IMBoosterARP
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\IminentToolbar
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\WajIntEnhance
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8B9FA5FF-3E61-4658-B0DA-E6DDB46D6BAD}_is1
Key Deleted : [x64] HKLM\SOFTWARE\b1.org

***** [ Web browsers ] *****

-\\ Internet Explorer v8.0.7601.17514


-\\ Mozilla Firefox v38.0.5 (x86 en-US)


*************************

AdwCleaner[R0].txt - [3565 bytes] - [02/08/2015 17:12:57]
AdwCleaner[S0].txt - [3352 bytes] - [02/08/2015 17:14:11]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3411  bytes] ##########
 
 
Best regrad,
Hana23

[Pyxis]

Hi Hana23,

Things are looking good.

• Step 1
  
  One of the infections installed a development-build Google Chrome in place of your stable copy, which gives leverage to harmful extensions. Unfortunately, this means needing to replace your existing installation and resetting your settings to ensure no traces remain.
  • Download 'Google Chrome by Google' and save it to your desktop.
  • You can choose to export bookmarks if you have any. Do so by following 'this' guide.
  • If you signed in to Google Chrome, visit 'Google Sync' and click Reset sync > OK. Skip this step otherwise.
  • Close all instances of Google Chrome and uninstall it via Control Panel (Windows XP) or Programs and Features (Windows Vista or Windows 7).
    • Tick Also delete your browsing data? > Uninstall.
  • Close the browser window the uninstaller will open. Proceed to install the copy you downloaded earlier.
  • You can safely import the HTML bookmark backup(s) you made earlier and 'sync your settings' again.

• Step 2
  
  Download 'Junkware Removal Tool by thisisu' and save it to your desktop.
  • Ensure all programs and windows are closed before proceeding.
  • Simply double-click the program icon to run it. It will ask for administrator privileges.
  • A black window will appear. Press any key to continue.
  • Wait for it to finish. It won't take long.
  • A log will automatically pop-up once done. Alternatively, you can find JRT.txt at your desktop.
  • Copy (CTRL + A and CTRL + C) and paste (CTRL + V) the content of the log in your next reply.

• Step 3
  
  Let's quickly install a proper anti-virus. Kindly run 'AVG Remover by AVG Technologies' to fully uninstall your AVG product. The onscreen instructions should be able to directly assist you. Proceed to uninstall SMADAV normally via Programs and Features. After, please choose only one from the list below and install it. Note that the names lead to the respective download links.
  • avast! Free Antivirus
    • More information can be found 'here'.
  • Avira Free Antivirus
    • More information can be found 'here'.
  • Microsoft Security Essentials
    • More information can be found 'here'.
  If you are unsure which one to pick, you can view 'Virus Bulletin' or 'AV-Comparatives'.

• Logs to Post
  
  In summary of the above, I will need you to post the following log(s):
  • JRT.txt (Junkware Removal Tool)

[Hana23]

Hi pyxis,
 
Thank you for your reply
 
Step 1
I have done this step but I don't know what it is used for. May I know why I must do this?
Hmm.. by the way I still cannot uninstall Spy Hunter.
 
Step 2
 
Here's the log:
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.5.4 (07.27.2015:1)
OS: Windows 7 Professional x64
Ran by 103096 on Mon 08/03/2015 at 11:01:43.81
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Tasks



~~~ Registry Values



~~~ Registry Keys



~~~ Files

Successfully deleted: [File] C:\Users\103096\AppData\Roaming\microsoft\systemcertificates\vssvc.exe
Successfully deleted: [File] C:\Program Files\DLUFNW4Z.exe
Successfully deleted: [File] C:\Program Files\X5EM7GOJ.exe



~~~ Folders

Successfully deleted: [Folder] C:\ProgramData\16143464487879751647



~~~ FireFox

Emptied folder: C:\Users\103096\AppData\Roaming\mozilla\firefox\profiles\2c98fm30.default-1430297367737\minidumps [2 files]





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 08/03/2015 at 11:04:23.01
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
Step 3
 
I chose avast! I have installed it and it works!!! Yey! Thank you so much pyxis.
 
Best regrad,
Hana23

[Pyxis]

The step you are referring to was aimed at replacing your altered Google Chrome copy with a stable version that isn't vulnerable to malware. What error are you getting when you try to remove SpyHunter? Let's check what else remains, but I hope your computer is running better.

• Step 1
  
  Download the free version of 'Malwarebytes Anti-Malware by Malwarebytes Corporation' and save it to your desktop.
  • Double-click mbam-setup-*.exe and proceed to installing the program.
    • Accept the License Agreement.
    • At the end, untick Enable free trial of Malwarebytes Anti-Malware Premium and ensure Launch Malwarebytes' Anti-Malware is checked.
    • Click Finish after.
  • Once the program has loaded, navigate to the Settings tab and select Detection and Protection.
    • Tick the Scan For Rootkits box.
  • Go back to the Dashboard and select Update Now. Click Scan Now after.
    • Updates can sometimes still be present. Be sure to select Update Now again if you are prompted.
    • Once the scan is complete, click Apply Actions.
    • If you are prompted to reboot, allow it by pressing Yes.
  • Navigate to the program's History tab to retrieve the log.
    • Click Application Logs and double-click on the most recent Scan Log.
    • Export the log to your desktop as a .TXT file.
    • You can also choose to directly copy the log by selecting Copy to Clipboard.
  • Copy (CTRL + A and CTRL + C) and paste (CTRL + V) the content of the log in your next reply.

• Step 2
  
  Run your copy of FRST by double-clicking it.
  • Put a check on Addition.
  • Press the Scan button after.
  • It will produce FRST.txt and Addition.txt on your desktop once done.
  • Copy (CTRL + A and CTRL + C) and paste (CTRL + V) the content of the logs in your next reply.

• Logs to Post
  
  In summary of the above, I will need you to post the following log(s):
  • Addition.txt (Farbar Recovery Scan Tool)
  • FRST.txt (Farbar Recovery Scan Tool)
  • mbam-log-YYYY-MM-DD (HH-MM-SS).xml (Malwarebytes Anti-Malware)

[Hana23]

Hello Pyxis,
Thank you so much for your reply. Well... If I tried to uninstall SpyHunter...
 




 
STEP1
 
Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 8/4/2015
Scan Time: 12:19 AM
Logfile: TXT.txt
Administrator: Yes

Version: 2.1.8.1057
Malware Database: v2015.06.03.03
Rootkit Database: v2015.06.02.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: 103096

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 349480
Time Elapsed: 25 min, 47 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)
 
STEP 2
 
FRST.txt
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:02-08-2015
Ran by 103096 (administrator) on 103096-PC (04-08-2015 00:54:34)
Running from C:\Users\103096\Desktop
Loaded Profiles: 103096 (Available Profiles: 103096)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
() C:\Program Files\Smartfren Connex AC682 UI\bin\MonServiceUDisk.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgr.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(WordWeb Software) C:\Program Files (x86)\WordWeb\wweb32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMService.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1158248 2012-04-02] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1158248 2012-04-02] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2870032 2012-04-04] (Synaptics Incorporated)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [112512 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [343168 2012-02-03] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Dolby Home Theater v4] => C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe [500736 2011-05-02] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-04-02] (Intel Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [6109776 2015-08-03] (AVAST Software)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1591615944-4240288302-870138075-1000\...\Run: [WordWeb] => C:\Program Files (x86)\WordWeb\wweb32.exe [65216 2009-11-08] (WordWeb Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-08-03] (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2015-01-29] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-08-03] (AVAST Software)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-29] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-08-03] (AVAST Software)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.43.1
Tcpip\..\Interfaces\{852DF80E-ECC5-4D31-B811-7B6970198DF9}: [DhcpNameServer] 192.168.43.1

FireFox:
========
FF ProfilePath: C:\Users\103096\AppData\Roaming\Mozilla\Firefox\Profiles\2c98fm30.default-1430297367737
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_209.dll [2015-07-18] ()
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-29] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-29] (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-07-18] ()
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Extension: Adblock Plus - C:\Users\103096\AppData\Roaming\Mozilla\Firefox\Profiles\2c98fm30.default-1430297367737\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-04-29]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-08-03]

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-08-03]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [146600 2015-08-03] (AVAST Software)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273168 2011-12-08] ()
R2 UDisk Monitor; C:\Program Files\Smartfren Connex AC682 UI\bin\MonServiceUDisk.exe [406016 2011-05-09] () [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [594704 2011-12-08] (Intel® Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 amdkmpfd; C:\Windows\System32\DRIVERS\amdkmpfd.sys [31872 2012-04-03] (Advanced Micro Devices, Inc.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-08-03] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [90968 2015-08-03] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-08-03] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-08-03] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1048856 2015-08-03] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [447944 2015-08-03] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [150672 2015-08-03] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [274808 2015-08-03] (AVAST Software)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [113880 2015-08-04] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation)
S3 PCTINDIS5X64; C:\Windows\system32\PCTINDIS5X64.SYS [42784 2007-09-18] (PCTEL Inc.)
R2 rimssne; C:\Windows\System32\DRIVERS\rimssne64.sys [102912 2012-04-03] (REDC)
S3 UsbModemDriver; C:\Windows\System32\DRIVERS\USB_MODEM_T.sys [28160 2011-04-08] ()
S3 USB_BusEnum_T; C:\Windows\System32\DRIVERS\USB_BusEnum_T.sys [44544 2009-11-05] ()
S3 USB_ETS_T; C:\Windows\System32\DRIVERS\USB_ETS_T.sys [21760 2008-05-30] (Via Telecom, Inc.)
S3 USB_WinMux_T; C:\Windows\System32\DRIVERS\USB_WinMux_T.sys [37376 2009-10-27] ()

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-04 00:51 - 2015-08-04 00:51 - 00001054 _____ C:\Users\103096\Desktop\TXT 2.txt
2015-08-04 00:50 - 2015-08-04 00:50 - 00001052 _____ C:\Users\103096\Desktop\TXT.txt
2015-08-04 00:14 - 2015-08-04 00:19 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-08-04 00:14 - 2015-08-04 00:14 - 00001108 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-08-04 00:14 - 2015-08-04 00:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-08-04 00:14 - 2015-08-04 00:14 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-08-04 00:14 - 2015-08-04 00:14 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-08-04 00:14 - 2015-06-18 08:41 - 00109272 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-08-04 00:14 - 2015-06-18 08:41 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-08-04 00:14 - 2015-06-18 08:41 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-08-04 00:10 - 2015-08-04 00:12 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\103096\Desktop\mbam-setup-2.1.8.1057.exe
2015-08-03 11:42 - 2015-08-03 11:55 - 00000000 ____D C:\ProgramData\MCShield
2015-08-03 11:36 - 2015-08-03 11:36 - 00003924 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2015-08-03 11:36 - 2015-08-03 11:36 - 00001928 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2015-08-03 11:36 - 2015-08-03 11:36 - 00000000 ____D C:\Users\103096\AppData\Roaming\AVAST Software
2015-08-03 11:36 - 2015-08-03 11:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-08-03 11:35 - 2015-08-03 11:35 - 01048856 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2015-08-03 11:35 - 2015-08-03 11:35 - 00447944 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2015-08-03 11:35 - 2015-08-03 11:35 - 00378880 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2015-08-03 11:35 - 2015-08-03 11:35 - 00274808 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2015-08-03 11:35 - 2015-08-03 11:35 - 00150672 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2015-08-03 11:35 - 2015-08-03 11:35 - 00093528 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2015-08-03 11:35 - 2015-08-03 11:35 - 00090968 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2015-08-03 11:35 - 2015-08-03 11:35 - 00065224 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2015-08-03 11:35 - 2015-08-03 11:35 - 00043112 _____ (AVAST Software) C:\Windows\avastSS.scr
2015-08-03 11:35 - 2015-08-03 11:35 - 00028656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2015-08-03 11:30 - 2015-08-03 11:30 - 00004004 _____ C:\Users\103096\Desktop\Lala.txt
2015-08-03 11:30 - 2015-08-03 11:30 - 00000000 ____D C:\Program Files\AVAST Software
2015-08-03 11:19 - 2015-08-03 11:20 - 00438537 _____ C:\Users\103096\Downloads\avgremover.log
2015-08-03 11:13 - 2015-08-03 11:19 - 03681088 _____ (AVG Technologies CZ, s.r.o.) C:\Users\103096\Downloads\avg_remover_stf_x64_2015_5501.exe
2015-08-03 11:04 - 2015-08-03 11:04 - 00001053 _____ C:\Users\103096\Desktop\JRT.txt
2015-08-03 11:00 - 2015-08-03 11:01 - 01798176 _____ (Malwarebytes Corporation) C:\Users\103096\Desktop\JRT.exe
2015-08-03 10:01 - 2015-08-03 10:02 - 00000410 _____ C:\Users\103096\Desktop\bookmarks_8_3_15.html
2015-08-03 09:53 - 2015-08-03 09:53 - 00931408 _____ (Google Inc.) C:\Users\103096\Desktop\ChromeSetup.exe
2015-08-02 17:12 - 2015-08-02 17:14 - 00000000 ____D C:\AdwCleaner
2015-08-02 17:12 - 2015-08-02 17:12 - 02248704 _____ C:\Users\103096\Desktop\AdwCleaner.exe
2015-08-02 17:02 - 2015-08-02 17:03 - 00026203 _____ C:\Users\103096\Desktop\Addition.txt
2015-08-02 11:55 - 2015-08-04 00:54 - 00011780 _____ C:\Users\103096\Desktop\FRST.txt
2015-08-02 11:51 - 2015-08-04 00:54 - 00000000 ____D C:\FRST
2015-08-02 11:50 - 2015-08-02 11:50 - 02856736 _____ (MyCity) C:\Users\103096\Downloads\MCShield-Setup.exe
2015-08-02 11:48 - 2015-08-02 11:48 - 02168832 _____ (Farbar) C:\Users\103096\Desktop\FRST64.exe
2015-08-01 23:32 - 2015-08-03 11:26 - 00000000 ____D C:\ProgramData\AVAST Software
2015-08-01 23:32 - 2015-08-01 23:32 - 05685584 _____ (AVAST Software) C:\Users\Public\Desktop\avast_free_antivirus_setup_online.exe
2015-08-01 23:32 - 2015-08-01 23:32 - 05685584 _____ (AVAST Software) C:\Users\103096\Downloads\avast_free_antivirus_setup_online.exe
2015-08-01 22:35 - 2015-08-03 11:56 - 00372170 _____ C:\Windows\PFRO.log
2015-07-26 12:04 - 2015-07-26 12:04 - 00000000 _____ C:\Windows\setuperr.log
2015-07-16 01:18 - 2015-07-16 01:18 - 00000000 ____D C:\Users\103096\Documents\SUPER JUNIOR - DEVIL (SPECIAL ALBUM)
2015-07-16 01:08 - 2015-07-16 01:15 - 88197599 _____ C:\Users\103096\Documents\SUPER JUNIOR - DEVIL (SPECIAL ALBUM) [k2nblog.com].7z
2015-07-09 13:37 - 2015-08-03 14:57 - 00001848 _____ C:\Windows\setupact.log

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-04 00:41 - 2015-01-29 12:22 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-08-04 00:29 - 2014-09-18 15:31 - 01823679 _____ C:\Windows\WindowsUpdate.log
2015-08-03 23:38 - 2014-10-03 08:57 - 00000000 ____D C:\KMPlayer
2015-08-03 15:17 - 2009-07-14 12:13 - 00726316 _____ C:\Windows\system32\PerfStringBackup.INI
2015-08-03 15:05 - 2009-07-14 11:45 - 00021680 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-08-03 15:05 - 2009-07-14 11:45 - 00021680 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-08-03 14:58 - 2009-07-14 12:08 - 00032602 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-08-03 14:58 - 2009-07-14 12:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-08-03 11:10 - 2014-10-04 22:58 - 00000000 ____D C:\Program Files (x86)\SMADAV
2015-08-03 10:09 - 2015-04-02 05:54 - 00000000 ____D C:\Program Files (x86)\Google
2015-08-03 10:05 - 2015-04-02 05:54 - 00000000 ____D C:\Users\103096\AppData\Local\Google
2015-08-03 09:57 - 2015-03-20 17:59 - 00000000 ____D C:\Users\103096\Desktop\PIC
2015-08-03 09:57 - 2015-02-11 00:33 - 00000000 ____D C:\Users\103096\Desktop\I Must Read this
2015-08-02 17:14 - 2014-09-18 15:31 - 00001180 _____ C:\Users\103096\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-08-02 17:14 - 2014-09-18 15:31 - 00000997 _____ C:\Users\103096\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2015-08-02 12:19 - 2014-09-24 19:57 - 00000000 ____D C:\Program Files (x86)\IDM
2015-08-01 22:35 - 2014-09-18 16:03 - 00000000 ____D C:\Users\103096\AppData\Roaming\DMCache
2015-08-01 22:24 - 2014-09-18 16:03 - 00000000 ____D C:\Users\103096\Downloads\Compressed
2015-07-29 23:02 - 2014-09-19 15:25 - 00000000 ____D C:\Users\103096\AppData\Local\Microsoft Help
2015-07-26 12:06 - 2014-09-18 16:03 - 00000000 ____D C:\Users\103096\Downloads\Video
2015-07-18 21:42 - 2015-01-29 12:22 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-07-18 21:42 - 2014-09-18 16:20 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-07-18 21:42 - 2014-09-18 16:20 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

==================== Files in the root of some directories =======

2014-12-11 09:32 - 2015-01-12 12:33 - 0007617 _____ () C:\Users\103096\AppData\Local\Resmon.ResmonCfg

Some files in TEMP:
====================
C:\Users\103096\AppData\Local\Temp\Quarantine.exe
C:\Users\103096\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-07-23 01:08

==================== End of log ============================
 
 
Addition.txt
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:02-08-2015
Ran by 103096 (2015-08-04 00:55:17)
Running from C:\Users\103096\Desktop
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

103096 (S-1-5-21-1591615944-4240288302-870138075-1000 - Administrator - Enabled) => C:\Users\103096
Administrator (S-1-5-21-1591615944-4240288302-870138075-500 - Administrator - Disabled)
Guest (S-1-5-21-1591615944-4240288302-870138075-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.209 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{BC3B8C54-7E10-0A4D-F6CA-52616DB1E96F}) (Version: 3.0.859.0 - Advanced Micro Devices, Inc.)
Autodesk Pixlr (HKLM-x32\...\Autodesk Pixlr) (Version: 1.0.2.0 - Autodesk)
Autodesk Pixlr (x32 Version: 1.0.2.0 - Autodesk) Hidden
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.3.2225 - AVAST Software)
B1 Free Archiver (HKLM-x32\...\B1FreeArchiver) (Version: 1.5.86.4889 - Catalina Group Ltd)
Dolby Home Theater v4 (HKLM-x32\...\{B26438B4-BF51-49C3-9567-7F14A5E40CB9}) (Version: 7.2.7000.6 - Dolby Laboratories Inc)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 7.0.6.1126 - Foxit Software Inc.)
HandBrake 0.10.0 (HKLM-x32\...\HandBrake) (Version: 0.10.0 - )
Icecream Ebook Reader version 1.41 (HKLM-x32\...\{B8C30F0F-1F23-49E1-A3ED-44DE17660EE2}_is1) (Version: 1.41 - Icecream Apps)
Intel® Chipset Device Software (x32 Version: 10.0.13 - Intel® Corporation) Hidden
Intel® Display Audio Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 6.14.00.3090 - Intel Corporation)
Intel® PROSet/Wireless for Bluetooth® + High Speed (HKLM\...\{2C0E6BD4-65B1-4E82-B2AC-43EFFC8F100C}) (Version: 15.0.0.0083 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.3.214 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{DF7756DD-656A-45C3-BA71-74673E8259A9}) (Version: 15.00.0000.0708 - Intel Corporation)
Java 8 Update 31 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418031F0}) (Version: 8.0.310 - Oracle Corporation)
KMPlayer (remove only) (HKLM-x32\...\The KMPlayer) (Version: 3.9.1.130 - PandoraTV)
KUx86 (x32 Version: 1.0.0 - Sony Corporation ) Hidden
LINE (HKLM-x32\...\LINE) (Version: 4.0.2.366 - LINE Corporation)
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Text-to-Speech Engine 4.0 (English) (HKLM-x32\...\MSTTS) (Version:  - )
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Mozilla Firefox 38.0.5 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 38.0.5 (x86 en-US)) (Version: 38.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 37.0.2 - Mozilla)
Oracle VM VirtualBox 4.3.12_ZZZZ (HKLM\...\{B5121457-0126-4E62-BCBF-6DC7C73D9E4A}) (Version: 4.3.12 - Oracle Corporation)
Oxford Advanced Learner's Dictionary - 8th Edition (HKLM-x32\...\NSIS_oald8) (Version:  - )
PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden
Qualcomm Atheros WiFi Driver Installation (HKLM-x32\...\{E727B31A-8B24-4C1C-934A-69634E0D2C0B}) (Version: 9.2 - Qualcomm Atheros)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6573 - Realtek Semiconductor Corp.)
Smartfren Connex AC682 UI (HKLM\...\ZTEWireless-101_is1) (Version:  - )
SpyHunter 4 (HKLM-x32\...\SpyHunter) (Version: 4.19.13.4482 - Enigma Software Group, LLC)
SSLx64 (Version: 1.0.0 - Sony Corporation ) Hidden
SSLx86 (x32 Version: 1.0.0 - Sony Corporation ) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.44.1 - Synaptics Incorporated)
Typer Shark (HKLM-x32\...\Typer Shark) (Version:  - )
VAIO Control Center (HKLM-x32\...\{8E797841-A110-41FD-B17A-3ABC0641187A}) (Version: 5.2.0.14230 - Sony Corporation)
VAIO Smart Network (HKLM-x32\...\{0899D75A-C2FC-42EA-A702-5B9A5F24EAD5}) (Version: 3.11.0.13150 - Sony Corporation)
VCCx64 (Version: 1.0.0 - Sony Corporation) Hidden
VCCx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
VPMx64 (Version: 1.0.0 - Sony Corporation ) Hidden
VSNx64 (Version: 1.0.0 - Sony Corporation) Hidden
VSNx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
Windows Driver Package - Ricoh Company MS Host Controller (11/11/2011 6.13.10.27) (HKLM\...\6D47B80B2C30F419177A60AC2FDBFA8F62F6A3F0) (Version: 11/11/2011 6.13.10.27 - Ricoh Company)
Windows Driver Package - Sony Corporation (SFEP) HIDClass  (11/15/2011 8.0.2.3) (HKLM\...\D3980EE1930054D2BAB3D957A731D6C24AF9F739) (Version: 11/15/2011 8.0.2.3 - Sony Corporation)
WordWeb (HKLM-x32\...\WordWeb) (Version: 6 - WordWeb Software)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1591615944-4240288302-870138075-1000_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1591615944-4240288302-870138075-1000_Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1591615944-4240288302-870138075-1000_Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1591615944-4240288302-870138075-1000_Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1591615944-4240288302-870138075-1000_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1591615944-4240288302-870138075-1000_Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)

==================== Restore Points =========================

ATTENTION: System Restore is disabled

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 09:34 - 2009-06-11 04:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {445B3B36-A844-456B-A3E3-F584BF829D9F} - System32\Tasks\Sony Corporation\VAIO Smart Network\VSN Logon Start => net
Task: {618C9751-7F97-46A2-AF6F-D0D29E8ABADC} - System32\Tasks\JetBoost_AutoUpdate => C:\Program Files (x86)\BlueSprig\JetBoost\AutoUpdate.exe
Task: {6CF928A3-4007-4E3D-92DA-D50662E0719E} - System32\Tasks\Sony Corporation\VAIO Power Management\VPM Logon Start => C:\Program Files\Sony\VAIO Power Management\SPMgr.exe [2012-01-10] (Sony Corporation)
Task: {80197A6A-1E7C-4A80-ADEF-4F37C8BA5BE3} - System32\Tasks\Sony Corporation\VAIO Power Management\VPM Unlock => C:\Program Files\Sony\VAIO Power Management\SPMgr.exe [2012-01-10] (Sony Corporation)
Task: {9156DC63-84B7-4F34-8811-331488A40FAA} - System32\Tasks\Sony Corporation\VAIO Control Center\Level4Month => C:\Program Files (x86)\Sony\VAIO Control Center\WBCBatteryCare.exe [2012-02-23] (Sony Corporation)
Task: {BFEC04E0-E892-4DBB-980F-C8E764C054D7} - System32\Tasks\Sony Corporation\VAIO Power Management\VPM Session Change => C:\Program Files\Sony\VAIO Power Management\SPMgr.exe [2012-01-10] (Sony Corporation)
Task: {DA12BCB6-2312-4022-B534-B2E6D808846B} - System32\Tasks\Sony Corporation\VAIO Control Center\Level4Daily => C:\Program Files (x86)\Sony\VAIO Control Center\WBCBatteryCare.exe [2012-02-23] (Sony Corporation)
Task: {E3D69CA2-CD8D-425D-8972-908DDA85E9AC} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-08-03] (AVAST Software)
Task: {EEFBE223-9B29-4B19-B77E-D7750CFE263B} - System32\Tasks\{1A601F3F-5C65-49A3-8F95-57E0F7A9D8E9} => Iexplore.exe http://www.skype.com...8;LastError=404
Task: {EFC75CAE-5C7C-4EE1-B66B-158B14EBBCD6} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-18] (Adobe Systems Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (Whitelisted) ==============

2010-01-30 02:40 - 2010-01-30 02:40 - 04254560 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2015-01-07 10:31 - 2011-05-09 14:07 - 00406016 _____ () C:\Program Files\Smartfren Connex AC682 UI\bin\MonServiceUDisk.exe
2014-09-18 15:51 - 2012-04-03 05:22 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2015-08-03 11:35 - 2015-08-03 11:35 - 00102864 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-08-03 11:35 - 2015-08-03 11:35 - 00123976 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-08-03 11:35 - 2015-08-03 11:35 - 02959872 _____ () C:\Program Files\AVAST Software\Avast\defs\15080201\algo.dll
2015-08-04 00:06 - 2015-08-04 00:06 - 02959872 _____ () C:\Program Files\AVAST Software\Avast\defs\15080301\algo.dll
2014-09-18 20:12 - 2012-02-23 17:35 - 00021128 _____ () C:\Program Files (x86)\Sony\VAIO Control Center\VESBasePS.dll
2015-01-07 00:04 - 2009-08-19 20:59 - 00022736 ____N () C:\Program Files (x86)\WordWeb\WUCNT.dll
2015-08-03 11:35 - 2015-08-03 11:35 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1591615944-4240288302-870138075-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\103096\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.43.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe

==================== Faulty Device Manager Devices =============

Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Ethernet Controller
Description: Ethernet Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: PCI Simple Communications Controller
Description: PCI Simple Communications Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (08/03/2015 03:50:58 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: KMPlayer.exe, version: 3.9.1.130, time stamp: 0x5451e711
Faulting module name: KMPlayer.exe, version: 3.9.1.130, time stamp: 0x5451e711
Exception code: 0xc0000005
Fault offset: 0x00004f56
Faulting process id: 0x27c
Faulting application start time: 0xKMPlayer.exe0
Faulting application path: KMPlayer.exe1
Faulting module path: KMPlayer.exe2
Report Id: KMPlayer.exe3

Error: (08/03/2015 02:58:10 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/03/2015 11:56:20 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/03/2015 09:49:52 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/02/2015 05:15:08 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/02/2015 05:09:37 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/02/2015 11:36:11 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/02/2015 12:43:48 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/01/2015 11:40:37 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/01/2015 11:23:29 PM) (Source: MsiInstaller) (EventID: 11321) (User: 103096-PC)
Description: SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2015 -- Error 1321. SA_Error1321: StandardAction(0xC0070529): The Installer has insufficient privileges to modify this file: C:\Program Files (x86)\AVG\AVG2015\avgcrema.exe.


System errors:
=============
Error: (08/03/2015 11:55:35 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\Windows\System32\IWMSSvc.dll

Error: (08/03/2015 11:55:35 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\Windows\System32\IWMSSvc.dll

Error: (08/03/2015 11:55:35 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\Windows\System32\IWMSSvc.dll

Error: (08/03/2015 11:55:32 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\Windows\System32\IWMSSvc.dll

Error: (08/03/2015 11:43:32 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.

Error: (08/03/2015 11:43:31 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.

Error: (08/03/2015 11:43:31 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.

Error: (08/03/2015 11:43:30 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.

Error: (08/03/2015 11:43:30 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.

Error: (08/03/2015 11:02:06 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The VAIO Power Management service terminated unexpectedly.  It has done this 1 time(s).


Microsoft Office:
=========================
Error: (08/03/2015 03:50:58 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: KMPlayer.exe3.9.1.1305451e711KMPlayer.exe3.9.1.1305451e711c000000500004f5627c01d0cdc5f619b756C:\KMPlayer\KMPlayer.exeC:\KMPlayer\KMPlayer.exec2187224-39bc-11e5-a3f0-685d43285bdf

Error: (08/03/2015 02:58:10 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/03/2015 11:56:20 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/03/2015 09:49:52 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/02/2015 05:15:08 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/02/2015 05:09:37 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/02/2015 11:36:11 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/02/2015 12:43:48 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/01/2015 11:40:37 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/01/2015 11:23:29 PM) (Source: MsiInstaller) (EventID: 11321) (User: 103096-PC)
Description: SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2015 -- Error 1321. SA_Error1321: StandardAction(0xC0070529): The Installer has insufficient privileges to modify this file: C:\Program Files (x86)\AVG\AVG2015\avgcrema.exe.(NULL)(NULL)(NULL)(NULL)(NULL)


==================== Memory info ===========================

Processor: Intel® Core™ i5-2450M CPU @ 2.50GHz
Percentage of memory in use: 48%
Total physical RAM: 3990.72 MB
Available physical RAM: 2038.67 MB
Total Virtual: 7979.64 MB
Available Virtual: 5926.78 MB

==================== Drives ================================

Drive c: (SYSTEM) (Fixed) (Total:97.66 GB) (Free:36.71 GB) NTFS
Drive d: (DATA) (Fixed) (Total:481.99 GB) (Free:173.37 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 596.2 GB) (Disk ID: 1406A225)

Partition: GPT Partition Type.

==================== End of log ============================
 
Best regard,
Hana23

[Pyxis]

Before anything else, kindly enable System Restore by following 'this guide' (Step 1-7). You will only need it for the C: drive.

• Step 1
  
  Download 'Fix It by Microsoft' and save it to your desktop.
  • Simply double-click the program icon to run it. It will ask for administrator privileges.
  • Click Accept > Browse and choose your desktop. Press Save after.
  • Once it has finish downloading, click Finish.
  • Go to the folder named Fix it portable and double-click Launch Fix it.exe.
  • From the selection choose Install or upgrade software or hardware.
  • At the very bottom, click the Run Now button beside Fix problems that programs cannot be installed or uninstalled.
  • Select Detect problems and let me select the fixes to apply > Uninstalling > SpyHunter > Next.
  • Follow the rest of the on-screen instructions.
  • At the very end, a log will be made available to you.
  • Post the log and check whether or not the entry is still present.

• Step 2
  
  Copy and paste the following into Notepad and save as fixlist.txt to your desktop:
  

  SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
  SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
  SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

  • Run your copy of FRST. It is important to ensure it is located in your desktop.
  • Press the Fix button.
  • It will produce a log (fixlog.txt) once done.
  • Copy (CTRL + A and CTRL + C) and paste (CTRL + V) the content of the log in your next reply.

• Step 3
  
  Download 'SecurityCheck by screen317' and save it to your desktop.
  • Simply double-click the program icon to run it. It will ask for administrator privileges.
  • A black window will appear. Press any key to continue.
  • Wait for it to finish. It won't take long.
  • A log will automatically pop-up after once done.
  • Copy (CTRL + A and CTRL + C) and paste (CTRL + V) the content of the log in your next reply.
  Note: If you get an error about an unsupported operating system, please reboot your computer and try again.

• Logs to Post
  
  In summary of the above, I will need you to post the following log(s):
  • fixlog.txt (Farbar Recovery Scan Tool)
  • checkup.txt (SecurityCheck)

[Hana23]

Hi Pyxis...
Thank you for you reply
 
Step 1
Actually, I have tried Fix It by Microsoft and the result was the same; I could not find SpyHunter

 
Step 2
 
Fix result of Farbar Recovery Scan Tool (x64) Version:02-08-2015 01
Ran by 103096 (2015-08-05 00:11:58) Run:2
Running from C:\Users\103096\Desktop
Loaded Profiles: 103096 (Available Profiles: 103096)
Boot Mode: Normal
==============================================

fixlist content:
*****************
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
*****************

HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully

==== End of Fixlog 00:11:58 ====
 
Step 3
 
 Results of screen317's Security Check version 1.006  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
avast! Antivirus   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:`````````
 SpyHunter 4    
 Java version 32-bit out of Date!
 Adobe Flash Player 18.0.0.209  
 Mozilla Firefox 38.0.5 Firefox out of Date!  
````````Process Check: objlist.exe by Laurent````````  
 AVAST Software Avast AvastSvc.exe  
 AVAST Software Avast AvastUI.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````
 
 
Best regard,
Hana23

[Pyxis]

• Step 1
  
  You currently have the following outdated program(s) installed. I highly recommend that you perform an update. You will find the download link(s) for the new version(s) below.
  • Java Runtime Environment -- Update
  • Mozilla Firefox -- Update
  Uninstall the previous version(s) before installing the updated one(s). If you run into any errors, let me know.

• Step 2
  
  Copy and paste the following into FRST's Search box:
  

  SpyHunter

  • Press the Search Registry button.
  • It will produce a log (Search.txt) once done.
  • Copy (CTRL + A and CTRL + C) and paste (CTRL + V) the content of the log in your next reply.

• Logs to Post
  
  In summary of the above, I will need you to post the following log(s):
  • Search.txt (Farbar Recovery Scan Tool)

[Hana23]

Hello Pyxis...
Thank you for replying
 
Step 1
Yes, I have updated those programs
 
Step 2
Farbar Recovery Scan Tool (x64) Version:06-08-2015
Ran by 103096 (2015-08-07 00:24:34)
Running from C:\Users\103096\Desktop
Boot Mode: Normal

================== Search Registry: "SpyHunter" ===========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RADAR\HeapLeakDetection\DiagnosedApplications\SpyHunter4.exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SpyHunter]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SpyHunter]
"InstallLocation"="C:\Program Files\Enigma Software Group\SpyHunter\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SpyHunter]
"DisplayIcon"="C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SpyHunter]
"DisplayName"="SpyHunter 4"
[HKEY_USERS\S-1-5-21-1591615944-4240288302-870138075-1000\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted]
"C:\Users\103096\Downloads\Programs\SpyHunter-Installer.exe"="1"

====== End of Search ======
 
Thank you,
Irene

[Pyxis]

I'm confident this will remove SpyHunter once and for all. How is your computer running?

• Step 1
  
  Copy and paste the following into Notepad and save as fixlist.txt to your desktop:
  

  C:\Program Files\Enigma Software Group
  
  C:\Users\103096\Downloads\Programs\SpyHunter-Installer.exe
  
  C:\Users\103096\AppData\Roaming\Enigma Software Group
  
  [-HKEY_LOCAL_MACHINE\SOFTWARE\EnigmaSoftwareGroup]
  
  [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SpyHunter4Startup]
  
  [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SpyHunter 4 Service]
  
  [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RADAR\HeapLeakDetection\DiagnosedApplications\SpyHunter4.exe]
  
  [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SpyHunter]
  
  Reg: reg delete "HKEY_USERS\S-1-5-21-1591615944-4240288302-870138075-1000\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted" /v "C:\Users\103096\Downloads\Programs\SpyHunter-Installer.exe"

  • Run your copy of FRST. It is important to ensure it is located in your desktop.
  • Press the Fix button.
  • It will produce a log (fixlog.txt) once done.
  • Copy (CTRL + A and CTRL + C) and paste (CTRL + V) the content of the log in your next reply.

• Step 2
  
  Run your copy of FRST by double-clicking it.
  • Put a check on Addition.
  • Press the Scan button after.
  • It will produce FRST.txt and Addition.txt on your desktop once done.
  • Copy (CTRL + A and CTRL + C) and paste (CTRL + V) the content of the logs in your next reply.

• Logs to Post
  
  In summary of the above, I will need you to post the following log(s):
  • Addition.txt (Farbar Recovery Scan Tool)
  • FRST.txt (Farbar Recovery Scan Tool)
  • fixlog.txt (Farbar Recovery Scan Tool)

[Hana23]

Hello Pyxis...
Thank you for your reply
 
Step 1
 
Fix result of Farbar Recovery Scan Tool (x64) Version:08-08-2015 01
Ran by 103096 (2015-08-09 22:44:31) Run:3
Running from C:\Users\103096\Desktop
Loaded Profiles: 103096 (Available Profiles: 103096)
Boot Mode: Normal
==============================================

fixlist content:
*****************
C:\Program Files\Enigma Software Group

C:\Users\103096\Downloads\Programs\SpyHunter-Installer.exe

C:\Users\103096\AppData\Roaming\Enigma Software Group

[-HKEY_LOCAL_MACHINE\SOFTWARE\EnigmaSoftwareGroup]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SpyHunter4Startup]

[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SpyHunter 4 Service]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RADAR\HeapLeakDetection\DiagnosedApplications\SpyHunter4.exe]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SpyHunter]

Reg: reg delete "HKEY_USERS\S-1-5-21-1591615944-4240288302-870138075-1000\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted" /v "C:\Users\103096\Downloads\Programs\SpyHunter-Installer.exe"
*****************

C:\Program Files\Enigma Software Group => moved successfully.
C:\Users\103096\Downloads\Programs\SpyHunter-Installer.exe => moved successfully.
C:\Users\103096\AppData\Roaming\Enigma Software Group => moved successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\EnigmaSoftwareGroup => key not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SpyHunter4Startup => key not found.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SpyHunter 4 Service => key not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RADAR\HeapLeakDetection\DiagnosedApplications\SpyHunter4.exe => key removed successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SpyHunter => key removed successfully

========= reg delete "HKEY_USERS\S-1-5-21-1591615944-4240288302-870138075-1000\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted" /v "C:\Users\103096\Downloads\Programs\SpyHunter-Installer.exe" =========

Delete the registry value C:\Users\103096\Downloads\Programs\SpyHunter-Installer.exe (Yes/No)? The operation completed successfully.



========= End of Reg: =========


==== End of Fixlog 22:46:07 ====
 
Step 2
 
FRST
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:08-08-2015 01
Ran by 103096 (administrator) on 103096-PC (09-08-2015 22:49:10)
Running from C:\Users\103096\Desktop
Loaded Profiles: 103096 (Available Profiles: 103096)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
() C:\Program Files\Smartfren Connex AC682 UI\bin\MonServiceUDisk.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgr.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(WordWeb Software) C:\Program Files (x86)\WordWeb\wweb32.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMService.exe
(MyCity) C:\Program Files (x86)\MCShield\MCShieldRTM.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IDMan.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1158248 2012-04-02] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1158248 2012-04-02] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2870032 2012-04-04] (Synaptics Incorporated)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [112512 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [343168 2012-02-03] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Dolby Home Theater v4] => C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe [500736 2011-05-02] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-04-02] (Intel Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [6109776 2015-08-03] (AVAST Software)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1591615944-4240288302-870138075-1000\...\Run: [WordWeb] => C:\Program Files (x86)\WordWeb\wweb32.exe [65216 2009-11-08] (WordWeb Software)
HKU\S-1-5-21-1591615944-4240288302-870138075-1000\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-21-1591615944-4240288302-870138075-1000\...\Run: [MCShield Monitor] => C:\Program Files (x86)\MCShield\MCShieldRTM.exe [650816 2014-04-12] (MyCity)
HKU\S-1-5-21-1591615944-4240288302-870138075-1000\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [3907152 2015-08-03] (Tonec Inc.)
ShellIconOverlayIdentifiers: [! IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2015-07-24] (Tonec Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-08-03] (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2015-07-08] (Internet Download Manager, Tonec Inc.)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2015-01-29] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-08-03] (AVAST Software)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-29] (Oracle Corporation)
BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2015-07-08] (Internet Download Manager, Tonec Inc.)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-08-03] (AVAST Software)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{852DF80E-ECC5-4D31-B811-7B6970198DF9}: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\103096\AppData\Roaming\Mozilla\Firefox\Profiles\2c98fm30.default-1430297367737
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_209.dll [2015-07-18] ()
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-29] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-29] (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-07-18] ()
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Extension: Adblock Plus - C:\Users\103096\AppData\Roaming\Mozilla\Firefox\Profiles\2c98fm30.default-1430297367737\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-04-29]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-08-03]
FF HKU\S-1-5-21-1591615944-4240288302-870138075-1000\...\Firefox\Extensions: [[email protected]] - C:\Users\103096\AppData\Roaming\IDM\idmmzcc7
FF Extension: IDM integration - C:\Users\103096\AppData\Roaming\IDM\idmmzcc7 [2015-08-09]

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2015-08-03]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-08-03]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-08-03]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [146600 2015-08-03] (AVAST Software)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273168 2011-12-08] ()
R2 UDisk Monitor; C:\Program Files\Smartfren Connex AC682 UI\bin\MonServiceUDisk.exe [406016 2011-05-09] () [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [594704 2011-12-08] (Intel® Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 amdkmpfd; C:\Windows\System32\DRIVERS\amdkmpfd.sys [31872 2012-04-03] (Advanced Micro Devices, Inc.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-08-03] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [90968 2015-08-03] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-08-03] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-08-03] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1048856 2015-08-03] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [447944 2015-08-03] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [150672 2015-08-03] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [274808 2015-08-03] (AVAST Software)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation)
S3 PCTINDIS5X64; C:\Windows\system32\PCTINDIS5X64.SYS [42784 2007-09-18] (PCTEL Inc.)
R2 rimssne; C:\Windows\System32\DRIVERS\rimssne64.sys [102912 2012-04-03] (REDC)
S3 UsbModemDriver; C:\Windows\System32\DRIVERS\USB_MODEM_T.sys [28160 2011-04-08] ()
S3 USB_BusEnum_T; C:\Windows\System32\DRIVERS\USB_BusEnum_T.sys [44544 2009-11-05] ()
S3 USB_ETS_T; C:\Windows\System32\DRIVERS\USB_ETS_T.sys [21760 2008-05-30] (Via Telecom, Inc.)
S3 USB_WinMux_T; C:\Windows\System32\DRIVERS\USB_WinMux_T.sys [37376 2009-10-27] ()
U3 Winsock; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-09 22:07 - 2015-08-09 22:07 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-08-09 20:46 - 2015-08-09 20:46 - 00001157 _____ C:\Users\Public\Desktop\B1 Free Archiver.lnk
2015-08-09 20:46 - 2015-08-09 20:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\B1 Free Archiver
2015-08-09 20:46 - 2015-08-09 20:46 - 00000000 ____D C:\Program Files (x86)\B1 Free Archiver
2015-08-09 13:53 - 2015-08-09 15:48 - 00000000 ____D C:\Users\103096\AppData\Roaming\IDM
2015-08-09 13:53 - 2015-08-09 13:53 - 00001015 _____ C:\Users\103096\Desktop\Internet Download Manager.lnk
2015-08-09 13:53 - 2015-08-09 13:53 - 00000000 ____D C:\Users\103096\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
2015-08-09 13:53 - 2015-08-09 13:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
2015-08-09 13:53 - 2015-08-09 13:53 - 00000000 ____D C:\Program Files (x86)\Internet Download Manager
2015-08-08 20:01 - 2015-08-08 20:01 - 00001082 _____ C:\Users\Public\Desktop\MCShield Real-Time Monitor.lnk
2015-08-08 20:01 - 2015-08-08 20:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MCShield
2015-08-08 20:01 - 2015-08-08 20:01 - 00000000 ____D C:\Program Files (x86)\MCShield
2015-08-07 00:24 - 2015-08-07 00:25 - 00562784 _____ (Oracle Corporation) C:\Users\103096\Downloads\jxpiinstall.exe
2015-08-07 00:24 - 2015-08-07 00:24 - 00001130 _____ C:\Users\103096\Desktop\Search.txt
2015-08-07 00:20 - 2015-08-09 22:43 - 02169856 _____ (Farbar) C:\Users\103096\Desktop\FRST64.exe
2015-08-07 00:18 - 2015-08-09 22:43 - 00000000 ____D C:\Users\103096\Desktop\FRST-OlderVersion
2015-08-05 01:08 - 2015-08-05 01:10 - 11782200 _____ C:\Users\103096\Downloads\Wonder Girls - REBOOT (VOL. 3) [www.k2nblog.com].7z.part
2015-08-05 00:54 - 2015-08-05 00:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2015-08-05 00:54 - 2015-08-05 00:54 - 00000000 ____D C:\Program Files (x86)\7-Zip
2015-08-05 00:08 - 2015-08-05 00:08 - 00852684 _____ C:\Users\103096\Desktop\SecurityCheck.exe
2015-08-04 23:56 - 2015-08-04 23:56 - 00000000 ____D C:\Users\103096\Desktop\Fix it portable
2015-08-04 23:50 - 2015-08-04 23:50 - 00347440 _____ (Microsoft Corporation) C:\Users\103096\Desktop\MicrosoftFixit-portable.exe
2015-08-04 02:00 - 2015-08-04 02:00 - 00000000 ____D C:\MATS
2015-08-04 00:51 - 2015-08-04 00:51 - 00001054 _____ C:\Users\103096\Desktop\TXT 2.txt
2015-08-04 00:50 - 2015-08-04 00:50 - 00001052 _____ C:\Users\103096\Desktop\TXT.txt
2015-08-04 00:14 - 2015-08-04 01:03 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-08-04 00:14 - 2015-08-04 00:14 - 00001108 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-08-04 00:14 - 2015-08-04 00:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-08-04 00:14 - 2015-08-04 00:14 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-08-04 00:14 - 2015-08-04 00:14 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-08-04 00:14 - 2015-06-18 08:41 - 00109272 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-08-04 00:14 - 2015-06-18 08:41 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-08-04 00:14 - 2015-06-18 08:41 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-08-04 00:10 - 2015-08-04 00:12 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\103096\Desktop\mbam-setup-2.1.8.1057.exe
2015-08-03 19:07 - 2015-06-12 09:00 - 00197616 _____ (Tonec Inc.) C:\Windows\system32\Drivers\idmwfp.sys
2015-08-03 11:42 - 2015-08-08 20:02 - 00000000 ____D C:\ProgramData\MCShield
2015-08-03 11:36 - 2015-08-03 11:36 - 00003924 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2015-08-03 11:36 - 2015-08-03 11:36 - 00001928 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2015-08-03 11:36 - 2015-08-03 11:36 - 00000000 ____D C:\Users\103096\AppData\Roaming\AVAST Software
2015-08-03 11:36 - 2015-08-03 11:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-08-03 11:35 - 2015-08-03 11:35 - 01048856 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2015-08-03 11:35 - 2015-08-03 11:35 - 00447944 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2015-08-03 11:35 - 2015-08-03 11:35 - 00378880 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2015-08-03 11:35 - 2015-08-03 11:35 - 00274808 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2015-08-03 11:35 - 2015-08-03 11:35 - 00150672 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2015-08-03 11:35 - 2015-08-03 11:35 - 00093528 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2015-08-03 11:35 - 2015-08-03 11:35 - 00090968 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2015-08-03 11:35 - 2015-08-03 11:35 - 00065224 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2015-08-03 11:35 - 2015-08-03 11:35 - 00043112 _____ (AVAST Software) C:\Windows\avastSS.scr
2015-08-03 11:35 - 2015-08-03 11:35 - 00028656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2015-08-03 11:30 - 2015-08-03 11:30 - 00004004 _____ C:\Users\103096\Desktop\Lala.txt
2015-08-03 11:30 - 2015-08-03 11:30 - 00000000 ____D C:\Program Files\AVAST Software
2015-08-03 11:19 - 2015-08-03 11:20 - 00438537 _____ C:\Users\103096\Downloads\avgremover.log
2015-08-03 11:04 - 2015-08-03 11:04 - 00001053 _____ C:\Users\103096\Desktop\JRT.txt
2015-08-03 11:00 - 2015-08-03 11:01 - 01798176 _____ (Malwarebytes Corporation) C:\Users\103096\Desktop\JRT.exe
2015-08-03 10:01 - 2015-08-03 10:02 - 00000410 _____ C:\Users\103096\Desktop\bookmarks_8_3_15.html
2015-08-03 09:53 - 2015-08-03 09:53 - 00931408 _____ (Google Inc.) C:\Users\103096\Desktop\ChromeSetup.exe
2015-08-02 17:12 - 2015-08-02 17:14 - 00000000 ____D C:\AdwCleaner
2015-08-02 17:12 - 2015-08-02 17:12 - 02248704 _____ C:\Users\103096\Desktop\AdwCleaner.exe
2015-08-02 17:02 - 2015-08-04 00:55 - 00023160 _____ C:\Users\103096\Desktop\Addition.txt
2015-08-02 11:55 - 2015-08-09 22:49 - 00013266 _____ C:\Users\103096\Desktop\FRST.txt
2015-08-02 11:51 - 2015-08-09 22:49 - 00000000 ____D C:\FRST
2015-08-01 23:32 - 2015-08-03 11:26 - 00000000 ____D C:\ProgramData\AVAST Software
2015-08-01 23:32 - 2015-08-01 23:32 - 05685584 _____ (AVAST Software) C:\Users\Public\Desktop\avast_free_antivirus_setup_online.exe
2015-08-01 22:35 - 2015-08-06 15:17 - 00373700 _____ C:\Windows\PFRO.log
2015-07-26 12:04 - 2015-07-26 12:04 - 00000000 _____ C:\Windows\setuperr.log

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-09 22:41 - 2015-01-29 12:22 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-08-09 22:36 - 2014-09-18 16:03 - 00000000 ____D C:\Users\103096\AppData\Roaming\DMCache
2015-08-09 22:07 - 2015-04-29 15:43 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-08-09 22:07 - 2014-09-18 15:31 - 01844784 _____ C:\Windows\WindowsUpdate.log
2015-08-09 22:03 - 2014-10-03 08:57 - 00000000 ____D C:\KMPlayer
2015-08-09 21:52 - 2014-09-18 16:03 - 00000000 ____D C:\Users\103096\Downloads\Video
2015-08-09 20:42 - 2014-09-18 16:03 - 00000000 ____D C:\Users\103096\Downloads\Compressed
2015-08-08 20:03 - 2009-07-14 12:13 - 00726316 _____ C:\Windows\system32\PerfStringBackup.INI
2015-08-08 20:00 - 2015-07-09 13:37 - 00002866 _____ C:\Windows\setupact.log
2015-08-08 14:10 - 2015-03-20 17:59 - 00000000 ____D C:\Users\103096\Desktop\PIC
2015-08-07 13:21 - 2009-07-14 11:45 - 00021680 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-08-07 13:21 - 2009-07-14 11:45 - 00021680 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-08-07 13:14 - 2009-07-14 12:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-08-04 23:43 - 2009-07-14 10:20 - 00000000 ____D C:\Windows\system32\NDF
2015-08-03 14:58 - 2009-07-14 12:08 - 00032602 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-08-03 11:10 - 2014-10-04 22:58 - 00000000 ____D C:\Program Files (x86)\SMADAV
2015-08-03 10:09 - 2015-04-02 05:54 - 00000000 ____D C:\Program Files (x86)\Google
2015-08-03 10:05 - 2015-04-02 05:54 - 00000000 ____D C:\Users\103096\AppData\Local\Google
2015-08-03 09:57 - 2015-02-11 00:33 - 00000000 ____D C:\Users\103096\Desktop\I Must Read this
2015-08-02 17:14 - 2014-09-18 15:31 - 00001180 _____ C:\Users\103096\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-08-02 17:14 - 2014-09-18 15:31 - 00000997 _____ C:\Users\103096\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2015-08-02 12:19 - 2014-09-24 19:57 - 00000000 ____D C:\Program Files (x86)\IDM
2015-07-29 23:02 - 2014-09-19 15:25 - 00000000 ____D C:\Users\103096\AppData\Local\Microsoft Help
2015-07-18 21:42 - 2015-01-29 12:22 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-07-18 21:42 - 2014-09-18 16:20 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-07-18 21:42 - 2014-09-18 16:20 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

==================== Files in the root of some directories =======

2014-12-11 09:32 - 2015-01-12 12:33 - 0007617 _____ () C:\Users\103096\AppData\Local\Resmon.ResmonCfg

Some files in TEMP:
====================
C:\Users\103096\AppData\Local\Temp\drm_dyndata_7400009.dll
C:\Users\103096\AppData\Local\Temp\Quarantine.exe
C:\Users\103096\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-08-04 21:16

==================== End of log ============================
 
 
 
Addition
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:08-08-2015 01
Ran by 103096 (2015-08-09 22:50:11)
Running from C:\Users\103096\Desktop
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

103096 (S-1-5-21-1591615944-4240288302-870138075-1000 - Administrator - Enabled) => C:\Users\103096
Administrator (S-1-5-21-1591615944-4240288302-870138075-500 - Administrator - Disabled)
Guest (S-1-5-21-1591615944-4240288302-870138075-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.209 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{BC3B8C54-7E10-0A4D-F6CA-52616DB1E96F}) (Version: 3.0.859.0 - Advanced Micro Devices, Inc.)
Autodesk Pixlr (HKLM-x32\...\Autodesk Pixlr) (Version: 1.0.2.0 - Autodesk)
Autodesk Pixlr (x32 Version: 1.0.2.0 - Autodesk) Hidden
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.3.2225 - AVAST Software)
B1 Free Archiver (HKLM-x32\...\B1FreeArchiver) (Version: 0.0.0.0 - Catalina Group Ltd)
Dolby Home Theater v4 (HKLM-x32\...\{B26438B4-BF51-49C3-9567-7F14A5E40CB9}) (Version: 7.2.7000.6 - Dolby Laboratories Inc)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 7.0.6.1126 - Foxit Software Inc.)
HandBrake 0.10.0 (HKLM-x32\...\HandBrake) (Version: 0.10.0 - )
Icecream Ebook Reader version 1.41 (HKLM-x32\...\{B8C30F0F-1F23-49E1-A3ED-44DE17660EE2}_is1) (Version: 1.41 - Icecream Apps)
Intel® Chipset Device Software (x32 Version: 10.0.13 - Intel® Corporation) Hidden
Intel® Display Audio Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 6.14.00.3090 - Intel Corporation)
Intel® PROSet/Wireless for Bluetooth® + High Speed (HKLM\...\{2C0E6BD4-65B1-4E82-B2AC-43EFFC8F100C}) (Version: 15.0.0.0083 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.3.214 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{DF7756DD-656A-45C3-BA71-74673E8259A9}) (Version: 15.00.0000.0708 - Intel Corporation)
Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version:  - Tonec Inc.)
Java 8 Update 31 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418031F0}) (Version: 8.0.310 - Oracle Corporation)
KMPlayer (remove only) (HKLM-x32\...\The KMPlayer) (Version: 3.9.1.130 - PandoraTV)
KUx86 (x32 Version: 1.0.0 - Sony Corporation ) Hidden
LINE (HKLM-x32\...\LINE) (Version: 4.0.2.366 - LINE Corporation)
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
MCShield ::Anti-Malware Tool:: (HKLM-x32\...\MCShield) (Version: 3.0.5.28 - MyCity)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Text-to-Speech Engine 4.0 (English) (HKLM-x32\...\MSTTS) (Version:  - )
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Mozilla Firefox 39.0.3 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 39.0.3 (x86 en-US)) (Version: 39.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 37.0.2 - Mozilla)
Oracle VM VirtualBox 4.3.12_ZZZZ (HKLM\...\{B5121457-0126-4E62-BCBF-6DC7C73D9E4A}) (Version: 4.3.12 - Oracle Corporation)
Oxford Advanced Learner's Dictionary - 8th Edition (HKLM-x32\...\NSIS_oald8) (Version:  - )
PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden
Qualcomm Atheros WiFi Driver Installation (HKLM-x32\...\{E727B31A-8B24-4C1C-934A-69634E0D2C0B}) (Version: 9.2 - Qualcomm Atheros)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6573 - Realtek Semiconductor Corp.)
Smartfren Connex AC682 UI (HKLM\...\ZTEWireless-101_is1) (Version:  - )
SSLx64 (Version: 1.0.0 - Sony Corporation ) Hidden
SSLx86 (x32 Version: 1.0.0 - Sony Corporation ) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.44.1 - Synaptics Incorporated)
Typer Shark (HKLM-x32\...\Typer Shark) (Version:  - )
VAIO Control Center (HKLM-x32\...\{8E797841-A110-41FD-B17A-3ABC0641187A}) (Version: 5.2.0.14230 - Sony Corporation)
VAIO Smart Network (HKLM-x32\...\{0899D75A-C2FC-42EA-A702-5B9A5F24EAD5}) (Version: 3.11.0.13150 - Sony Corporation)
VCCx64 (Version: 1.0.0 - Sony Corporation) Hidden
VCCx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
VPMx64 (Version: 1.0.0 - Sony Corporation ) Hidden
VSNx64 (Version: 1.0.0 - Sony Corporation) Hidden
VSNx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
Windows Driver Package - Ricoh Company MS Host Controller (11/11/2011 6.13.10.27) (HKLM\...\6D47B80B2C30F419177A60AC2FDBFA8F62F6A3F0) (Version: 11/11/2011 6.13.10.27 - Ricoh Company)
Windows Driver Package - Sony Corporation (SFEP) HIDClass  (11/15/2011 8.0.2.3) (HKLM\...\D3980EE1930054D2BAB3D957A731D6C24AF9F739) (Version: 11/15/2011 8.0.2.3 - Sony Corporation)
WordWeb (HKLM-x32\...\WordWeb) (Version: 6 - WordWeb Software)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1591615944-4240288302-870138075-1000_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1591615944-4240288302-870138075-1000_Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1591615944-4240288302-870138075-1000_Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1591615944-4240288302-870138075-1000_Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1591615944-4240288302-870138075-1000_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1591615944-4240288302-870138075-1000_Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)

==================== Restore Points =========================

05-08-2015 00:20:43 Restore Point before Motorola Driver Installation was removed using Program Install and Uninstall troubleshooter
05-08-2015 00:21:18  Motorola Driver Installation

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 09:34 - 2009-06-11 04:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {445B3B36-A844-456B-A3E3-F584BF829D9F} - System32\Tasks\Sony Corporation\VAIO Smart Network\VSN Logon Start => net
Task: {618C9751-7F97-46A2-AF6F-D0D29E8ABADC} - System32\Tasks\JetBoost_AutoUpdate => C:\Program Files (x86)\BlueSprig\JetBoost\AutoUpdate.exe
Task: {6CF928A3-4007-4E3D-92DA-D50662E0719E} - System32\Tasks\Sony Corporation\VAIO Power Management\VPM Logon Start => C:\Program Files\Sony\VAIO Power Management\SPMgr.exe [2012-01-10] (Sony Corporation)
Task: {80197A6A-1E7C-4A80-ADEF-4F37C8BA5BE3} - System32\Tasks\Sony Corporation\VAIO Power Management\VPM Unlock => C:\Program Files\Sony\VAIO Power Management\SPMgr.exe [2012-01-10] (Sony Corporation)
Task: {9156DC63-84B7-4F34-8811-331488A40FAA} - System32\Tasks\Sony Corporation\VAIO Control Center\Level4Month => C:\Program Files (x86)\Sony\VAIO Control Center\WBCBatteryCare.exe [2012-02-23] (Sony Corporation)
Task: {BFEC04E0-E892-4DBB-980F-C8E764C054D7} - System32\Tasks\Sony Corporation\VAIO Power Management\VPM Session Change => C:\Program Files\Sony\VAIO Power Management\SPMgr.exe [2012-01-10] (Sony Corporation)
Task: {DA12BCB6-2312-4022-B534-B2E6D808846B} - System32\Tasks\Sony Corporation\VAIO Control Center\Level4Daily => C:\Program Files (x86)\Sony\VAIO Control Center\WBCBatteryCare.exe [2012-02-23] (Sony Corporation)
Task: {E3D69CA2-CD8D-425D-8972-908DDA85E9AC} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-08-03] (AVAST Software)
Task: {EEFBE223-9B29-4B19-B77E-D7750CFE263B} - System32\Tasks\{1A601F3F-5C65-49A3-8F95-57E0F7A9D8E9} => Iexplore.exe http://www.skype.com...8;LastError=404
Task: {EFC75CAE-5C7C-4EE1-B66B-158B14EBBCD6} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-18] (Adobe Systems Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (Whitelisted) ==============

2010-01-30 02:40 - 2010-01-30 02:40 - 04254560 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2015-01-07 10:31 - 2011-05-09 14:07 - 00406016 _____ () C:\Program Files\Smartfren Connex AC682 UI\bin\MonServiceUDisk.exe
2014-09-18 15:51 - 2012-04-03 05:22 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2015-08-03 11:35 - 2015-08-03 11:35 - 00102864 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-08-03 11:35 - 2015-08-03 11:35 - 00123976 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-08-07 00:28 - 2015-08-07 00:28 - 02960384 _____ () C:\Program Files\AVAST Software\Avast\defs\15080602\algo.dll
2015-08-09 13:53 - 2015-08-09 13:53 - 02960384 _____ () C:\Program Files\AVAST Software\Avast\defs\15080801\algo.dll
2015-08-09 17:54 - 2015-08-09 17:54 - 02960384 _____ () C:\Program Files\AVAST Software\Avast\defs\15080900\algo.dll
2014-09-18 20:12 - 2012-02-23 17:35 - 00021128 _____ () C:\Program Files (x86)\Sony\VAIO Control Center\VESBasePS.dll
2015-01-07 00:04 - 2009-08-19 20:59 - 00022736 ____N () C:\Program Files (x86)\WordWeb\WUCNT.dll
2015-08-03 11:35 - 2015-08-03 11:35 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2015-07-18 21:42 - 2015-07-18 21:42 - 17448624 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1591615944-4240288302-870138075-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\103096\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{8C3C2EBA-1843-488F-B5E3-7FA08B967C6E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{13AE7437-66E2-404C-A97C-4332907EC2F0}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Faulty Device Manager Devices =============

Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Ethernet Controller
Description: Ethernet Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: PCI Simple Communications Controller
Description: PCI Simple Communications Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (08/09/2015 10:44:31 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: plugin-container.exe, version: 39.0.3.5696, time stamp: 0x55c33d81
Faulting module name: mozalloc.dll, version: 39.0.3.5696, time stamp: 0x55c32c73
Exception code: 0x80000003
Fault offset: 0x00001aa1
Faulting process id: 0x69c
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3

Error: (08/07/2015 06:21:28 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC80.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Dependent Assembly Microsoft.VC80.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (08/07/2015 01:14:11 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/07/2015 12:17:33 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program FRST64.exe version 2.8.2015.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 7bc

Start Time: 01d0d06bc0f906c5

Termination Time: 7

Application Path: C:\Users\103096\Desktop\FRST64.exe

Report Id: 054c4d9d-3c5f-11e5-aaf7-685d43285bdf

Error: (08/07/2015 12:01:22 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC80.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Dependent Assembly Microsoft.VC80.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (08/06/2015 03:17:27 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/05/2015 03:14:03 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/05/2015 12:20:31 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {98613b6e-a797-4f84-9dcb-442488172f35}

Error: (08/05/2015 12:11:00 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program FRST64.exe version 2.8.2015.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 85c

Start Time: 01d0ced85e4046e6

Termination Time: 3

Application Path: C:\Users\103096\Desktop\FRST64.exe

Report Id: c5b764d6-3acb-11e5-b3a8-685d43285bdf

Error: (08/05/2015 12:09:07 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program FRST64.exe version 2.8.2015.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1368

Start Time: 01d0ced81c1c6c0c

Termination Time: 2

Application Path: C:\Users\103096\Desktop\FRST64.exe

Report Id: 825c782d-3acb-11e5-b3a8-685d43285bdf


System errors:
=============
Error: (08/07/2015 05:05:29 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR3.

Error: (08/06/2015 06:24:50 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.

Error: (08/06/2015 04:27:25 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.

Error: (08/06/2015 04:27:25 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.

Error: (08/06/2015 04:27:24 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.

Error: (08/04/2015 02:15:12 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

Error: (08/03/2015 11:55:35 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\Windows\System32\IWMSSvc.dll

Error: (08/03/2015 11:55:35 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\Windows\System32\IWMSSvc.dll

Error: (08/03/2015 11:55:35 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\Windows\System32\IWMSSvc.dll

Error: (08/03/2015 11:55:32 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\Windows\System32\IWMSSvc.dll


Microsoft Office:
=========================
Error: (08/09/2015 10:44:31 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe39.0.3.569655c33d81mozalloc.dll39.0.3.569655c32c738000000300001aa169c01d0d2b5247ca3f7C:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dll861dcd08-3ead-11e5-b1ea-685d43285bdf

Error: (08/07/2015 06:21:28 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Program Files\ATI\CIM\Bin64\SetACL64.exe

Error: (08/07/2015 01:14:11 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/07/2015 12:17:33 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: FRST64.exe2.8.2015.17bc01d0d06bc0f906c57C:\Users\103096\Desktop\FRST64.exe054c4d9d-3c5f-11e5-aaf7-685d43285bdf

Error: (08/07/2015 12:01:22 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Program Files\ATI\CIM\Bin64\SetACL64.exe

Error: (08/06/2015 03:17:27 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/05/2015 03:14:03 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/05/2015 12:20:31 AM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005, Access is denied.


Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {98613b6e-a797-4f84-9dcb-442488172f35}

Error: (08/05/2015 12:11:00 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: FRST64.exe2.8.2015.085c01d0ced85e4046e63C:\Users\103096\Desktop\FRST64.exec5b764d6-3acb-11e5-b3a8-685d43285bdf

Error: (08/05/2015 12:09:07 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: FRST64.exe2.8.2015.0136801d0ced81c1c6c0c2C:\Users\103096\Desktop\FRST64.exe825c782d-3acb-11e5-b3a8-685d43285bdf


==================== Memory info ===========================

Processor: Intel® Core™ i5-2450M CPU @ 2.50GHz
Percentage of memory in use: 50%
Total physical RAM: 3990.72 MB
Available physical RAM: 1960.51 MB
Total Virtual: 7979.64 MB
Available Virtual: 5775.27 MB

==================== Drives ================================

Drive c: (SYSTEM) (Fixed) (Total:97.66 GB) (Free:32.15 GB) NTFS
Drive d: (DATA) (Fixed) (Total:481.99 GB) (Free:174.53 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 596.2 GB) (Disk ID: 1406A225)

Partition: GPT Partition Type.

==================== End of log ============================
 
Thank you,
Hana23

[Pyxis]

One last bugger. Please update 'Mozilla Firefox' and 'Java'. There is a '0-day in the wild' for your browser, so I suggest prioritizing this. Uninstall the Java version you have before installing the latest one. You do not have to do this for Mozilla Firefox, however, as running the installer will directly upgrade your copy.

How is your computer running? Is everything okay now?

• Step 1
  
  Copy and paste the following into Notepad and save as fixlist.txt to your desktop:
  

  U3 Winsock; no ImagePath

  • Run your copy of FRST. It is important to ensure it is located in your desktop.
  • Press the Fix button.
  • It will produce a log (fixlog.txt) once done.
  • Copy (CTRL + A and CTRL + C) and paste (CTRL + V) the content of the log in your next reply.

• Logs to Post
  
  In summary of the above, I will need you to post the following log(s):
  • fixlog.txt (Farbar Recovery Scan Tool)

[Hana23]

Pyxis... I am so stress...
My computer was OK before but suddenly I cannot use my internet
I just succesfully updated my mozilla and java.. Then, I did what you asked me.
The next thing that happened was I could not use my internet.
Troubleshoot said that "Wireless Network Connection doesn't have a valid IP configuration"
I was crazy when I knew I could not connect my internet
I desperately looked for solutions on google and youtube but no one works...
Please help me... I desperately need your help
By the way... I replied your respond on my smartphone...
Here's the txt file also..
.....
I could not attach it ㅠㅠㅠ
The txt said that winsock=> service removed successfully

Edited by Hana23, 10 August 2015 - 09:03 AM.