Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

123.sogou.com Browser Hijacker [Closed]


  • This topic is locked This topic is locked

#1
8033glenn

8033glenn

    New Member

  • Member
  • Pip
  • 1 posts

Hi

 

I've recently re-installed Windows 8.1 professional onto my re-formatted hard drive after I'd managed to wipe it while trying to install Linux onto a partition.  Not the most fun week!  Anyway, after install, I've gone online and managed to get this little gem on my system.  So now when I click to open Explorer this is my home page.  I've tried uninstalling through Programs and Features but the wording is all in Chinese or something so I can't understand the options.  After Googling a little, I've reset Explorer defaults and set my homepage to Google, but that didn't solve it.  I've run Avast and Malware Bytes and actioned the quarantine options, but still nothing.  I've also tried to install another browser through Explorer but the download seems to hang.

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:15-09-2015
Ran by Glenn (administrator) on GLENN-HOME (20-09-2015 11:03:37)
Running from C:\Users\Glenn\Desktop
Loaded Profiles: Glenn (Available Profiles: Glenn)
Platform: Windows 8.1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Windows ® Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Arainia Solutions) C:\Program Files (x86)\Gizmo\gservice.exe
() C:\Program Files (x86)\RayDld\ihpmServer.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
() C:\Windows\SysWOW64\srvany.exe
() C:\Windows\KMService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(Qualcomm®Atheros®) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
() C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
(eyuwi) C:\ProgramData\uiksdl201591917\smartoa.exe
(eyuwi) C:\ProgramData\uiksdl201591917\smartoa.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FLAAFFC.tmp
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17709_none_fa7932f59afc2e40\TiWorker.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [smallbox] => C:\ProgramData\uiksdl201591917\smartoa.exe [699712 2015-09-19] (eyuwi)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [6134544 2015-09-19] (AVAST Software)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [134784 2014-02-25] (Qualcomm®Atheros®)
HKU\S-1-5-21-349490526-3243476562-4042863286-1001\...\Run: [GizmoDriveDelegate] => C:\Program Files (x86)\Gizmo\gizmo.exe [223640 2015-09-19] (Arainia Solutions)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-09-19] (AVAST Software)
ShellIconOverlayIdentifiers: [Fatlfn] -> {646BAAE7-7538-4866-8EEE-974C0AA910AB} => C:\ProgramData\aggciedcebii.dll [2015-09-19] (yookuu)
ShellIconOverlayIdentifiers-x32: [Fatlfn] -> {646BAAE7-7538-4866-8EEE-974C0AA910AB} => C:\ProgramData\aggciedcebii.dll [2015-09-19] (yookuu)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.43.1
Tcpip\..\Interfaces\{AFD5419C-6A0B-4945-BDD4-EE3BCF4EAF28}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{B7E48F55-F859-47A3-9826-2CC91CCB1325}: [DhcpNameServer] 192.168.43.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\S-1-5-21-349490526-3243476562-4042863286-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
HKU\S-1-5-21-349490526-3243476562-4042863286-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.co.uk/
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.oursurfing.com/web/?type=ds&ts=1442684874&z=94108fe83f5ed9c9cec89f4620b12702gzzoqbzbmz&from=amt&uid=toshibaxmq01abd100_74kxt7ebtxx74kxt7ebt&q={searchTerms}
SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.oursurfing.com/web/?type=ds&ts=1442684874&z=94108fe83f5ed9c9cec89f4620b12702gzzoqbzbmz&from=amt&uid=toshibaxmq01abd100_74kxt7ebtxx74kxt7ebt&q={searchTerms}
SearchScopes: HKU\S-1-5-21-349490526-3243476562-4042863286-1001 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-09-19] (AVAST Software)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-09-19] (AVAST Software)
BHO-x32: °®ÆæÒÕÖúÊÖ -> {FB4F6285-4C32-49F2-950F-A5998F9CEC6C} -> C:\IQIYI Video\Common\Accelerator\IEHelper.dll [2015-04-29] (爱奇艺)

FireFox:
========
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-09-19]

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-09-19]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [319104 2014-02-25] (Windows ® Win 7 DDK provider) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [146600 2015-09-19] (AVAST Software)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4048280 2015-09-19] (Avast Software)
R2 Gizmo Central; C:\Program Files (x86)\Gizmo\gservice.exe [34728 2015-09-19] (Arainia Solutions)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [355232 2015-08-09] (Intel Corporation)
R2 ihpmServer; C:\Program Files (x86)\RayDld\ihpmServer.exe [268520 2015-09-09] ()
R2 KMService; C:\Windows\SysWOW64\srvany.exe [8192 2010-06-16] () [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [346872 2013-08-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23840 2013-08-22] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-09-19] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [90968 2015-09-19] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-09-19] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-09-19] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1049880 2015-09-19] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [448968 2015-09-19] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [153744 2015-09-19] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [274808 2015-09-19] (AVAST Software)
R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2014-02-25] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [224768 2013-08-22] (Microsoft Corporation)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R1 GizmoDrv; C:\Windows\System32\Drivers\GizmoDrv.sys [34704 2015-09-19] (Arainia Solutions LLC)
R3 iaLPSS_I2C; C:\Windows\System32\drivers\iaLPSS_I2C.sys [120312 2014-06-10] (Intel Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2015-09-20] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2014-05-12] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-12-20] (Intel Corporation)
R0 ngvss; C:\Windows\System32\Drivers\ngvss.sys [132656 2015-09-19] (AVAST Software)
R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [506072 2014-06-20] (Realsil Semiconductor Corporation)
S3 usbrndis6; C:\Windows\system32\DRIVERS\usb80236.sys [20992 2013-08-22] (Microsoft Corporation)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [274336 2015-09-19] (Avast Software)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [34760 2013-08-22] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [265056 2013-08-22] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124256 2013-08-22] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-09-20 11:03 - 2015-09-20 11:03 - 00010464 _____ C:\Users\Glenn\Desktop\FRST.txt
2015-09-20 11:02 - 2015-09-20 11:03 - 00000000 ____D C:\FRST
2015-09-20 11:01 - 2015-09-20 11:01 - 02191360 _____ (Farbar) C:\Users\Glenn\Desktop\FRST64.exe
2015-09-20 10:56 - 2014-04-16 02:35 - 00028352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aspnet_counters.dll
2015-09-20 10:56 - 2014-04-16 02:34 - 00029888 _____ (Microsoft Corporation) C:\Windows\system32\aspnet_counters.dll
2015-09-20 10:36 - 2015-09-20 10:36 - 00001868 _____ C:\Users\Glenn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\avast! antivirus.lnk
2015-09-20 09:50 - 2015-09-20 09:50 - 00000000 ____D C:\Users\Glenn\Downloads\win7-10.0.0.313-whql
2015-09-20 03:48 - 2015-09-19 18:54 - 00000000 ____D C:\Windows\Panther
2015-09-20 01:32 - 2015-09-20 01:32 - 00000000 ____D C:\Users\Glenn\AppData\Roaming\Atheros
2015-09-20 01:32 - 2015-09-20 01:32 - 00000000 ____D C:\Users\Glenn\AppData\Local\BMExplorer
2015-09-20 01:32 - 2015-09-20 01:32 - 00000000 ____D C:\ProgramData\Atheros
2015-09-20 01:27 - 2015-09-20 01:32 - 00000000 ____D C:\Users\Glenn\Documents\Bluetooth Folder
2015-09-20 01:27 - 2015-09-20 01:28 - 00000000 ____D C:\Program Files\Common Files\QCA_Bluetooth
2015-09-20 01:27 - 2015-09-20 01:27 - 00000000 ____D C:\ProgramData\{EB5F5A55-037A-4E47-806B-2C8AA9374701}
2015-09-20 01:27 - 2015-09-20 01:27 - 00000000 ____D C:\Program Files (x86)\Bluetooth Suite
2015-09-20 01:22 - 2015-09-20 01:22 - 00000000 ____D C:\ProgramData\Intel
2015-09-20 01:21 - 2015-09-20 01:21 - 00000000 ____D C:\Users\Glenn\Intel
2015-09-20 01:21 - 2015-09-20 01:21 - 00000000 ____D C:\Users\Glenn\Downloads\IO Drivers_Intel_1.1.226.0_W81x64_A
2015-09-20 01:20 - 2015-09-20 01:20 - 09021090 _____ C:\Users\Glenn\Downloads\CardReader_Realtek_6.3.9600.21257_W81x64_A.zip
2015-09-20 01:20 - 2015-09-20 01:20 - 02832557 _____ C:\Users\Glenn\Downloads\IO Drivers_Intel_1.1.226.0_W81x64_A.zip
2015-09-20 01:20 - 2015-09-20 01:20 - 00000000 ____D C:\Windows\SysWOW64\sda
2015-09-20 01:20 - 2014-06-20 10:12 - 00506072 _____ (Realsil Semiconductor Corporation) C:\Windows\system32\Drivers\RtsPer.sys
2015-09-20 01:20 - 2014-01-27 13:39 - 09890008 _____ (Realtek Semiconductor Corp.) C:\Windows\SysWOW64\RsCRIcon.dll
2015-09-20 01:17 - 2013-11-09 09:34 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\MDMAgent.exe
2015-09-20 01:17 - 2013-11-09 09:34 - 00287744 _____ (Microsoft Corporation) C:\Windows\system32\mdmregistration.dll
2015-09-20 01:17 - 2013-11-09 08:52 - 00240128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mdmregistration.dll
2015-09-20 01:16 - 2015-09-20 01:20 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-09-20 01:16 - 2015-09-20 01:20 - 00000000 ____D C:\Program Files (x86)\Realtek
2015-09-20 01:16 - 2015-09-20 01:16 - 06071911 _____ C:\Users\Glenn\Downloads\Lan_Realtek_8.34.617.2014_W81x64_A.zip
2015-09-20 01:16 - 2015-09-20 01:16 - 00873688 _____ (Realtek ) C:\Windows\system32\Drivers\Rt630x64.sys
2015-09-20 01:16 - 2015-09-20 01:16 - 00073800 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RtNicProp64.dll
2015-09-20 01:16 - 2015-09-20 01:16 - 00000000 ____D C:\Users\Glenn\Downloads\Lan_Realtek_8.34.617.2014_W81x64_A
2015-09-20 01:12 - 2015-09-20 01:12 - 00000000 ____D C:\Users\Glenn\Downloads\Chipset_Intel_10.0.22_W7x64_A
2015-09-20 01:11 - 2015-09-20 01:11 - 02720641 _____ C:\Users\Glenn\Downloads\Chipset_Intel_10.0.22_W7x64_A.zip
2015-09-20 00:54 - 2015-09-20 01:20 - 00018200 _____ C:\Windows\DPINST.LOG
2015-09-20 00:54 - 2015-09-20 01:20 - 00000000 ____D C:\Users\Glenn\AppData\Roaming\Intel
2015-09-20 00:53 - 2015-09-20 01:20 - 00000000 ____D C:\ProgramData\Package Cache
2015-09-20 00:53 - 2015-09-20 00:53 - 00000000 ____D C:\Users\Glenn\Downloads\Wireless LAN_Intel_17.0.5.8_W81x64_A
2015-09-20 00:51 - 2015-09-20 00:51 - 00000000 ____D C:\Users\Glenn\Downloads\Wireless LAN_Broadcom_12.0.0.9590_W81x64_A
2015-09-20 00:48 - 2015-09-20 00:48 - 00000000 ____D C:\Users\Glenn\Downloads\Wireless LAN_Atheros_8.0.1.318_W81x64_A
2015-09-20 00:37 - 2015-09-20 10:36 - 00000380 _____ C:\Windows\Tasks\DriverToolkit Autorun.job
2015-09-20 00:37 - 2015-09-20 00:37 - 00002720 _____ C:\Windows\System32\Tasks\DriverToolkit Autorun
2015-09-20 00:34 - 2015-09-20 00:37 - 00000000 ____D C:\Program Files (x86)\DriverToolkit
2015-09-20 00:34 - 2015-09-20 00:34 - 00000000 ____D C:\Users\Glenn\AppData\Local\DriverToolkit
2015-09-20 00:27 - 2015-09-20 00:34 - 191052979 _____ C:\Users\Glenn\Downloads\Wireless LAN_Broadcom_12.0.0.9590_W81x64_A.zip
2015-09-20 00:27 - 2015-09-20 00:32 - 91449181 _____ C:\Users\Glenn\Downloads\Wireless LAN_Intel_17.0.5.8_W81x64_A.zip
2015-09-20 00:01 - 2015-09-20 10:45 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-09-20 00:01 - 2015-09-20 00:12 - 00001108 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-09-20 00:01 - 2015-09-20 00:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-09-20 00:01 - 2015-09-20 00:01 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-09-20 00:01 - 2014-05-12 09:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-09-20 00:01 - 2014-05-12 09:26 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-09-20 00:01 - 2014-05-12 09:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-09-19 23:50 - 2014-10-31 01:37 - 00129536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2015-09-19 23:50 - 2014-10-31 01:34 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2015-09-19 23:40 - 2015-09-19 23:42 - 00000000 ____D C:\Windows\system32\MRT
2015-09-19 23:40 - 2015-08-26 20:37 - 134753440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-09-19 23:35 - 2015-09-19 23:35 - 00000000 ____D C:\Users\Glenn\Downloads\Malwarebytes Anti-Malware Premium 2.0.2.1012 Final + Keys [ATOM]
2015-09-19 23:31 - 2014-02-11 06:04 - 04189184 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-09-19 23:27 - 2013-10-15 11:54 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2015-09-19 23:27 - 2013-10-15 11:03 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll
2015-09-19 23:26 - 2015-09-19 23:26 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-09-19 22:35 - 2015-09-19 22:37 - 00000000 ____D C:\Users\Glenn\AppData\Roaming\.freeciv
2015-09-19 22:34 - 2015-09-20 00:12 - 00001113 _____ C:\Users\Glenn\Desktop\freeciv-gtk2 - Shortcut.lnk
2015-09-19 22:21 - 2014-04-19 14:15 - 21186352 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-09-19 22:21 - 2014-04-19 09:49 - 18644072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-09-19 22:16 - 2015-09-20 00:09 - 00000000 ____D C:\Program Files (x86)\Google
2015-09-19 22:16 - 2015-09-19 22:16 - 00000000 ____D C:\Users\Glenn\AppData\Local\Google
2015-09-19 22:03 - 2015-09-19 22:03 - 00000118 _____ C:\Windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2015-09-19 21:53 - 2014-02-11 05:43 - 00488448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2015-09-19 21:53 - 2014-02-11 05:04 - 00586240 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2015-09-19 21:53 - 2013-10-16 18:58 - 01943536 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-09-19 21:53 - 2013-10-16 16:54 - 01581968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-09-19 21:48 - 2015-09-19 21:48 - 00000000 ____D C:\Users\Glenn\AppData\Roaming\AVAST Software
2015-09-19 21:47 - 2015-09-20 00:12 - 00001976 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2015-09-19 21:47 - 2015-09-19 21:47 - 01049880 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2015-09-19 21:47 - 2015-09-19 21:47 - 00448968 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2015-09-19 21:47 - 2015-09-19 21:47 - 00378880 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2015-09-19 21:47 - 2015-09-19 21:47 - 00274808 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2015-09-19 21:47 - 2015-09-19 21:47 - 00153744 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2015-09-19 21:47 - 2015-09-19 21:47 - 00132656 _____ (AVAST Software) C:\Windows\system32\Drivers\ngvss.sys
2015-09-19 21:47 - 2015-09-19 21:47 - 00093528 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2015-09-19 21:47 - 2015-09-19 21:47 - 00090968 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2015-09-19 21:47 - 2015-09-19 21:47 - 00065224 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2015-09-19 21:47 - 2015-09-19 21:47 - 00043112 _____ (AVAST Software) C:\Windows\avastSS.scr
2015-09-19 21:47 - 2015-09-19 21:47 - 00028656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2015-09-19 21:47 - 2015-09-19 21:47 - 00003924 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2015-09-19 21:47 - 2015-09-19 21:47 - 00000000 ____D C:\Windows\SysWOW64\vbox
2015-09-19 21:47 - 2015-09-19 21:47 - 00000000 ____D C:\Windows\system32\vbox
2015-09-19 21:47 - 2015-09-19 21:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-09-19 21:44 - 2015-09-19 21:44 - 00000000 ____D C:\Program Files\AVAST Software
2015-09-19 21:42 - 2015-09-19 21:42 - 00000000 ____D C:\ProgramData\AVAST Software
2015-09-19 21:40 - 2015-09-19 21:40 - 00000000 ____D C:\Users\Glenn\AppData\Local\AvgSetupLog
2015-09-19 21:40 - 2015-09-19 21:40 - 00000000 ____D C:\Users\Glenn\AppData\Local\Avg
2015-09-19 21:07 - 2015-09-19 21:07 - 00000401 _____ C:\Windows\system32\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat
2015-09-19 21:02 - 2015-09-19 21:02 - 00004608 _____ C:\Windows\SECOH-QAD.exe
2015-09-19 21:02 - 2015-09-19 21:02 - 00003584 _____ C:\Windows\SECOH-QAD.dll
2015-09-19 21:02 - 2015-09-19 21:02 - 00003394 _____ C:\Windows\System32\Tasks\AutoPico Daily Restart
2015-09-19 20:53 - 2015-09-19 21:49 - 00000000 ____D C:\Program Files\Windows 10 KMS Activator Ultimate 2015 v1.3
2015-09-19 20:52 - 2015-09-19 22:31 - 00000000 ____D C:\Program Files (x86)\globalUpdate
2015-09-19 20:52 - 2015-09-19 21:07 - 00000004 _____ C:\Windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
2015-09-19 20:52 - 2015-09-19 20:52 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_LocationProvider_01_11_00.Wdf
2015-09-19 20:52 - 2015-09-19 20:52 - 00000000 ____D C:\Users\Glenn\AppData\Local\globalUpdate
2015-09-19 20:52 - 2015-09-19 20:52 - 00000000 ____D C:\Users\Glenn\.android
2015-09-19 20:51 - 2015-09-20 11:00 - 00000462 _____ C:\Windows\Tasks\Adobe Flash box Files Update Ver 2015919.job
2015-09-19 20:51 - 2015-09-19 23:19 - 00009985 _____ C:\Users\Glenn\AppData\Roaming\.freeciv-client-rc-2.5
2015-09-19 20:51 - 2015-09-19 22:18 - 00000000 ____D C:\Users\Glenn\AppData\Roaming\Opera Software
2015-09-19 20:51 - 2015-09-19 22:18 - 00000000 ____D C:\Users\Glenn\AppData\Local\Opera Software
2015-09-19 20:51 - 2015-09-19 21:10 - 00000000 ____D C:\ProgramData\4997GameBox_Data
2015-09-19 20:51 - 2015-09-19 20:52 - 00000000 ____D C:\ProgramData\adb
2015-09-19 20:51 - 2015-09-19 20:51 - 00443200 _____ (yookuu) C:\ProgramData\aggciedcebii.dll
2015-09-19 20:51 - 2015-09-19 20:51 - 00003500 _____ C:\Windows\System32\Tasks\Adobe Flash box Files Update Ver 2015919
2015-09-19 20:51 - 2015-09-19 20:51 - 00000000 ____D C:\Users\Glenn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\7k7k游戏盒子(919)
2015-09-19 20:51 - 2015-09-19 20:51 - 00000000 ____D C:\ProgramData\uiksdl201591917
2015-09-19 20:51 - 2015-09-19 20:51 - 00000000 _____ C:\ProgramData\inf.dat
2015-09-19 20:50 - 2015-09-19 23:55 - 00000000 ____D C:\qycache
2015-09-19 20:50 - 2015-09-19 22:19 - 00000000 ____D C:\Program Files (x86)\Opera
2015-09-19 20:50 - 2015-09-19 21:10 - 00000000 ____D C:\Users\Glenn\AppData\Local\Unity
2015-09-19 20:50 - 2015-09-19 20:51 - 00000000 ____D C:\Program Files (x86)\Freeciv-2.5.1-gtk2
2015-09-19 20:50 - 2015-09-19 20:50 - 00000000 ____D C:\Users\Public\QiYi
2015-09-19 20:50 - 2015-09-19 20:50 - 00000000 ____D C:\ppsfile
2015-09-19 20:50 - 2015-09-19 20:50 - 00000000 ____D C:\IQIYI Video
2015-09-19 20:48 - 2015-09-19 20:49 - 31912812 _____ C:\Users\Glenn\Downloads\Freeciv-2.5.1-win32-gtk2-setup.exe
2015-09-19 20:48 - 2015-09-19 20:48 - 00000000 ____D C:\Program Files (x86)\RayDld
2015-09-19 20:42 - 2015-09-20 00:12 - 00001284 _____ C:\Users\Public\Desktop\Windows 10 KMS Activator Ultimate 2015 v1.2.lnk
2015-09-19 20:42 - 2015-09-19 22:24 - 00000000 ____D C:\Program Files\Windows 10 KMS Activator Ultimate 2015 v1.2
2015-09-19 20:40 - 2015-09-19 20:41 - 12549159 _____ ( ) C:\Users\Glenn\Downloads\Windows 10 KMS Activator Ultimate 2015 v1.2 Setup.exe
2015-09-19 20:39 - 2015-09-19 20:39 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_TeeDriverx64_01011.Wdf
2015-09-19 20:37 - 2015-09-20 01:22 - 00000000 ____D C:\Program Files\Intel
2015-09-19 20:37 - 2015-09-20 01:20 - 00000000 ____D C:\Program Files (x86)\Intel
2015-09-19 20:37 - 2015-09-19 21:07 - 00000000 ____D C:\Intel
2015-09-19 20:37 - 2015-08-09 06:50 - 00096752 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.DLL
2015-09-19 20:37 - 2015-08-09 06:50 - 00092648 _____ (Khronos Group) C:\Windows\system32\OpenCL.DLL
2015-09-19 20:37 - 2010-12-27 17:59 - 00163840 _____ C:\Windows\KMService.exe
2015-09-19 20:37 - 2010-06-16 02:44 - 00008192 _____ C:\Windows\SysWOW64\srvany.exe
2015-09-19 20:26 - 2015-09-20 00:12 - 00001033 _____ C:\Users\Public\Desktop\Gizmo.lnk
2015-09-19 20:26 - 2015-09-19 20:26 - 00034704 _____ (Arainia Solutions LLC) C:\Windows\system32\Drivers\gizmodrv.sys
2015-09-19 20:26 - 2015-09-19 20:26 - 00003998 _____ C:\Windows\System32\Tasks\{EB5A17F7-59B1-4914-80F9-8981CBF7FF0B}
2015-09-19 20:26 - 2015-09-19 20:26 - 00000000 ____D C:\Users\Glenn\Documents\Gizmo
2015-09-19 20:26 - 2015-09-19 20:26 - 00000000 ____D C:\Users\Glenn\AppData\Roaming\Gizmo
2015-09-19 20:26 - 2015-09-19 20:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gizmo Central
2015-09-19 20:26 - 2015-09-19 20:26 - 00000000 ____D C:\Program Files (x86)\Gizmo
2015-09-19 20:15 - 2015-09-20 00:12 - 00002663 _____ C:\Users\Glenn\Desktop\µTorrent.lnk
2015-09-19 20:15 - 2015-09-19 23:36 - 00000000 ____D C:\Users\Glenn\AppData\Roaming\uTorrent
2015-09-19 20:13 - 2015-09-19 20:13 - 01774432 _____ (BitTorrent Inc.) C:\Users\Glenn\Downloads\uTorrent.exe
2015-09-19 20:12 - 2015-09-19 20:12 - 00000000 ____D C:\Users\Glenn\AppData\Roaming\Macromedia
2015-09-19 20:08 - 2015-09-20 09:45 - 00003934 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{92AF49E8-A1C8-4807-BA00-3C10F2FCFE08}
2015-09-19 19:04 - 2015-09-19 19:04 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2015-09-19 19:00 - 2015-09-20 01:25 - 00003596 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-349490526-3243476562-4042863286-1001
2015-09-19 18:58 - 2015-09-20 10:40 - 00818732 _____ C:\Windows\system32\PerfStringBackup.INI
2015-09-19 18:55 - 2015-09-19 18:55 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2015-09-19 18:55 - 2013-08-22 08:17 - 02407936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PrintConfig.dll
2015-09-19 18:54 - 2015-09-20 01:21 - 00000000 ____D C:\Users\Glenn
2015-09-19 18:54 - 2015-09-20 00:12 - 00001418 _____ C:\Users\Glenn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-09-19 18:54 - 2015-09-19 22:34 - 00000000 ____D C:\Users\Glenn\AppData\Local\VirtualStore
2015-09-19 18:54 - 2015-09-19 18:56 - 00000000 ____D C:\Users\Glenn\AppData\Local\Packages
2015-09-19 18:54 - 2015-09-19 18:54 - 00000020 ___SH C:\Users\Glenn\ntuser.ini
2015-09-19 18:54 - 2015-09-19 18:54 - 00000000 ____D C:\Users\Glenn\AppData\Roaming\Adobe
2015-09-19 18:54 - 2013-08-22 18:36 - 00000000 ___RD C:\Users\Glenn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-09-19 18:54 - 2013-08-22 18:36 - 00000000 ___RD C:\Users\Glenn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-09-19 18:54 - 2013-08-22 18:36 - 00000000 ___RD C:\Users\Glenn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-09-19 18:54 - 2013-08-22 18:36 - 00000000 ____D C:\Users\Glenn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-09-19 18:53 - 2015-09-20 11:02 - 01825892 _____ C:\Windows\WindowsUpdate.log
2015-09-19 18:50 - 2015-09-19 18:50 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2015-09-19 18:49 - 2015-09-20 01:31 - 00045502 _____ C:\Windows\PFRO.log

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-09-20 11:02 - 2013-08-22 18:36 - 00000000 ____D C:\Windows\system32\sru
2015-09-20 11:00 - 2013-08-22 18:20 - 00000000 ____D C:\Windows\CbsTemp
2015-09-20 10:56 - 2013-08-22 18:36 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2015-09-20 10:54 - 2013-08-22 17:46 - 00015198 _____ C:\Windows\setupact.log
2015-09-20 10:51 - 2013-08-22 18:36 - 00000000 ____D C:\Windows\AppReadiness
2015-09-20 10:36 - 2013-08-22 17:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-09-20 09:50 - 2015-03-05 11:00 - 04137472 _____ (Qualcomm Atheros Communications, Inc.) C:\Windows\system32\Drivers\athrx.sys
2015-09-20 03:48 - 2013-08-22 18:36 - 00262144 _____ C:\Windows\system32\config\BCD-Template
2015-09-20 00:54 - 2013-08-22 16:36 - 00000000 __RHD C:\Users\Default
2015-09-20 00:16 - 2013-08-22 18:36 - 00000000 ____D C:\Windows\WinStore
2015-09-19 23:54 - 2013-08-22 17:44 - 00335816 _____ C:\Windows\system32\FNTCACHE.DAT
2015-09-19 23:52 - 2013-08-22 18:36 - 00000000 ___RD C:\Windows\ToastData
2015-09-19 21:43 - 2013-08-22 18:36 - 00000000 ____D C:\Windows\system32\restore
2015-09-19 20:44 - 2013-08-22 18:36 - 00000000 ____D C:\Windows\system32\NDF
2015-09-19 20:27 - 2013-08-22 16:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2015-09-19 18:55 - 2013-08-22 18:36 - 00000000 ____D C:\Windows\rescache
2015-09-19 18:54 - 2013-08-22 18:36 - 00000000 ___RD C:\Windows\ImmersiveControlPanel
2015-09-19 18:54 - 2013-08-22 18:36 - 00000000 ____D C:\Windows\FileManager
2015-09-19 18:54 - 2013-08-22 18:36 - 00000000 ____D C:\Windows\Camera
2015-09-19 18:51 - 2013-08-22 18:36 - 00000000 ____D C:\Windows\system32\Recovery
2015-09-19 18:50 - 2013-08-22 18:37 - 00001720 _____ C:\Windows\DtcInstall.log

==================== Files in the root of some directories =======

2015-09-19 20:51 - 2015-09-19 23:19 - 0009985 _____ () C:\Users\Glenn\AppData\Roaming\.freeciv-client-rc-2.5
2015-09-19 20:51 - 2015-09-19 20:51 - 0443200 _____ (yookuu) C:\ProgramData\aggciedcebii.dll
2015-09-19 20:51 - 2015-09-19 20:51 - 0000000 _____ () C:\ProgramData\inf.dat

Files to move or delete:
====================
C:\ProgramData\aggciedcebii.dll
C:\ProgramData\inf.dat

Some files in TEMP:
====================
C:\Users\Glenn\AppData\Local\Temp\[email protected]
C:\Users\Glenn\AppData\Local\Temp\KMS.exe
C:\Users\Glenn\AppData\Local\Temp\Opera_NI_stable.exe
C:\Users\Glenn\AppData\Local\Temp\ppstreamsetup_unfix.exe
C:\Users\Glenn\AppData\Local\Temp\qdsetup12.exe
C:\Users\Glenn\AppData\Local\Temp\qqpcmgr_v10.11.16575.227_8881493_Silence.exe

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-09-19 18:49

==================== End of FRST.txt ============================

 

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:15-09-2015
Ran by Glenn (2015-09-20 11:04:16)
Running from C:\Users\Glenn\Desktop
Windows 8.1 (X64) (2015-09-19 15:54:12)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-349490526-3243476562-4042863286-500 - Administrator - Disabled)
Glenn (S-1-5-21-349490526-3243476562-4042863286-1001 - Administrator - Enabled) => C:\Users\Glenn
Guest (S-1-5-21-349490526-3243476562-4042863286-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-349490526-3243476562-4042863286-1003 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-349490526-3243476562-4042863286-1001\...\uTorrent) (Version: 3.4.5.41073 - BitTorrent Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.4.2233 - AVAST Software)
Freeciv 2.5.1 (GTK+2 client) (HKLM-x32\...\Freeciv-2.5.1-gtk2) (Version:  - )
Gizmo Central (HKLM-x32\...\Gizmo Central) (Version: v2.7.9 - Arainia Solutions, LLC)
globalupdate Helper (x32 Version: 1.3.25.0 - globalupdate Inc.) Hidden <==== ATTENTION
Intel® Chipset Device Software (x32 Version: 10.0.22 - Intel® Corporation) Hidden
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.14.4264 - Intel Corporation)
Intel® Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 1.1.226.0 - Intel Corporation)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.318 - Qualcomm Atheros Communications)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.21257 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.34.617.2014 - Realtek)
Windows 10 KMS Activator Ultimate 2015 v1.2 (HKLM\...\Windows 10 KMS Activator Ultimate 2015 v1.2_is1) (Version: v1.2 - )
Windows 10 KMS Activator Ultimate 2015 v1.3 (HKLM\...\Windows 10 KMS Activator Ultimate 2015 v1.3_is1) (Version: v1.3 - )
爱奇艺影音 (HKLM-x32\...\IQIYI Video) (Version:  - 爱奇艺)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-349490526-3243476562-4042863286-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)

==================== Restore Points =========================

20-09-2015 10:54:03 Windows Update

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 16:25 - 2013-08-22 16:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {31868C2B-628B-487A-A37D-D77E4B15DE6B} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-09-19] (AVAST Software)
Task: {7E85847B-A4C5-4401-A01A-AD80148F3F0B} - System32\Tasks\Adobe Flash box Files Update Ver 2015919 => C:\ProgramData\uiksdl201591917\smartoa.exe [2015-09-19] (eyuwi)
Task: {90BE8E57-1E42-4CC5-8776-133BDCBCD261} - System32\Tasks\{EB5A17F7-59B1-4914-80F9-8981CBF7FF0B} => C:\Program Files (x86)\Gizmo\gizmo.exe [2015-09-19] (Arainia Solutions)
Task: {95B03EE1-BADF-40D5-BD25-AE3CF9E75A43} - System32\Tasks\AutoPico Daily Restart => C:\Users\Glenn\AppData\Local\Temp\RarSFX0\AutoPico.exe <==== ATTENTION
Task: {E4E1C912-351B-4272-BF55-D3BFFC380D5E} - System32\Tasks\DriverToolkit Autorun => C:\Program Files (x86)\DriverToolkit\DriverToolkit.exe
Task: {FE8D548B-BE41-4BA7-AEE0-9A64BEBA4F4C} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-08-26] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash box Files Update Ver 2015919.job => C:\ProgramData\uiksdl201591917\smartoa.exe/check_update C:\ProgramData\uiksdl201591917\Glenn-Home\Glenn6This task detect has update for box files.Ver
Task: C:\Windows\Tasks\DriverToolkit Autorun.job => C:\Program Files (x86)\DriverToolkit\DriverToolkit.exe

==================== Loaded Modules (Whitelisted) ==============

2015-09-19 20:26 - 2015-09-19 20:26 - 00367528 _____ () C:\Program Files (x86)\Gizmo\gshell-x64.dll
2015-09-09 13:20 - 2015-09-09 13:20 - 00268520 _____ () C:\Program Files (x86)\RayDld\ihpmServer.exe
2015-08-09 06:50 - 2015-08-09 06:50 - 00404376 _____ () C:\Windows\system32\igfxTray.exe
2015-09-19 20:37 - 2010-06-16 02:44 - 00008192 _____ () C:\Windows\SysWOW64\srvany.exe
2015-09-19 20:37 - 2010-12-27 17:59 - 00163840 _____ () C:\Windows\KMService.exe
2014-02-25 22:14 - 2014-02-25 22:14 - 00011264 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2014-02-25 22:11 - 2014-02-25 22:11 - 00086016 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\Map\MAP.dll
2014-02-25 22:17 - 2014-02-25 22:17 - 00012928 _____ () C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
2015-09-19 21:47 - 2015-09-19 21:47 - 00103376 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-09-19 21:47 - 2015-09-19 21:47 - 00123976 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-09-19 21:47 - 2015-09-19 21:47 - 02965504 _____ () C:\Program Files\AVAST Software\Avast\defs\15091901\algo.dll
2015-09-19 20:51 - 2015-09-19 20:51 - 00561472 _____ () C:\ProgramData\uiksdl201591917\amui.dll
2015-09-19 20:51 - 2015-09-19 20:51 - 01597760 _____ () C:\ProgramData\uiksdl201591917\gboxi.dll
2015-09-19 21:47 - 2015-09-19 21:47 - 40539648 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-349490526-3243476562-4042863286-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
DNS Servers: 192.168.43.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{E15CA254-DA3E-4DBD-AC5C-92BF5D61E792}] => (Allow) C:\Users\Glenn\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{C21FCCD1-3B87-489E-957E-22295EFE3C7A}] => (Allow) C:\Users\Glenn\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{C817B7AC-8667-4C8A-A6FB-3103B7E459AA}] => (Allow) C:\Users\Glenn\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{2CFB2BB9-8407-4E68-9FAE-D173AE668D35}] => (Allow) C:\Users\Glenn\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{00E28992-3D96-42D9-87BB-C328FF17010B}] => (Allow) C:\Users\Glenn\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{7A03A869-E39D-49C2-884B-901940043C72}] => (Allow) C:\Users\Glenn\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{3A3836F0-A54D-427D-90EB-25C7B22A69F0}] => (Allow) C:\Users\Glenn\AppData\Roaming\IQIYI Video\LStyle\GpUpdate.exe
FirewallRules: [{A3F036E5-54DF-4868-90F2-6DDC84293D5D}] => (Allow) C:\IQIYI Video\GeePlayer\GeePlayer.exe
FirewallRules: [{E0926806-5CA9-4A4B-82CB-21A040B173B0}] => (Allow) C:\Users\Glenn\AppData\Roaming\IQIYI Video\LStyle\QyUpdate.exe
FirewallRules: [{DE6AF412-B0A4-4C45-8005-0E69E859453B}] => (Allow) C:\IQIYI Video\LStyle\QyClient.exe
FirewallRules: [{E99A469E-E59C-4F26-82A5-E4B5CB348739}] => (Allow) C:\IQIYI Video\LStyle\QyWebPlayer.exe
FirewallRules: [{28F8918E-7CA0-4259-8C84-937BA299CA4C}] => (Allow) C:\IQIYI Video\Common\QyKernel.exe
FirewallRules: [{12AF79BD-62C1-4136-BE93-D9C88356D5B5}] => (Allow) C:\IQIYI Video\LStyle\QyPlayer.exe
FirewallRules: [{55AB1916-29ED-48BF-A35A-CEC28A6D56C7}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{A225DB45-1EF6-4B2D-A315-2AF1474CD2FD}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe

==================== Faulty Device Manager Devices =============

Name: SAMSUNG Mobile MTP Device
Description: SAMSUNG Mobile MTP Device
Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Manufacturer: SAMSUNG Electronics Co., Ltd.
Service: WUDFWpdMtp
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

==================== Event log errors: =========================

Application errors:
==================
Error: (09/20/2015 01:19:40 AM) (Source: Microsoft-Windows-WMI) (EventID: 10) (User: NT AUTHORITY)
Description: Event filter with query "select * from CIntelWLANEvent" could not be reactivated in namespace "//./ROOT/default" because of error 0x80041010. Events cannot be delivered through this filter until the problem is corrected.

Error: (09/20/2015 01:11:09 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.3.9600.16384, time stamp: 0x5215d379
Faulting module name: SHELL32.dll, version: 6.3.9600.16660, time stamp: 0x5351e7f8
Exception code: 0xc000041d
Fault offset: 0x00000000000ddba4
Faulting process id: 0x4bc
Faulting application start time: 0xExplorer.EXE0
Faulting application path: Explorer.EXE1
Faulting module path: Explorer.EXE2
Report Id: Explorer.EXE3
Faulting package full name: Explorer.EXE4
Faulting package-relative application ID: Explorer.EXE5

Error: (09/19/2015 10:14:32 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program SystemSettings.exe version 6.3.9600.16384 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 238

Start Time: 01d0f30e079ee262

Termination Time: 4294967295

Application Path: C:\Windows\ImmersiveControlPanel\SystemSettings.exe

Report Id: 8e14190c-5f01-11e5-8250-5c93a2b1cc9f

Faulting package full name: windows.immersivecontrolpanel_6.2.0.0_neutral_neutral_cw5n1h2txyewy

Faulting package-relative application ID: microsoft.windows.immersivecontrolpanel

Error: (09/19/2015 10:06:37 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: Glenn-Home)
Description: Package windows.immersivecontrolpanel_6.2.0.0_neutral_neutral_cw5n1h2txyewy+microsoft.windows.immersivecontrolpanel was terminated because it took too long to suspend.

Error: (09/19/2015 09:05:22 PM) (Source: Software Protection Platform Service) (EventID: 1017) (User: )
Description: Installation of the Proof of Purchase failed. 0xC004F069
Partial Pkey=B4FXY
ACID=?
Detailed Error[?]

Error: (09/19/2015 09:04:42 PM) (Source: Software Protection Platform Service) (EventID: 1017) (User: )
Description: Installation of the Proof of Purchase failed. 0xC004F069
Partial Pkey=9D6T9
ACID=?
Detailed Error[?]

Error: (09/19/2015 08:58:01 PM) (Source: Software Protection Platform Service) (EventID: 1017) (User: )
Description: Installation of the Proof of Purchase failed. 0xC004F069
Partial Pkey=9D6T9
ACID=?
Detailed Error[?]

Error: (09/19/2015 08:57:25 PM) (Source: Software Protection Platform Service) (EventID: 1017) (User: )
Description: Installation of the Proof of Purchase failed. 0xC004F069
Partial Pkey=9D6T9
ACID=?
Detailed Error[?]

Error: (09/19/2015 08:38:50 PM) (Source: Software Protection Platform Service) (EventID: 1017) (User: )
Description: Installation of the Proof of Purchase failed. 0xC004F069
Partial Pkey=C9WKB
ACID=?
Detailed Error[?]

Error: (09/19/2015 08:22:11 PM) (Source: Software Protection Platform Service) (EventID: 1017) (User: )
Description: Installation of the Proof of Purchase failed. 0xC004F069
Partial Pkey=B4FXY
ACID=?
Detailed Error[?]

System errors:
=============
Error: (09/20/2015 10:34:59 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x8007045b: Update for Windows 8.1 for x64-based Systems (KB2884846).

Error: (09/20/2015 10:34:59 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x8007045b: Update for Windows 8.1 for x64-based Systems (KB2913760).

Error: (09/20/2015 10:34:59 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x8007045b: Update for Internet Explorer Flash Player for Windows 8.1 for x64-based Systems (KB3089023).

Error: (09/20/2015 10:34:59 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x8007045b: Update for Windows 8.1 for x64-based Systems (KB2843630).

Error: (09/20/2015 10:34:59 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x8007045b: Security Update for Windows 8.1 for x64-based Systems (KB2893294).

Error: (09/20/2015 10:34:59 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x8007045b: Security Update for Windows 8.1 for x64-based Systems (KB2920189).

Error: (09/20/2015 10:34:59 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x8007045b: Update for Windows 8.1 for x64-based Systems (KB3021910).

Error: (09/20/2015 10:34:59 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x8007045b: Update for Windows 8.1 for x64-based Systems (KB2917929).

Error: (09/20/2015 10:34:59 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x8007045b: Security Update for Windows 8.1 for x64-based Systems (KB2916036).

Error: (09/20/2015 10:34:59 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x8007045b: Security Update for Windows 8.1 for x64-based Systems (KB2964757) without KB2919355.

==================== Memory info ===========================

Processor: Intel® Core™ i3-4005U CPU @ 1.70GHz
Percentage of memory in use: 19%
Total physical RAM: 12211.27 MB
Available physical RAM: 9817.56 MB
Total Virtual: 14643.27 MB
Available Virtual: 12260.3 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:931 GB) (Free:901.15 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt ============================


  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Could you let me know if this kills it :)

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:
 

CreateRestorePoint:
HKLM-x32\...\Run: [smallbox] => C:\ProgramData\uiksdl201591917\smartoa.exe [699712 2015-09-19] (eyuwi)
ShellIconOverlayIdentifiers: [Fatlfn] -> {646BAAE7-7538-4866-8EEE-974C0AA910AB} => C:\ProgramData\aggciedcebii.dll [2015-09-19] (yookuu)
ShellIconOverlayIdentifiers-x32: [Fatlfn] -> {646BAAE7-7538-4866-8EEE-974C0AA910AB} => C:\ProgramData\aggciedcebii.dll [2015-09-19] (yookuu)
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.oursurfing.com/web/?type=ds&ts=1442684874&z=94108fe83f5ed9c9cec89f4620b12702gzzoqbzbmz&from=amt&uid=toshibaxmq01abd100_74kxt7ebtxx74kxt7ebt&q={searchTerms}
SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.oursurfing.com/web/?type=ds&ts=1442684874&z=94108fe83f5ed9c9cec89f4620b12702gzzoqbzbmz&from=amt&uid=toshibaxmq01abd100_74kxt7ebtxx74kxt7ebt&q={searchTerms}
BHO-x32: °®ÆæÒÕÖúÊÖ -> {FB4F6285-4C32-49F2-950F-A5998F9CEC6C} -> C:\IQIYI Video\Common\Accelerator\IEHelper.dll [2015-04-29] (爱奇艺)
R2 ihpmServer; C:\Program Files (x86)\RayDld\ihpmServer.exe [268520 2015-09-09] ()
2015-09-20 01:27 - 2015-09-20 01:27 - 00000000 ____D C:\ProgramData\{EB5F5A55-037A-4E47-806B-2C8AA9374701}
2015-09-19 22:03 - 2015-09-19 22:03 - 00000118 _____ C:\Windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2015-09-19 21:07 - 2015-09-19 21:07 - 00000401 _____ C:\Windows\system32\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat
2015-09-19 21:02 - 2015-09-19 21:02 - 00004608 _____ C:\Windows\SECOH-QAD.exe
2015-09-19 21:02 - 2015-09-19 21:02 - 00003584 _____ C:\Windows\SECOH-QAD.dll
2015-09-19 20:52 - 2015-09-19 22:31 - 00000000 ____D C:\Program Files (x86)\globalUpdate
2015-09-19 20:52 - 2015-09-19 21:07 - 00000004 _____ C:\Windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
2015-09-19 20:52 - 2015-09-19 20:52 - 00000000 ____D C:\Users\Glenn\AppData\Local\globalUpdate
2015-09-19 20:51 - 2015-09-19 20:51 - 00443200 _____ (yookuu) C:\ProgramData\aggciedcebii.dll
2015-09-19 20:51 - 2015-09-19 20:51 - 00000000 ____D C:\ProgramData\uiksdl201591917
2015-09-19 20:51 - 2015-09-19 20:51 - 00000000 _____ C:\ProgramData\inf.dat
2015-09-19 20:50 - 2015-09-19 23:55 - 00000000 ____D C:\qycache
2015-09-19 20:50 - 2015-09-19 20:50 - 00000000 ____D C:\Users\Public\QiYi
2015-09-19 20:50 - 2015-09-19 20:50 - 00000000 ____D C:\ppsfile
2015-09-19 20:50 - 2015-09-19 20:50 - 00000000 ____D C:\IQIYI Video
2015-09-19 20:48 - 2015-09-19 20:48 - 00000000 ____D C:\Program Files (x86)\RayDld
2015-09-19 20:26 - 2015-09-19 20:26 - 00003998 _____ C:\Windows\System32\Tasks\{EB5A17F7-59B1-4914-80F9-8981CBF7FF0B}
Task: {7E85847B-A4C5-4401-A01A-AD80148F3F0B} - System32\Tasks\Adobe Flash box Files Update Ver 2015919 => C:\ProgramData\uiksdl201591917\smartoa.exe [2015-09-19] (eyuwi)
Task: C:\Windows\Tasks\Adobe Flash box Files Update Ver 2015919.job => C:\ProgramData\uiksdl201591917\smartoa.exe/check_update C:\ProgramData\uiksdl201591917\Glenn-Home\Glenn6This task detect has update for box files.Ver
C:\ProgramData\uiksdl201591917
C:\ProgramData\aggciedcebii.dll
C:\IQIYI Video
C:\Program Files (x86)\RayDld
RemoveProxy:
EmptyTemp:
CMD: bitsadmin /reset /allusers


Save this as fixlist.txt, in the same location as FRST.exe
FRSTfix.JPG
Run FRST and press Fix
On completion a log will be generated please post that

THEN

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S0].txt as well.

  • 0

#3
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP