Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

URL:Mal svchost.exe (Avast! alert at internet connection)

Started by tingtingz , May 28 2015 08:12 PM
avast svchost.exe url:mal dll startup internet connection

  • This topic is locked This topic is locked

#1
tingtingz
Posted 28 May 2015 - 08:12 PM

tingtingz

    Member

  • Member
  • PipPip
  • 57 posts

Hi everyone,

I need help. Recently I got infected with a virus. I did a quick scan with avast and it detected and quarantined the virus, then I did a boot time scan which detected and quarantined more viruses.  I did a scan with malwarebytes anti-malware afterwards. It detected and clean up some PUPs. I realized i got snapdo and search.safefinder redirecting adware. I did a adwcleaner scan. It found more problems and it detected geekbuddy which I thought I got rid of it last time when I accidentally installed it onto my computer. I did a clean up with adwcleaner. Now I have avast alert pop up at startup and at least 10 times today on dll from reddie.net, bestdriverstar.net, and some other websites which I don't remember.  They all have

 
Infection: URL:Mal
Process: C:\Windows\System32\svchost.exe
 
I did a avast quick scan, a malwarebytes scan, and adwcleaner scan and nothing was detected. 
 
I have found and read a few other topics related to this and it seems that the solution is tailored to one specific machine.  I've been spending all day trying to solve this problem, can someone help me with my problem? I have attached a picture of one of the avast alerts I got today. Thank you.
 

 

 

Attached Thumbnails

  • avast alert svchost 5.28.15.JPG

  • 0

Advertisements

#2
zep516
Posted 28 May 2015 - 08:38 PM

zep516

    Trusted Helper

  • Malware Removal
  • 8,093 posts
Hi! My name is zep516 and Welcome to Geekstogo!
I'll do the best I can to resolve your computer issue
Please make sure to carefully read any instruction that I give you. If you're not sure, or if something unexpected happens, don't continue Stop and ask! Never be afraid to ask questions! :)

Everything gets download to the desktop and tools are "Run as administrator."

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

  • 0

#3
tingtingz
Posted 28 May 2015 - 10:55 PM

tingtingz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 57 posts
Hi zep516, 
 
I did the Farbar Recovery Scan and this is the FRST.txt content
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 27-05-2015 01
Ran by TingTing (administrator) on WINDOWS-I6D372C on 29-05-2015 00:46:38
Running from C:\Users\TingTing\Desktop
Loaded Profiles: TingTing (Available Profiles: TingTing)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\ProgramData\Application Hosting\Application Hosting.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Users\TingTing\AppData\Local\AutoSoftware\AutoSoftware.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Dell Inc.) C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\avastui.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVault.exe
() C:\Users\TingTing\AppData\Local\AutoSoftware\AutoSoftware_run.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\avastui.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\avastui.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7506648 2013-12-27] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1374424 2014-01-09] (Realtek Semiconductor)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [287592 2014-02-26] (Intel Corporation)
HKLM\...\Run: [QuickSet] => C:\Program Files\Dell\QuickSet\QuickSet.exe [5789512 2014-01-15] (Dell Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-02-13] (Apple Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-05-13] (Avast Software s.r.o.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3499896 2014-05-08] (Adobe Systems Inc.)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKU\S-1-5-21-688974935-4124263328-645016171-1001\...\Run: [TouchFreeze] => C:\Users\TingTing\AppData\Local\Programs\TouchFreeze\TouchFreeze.exe [40960 2012-07-24] ()
HKU\S-1-5-21-688974935-4124263328-645016171-1001\...\MountPoints2: D - "D:\SETUP.EXE" 
HKU\S-1-5-21-688974935-4124263328-645016171-1001\...\Winlogon: [Shell] - <==== ATTENTION 
IFEO\SppExtComObj.exe: [Debugger] C:\windows\SECOH-QAD.exe
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-04-22] (Avast Software s.r.o.)
ShellIconOverlayIdentifiers: [DBARFileBackuped] -> {831cebdd-6baf-4432-be76-9e0989c14aef} => C:\windows\system32\mscoree.dll [2013-08-22] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [DBARFileNotBackuped] -> {275e4fd7-21ef-45cf-a836-832e5d2cc1b3} => C:\windows\system32\mscoree.dll [2013-08-22] (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?trackid=sp-006
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = https://www.google.c...q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-688974935-4124263328-645016171-1001\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.c...q={searchTerms}
SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.c...q={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2015-03-31] (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-04-22] (Avast Software s.r.o.)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2015-04-14] (Microsoft Corporation)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23] (Adobe Systems Incorporated)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2015-03-31] (Microsoft Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-04-22] (Avast Software s.r.o.)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2015-04-14] (Microsoft Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2015-01-21] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF ProfilePath: C:\Users\TingTing\AppData\Roaming\Mozilla\Firefox\Profiles\pecg5pgj.default
FF DefaultSearchEngine: Google
FF DefaultSearchEngine.US: Google
FF NetworkProxy: "autoconfig_url", "resource://jid1-zv8ehywtdnutwq-at-jetpack/unblock-youku/data/proxy.pac"
FF NetworkProxy: "type", 2
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-14] ()
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2014-04-29] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-14] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-12-18] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-12-18] (Intel Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-03-31] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2014-05-08] (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-03-17] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2014-04-29] (Adobe Systems)
FF Plugin HKU\S-1-5-21-688974935-4124263328-645016171-1001: @citrixonline.com/appdetectorplugin -> C:\Users\TingTing\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-03-25] (Citrix Online)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-03-31] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-03-17] (Adobe Systems Inc.)
FF Extension: Unblock Youku - C:\Users\TingTing\AppData\Roaming\Mozilla\Firefox\Profiles\pecg5pgj.default\Extensions\[email protected] [2014-12-14]
FF Extension: Adblock Plus - C:\Users\TingTing\AppData\Roaming\Mozilla\Firefox\Profiles\pecg5pgj.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-12-19]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-12-09]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2015-03-02]
 
Chrome: 
=======
CHR Profile: C:\Users\TingTing\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Adblock Plus) - C:\Users\TingTing\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-05-27]
CHR Extension: (Bookmark Manager) - C:\Users\TingTing\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-05-27]
CHR Extension: (Avast Online Security) - C:\Users\TingTing\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-05-27]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\TingTing\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-05-27]
CHR Extension: (Google Wallet) - C:\Users\TingTing\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-05-27]
CHR Extension: (Unblock Youku) - C:\Users\TingTing\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdnfnkhpgegpcingjbfihlkjeighnddk [2015-05-27]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2014-05-08]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-04-22]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
R2 Application Hosting; C:\ProgramData\Application Hosting\Application Hosting.exe [34304 2015-04-14] () [File not signed]
R2 AutoSoftware; C:\Users\TingTing\AppData\Local\AutoSoftware\AutoSoftware.exe [85504 2015-04-26] () [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-04-22] (Avast Software s.r.o.)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4034896 2015-04-22] (Avast Software)
R3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-28] (Microsoft Corporation)
S2 CLKMSVC10_99E320F5; C:\Program Files (x86)\CyberLink\PowerDVD12\Common\NavFilter\kmsvc.exe [243464 2013-08-06] (CyberLink)
R2 DellDataVault; C:\Program Files\Dell\DellDataVault\DellDataVault.exe [2557136 2015-02-26] (Dell Inc.)
R2 DellDataVaultWiz; C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe [201936 2015-02-26] (Dell Inc.)
R2 DiagTrack; C:\Windows\system32\diagtrack.dll [1429504 2015-03-04] (Microsoft Corporation)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [16232 2014-02-26] (Intel Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [282096 2014-03-11] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-12-18] (Intel Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268192 2015-03-19] ()
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [253776 2013-07-29] (CyberLink)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [290520 2014-01-08] (Realtek Semiconductor)
R2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe [1915408 2013-10-17] (SoftThinks SAS)
R2 SupportAssistAgent; C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [19288 2015-04-10] (Dell Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-03] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-03] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3820960 2015-03-19] (Intel® Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 amdiommu; C:\Windows\System32\drivers\amdkiomd.sys [76800 2014-01-10] (Advanced Micro Devices, Inc.)
R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [36608 2013-12-12] (Advanced Micro Devices, Inc.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-04-22] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [89944 2015-04-22] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-04-22] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-04-22] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-04-22] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-04-22] (Avast Software s.r.o.)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [137288 2015-04-22] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [272248 2015-04-22] ()
R3 BthA2DP; C:\Windows\system32\drivers\BthA2DP.sys [132608 2015-01-29] (Microsoft Corporation)
R3 BthHFAud; C:\Windows\System32\drivers\BthHfAud.sys [32768 2014-10-08] (Microsoft Corporation)
R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [140600 2013-07-22] (Motorola Solutions, Inc.)
R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1408824 2013-10-18] (Motorola Solutions, Inc.)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink)
R3 DDDriver; C:\Windows\system32\drivers\DDDriver64Dcsa.sys [23760 2015-02-26] (Dell Computer Corporation)
R3 DellProf; C:\Windows\system32\drivers\DellProf.sys [23312 2015-02-26] (Dell Computer Corporation)
R3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [10752 2013-01-24] (OSR Open Systems Resources, Inc.)
R3 iaLPSS_GPIO; C:\Windows\System32\drivers\iaLPSS_GPIO.sys [24568 2013-10-03] (Intel Corporation)
R3 iaLPSS_I2C; C:\Windows\System32\drivers\iaLPSS_I2C.sys [99320 2013-10-03] (Intel Corporation)
R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [142280 2013-10-19] (Intel Corporation)
S3 iscFlash; C:\Users\TingTing\AppData\Local\Temp\7zS7BC5.tmp\iscflashx64.sys [60680 2013-07-30] (Insyde Software)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [64216 2015-04-14] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\System32\drivers\TeeDriverx64.sys [100824 2013-12-18] (Intel Corporation)
R3 NETwNb64; C:\Windows\system32\DRIVERS\Netwbw02.sys [3497240 2015-03-23] (Intel Corporation)
S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew02.sys [3667424 2013-10-14] (Intel Corporation)
R3 SynRMIHID; C:\Windows\system32\DRIVERS\SynRMIHID.sys [41200 2014-01-16] (Synaptics Incorporated)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [273824 2015-04-22] (Avast Software)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-03] (Microsoft Corporation)
S3 WinDivert1.1; C:\Program Files\KMSpico\WinDivert.sys [35376 2015-03-05] (Basil Projects)
R3 PCDSRVC{3B54B31B-D06B6431-06020200}_0; \??\c:\program files\dell\supportassist\pcdsrvc_x64.pkms [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-05-29 00:20 - 2015-05-29 00:46 - 00024122 _____ () C:\Users\TingTing\Desktop\FRST.txt
2015-05-29 00:20 - 2015-05-29 00:46 - 00000000 ____D () C:\FRST
2015-05-29 00:20 - 2015-05-29 00:21 - 00034615 _____ () C:\Users\TingTing\Desktop\Addition.txt
2015-05-29 00:18 - 2015-05-29 00:18 - 02108928 _____ (Farbar) C:\Users\TingTing\Desktop\FRST64.exe
2015-05-28 20:26 - 2015-05-28 20:26 - 00001838 _____ () C:\Users\TingTing\Downloads\fixlist (1).txt
2015-05-28 20:06 - 2015-05-28 20:06 - 00001145 _____ () C:\Users\TingTing\Downloads\fixlist.txt
2015-05-27 22:40 - 2015-05-28 09:48 - 00000000 ____D () C:\AdwCleaner
2015-05-27 22:40 - 2015-05-27 22:40 - 02223104 _____ () C:\Users\TingTing\Downloads\adwcleaner_4.205.exe
2015-05-27 04:01 - 2015-05-27 04:01 - 00010880 _____ () C:\Users\TingTing\Downloads\bread recipe 2.xlsx
2015-05-21 07:46 - 2015-05-21 07:46 - 00003886 _____ () C:\windows\System32\Tasks\Adobe Acrobat Update Task
2015-05-21 07:45 - 2015-05-21 07:45 - 00002457 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2015-05-16 07:11 - 2015-04-24 17:32 - 00036864 _____ (Microsoft Corporation) C:\windows\system32\UtcResources.dll
2015-05-16 07:11 - 2015-04-09 20:34 - 02256896 _____ (Microsoft Corporation) C:\windows\system32\dwmcore.dll
2015-05-16 07:11 - 2015-04-09 20:11 - 01943040 _____ (Microsoft Corporation) C:\windows\SysWOW64\dwmcore.dll
2015-05-16 07:11 - 2015-04-02 20:35 - 00445440 _____ (Microsoft Corporation) C:\windows\system32\PhotoMetadataHandler.dll
2015-05-16 07:11 - 2015-04-02 20:14 - 00364544 _____ (Microsoft Corporation) C:\windows\SysWOW64\PhotoMetadataHandler.dll
2015-05-16 07:11 - 2015-04-01 18:22 - 02985984 _____ (Microsoft Corporation) C:\windows\SysWOW64\dbgeng.dll
2015-05-16 07:11 - 2015-04-01 18:20 - 04417536 _____ (Microsoft Corporation) C:\windows\system32\dbgeng.dll
2015-05-16 07:11 - 2015-03-31 23:45 - 01491456 _____ (Microsoft Corporation) C:\windows\system32\dbghelp.dll
2015-05-16 07:11 - 2015-03-31 22:31 - 01207296 _____ (Microsoft Corporation) C:\windows\SysWOW64\dbghelp.dll
2015-05-16 07:11 - 2015-03-19 21:56 - 00080384 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ahcache.sys
2015-05-16 07:11 - 2015-03-17 13:26 - 00467776 _____ (Microsoft Corporation) C:\windows\system32\Drivers\USBHUB3.SYS
2015-05-16 07:11 - 2015-03-13 00:03 - 00239424 _____ (Microsoft Corporation) C:\windows\system32\Drivers\sdbus.sys
2015-05-16 07:11 - 2015-03-13 00:03 - 00154432 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dumpsd.sys
2015-05-16 07:11 - 2015-03-12 22:02 - 00316416 _____ (Microsoft Corporation) C:\windows\system32\Drivers\udfs.sys
2015-05-16 07:11 - 2015-03-12 21:11 - 02162176 _____ (Microsoft Corporation) C:\windows\system32\SRH.dll
2015-05-16 07:11 - 2015-03-12 20:39 - 01812992 _____ (Microsoft Corporation) C:\windows\SysWOW64\SRH.dll
2015-05-16 07:11 - 2015-03-12 20:29 - 00410017 _____ () C:\windows\system32\ApnDatabase.xml
2015-05-16 07:11 - 2015-03-10 21:49 - 00024576 _____ (Microsoft Corporation) C:\windows\system32\sdbinst.exe
2015-05-16 07:11 - 2015-03-10 21:09 - 00021504 _____ (Microsoft Corporation) C:\windows\SysWOW64\sdbinst.exe
2015-05-16 07:11 - 2015-03-08 22:02 - 00057856 _____ (Microsoft Corporation) C:\windows\system32\Drivers\bthhfenum.sys
2015-05-16 07:11 - 2015-03-05 23:08 - 02067968 _____ (Microsoft Corporation) C:\windows\system32\wpdshext.dll
2015-05-16 07:11 - 2015-03-05 22:47 - 01696256 _____ (Microsoft Corporation) C:\windows\system32\wevtsvc.dll
2015-05-16 07:11 - 2015-03-05 22:43 - 01969664 _____ (Microsoft Corporation) C:\windows\SysWOW64\wpdshext.dll
2015-05-16 07:11 - 2015-03-04 19:09 - 01429504 _____ (Microsoft Corporation) C:\windows\system32\diagtrack.dll
2015-05-16 07:11 - 2015-03-03 21:32 - 00172544 _____ (Microsoft Corporation) C:\windows\system32\Windows.UI.Input.Inking.dll
2015-05-16 07:11 - 2015-03-03 21:12 - 00141824 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.UI.Input.Inking.dll
2015-05-16 07:11 - 2015-02-17 19:19 - 00186368 _____ (Microsoft Corporation) C:\windows\system32\dpapisrv.dll
2015-05-16 07:11 - 2015-01-29 20:53 - 02819584 _____ (Microsoft Corporation) C:\windows\system32\SettingsHandlers.dll
2015-05-16 07:11 - 2014-11-14 02:58 - 00116736 _____ (Microsoft Corporation) C:\windows\system32\SystemSettingsDatabase.dll
2015-05-13 14:54 - 2015-04-30 16:35 - 00124112 _____ (Microsoft Corporation) C:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 14:54 - 2015-04-30 16:35 - 00102608 _____ (Microsoft Corporation) C:\windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 14:27 - 2015-04-30 19:05 - 00429568 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2015-05-13 14:27 - 2015-04-30 18:48 - 00358912 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2015-05-13 14:27 - 2015-04-21 13:14 - 24971776 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2015-05-13 14:27 - 2015-04-13 18:48 - 04180480 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2015-05-13 14:27 - 2015-04-09 21:00 - 01996800 _____ (Microsoft Corporation) C:\windows\system32\DWrite.dll
2015-05-13 14:27 - 2015-04-09 20:50 - 01387008 _____ (Microsoft Corporation) C:\windows\system32\FntCache.dll
2015-05-13 14:27 - 2015-04-09 20:26 - 01560576 _____ (Microsoft Corporation) C:\windows\SysWOW64\DWrite.dll
2015-05-13 14:26 - 2015-04-21 12:50 - 00584192 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2015-05-13 14:26 - 2015-04-21 12:50 - 00417792 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2015-05-13 14:26 - 2015-04-21 12:49 - 02885120 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2015-05-13 14:26 - 2015-04-21 12:37 - 00633856 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2015-05-13 14:26 - 2015-04-21 12:35 - 00816640 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2015-05-13 14:26 - 2015-04-21 12:31 - 06025728 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2015-05-13 14:26 - 2015-04-21 12:24 - 19691008 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2015-05-13 14:26 - 2015-04-21 12:13 - 00107520 _____ (Microsoft Corporation) C:\windows\system32\inseng.dll
2015-05-13 14:26 - 2015-04-21 12:11 - 00504320 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2015-05-13 14:26 - 2015-04-21 12:09 - 00341504 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec
2015-05-13 14:26 - 2015-04-21 12:08 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2015-05-13 14:26 - 2015-04-21 12:07 - 00145408 _____ (Microsoft Corporation) C:\windows\system32\iepeers.dll
2015-05-13 14:26 - 2015-04-21 12:05 - 00316928 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2015-05-13 14:26 - 2015-04-21 12:04 - 02278400 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2015-05-13 14:26 - 2015-04-21 11:59 - 01032704 _____ (Microsoft Corporation) C:\windows\system32\inetcomm.dll
2015-05-13 14:26 - 2015-04-21 11:58 - 00664576 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2015-05-13 14:26 - 2015-04-21 11:52 - 00262144 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll
2015-05-13 14:26 - 2015-04-21 11:49 - 00801280 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2015-05-13 14:26 - 2015-04-21 11:49 - 00720384 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2015-05-13 14:26 - 2015-04-21 11:49 - 00374272 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2015-05-13 14:26 - 2015-04-21 11:46 - 02125824 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2015-05-13 14:26 - 2015-04-21 11:40 - 14401536 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2015-05-13 14:26 - 2015-04-21 11:38 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2015-05-13 14:26 - 2015-04-21 11:37 - 00128000 _____ (Microsoft Corporation) C:\windows\SysWOW64\iepeers.dll
2015-05-13 14:26 - 2015-04-21 11:36 - 00285696 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2015-05-13 14:26 - 2015-04-21 11:32 - 00880128 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcomm.dll
2015-05-13 14:26 - 2015-04-21 11:31 - 04305920 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2015-05-13 14:26 - 2015-04-21 11:28 - 00230400 _____ (Microsoft Corporation) C:\windows\SysWOW64\webcheck.dll
2015-05-13 14:26 - 2015-04-21 11:27 - 02352128 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2015-05-13 14:26 - 2015-04-21 11:26 - 00688640 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2015-05-13 14:26 - 2015-04-21 11:26 - 00327168 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2015-05-13 14:26 - 2015-04-21 11:25 - 02052608 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2015-05-13 14:26 - 2015-04-21 11:17 - 12828672 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2015-05-13 14:26 - 2015-04-21 11:15 - 01547264 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2015-05-13 14:26 - 2015-04-21 11:03 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2015-05-13 14:26 - 2015-04-21 11:02 - 01882112 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2015-05-13 14:26 - 2015-04-21 10:58 - 01310208 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2015-05-13 14:26 - 2015-04-21 10:56 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2015-05-13 14:26 - 2015-04-08 18:55 - 00410128 _____ (Microsoft Corporation) C:\windows\system32\services.exe
2015-05-13 14:26 - 2015-03-30 01:47 - 00561928 _____ (Microsoft Corporation) C:\windows\system32\Drivers\cng.sys
2015-05-13 14:26 - 2015-03-26 23:27 - 00445440 _____ (Microsoft Corporation) C:\windows\system32\certcli.dll
2015-05-13 14:26 - 2015-03-26 22:50 - 00324096 _____ (Microsoft Corporation) C:\windows\SysWOW64\certcli.dll
2015-05-13 14:26 - 2015-03-26 22:48 - 01441792 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2015-05-02 22:07 - 2015-05-02 22:07 - 00000000 ____D () C:\ProgramData\Application Hosting
2015-05-02 00:24 - 2015-05-02 00:24 - 00010880 _____ () C:\Users\TingTing\Downloads\bread recipe.xlsx
2015-05-02 00:04 - 2015-05-02 00:04 - 00000046 _____ () C:\windows\wininit.ini
2015-05-01 23:32 - 2015-05-28 09:49 - 00136408 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-05-01 23:32 - 2015-05-01 23:32 - 00001116 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-05-01 23:32 - 2015-05-01 23:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-05-01 23:32 - 2015-05-01 23:32 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-05-01 23:32 - 2015-05-01 23:32 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-05-01 23:32 - 2015-04-14 09:38 - 00064216 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2015-05-01 23:32 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2015-05-01 23:32 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2015-05-01 23:31 - 2015-05-01 23:31 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\TingTing\Downloads\mbam-setup-2.1.6.1022.exe
2015-05-01 21:42 - 2015-05-01 21:43 - 00001655 _____ () C:\windows\SysWOW64\${LOGFILE}
2015-05-01 21:38 - 2015-05-01 21:38 - 00000064 _____ () C:\Users\TingTing\AppData\Local\a84c1b2170cd901cfeaf9562dd33930c
2015-05-01 21:37 - 2015-05-28 22:37 - 00000000 ____D () C:\Users\TingTing\AppData\Local\AutoSoftware
2015-05-01 21:37 - 2015-05-01 21:47 - 00000000 ____D () C:\ProgramData\Packer30b7928d-fa29-4f67-8190-502ead714b4c
2015-05-01 21:36 - 2015-05-01 21:36 - 00000000 ____D () C:\ProgramData\COMODO
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-05-29 00:46 - 2015-03-01 17:48 - 00000000 ____D () C:\Users\TingTing\AppData\Roaming\uTorrent
2015-05-29 00:39 - 2014-12-03 13:44 - 01114171 _____ () C:\windows\WindowsUpdate.log
2015-05-29 00:17 - 2014-12-09 12:36 - 00003966 _____ () C:\windows\System32\Tasks\User_Feed_Synchronization-{9A7551FE-9855-4686-A2BC-4B9D5579A332}
2015-05-29 00:14 - 2013-08-22 11:36 - 00000000 ____D () C:\windows\system32\sru
2015-05-29 00:14 - 2013-08-22 10:46 - 00234328 _____ () C:\windows\setupact.log
2015-05-28 23:05 - 2014-12-14 04:50 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2015-05-28 23:02 - 2015-02-09 10:52 - 00000938 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-28 08:41 - 2014-12-09 12:39 - 00003596 _____ () C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-688974935-4124263328-645016171-1001
2015-05-28 02:02 - 2015-02-09 10:52 - 00000934 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-27 23:42 - 2014-12-03 14:28 - 00000000 ____D () C:\Program Files (x86)\Dell Backup and Recovery
2015-05-27 23:41 - 2014-12-14 04:03 - 00000000 ___DO () C:\Users\TingTing\OneDrive
2015-05-27 23:37 - 2013-08-22 10:45 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2015-05-27 23:35 - 2015-02-09 10:54 - 00001308 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-05-27 23:35 - 2015-02-09 10:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-05-27 23:35 - 2014-12-14 04:36 - 00001075 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-05-27 23:35 - 2014-12-14 04:36 - 00001063 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-05-27 23:35 - 2014-12-09 12:33 - 00001192 _____ () C:\Users\TingTing\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-05-27 21:43 - 2015-03-25 16:00 - 00000000 ____D () C:\Users\TingTing\AppData\Local\Citrix
2015-05-27 20:24 - 2014-12-25 16:48 - 00000000 ___RD () C:\Users\TingTing\Desktop\Applications
2015-05-27 15:59 - 2014-12-03 15:39 - 00075818 _____ () C:\windows\PFRO.log
2015-05-27 13:40 - 2013-08-22 15:12 - 00000000 ____D () C:\windows\SKB
2015-05-27 13:40 - 2013-08-22 10:44 - 00493408 _____ () C:\windows\system32\FNTCACHE.DAT
2015-05-27 13:39 - 2013-08-22 09:25 - 00262144 ___SH () C:\windows\system32\config\BBI
2015-05-27 13:05 - 2014-12-09 12:44 - 00004182 _____ () C:\windows\System32\Tasks\avast! Emergency Update
2015-05-27 05:52 - 2014-12-03 13:54 - 00865408 _____ () C:\windows\system32\PerfStringBackup.INI
2015-05-22 14:03 - 2015-04-23 17:03 - 00000000 ____D () C:\ProgramData\SupportAssistAgent
2015-05-21 08:55 - 2014-12-14 04:45 - 00000000 ____D () C:\Users\TingTing\AppData\Local\Adobe
2015-05-21 07:45 - 2014-12-24 05:58 - 00000000 ____D () C:\Program Files (x86)\Adobe
2015-05-17 15:25 - 2013-08-22 11:36 - 00000000 ____D () C:\windows\AppReadiness
2015-05-17 04:57 - 2013-08-22 11:36 - 00000000 ____D () C:\windows\rescache
2015-05-17 01:36 - 2013-08-22 11:36 - 00000000 ___RD () C:\windows\ImmersiveControlPanel
2015-05-17 01:36 - 2013-08-22 11:20 - 00000000 ____D () C:\windows\CbsTemp
2015-05-17 01:35 - 2014-12-12 15:02 - 00000000 ____D () C:\windows\system32\MRT
2015-05-17 01:31 - 2014-12-12 15:02 - 140425016 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2015-05-16 01:57 - 2015-02-09 10:52 - 00003910 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-05-16 01:57 - 2015-02-09 10:52 - 00003674 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-05-15 16:17 - 2014-12-14 04:35 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-05-14 13:16 - 2015-03-03 02:32 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-05-14 13:14 - 2015-03-03 02:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-05-14 13:14 - 2013-08-22 09:36 - 00000000 ____D () C:\windows\system32\AdvancedInstallers
2015-05-14 13:14 - 2013-08-22 09:25 - 00000269 _____ () C:\windows\win.ini
2015-05-13 14:50 - 2013-08-22 15:12 - 00000000 ____D () C:\Program Files\Windows Journal
2015-05-05 13:59 - 2015-03-13 16:44 - 00792568 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2015-05-05 13:59 - 2015-03-13 16:44 - 00178168 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-05-01 23:53 - 2013-08-22 11:36 - 00000000 ____D () C:\windows\ADFS
2015-05-01 21:13 - 2015-03-03 02:43 - 00000000 ____D () C:\Program Files\KMSpico
 
==================== Files in the root of some directories =======
 
2015-05-01 21:38 - 2015-05-01 21:38 - 0000064 _____ () C:\Users\TingTing\AppData\Local\a84c1b2170cd901cfeaf9562dd33930c
2015-03-25 16:17 - 2015-04-23 17:05 - 6729688 _____ (Dell                                                        ) C:\ProgramData\Dell Click 2 Fix-64-bit-V2546.exe
2014-12-03 15:42 - 2014-12-03 15:42 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2014-12-03 14:26 - 2014-12-03 14:27 - 0000121 _____ () C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log
2014-12-03 14:21 - 2014-12-03 14:22 - 0000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log
2014-12-03 14:22 - 2014-12-03 14:24 - 0000111 _____ () C:\ProgramData\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}.log
2014-12-03 14:24 - 2014-12-03 14:26 - 0000108 _____ () C:\ProgramData\{B46BEA36-0B71-4A4E-AE41-87241643FA0A}.log
2014-12-03 14:20 - 2014-12-03 14:21 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
 
Files to move or delete:
====================
C:\ProgramData\Dell Click 2 Fix-64-bit-V2546.exe
 
 
Some files in TEMP:
====================
C:\Users\TingTing\AppData\Local\Temp\ade.exe
C:\Users\TingTing\AppData\Local\Temp\ose00000.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-05-22 19:03
 
==================== End of log ============================
 
and the Addition.txt content
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-05-2015 01
Ran by TingTing at 2015-05-29 00:47:02
Running from C:\Users\TingTing\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-688974935-4124263328-645016171-500 - Administrator - Disabled)
Guest (S-1-5-21-688974935-4124263328-645016171-501 - Limited - Disabled)
TingTing (S-1-5-21-688974935-4124263328-645016171-1001 - Administrator - Enabled) => C:\Users\TingTing
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
7-Zip 9.38 beta (HKLM-x32\...\7-Zip) (Version:  - )
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.007.20033 - Adobe Systems Incorporated)
Adobe Acrobat XI Pro (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.07 - Adobe Systems)
Adobe Digital Editions 4.0 (HKLM-x32\...\Adobe Digital Editions 4.0) (Version: 4.0.3 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Apple Application Support (32-bit) (HKLM-x32\...\{447CDCE5-F555-429B-BFA6-642C3C6D684F}) (Version: 3.1.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{0DF7096B-715A-4233-8633-C7A16ED6D616}) (Version: 3.1.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.2.2218 - AVAST Software)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
calibre (HKLM-x32\...\{8FAFEF8C-295D-4D71-95FC-91D9B7D75F3E}) (Version: 2.13.0 - Kovid Goyal)
CyberLink Media Suite Essentials (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.)
Dell Backup and Recovery - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 1.6.1.2 - Dell Inc.)
Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.6.1.2 - Dell Inc.)
Dell Data Vault (Version: 4.2.2.0 - Dell Inc.) Hidden
Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.0.6584.81 - Dell)
Dell SupportAssistAgent (HKLM-x32\...\{287348C8-8B47-4C36-AF28-441A3B7D8722}) (Version: 1.0.3.60494 - Dell)
Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 18.0.5.4 - Synaptics Incorporated)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.81 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
Intel® Driver Update Utility 2.0 (x32 Version: 2.0.0.29 - Intel) Hidden
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.22.1760 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3496 - Intel Corporation)
Intel® PROSet/Wireless Software for Bluetooth® Technology(patch version 3.0.1342.2) (HKLM\...\{302600C1-6BDF-4FD1-1311-148929CC1385}) (Version: 3.1.1311.0402 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 13.0.0.1098 - Intel Corporation)
Intel® Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 1.1.165.1 - Intel Corporation)
Intel® Driver Update Utility (HKLM-x32\...\{8409c4f7-2340-4933-a304-5d37db4fb48b}) (Version: 2.0.0.29 - Intel)
Intel® PROSet/Wireless Software (HKLM-x32\...\{6535d76a-59fb-4935-b2c5-cd61917c4a4b}) (Version: 17.16.0 - Intel Corporation)
iTunes (HKLM\...\{D227565A-0033-40AD-89BA-653A205CDC11}) (Version: 12.1.1.4 - Apple Inc.)
Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUSR) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 37.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 37.0.2 (x86 en-US)) (Version: 37.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 34.0.5 - Mozilla)
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 10.16.007 - Dell Inc.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9600.39054 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7152 - Realtek Semiconductor Corp.)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version:  - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version:  - Microsoft) Hidden
TouchFreeze (HKLM-x32\...\{9C9744E5-2BB7-4042-BD1C-8A339480A08C}) (Version: 1.1.0 - Ivan Zhakov)
Update for Japanese Microsoft IME Postal Code Dictionary (HKLM-x32\...\{15015752-9990-4516-A2B1-93823281FB8E}) (Version: 15.0.1759 - Microsoft Corporation)
Update for Japanese Microsoft IME Standard Dictionary (HKLM-x32\...\{7DB71278-9AD7-4480-AB08-8649C5010B17}) (Version: 15.0.1215 - Microsoft Corporation)
Update for Japanese Microsoft IME Standard Extended Dictionary (HKLM-x32\...\{78CE66A9-85AF-4BD8-8FB7-35B5F3846C00}) (Version: 15.0.1215 - Microsoft Corporation)
Update for Skype for Business 2015 (KB2889853) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUSR_{40930C8E-A677-414C-A72F-DFDEB10738FB}) (Version:  - Microsoft)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-688974935-4124263328-645016171-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\windows\system32\igfxEM.exe (Intel Corporation)
 
==================== Restore Points =========================
 
09-05-2015 23:16:28 Scheduled Checkpoint
13-05-2015 14:49:09 Windows Update
17-05-2015 01:28:34 Windows Update
25-05-2015 01:10:44 Scheduled Checkpoint
27-05-2015 21:41:11 Removed Adobe Acrobat Reader DC.
27-05-2015 21:42:55 Removed Citrix Online Launcher
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 09:25 - 2011-01-12 18:45 - 00000734 ____N C:\windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {07E7B0A6-BDCF-404D-ACB3-40B2E933ACB5} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {1732AA69-2928-4EBA-899C-516A81AA3506} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {40397964-617D-42C6-839F-792B3E6A93BD} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-03-07] (Adobe Systems Incorporated)
Task: {5A66E741-8261-43C5-8027-1CB7AD0D4734} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2014-01-16] (Synaptics Incorporated)
Task: {6E92995C-D2EA-47AD-9D35-786C57AF3ECF} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2013-03-22] (CyberLink Corp.)
Task: {7AEECEB7-CFC7-469B-AA7A-95B5D8C16ACB} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-23] (Microsoft Corporation)
Task: {8043AA23-1A9E-4049-A533-61F3176589FD} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Dell\SupportAssist\sessionchecker.exe [2015-03-20] (PC-Doctor, Inc.)
Task: {80479E36-6C4B-4054-BD2B-3F1DCF28E2E5} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-04-22] (Avast Software s.r.o.)
Task: {A43D367F-FAEB-41A7-9D5C-27C880684A85} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-02-09] (Google Inc.)
Task: {A6C80B7D-86D1-46D4-8D79-F36C8AE68999} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {AEE99547-62D3-471C-AE1E-12C94F8054D8} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2013-03-04] (CyberLink)
Task: {AF2383D5-2882-4C26-A951-8A90D512C0D5} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssist.exe [2015-04-10] (Dell Inc.)
Task: {B8EE77C1-976E-4C71-AF59-EB2AC83F615D} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-23] (Microsoft Corporation)
Task: {BB3B081F-73AD-4AE7-A3B5-55E7C9465B3C} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-14] (Adobe Systems Incorporated)
Task: {D79D8FEB-6D02-484A-9471-4EF13929D273} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell\SupportAssist\uaclauncher.exe [2015-03-20] (PC-Doctor, Inc.)
Task: {DB5DA84F-0712-4055-9BF5-73555DFF44A0} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-23] (Microsoft Corporation)
Task: {E0863476-E5EA-4CC8-9D9B-5B3C0DB09576} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-23] (Microsoft Corporation)
Task: {EF43AF7F-5E29-457A-BBF5-D18F7D16EC5A} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {FCD881F4-F2B4-40F7-A2B8-E9E30E8D3978} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-02-09] (Google Inc.)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-02-13 04:20 - 2015-02-13 04:20 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-02-13 04:20 - 2015-02-13 04:20 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-04-14 10:55 - 2015-04-14 10:55 - 00034304 _____ () C:\ProgramData\Application Hosting\Application Hosting.exe
2015-03-18 14:08 - 2015-03-18 14:08 - 08898720 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2014-12-03 14:28 - 2013-08-19 12:21 - 00020256 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIcon.dll
2014-12-03 14:28 - 2013-08-19 12:21 - 00019232 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayNotBackuped.dll
2014-12-03 14:28 - 2013-08-19 12:21 - 00035104 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRShellExtension.dll
2015-04-26 14:06 - 2015-04-26 14:06 - 00085504 _____ () C:\Users\TingTing\AppData\Local\AutoSoftware\AutoSoftware.exe
2015-04-26 14:06 - 2015-04-26 14:06 - 01051136 _____ () C:\Users\TingTing\AppData\Local\AutoSoftware\AutoSoftware_run.exe
2015-04-22 13:22 - 2015-04-22 13:22 - 00104400 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-04-22 13:22 - 2015-04-22 13:22 - 00081728 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-05-27 16:00 - 2015-05-27 16:00 - 02951168 _____ () C:\Program Files\AVAST Software\Avast\defs\15052701\algo.dll
2015-05-28 17:44 - 2015-05-28 17:44 - 02950656 _____ () C:\Program Files\AVAST Software\Avast\defs\15052801\algo.dll
2014-12-03 14:21 - 2013-03-04 23:40 - 00626240 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2013-03-05 13:41 - 2013-03-05 13:41 - 00015424 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2015-04-22 13:22 - 2015-04-22 13:22 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2015-03-25 16:28 - 2013-12-18 11:53 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2015-04-26 14:06 - 2015-04-26 14:06 - 02199552 _____ () C:\Users\TingTing\AppData\Local\AutoSoftware\AutoSoftware_run.dll
2015-04-26 14:06 - 2015-04-26 14:06 - 01880576 _____ () C:\Users\TingTing\AppData\Local\AutoSoftware\xmcgobp.dll
2015-03-18 14:08 - 2015-03-18 14:08 - 08898720 _____ () C:\Program Files (x86)\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2015-05-25 16:02 - 2015-05-22 16:22 - 01281864 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\libglesv2.dll
2015-05-25 16:02 - 2015-05-22 16:22 - 00080712 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\libegl.dll
2015-04-22 13:22 - 2015-04-22 13:22 - 00985600 _____ () C:\Program Files\AVAST Software\Avast\ffmpegsumo.dll
2015-05-25 16:02 - 2015-05-22 16:22 - 14982472 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Users\TingTing\OneDrive:ms-properties
AlternateDataStreams: C:\Users\TingTing\SkyDrive:ms-properties
 
==================== Safe Mode (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tammgF119.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tammgR119.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Click 2 Fix => "DisplayName"="Dell"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Click 2 Fix => "ErrorControl"="1"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Click 2 Fix => "ImagePath"="C:\Program Files\Dell\Click 2 Fix\srvc.exe"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Click 2 Fix => "ObjectName"="LocalSystem"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Click 2 Fix => "Start"="2"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Click 2 Fix => "Type"="272"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Click 2 Fix\Parameters => "Application"="C:\Program Files\Dell\Click 2 Fix\srvc.exe"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Click 2 Fix\Parameters => "AppParameters"=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\tammgF119.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\tammgR119.sys => ""="Driver"
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-688974935-4124263328-645016171-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\TingTing\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.1.1
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
HKLM\...\StartupApproved\Run: => "BTMTrayAgent"
HKLM\...\StartupApproved\Run: => "IAStorIcon"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "Acrobat Assistant 8.0"
HKLM\...\StartupApproved\Run32: => "tvncontrol"
HKU\S-1-5-21-688974935-4124263328-645016171-1001\...\StartupApproved\Run: => "TouchFreeze"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{49D90B04-64A3-41F6-A70F-ED16FF3D6CA4}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{B68D3207-EC40-4C54-8C3B-718AE104F278}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD Cinema\PowerDVDCinema12.exe
FirewallRules: [{BBCB6CD5-3509-42A8-9918-62BEE4209C94}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{1FE8FD99-83E6-4129-8773-5F20E308FAC0}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{C4367F37-E76B-4941-8FC0-FC5CEED10BE8}C:\users\tingting\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\tingting\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [UDP Query User{6638E8B8-1036-4031-8B6F-650CAB70D1FD}C:\users\tingting\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\tingting\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [{E31E9C85-873F-4D0C-83CE-FA94AA349B3D}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{4089887D-33B8-4A2A-8A3C-C0F228BDBCDE}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{F9BFF5F3-7122-4FF1-9CE1-AD76D141061A}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{104D209A-8D3D-4132-9978-9CA7743B80F2}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{66D9F0F6-5B44-4AE3-9356-9FD6DC569137}] => (Allow) C:\Program Files\KMSpico\KMSELDI.exe
FirewallRules: [{918F0954-EF53-41E1-80D8-BC191F503554}] => (Allow) C:\Program Files\KMSpico\KMSELDI.exe
FirewallRules: [{3365E313-F777-4D3B-92D8-B773B06CCEA2}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe
FirewallRules: [{14911F85-0667-43A1-B2AC-CA0D753C5F4D}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe
FirewallRules: [{128ED563-81CA-4D5A-9971-C1A52344CAD6}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe
FirewallRules: [{579169CA-1A02-42C2-A6B1-A778A062BD09}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe
FirewallRules: [{C6EBBC06-0FF3-4385-84EB-0B5C7AE47C5F}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe
FirewallRules: [{069961A5-E98B-41EF-AC0A-A45D2AE599C3}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe
FirewallRules: [{B13A5F35-12DA-4A0F-B000-208E6A10DE80}] => (Allow) LPort=1689
FirewallRules: [{0B0F34E3-5368-4608-BD47-EF1D1A093D52}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{0EF7C036-CDF7-44C6-B577-B03AF114B31A}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{18F36E45-D382-49E5-A899-5AA417770778}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{D4ED90D7-9406-4B73-9EFF-EF740F6B22DF}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{A225725C-6A86-4C0D-B265-D32A4D01356B}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{CCF4BF3D-EA49-430B-B200-EFF8C96F5837}] => (Allow) LPort=1688
FirewallRules: [{EF2716B0-FD60-4384-9B9B-E6819DBFEBE0}] => (Allow) C:\windows\downloader.exe
FirewallRules: [TCP Query User{74B7F942-FBE0-4230-93F8-476DD1E2C9AD}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{553C75ED-F846-4462-B18D-B0782772C64C}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{EE73FA8D-0F78-4ECD-8CA6-E3C405693C55}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{596394CF-E688-4869-8F41-295DE88F084E}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{693B36B2-FF91-457B-AD50-2C1B467BFCAF}] => (Allow) C:\windows\downloader.exe
FirewallRules: [{956A7DE6-C628-4A4C-8DDE-0150522EEB5F}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{BB9A24F5-E4C6-482A-89F2-FA451F2B89DA}] => (Allow) C:\ProgramData\websmartapp\1.1.0.30\gijgavyp.exe
FirewallRules: [{CAFD43F2-4053-4048-90A2-0448991B373F}] => (Allow) C:\ProgramData\websmartapp\1.1.0.30\gijgavyp.exe
FirewallRules: [{6CE5BFD5-7B2E-4859-BB5B-B41D4E49A276}] => (Allow) C:\ProgramData\websmartapp\1.1.0.30\gijgavyp.exe
FirewallRules: [{FDFC6FE5-E902-42F1-A13E-5A15233D5AF7}] => (Allow) C:\ProgramData\websmartapp\1.1.0.30\gijgavyp.exe
FirewallRules: [{E6313E42-4BC9-4ABB-BA8B-9C226486F813}] => (Allow) C:\ProgramData\websmartapp\1.1.0.30\gijgavyp.exe
FirewallRules: [{E7B49B3B-EA8F-42B4-810D-1D1CA48E84CD}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (05/29/2015 00:14:11 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005
 
Error: (05/28/2015 09:56:20 PM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: NT AUTHORITY)
Description: There was an error with the Windows Location Provider database
 
Error: (05/28/2015 01:34:55 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 14219
 
Error: (05/28/2015 01:34:55 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 14219
 
Error: (05/28/2015 01:34:55 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (05/28/2015 00:38:34 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AutoSoftware_run.exe, version: 4.0.0.0, time stamp: 0x5511492e
Faulting module name: MSVCR100.dll, version: 10.0.30319.1, time stamp: 0x4ba1dbbe
Exception code: 0x40000015
Fault offset: 0x0008d635
Faulting process id: 0x1f0
Faulting application start time: 0xAutoSoftware_run.exe0
Faulting application path: AutoSoftware_run.exe1
Faulting module path: AutoSoftware_run.exe2
Report Id: AutoSoftware_run.exe3
Faulting package full name: AutoSoftware_run.exe4
Faulting package-relative application ID: AutoSoftware_run.exe5
 
Error: (05/27/2015 11:38:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AutoSoftware_run.exe, version: 4.0.0.0, time stamp: 0x5511492e
Faulting module name: wi.dll_unloaded, version: 0.0.0.0, time stamp: 0x552a1bf0
Exception code: 0xc0000005
Fault offset: 0x00084878
Faulting process id: 0xa78
Faulting application start time: 0xAutoSoftware_run.exe0
Faulting application path: AutoSoftware_run.exe1
Faulting module path: AutoSoftware_run.exe2
Report Id: AutoSoftware_run.exe3
Faulting package full name: AutoSoftware_run.exe4
Faulting package-relative application ID: AutoSoftware_run.exe5
 
Error: (05/27/2015 07:46:16 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AvastUI.exe, version: 10.2.2218.944, time stamp: 0x554a2516
Faulting module name: MSVCR110.dll, version: 11.0.51106.1, time stamp: 0x5098858e
Exception code: 0xc0000005
Fault offset: 0x000820c8
Faulting process id: 0x4a0
Faulting application start time: 0xAvastUI.exe0
Faulting application path: AvastUI.exe1
Faulting module path: AvastUI.exe2
Report Id: AvastUI.exe3
Faulting package full name: AvastUI.exe4
Faulting package-relative application ID: AvastUI.exe5
 
Error: (05/27/2015 04:00:15 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AutoSoftware_run.exe, version: 4.0.0.0, time stamp: 0x5511492e
Faulting module name: wi.dll_unloaded, version: 0.0.0.0, time stamp: 0x552a1bf0
Exception code: 0xc0000005
Fault offset: 0x00084878
Faulting process id: 0x784
Faulting application start time: 0xAutoSoftware_run.exe0
Faulting application path: AutoSoftware_run.exe1
Faulting module path: AutoSoftware_run.exe2
Report Id: AutoSoftware_run.exe3
Faulting package full name: AutoSoftware_run.exe4
Faulting package-relative application ID: AutoSoftware_run.exe5
 
Error: (05/27/2015 01:30:28 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LiveComm.exe version 17.5.9600.20856 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 1a18
 
Start Time: 01d098a2166bf14d
 
Termination Time: 4294967295
 
Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe\LiveComm.exe
 
Report Id: 0a929c46-0496-11e5-8276-a08869820531
 
Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe
 
Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1
 
 
System errors:
=============
Error: (05/27/2015 11:38:08 PM) (Source: DCOM) (EventID: 10016) (User: WINDOWS-I6D372C)
Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}WINDOWS-I6D372CTingTingS-1-5-21-688974935-4124263328-645016171-1001LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (05/27/2015 11:38:08 PM) (Source: DCOM) (EventID: 10016) (User: WINDOWS-I6D372C)
Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}WINDOWS-I6D372CTingTingS-1-5-21-688974935-4124263328-645016171-1001LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (05/27/2015 11:38:08 PM) (Source: DCOM) (EventID: 10016) (User: WINDOWS-I6D372C)
Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}WINDOWS-I6D372CTingTingS-1-5-21-688974935-4124263328-645016171-1001LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (05/27/2015 11:38:08 PM) (Source: DCOM) (EventID: 10016) (User: WINDOWS-I6D372C)
Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}WINDOWS-I6D372CTingTingS-1-5-21-688974935-4124263328-645016171-1001LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (05/27/2015 11:38:07 PM) (Source: DCOM) (EventID: 10016) (User: WINDOWS-I6D372C)
Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}WINDOWS-I6D372CTingTingS-1-5-21-688974935-4124263328-645016171-1001LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (05/27/2015 11:38:06 PM) (Source: DCOM) (EventID: 10016) (User: WINDOWS-I6D372C)
Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}WINDOWS-I6D372CTingTingS-1-5-21-688974935-4124263328-645016171-1001LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (05/27/2015 11:36:34 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.
 
Module Path: C:\windows\System32\IWMSSvc.dll
 
Error: (05/27/2015 11:36:34 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.
 
Module Path: C:\windows\System32\IWMSSvc.dll
 
Error: (05/27/2015 11:36:30 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.
 
Module Path: C:\windows\System32\IWMSSvc.dll
 
Error: (05/27/2015 11:36:29 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error: 
%%1056
 
 
Microsoft Office:
=========================
Error: (05/29/2015 00:14:11 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005
 
Error: (05/28/2015 09:56:20 PM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: NT AUTHORITY)
Description: -2147024883
 
Error: (05/28/2015 01:34:55 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 14219
 
Error: (05/28/2015 01:34:55 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 14219
 
Error: (05/28/2015 01:34:55 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (05/28/2015 00:38:34 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: AutoSoftware_run.exe4.0.0.05511492eMSVCR100.dll10.0.30319.14ba1dbbe400000150008d6351f001d09900262896b7C:\Users\TingTing\AppData\Local\AutoSoftware\AutoSoftware_run.exeC:\Users\TingTing\AppData\Local\AutoSoftware\MSVCR100.dll65743269-04f3-11e5-827c-a08869820531
 
Error: (05/27/2015 11:38:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: AutoSoftware_run.exe4.0.0.05511492ewi.dll_unloaded0.0.0.0552a1bf0c000000500084878a7801d098f7a09a198fC:\Users\TingTing\AppData\Local\AutoSoftware\AutoSoftware_run.exewi.dllf02c3ac9-04ea-11e5-827c-a08869820531
 
Error: (05/27/2015 07:46:16 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: AvastUI.exe10.2.2218.944554a2516MSVCR110.dll11.0.51106.15098858ec0000005000820c84a001d098d6dea77ca4C:\Program Files\AVAST Software\Avast\AvastUI.exeC:\windows\WinSxS\x86_avast.vc110.crt_2036b14a11e83e4a_11.0.60610.1_none_1d37a43bbfe1dc9c\MSVCR110.dll90907b52-04ca-11e5-8279-a0886982052d
 
Error: (05/27/2015 04:00:15 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: AutoSoftware_run.exe4.0.0.05511492ewi.dll_unloaded0.0.0.0552a1bf0c00000050008487878401d098b7addb0971C:\Users\TingTing\AppData\Local\AutoSoftware\AutoSoftware_run.exewi.dllfd4e9e4b-04aa-11e5-8278-a08869820531
 
Error: (05/27/2015 01:30:28 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.208561a1801d098a2166bf14d4294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe\LiveComm.exe0a929c46-0496-11e5-8276-a08869820531microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-4210U CPU @ 1.70GHz
Percentage of memory in use: 31%
Total physical RAM: 12168.96 MB
Available physical RAM: 8320.92 MB
Total Pagefile: 14024.96 MB
Available Pagefile: 8834.59 MB
Total Virtual: 131072 MB
Available Virtual: 131071.8 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:921.48 GB) (Free:834.2 GB) NTFS
Drive d: (15.0.4420.1017) (CDROM) (Total:0.75 GB) (Free:0 GB) UDF
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 05FA846C)
 
Partition: GPT Partition Type.
 
==================== End of log ============================

  • 0

#4
zep516
Posted 29 May 2015 - 04:52 PM

zep516

    Trusted Helper

  • Malware Removal
  • 8,093 posts
Hello tingtingz,

Just got to look at this, need a bit more time. Be with you as soon as possible.

Thanks
Joe :)
  • 0

#5
zep516
Posted 29 May 2015 - 06:05 PM

zep516

    Trusted Helper

  • Malware Removal
  • 8,093 posts
Hello,

A few items to fix

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Open notepad (Start =>All Programs => Accessories => Notepad).
Copy/Paste the contents of the code box below into Notepad.

start
CloseProcesses:
CreateRestorePoint:
HKLM-x32\...\Run: [] => [X]
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKU\S-1-5-21-688974935-4124263328-645016171-1001\...\Winlogon: [Shell] - <==== ATTENTION 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
C:\ProgramData\Dell Click 2 Fix-64-bit-V2546.exe
AlternateDataStreams: C:\Users\TingTing\OneDrive:ms-properties
AlternateDataStreams: C:\Users\TingTing\SkyDrive:ms-properties
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tammgF119.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tammgR119.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Click 2 Fix => "DisplayName"="Dell"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Click 2 Fix => "ErrorControl"="1"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Click 2 Fix => "ImagePath"="C:\Program Files\Dell\Click 2 Fix\srvc.exe"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Click 2 Fix => "ObjectName"="LocalSystem"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Click 2 Fix => "Start"="2"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Click 2 Fix => "Type"="272"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Click 2 Fix\Parameters => "Application"="C:\Program Files\Dell\Click 2 Fix\srvc.exe"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Click 2 Fix\Parameters => "AppParameters"=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\tammgF119.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\tammgR119.sys => ""="Driver"
FirewallRules: [{BB9A24F5-E4C6-482A-89F2-FA451F2B89DA}] => (Allow) C:\ProgramData\websmartapp\1.1.0.30\gijgavyp.exe
FirewallRules: [{CAFD43F2-4053-4048-90A2-0448991B373F}] => (Allow) C:\ProgramData\websmartapp\1.1.0.30\gijgavyp.exe
FirewallRules: [{6CE5BFD5-7B2E-4859-BB5B-B41D4E49A276}] => (Allow) C:\ProgramData\websmartapp\1.1.0.30\gijgavyp.exe
FirewallRules: [{FDFC6FE5-E902-42F1-A13E-5A15233D5AF7}] => (Allow) C:\ProgramData\websmartapp\1.1.0.30\gijgavyp.exe
FirewallRules: [{E6313E42-4BC9-4ABB-BA8B-9C226486F813}] => (Allow) C:\ProgramData\websmartapp\1.1.0.30\gijgavyp.exe
C:\ProgramData\websmartapp
CMD: bitsadmin /reset /allusers
CMD: ipconfig /flushdns
Emptytemp:
Click Format and ensure Wordwrap is unchecked.
Save as Fixlist.txt to your Desktop (Must be in this location)
Run FRST/FRST64 and press the Fix button just once and wait.
If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

Note: If the tool warns you about the version you're using being an outdated version please download and run the updated version.

Please post the fixlog.txt found on the desktop.
  • 0

#6
tingtingz
Posted 29 May 2015 - 09:38 PM

tingtingz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 57 posts
Hi Joe,
 
I did the fix and now I don't have the alerts coming up anymore. Thanks a lot. Here is the Fixlog.txt.
 
Fix result of Farbar Recovery Scan Tool (x64) Version: 27-05-2015 01
Ran by TingTing at 2015-05-29 23:18:53 Run:1
Running from C:\Users\TingTing\Desktop
Loaded Profiles: TingTing (Available Profiles: TingTing)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
start
CloseProcesses:
CreateRestorePoint:
HKLM-x32\...\Run: [] => [X]
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKU\S-1-5-21-688974935-4124263328-645016171-1001\...\Winlogon: [Shell] - <==== ATTENTION 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
C:\ProgramData\Dell Click 2 Fix-64-bit-V2546.exe
AlternateDataStreams: C:\Users\TingTing\OneDrive:ms-properties
AlternateDataStreams: C:\Users\TingTing\SkyDrive:ms-properties
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tammgF119.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tammgR119.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Click 2 Fix => "DisplayName"="Dell"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Click 2 Fix => "ErrorControl"="1"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Click 2 Fix => "ImagePath"="C:\Program Files\Dell\Click 2 Fix\srvc.exe"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Click 2 Fix => "ObjectName"="LocalSystem"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Click 2 Fix => "Start"="2"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Click 2 Fix => "Type"="272"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Click 2 Fix\Parameters => "Application"="C:\Program Files\Dell\Click 2 Fix\srvc.exe"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Click 2 Fix\Parameters => "AppParameters"=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\tammgF119.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\tammgR119.sys => ""="Driver"
FirewallRules: [{BB9A24F5-E4C6-482A-89F2-FA451F2B89DA}] => (Allow) C:\ProgramData\websmartapp\1.1.0.30\gijgavyp.exe
FirewallRules: [{CAFD43F2-4053-4048-90A2-0448991B373F}] => (Allow) C:\ProgramData\websmartapp\1.1.0.30\gijgavyp.exe
FirewallRules: [{6CE5BFD5-7B2E-4859-BB5B-B41D4E49A276}] => (Allow) C:\ProgramData\websmartapp\1.1.0.30\gijgavyp.exe
FirewallRules: [{FDFC6FE5-E902-42F1-A13E-5A15233D5AF7}] => (Allow) C:\ProgramData\websmartapp\1.1.0.30\gijgavyp.exe
FirewallRules: [{E6313E42-4BC9-4ABB-BA8B-9C226486F813}] => (Allow) C:\ProgramData\websmartapp\1.1.0.30\gijgavyp.exe
C:\ProgramData\websmartapp
CMD: bitsadmin /reset /allusers
CMD: ipconfig /flushdns
Emptytemp:
*****************
 
Processes closed successfully.
Restore point was successfully created.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value Removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui" => key Removed successfully
HKU\S-1-5-21-688974935-4124263328-645016171-1001\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => value Removed successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value Removed successfully
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value Removed successfully
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value Removed successfully
C:\ProgramData\Dell Click 2 Fix-64-bit-V2546.exe => Moved successfully.
C:\Users\TingTing\OneDrive => ":ms-properties" ADS Removed successfully.
"C:\Users\TingTing\SkyDrive" => ":ms-properties" ADS not found.
"HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc" => key Removed successfully
"HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\tammgF119.sys" => key Removed successfully
"HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\tammgR119.sys" => key Removed successfully
"HKLM\System\CurrentControlSet\Control\SafeBoot\Network\Dell Click 2 Fix" => key Removed successfully
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\Dell Click 2 Fix => key not found. 
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\Dell Click 2 Fix => key not found. 
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\Dell Click 2 Fix => key not found. 
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\Dell Click 2 Fix => key not found. 
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\Dell Click 2 Fix => key not found. 
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\Dell Click 2 Fix\Parameters => key not found. 
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\Dell Click 2 Fix\Parameters => key not found. 
"HKLM\System\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc" => key Removed successfully
"HKLM\System\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc" => key Removed successfully
"HKLM\System\CurrentControlSet\Control\SafeBoot\Network\tammgF119.sys" => key Removed successfully
"HKLM\System\CurrentControlSet\Control\SafeBoot\Network\tammgR119.sys" => key Removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{BB9A24F5-E4C6-482A-89F2-FA451F2B89DA} => value Removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{CAFD43F2-4053-4048-90A2-0448991B373F} => value Removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{6CE5BFD5-7B2E-4859-BB5B-B41D4E49A276} => value Removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{FDFC6FE5-E902-42F1-A13E-5A15233D5AF7} => value Removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E6313E42-4BC9-4ABB-BA8B-9C226486F813} => value Removed successfully
"C:\ProgramData\websmartapp" => File/Folder not found.
 
=========  bitsadmin /reset /allusers =========
 
 
BITSADMIN version 3.0 [ 7.7.9600 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.
 
BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.
 
Unable to cancel {A27FC407-E523-40F6-8996-E75CF0C05725}.
{D01F8FAF-3994-494D-ABB3-C2FA22CF4035} canceled.
Unable to cancel {2BC2B37B-8CDF-4055-9080-AAC8A4B13330}.
Unable to cancel {A5A4F29D-6CF6-4D1D-BD68-8692443EAA8C}.
{201E05C8-6BA2-4E13-A5D0-0B1737B629CA} canceled.
2 out of 5 jobs canceled.
 
========= End of CMD: =========
 
 
=========  ipconfig /flushdns =========
 
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========= End of CMD: =========
 
EmptyTemp: => Removed 2.8 GB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog 23:20:12 ====

  • 0

#7
zep516
Posted 30 May 2015 - 04:32 PM

zep516

    Trusted Helper

  • Malware Removal
  • 8,093 posts
Hello,

Can you run Malwarebytes even though you may have already run it. Here's instruction you may skip the download part since you have it installed already.
  • Please download Malwarebytes Anti-Malware to your desktop.
  • Double-click mbam-setup-version.exe and follow the prompts to install the program.
  • At the end, be sure a check-mark is placed next to the following:
  • Enable free trial of Malwarebytes Anti-Malware Premium
  • Launch Malwarebytes Anti-Malware
  • Then click Finish.
  • If an update is found, you will be prompted to download and install the latest version.
  • Once the program has loaded, select Scan now. Or select the Threat Scan from the Scan menu.
  • When the scan is complete , make sure that that all Threats are selected, and click Remove Selected.
  • Reboot your computer if prompted.
Posting the Malwarebytes log.
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the Scan Log which shows the Date and time of the scan just performed.
  • Click 'Export'.
  • Click 'Text file (*.txt)'
  • In the Save File dialog box which appears, click on Desktop.
  • In the File name: box type a name for your scan log.
  • A message box named 'File Saved' should appear stating "Your file has been successfully exported".
  • Click Ok
  • post that saved log to your next reply.
I'd also be interested in seeing the adwCleaner log called [SO].TXT That log should be located here C:\AdwCleaner please post it.

Next

thisisujrt.gif Please download Junkware Removal Tool to your Desktop.

Please close your security software to avoid potential conflicts. See Here how to disable you security protection (Anti Virus)
Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
The tool will open and start scanning your system.
Please be patient as this can take a while to complete, depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
Please post the contents of JRT.txt into your reply.


In your next reply post,
Malwarebytes log
AdwCleaner log
JRT.txt log
  • 0

#8
tingtingz
Posted 31 May 2015 - 05:35 AM

tingtingz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 57 posts

Hello,

 

This is the Malwarebytes log

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 5/31/2015
Scan Time: 5:17:49 AM
Logfile: Malwarebyte scan log 5.31.2015.txt
Administrator: Yes
 
Version: 2.01.6.1022
Malware Database: v2015.05.30.06
Rootkit Database: v2015.05.24.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 8.1
CPU: x64
File System: NTFS
User: TingTing
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 359701
Time Elapsed: 15 min, 54 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
Here is the AdwCleaner log
 
# AdwCleaner v4.205 - Logfile created 27/05/2015 at 23:35:56
# Updated 21/05/2015 by Xplode
# Database : 2015-05-25.3 [Server]
# Operating system : Windows 8.1  (x64)
# Username : TingTing - WINDOWS-I6D372C
# Running from : C:\Users\TingTing\Downloads\adwcleaner_4.205.exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\ea35dec60000493d
Folder Deleted : C:\Users\TingTing\AppData\Roaming\Store
Folder Deleted : C:\Users\TingTing\AppData\Roaming\WTools
Folder Deleted : C:\Users\TingTing\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck
[/!\] Not Deleted ( Junction ) : C:\Users\TingTing\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck
File Deleted : C:\Users\TingTing\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_eofcbnmajmjmplflapaojjnihcjkigck_0.localstorage
File Deleted : C:\Users\TingTing\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_eofcbnmajmjmplflapaojjnihcjkigck_0.localstorage-journal
File Deleted : C:\Users\TingTing\AppData\Roaming\Mozilla\Firefox\Profiles\pecg5pgj.default\user.js
File Deleted : C:\Users\TingTing\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage
File Deleted : C:\Users\TingTing\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage-journal
File Deleted : C:\Users\TingTing\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.veoh.com_0.localstorage
File Deleted : C:\Users\TingTing\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.veoh.com_0.localstorage-journal
 
***** [ Scheduled tasks ] *****
 
Task Deleted : Check Updates
Task Deleted : GeniusBox
Task Deleted : Validate Installation
 
***** [ Shortcuts ] *****
 
Shortcut Disinfected : C:\Users\Public\Desktop\Google Chrome.lnk
Shortcut Disinfected : C:\Users\Public\Desktop\Mozilla Firefox.lnk
Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk
Shortcut Disinfected : C:\Users\TingTing\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Shortcut Disinfected : C:\Users\TingTing\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
Shortcut Disinfected : C:\Users\TingTing\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
Shortcut Disinfected : C:\Users\TingTing\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk
Shortcut Disinfected : C:\Users\TingTing\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\eofcbnmajmjmplflapaojjnihcjkigck
Key Deleted : HKLM\SOFTWARE\bc7eb0b9-047b-c08b-eb3f-12dbce78e972
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKCU\Software\Store
Key Deleted : HKCU\Software\WTools
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKU\.DEFAULT\Software\GeekBuddyRSP
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17416
 
 
-\\ Mozilla Firefox v37.0.2 (x86 en-US)
 
 
-\\ Google Chrome v43.0.2357.81
 
[C:\Users\TingTing\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Homepage] : 864A72C659D54DBD9414CCC81B212D68F5AB833558394ADADCF8F66AD1838FA5","homepage_is_newtabpage":"2A358EF85406E81380E326A1C0FC1B91E88C7055C80E69AE1202B73EC4C01AB8","pinned_tabs":"0F36195FD96B07A65062840B32AF1CF100E3B44A2311A9D94ED30099BC8F86F0","prefs":{"preference_reset_time":"81B57A119DE9835AB4F6D0436131182234C035404317CD0961CCF192C3EC961E"},"profile":{"reset_prompt_memento":"EE8147E1CCB9364B3E01A011C35DA308DE8BF303136F51C86A913725B7AB7B07"},"safebrowsing":{"incidents_sent":"C940E6C8F58566085DB89E7FF9B5C36B14E5214800733277E5675029E11BE880"},"search_provider_overrides":"ADA97EA6402B708DB0AFBC12BA35AE172E6D94A603248E8C2D8970B7F94A91BC","session":{"restore_on_startup":"9534AF9B34D890E2EC226AD9052E24722C6C899354B6FE89BCF8B7CBF7F0FC4D","startup_urls":"B8473D73C97041CB4E9B86EE096156DEDECE0DF8E9384A0092188AF54DF03D9A"},"software_reporter":{"prompt_reason":"E15A8A9A6F7DC5E082FFE5C47C945E3CEA0BA4A06A5C86517F0AEBB8288F571E","prompt_seed":"4A680B762F7E916B8439EBA55A39BF5FEDFB4E2A69DAE34D1DC0659243C6B6A8","prompt_version":"7E9E725F65621B2C942D54AFF251E1002265EE16112C678A09F7D399AB886953"},"sync":{"remaining_rollback_tries":"EC5C106DE5354FFF06C17101794956DCFAF7528149AE7D3555AFAD52D754A8C9"}},"super_mac":"F23D4328F75C98C281EA00ECA7E6A9B289A77FE42181F2516C5B84E382366BB6"},"session":{"restore_on_startup":4,"startup_urls":["hxxps://www.google.com/search?q=why+chrome+is+directed+to+snapdo+then+search.safefinder&oq=why+chrome+is+directed+to+snapdo+then+search.safefinder&aqs=chrome..69i57.3756j0j7&sourceid=chrome&es_sm=93&ie=UTF-8
[C:\Users\TingTing\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Startup_URLs] : B8473D73C97041CB4E9B86EE096156DEDECE0DF8E9384A0092188AF54DF03D9A"},"software_reporter":{"prompt_reason":"E15A8A9A6F7DC5E082FFE5C47C945E3CEA0BA4A06A5C86517F0AEBB8288F571E","prompt_seed":"4A680B762F7E916B8439EBA55A39BF5FEDFB4E2A69DAE34D1DC0659243C6B6A8","prompt_version":"7E9E725F65621B2C942D54AFF251E1002265EE16112C678A09F7D399AB886953"},"sync":{"remaining_rollback_tries":"EC5C106DE5354FFF06C17101794956DCFAF7528149AE7D3555AFAD52D754A8C9"}},"super_mac":"F23D4328F75C98C281EA00ECA7E6A9B289A77FE42181F2516C5B84E382366BB6"},"session":{"restore_on_startup":4,"startup_urls":["hxxps://www.google.com/search?q=why+chrome+is+directed+to+snapdo+then+search.safefinder&oq=why+chrome+is+directed+to+snapdo+then+search.safefinder&aqs=chrome..69i57.3756j0j7&sourceid=chrome&es_sm=93&ie=UTF-8
 
*************************
 
AdwCleaner[R0].txt - [6930 bytes] - [27/05/2015 22:41:01]
AdwCleaner[S0].txt - [6468 bytes] - [27/05/2015 23:35:56]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [6527  bytes] ##########
 
Here is the JRT.txt log
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.8.5 (05.30.2015:1)
OS: Windows 8.1 x64
Ran by TingTing on Sun 05/31/2015 at  7:24:27.82
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Tasks
 
Successfully deleted: [Task] C:\windows\system32\tasks\PCDEventLauncherTask
Successfully deleted: [Task] C:\windows\system32\tasks\PCDoctorBackgroundMonitorTask
 
 
 
~~~ Registry Values
 
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\\Default_Search_URL
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\\SearchAssistant
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-688974935-4124263328-645016171-1001\Software\Microsoft\Internet Explorer\Main\\Start Page
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\Update Air Globe
 
 
 
~~~ Files
 
Successfully deleted: [File] C:\windows\wininit.ini
Successfully deleted: [File] C:\Users\TingTing\appdata\local\a84c1b2170cd901cfeaf9562dd33930c
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] C:\ProgramData\pcdr
Successfully deleted: [Folder] C:\Users\TingTing\AppData\Roaming\pcdr
 
 
 
~~~ Chrome
 
 
[C:\Users\TingTing\appdata\local\Google\Chrome\User Data\Default\Preferences] - default search provider reset
 
[C:\Users\TingTing\appdata\local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:
 
[C:\Users\TingTing\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset
 
[C:\Users\TingTing\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[]
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 05/31/2015 at  7:27:02.63
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

  • 0

#9
zep516
Posted 31 May 2015 - 01:29 PM

zep516

    Trusted Helper

  • Malware Removal
  • 8,093 posts
Hello,

A few more scans to run ESET may take a while....

ESET Online Scanner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.
  • Please go >>HERE<< then click on: ESET1st.jpg
    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on the ESETexe.jpg icon to install.

    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • Select the option YES, I accept the Terms of Use then click on: ESETsave.jpg
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: EOLS3.gif
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed make sure you first copy the logfile located at C:\Program Files (x86)\ESET\Esetonlinescanner\log.txt).
  • Copy and paste that log as a reply to this topic.
  • Now click on: EOLS4.gif
    (Selecting Uninstall application on close if you so wish)
Next

Download Security Check by screen317 from Here or Here
Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE: If SecurityCheck aborts and you get the following message: UNSUPPORTED OPERATING SYSTEM! ABORTED! try rebooting the system and then run SecurityCheck again.

In you next reply please post;
1. ESET scan results
2. Checkup.txt log

Thanks
Joe :)
  • 0

#10
tingtingz
Posted 02 June 2015 - 03:18 AM

tingtingz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 57 posts

Hello Joe,

 

Here is the ESET scan results

 

ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=f22144483719ee479f4afddcbb24c36f
# engine=24128
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2015-06-02 09:03:45
# local_time=2015-06-02 05:03:45 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.2.9200 NT 
# compatibility_mode_1='avast! Antivirus'
# compatibility_mode=783 16777213 71 94 819635 14174380 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 2590563 10231817 0 0
# scanned=212553
# found=8
# cleaned=0
# scan_time=3763
sh=F39DD83FA9BC85E3DB259155BB205961BE1270E9 ft=1 fh=fdfda9e9e0409e52 vn="a variant of MSIL/HackTool.IdleKMS.E potentially unsafe application" ac=I fn="C:\Program Files\KMSpico\Service_KMS.exe"
sh=25B9F4013FB34153FFA27E460D4B8594C79FE337 ft=1 fh=15384691e6094ee0 vn="a variant of Win32/HiddenStart.A potentially unsafe application" ac=I fn="C:\Program Files (x86)\Dell Backup and Recovery\Components\DBRUpdate\hstart.exe"
sh=5E6B1EE002F2130A58AE5CCEC8D2E17D4DDC522D ft=1 fh=c71c00110ed4918b vn="a variant of Win64/Toolbar.Linkury.A.gen potentially unwanted application" ac=I fn="C:\Users\TingTing\AppData\Local\AutoSoftware\ihfznabx\jwgkyjbd.dll"
sh=618CF08581EB38A72D00AFDE63B0A3D5E9C436CB ft=0 fh=0000000000000000 vn="a variant of MSIL/HackTool.IdleKMS.E potentially unsafe application" ac=I fn="C:\Users\TingTing\Downloads\Microsoft Office Professional Plus 2013 -32-64 Bit(Activator).rar"
sh=A4E0E9490A1207BDD94A06E031559E464E31B611 ft=0 fh=0000000000000000 vn="a variant of Win32/Keygen.HA potentially unsafe application" ac=I fn="C:\Users\TingTing\Downloads\Adobe Acrobat XI (v11.0.10) Professional Multilingual\Adobe.Acrobat.Pro.v11.0.10.Multilingual.iso"
sh=671606C80ABA8900233CF549247588D7DBB89C89 ft=1 fh=66e51cd616ee0da2 vn="a variant of MSIL/HackTool.IdleKMS.E potentially unsafe application" ac=I fn="C:\Users\TingTing\Downloads\Microsoft Office Pro 2013\KMSpico.exe"
sh=6EF8310627537B1D24409574BC3C398CD97C474C ft=1 fh=8f545065e84edd76 vn="Win64/HackKMS.D potentially unsafe application" ac=I fn="C:\Windows\SECOH-QAD.dll"
sh=66C72019EAFA41BBF3E708CC3824C7C4447BDAB6 ft=1 fh=0a46a8abafa4da1b vn="Win64/HackKMS.C potentially unsafe application" ac=I fn="C:\Windows\SECOH-QAD.exe"
 
Here is the Checkup.txt log
 

 Results of screen317's Security Check version 1.002  
   x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
Windows Defender   
avast! Antivirus   
 Antivirus out of date!  
`````````Anti-malware/Other Utilities Check:````````` 
 Adobe Flash Player 17.0.0.169  
 Mozilla Firefox 37.0.2 Firefox out of Date!  
 Google Chrome (42.0.2311.152) 
 Google Chrome (43.0.2357.81) 
````````Process Check: objlist.exe by Laurent````````  
 AVAST Software Avast AvastSvc.exe  
 AVAST Software Avast ng vbox\AvastVBoxSVC.exe 
 AVAST Software Avast ng ngservice.exe 
 AVAST Software Avast avastui.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log`````````````````````` 
 
 
 

  • 0

#11
tingtingz
Posted 02 June 2015 - 03:27 AM

tingtingz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 57 posts

I disabled my antivirus during the ESET scan when I did the Security Check. I am not sure is that the reason my antivirus is showing up as out of date. I enabled it and did the Security Check again. 

 

Here is the Checkup.txt log after I enabled my antivirus

 

 Results of screen317's Security Check version 1.002  
   x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
Windows Defender   
avast! Antivirus   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 Adobe Flash Player 17.0.0.169  
 Mozilla Firefox 37.0.2 Firefox out of Date!  
 Google Chrome (42.0.2311.152) 
 Google Chrome (43.0.2357.81) 
````````Process Check: objlist.exe by Laurent````````  
 AVAST Software Avast AvastSvc.exe  
 AVAST Software Avast ng vbox\AvastVBoxSVC.exe 
 AVAST Software Avast ng ngservice.exe 
 AVAST Software Avast avastui.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log`````````````````````` 
 
Thanks
Ting Ting 

  • 0

#12
zep516
Posted 02 June 2015 - 03:37 PM

zep516

    Trusted Helper

  • Malware Removal
  • 8,093 posts
Your Anti Virus looks ok and up to date,

One item to fix from the online scan,

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Open notepad (Start =>All Programs => Accessories => Notepad).
Copy/Paste the contents of the code box below into Notepad.

start
CloseProcesses:
CreateRestorePoint:
C:\Users\TingTing\AppData\Local\AutoSoftware\ihfznabx\jwgkyjbd.dll
Emptytemp:
Click Format and ensure Wordwrap is unchecked.
Save as Fixlist.txt to your Desktop (Must be in this location)
Run FRST/FRST64 and press the Fix button just once and wait.
If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

Note: If the tool warns you about the version you're using being an outdated version please download and run the updated version.

Your Firefox browser is out of date:
In the Firefox browser, click help, click "About Firefox" and up-date from there.

Things look good ! If there are no further issues please run Delfix below. Delfix will remove all our tools we used and log files. post the results of delfix.

Download DelFix by Xplode and save it to your desktop.
  • Run the tool by right click on the 51a5ce45263de-delfix.png icon and Run as administrator option.
  • Make sure that these ones are checked:
    • Remove disinfection tools
    • Purge system restore
    • Reset system settings
  • Push Run.
  • The program will run for a few seconds and display a notepad report.
    Paste it for my review.
Thanks
Joe :)
  • 0

#13
tingtingz
Posted 03 June 2015 - 05:09 AM

tingtingz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 57 posts

Hello Joe,

 

This is the Fixlog.txt 

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 27-05-2015 01
Ran by TingTing at 2015-06-03 06:57:00 Run:2
Running from C:\Users\TingTing\Desktop
Loaded Profiles: TingTing (Available Profiles: TingTing)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
start
CloseProcesses:
CreateRestorePoint:
C:\Users\TingTing\AppData\Local\AutoSoftware\ihfznabx\jwgkyjbd.dll
Emptytemp:
*****************
 
Processes closed successfully.
Restore point was successfully created.
C:\Users\TingTing\AppData\Local\AutoSoftware\ihfznabx\jwgkyjbd.dll => Moved successfully.
EmptyTemp: => Removed 547.6 MB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog 06:57:52 ====
 
This is the DelFix.txt 
 
# DelFix v1.010 - Logfile created 03/06/2015 at 07:06:06
# Updated 26/04/2015 by Xplode
# Username : TingTing - WINDOWS-I6D372C
# Operating System : Windows 8.1  (64 bits)
 
~ Removing disinfection tools ...
 
Deleted : C:\FRST
Deleted : C:\AdwCleaner
Deleted : C:\RegBackup
Deleted : C:\Users\TingTing\Desktop\Addition.txt
Deleted : C:\Users\TingTing\Desktop\Fixlog.txt
Deleted : C:\Users\TingTing\Desktop\FRST.txt
Deleted : C:\Users\TingTing\Desktop\FRST64.exe
Deleted : C:\Users\TingTing\Desktop\JRT.txt
Deleted : C:\Users\TingTing\Desktop\log.txt
Deleted : C:\Users\TingTing\Desktop\SecurityCheck.exe
Deleted : C:\Users\TingTing\Downloads\adwcleaner_4.205.exe
Deleted : C:\Users\TingTing\Downloads\esetsmartinstaller_enu.exe
Deleted : C:\Users\TingTing\Downloads\JRT.exe
Deleted : HKLM\SOFTWARE\AdwCleaner
 
~ Cleaning system restore ...
 
Deleted : RP #39 [Windows Update | 05/17/2015 05:28:34]
Deleted : RP #40 [Scheduled Checkpoint | 05/25/2015 05:10:44]
Deleted : RP #41 [Removed Adobe Acrobat Reader DC. | 05/28/2015 01:41:11]
Deleted : RP #42 [Removed Citrix Online Launcher | 05/28/2015 01:42:55]
Deleted : RP #44 [Restore Point Created by FRST | 05/30/2015 03:18:57]
Deleted : RP #46 [Restore Point Created by FRST | 06/03/2015 10:57:02]
 
New restore point created !
 
~ Resetting system settings ... OK
 
########## - EOF - ##########
 
Thank you for your help!
 
Ting Ting

  • 0

#14
zep516
Posted 03 June 2015 - 03:56 PM

zep516

    Trusted Helper

  • Malware Removal
  • 8,093 posts
You're welcome and we will close the topic now.
Thank-you for using Geekstogo !!

You usually get infected because your security settings are too low.

Here are a number of recommendations that will help tighten them, and which will contribute to making you a less likely victim:

Safe Computing Practices please read Here


Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.

Thanks
Joe :)
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics


Also tagged with one or more of these keywords: avast, svchost.exe, url:mal, dll, startup, internet connection

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP