TechSpot

Malware removal help: FRST scan

By Hilary Lungu
Apr 21, 2015
  1. Hello,

    I have been searching the internet for the last two days on how to fix my laptop. I've ran a virus and malware scan on it but nothing comes up. My internet says "limited connectivity" on my laptop but all my other devices connect fine to the same wifi. I'm quite certain it's some kind of virus.

    I read a forum on here that said to do a FRST scan and paste the information. Please see below and thank you in advance for any help you can offer! I've tried everything and can't fix it :(

    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 20-04-2015
    Ran by Hilary (administrator) on POOPSICLE on 21-04-2015 16:30:57
    Running from C:\Users\Hilary\Desktop
    Loaded Profiles: Hilary (Available profiles: Hilary)
    Platform: Windows 8.1 (X64) OS Language: English (United States)
    Internet Explorer Version 11 (Default browser: Chrome)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgrsa.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe
    () C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe
    (AMD) C:\Windows\System32\atiesrxx.exe
    (AMD) C:\Windows\System32\atieclxx.exe
    (Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
    (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
    (Microsoft Corporation) C:\Windows\System32\dasHost.exe
    (Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe
    (Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
    (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
    () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
    (Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe
    () C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe
    (AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.4.0\ToolbarUpdater.exe
    (Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
    () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.4.0\loggingserver.exe
    (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
    (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
    (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDIntelligent.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
    (Qualcomm®Atheros®) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
    () C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
    (Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
    (Realtek semiconductor) C:\Windows\RTFTrack.exe
    (Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
    (Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
    (Pokki) C:\Users\Hilary\AppData\Local\Pokki\Engine\HostAppServiceUpdater.exe
    (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
    (CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
    (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
    (BitTorrent Inc.) C:\Users\Hilary\AppData\Roaming\BitTorrent\BitTorrent.exe
    (McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
    (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
    (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
    (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
    (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe
    () C:\Program Files (x86)\AVG Web TuneUp\vprot.exe
    (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
    (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
    (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
    () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
    (Pokki) C:\Users\Hilary\AppData\Local\Pokki\Engine\HostAppService.exe
    (AVG Secure Search) C:\Program Files (x86)\AVG Web TuneUp\avgcefrend.exe
    (Pokki) C:\Users\Hilary\AppData\Local\Pokki\Engine\HostAppService.exe
    (Pokki) C:\Users\Hilary\AppData\Local\Pokki\Engine\StartMenuIndexer.exe
    (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
    (McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\McUICnt.exe


    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [903384 2013-07-24] (Conexant Systems, Inc.)
    HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1647616 2012-06-12] (Conexant Systems, Inc.)
    HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2894664 2013-08-07] (ELAN Microelectronics Corp.)
    HKLM\...\Run: [RtsFT] => C:\windows\RTFTrack.exe [6340312 2013-07-19] (Realtek semiconductor)
    HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [17111056 2014-03-19] (Lenovo (Beijing) Limited)
    HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [193008 2014-03-19] (Lenovo(beijing) Limited)
    HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [557768 2014-09-19] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-10-14] (Advanced Micro Devices, Inc.)
    HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [214312 2011-12-06] (CyberLink Corp.)
    HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-05-15] (Apple Inc.)
    HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2694320 2015-01-07] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [AdobeCEPServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe [1039240 2013-05-16] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [305088 2011-04-25] (Citrix Systems, Inc.)
    HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
    HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3723728 2015-03-25] (AVG Technologies CZ, s.r.o.)
    HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG Web TuneUp\vprot.exe [3033112 2015-03-16] ()
    HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [132736 2013-09-25] ( (Qualcomm®Atheros®))
    HKU\S-1-5-21-427269326-3713369890-2418317862-1002\...\Run: [Pokki] => "%LOCALAPPDATA%\Pokki\Engine\HostAppServiceUpdater.exe" /LOGON
    HKU\S-1-5-21-427269326-3713369890-2418317862-1002\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30877280 2014-12-11] (Skype Technologies S.A.)
    HKU\S-1-5-21-427269326-3713369890-2418317862-1002\...\Run: [AVG-Secure-Search-Update_1214av] => C:\Users\Hilary\AppData\Roaming\Avg_Update_1214av\AVG-Secure-Search-Update_1214av.exe /PROMPT /mid=90197547430747d2a1d9f9aa01619aed-4be8c4e3f9385b165c290377163382e216e028bb /CMPID=1214av
    HKU\S-1-5-21-427269326-3713369890-2418317862-1002\...\Run: [BitTorrent] => C:\Users\Hilary\AppData\Roaming\BitTorrent\BitTorrent.exe [1744472 2015-03-03] (BitTorrent Inc.)
    HKU\S-1-5-21-427269326-3713369890-2418317862-1002\...\RunOnce: [Application Restart #5] => C:\Users\Hilary\AppData\Local\Pokki\Engine\HostAppService.exe [7851848 2015-04-13] (Pokki)
    HKU\S-1-5-21-427269326-3713369890-2418317862-1002\...\RunOnce: [Application Restart #4] => C:\Users\Hilary\AppData\Local\Pokki\Engine\HostAppService.exe [7851848 2015-04-13] (Pokki)
    HKU\S-1-5-21-427269326-3713369890-2418317862-1002\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\windows\system32\PhotoScreensaver.scr [589312 2014-10-28] (Microsoft Corporation)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk [2014-05-17]
    ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2015-02-08]
    ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
    ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2014-12-19] ()
    ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2014-12-19] ()
    ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2014-12-19] ()

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    HKU\S-1-5-21-427269326-3713369890-2418317862-1002\Software\Microsoft\Internet Explorer\Main,Start Page = https://mysearch.avg.com/?cid={D939...coid=avgtbavg&cmpid=0215av&pr=fr&d=2015-03-16 10:10:20&v=4.1.0.411&pid=wtu&sg=&sap=hp
    SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-427269326-3713369890-2418317862-1002 -> {17309874-2744-4C75-B1FF-5B3139506B34} URL =
    SearchScopes: HKU\S-1-5-21-427269326-3713369890-2418317862-1002 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = https://mysearch.avg.com/search?cid...coid=avgtbavg&cmpid=0215av&pr=fr&d=2015-03-16 10:10:20&v=4.1.0.411&pid=wtu&sg=&sap=dsp&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-427269326-3713369890-2418317862-1002 -> {AF83B129-ACE3-11E4-8277-28E34785731E} URL = http://search.homepage-web.com/?src=omnibox&partner=lenovo&q={searchTerms}
    BHO: AVG Web TuneUp -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files\AVG Web TuneUp\4.1.0.411\AVG Web TuneUp.dll [2015-03-16] (AVG)
    BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll [2014-04-09] (McAfee, Inc.)
    BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-09-28] (Oracle Corporation)
    BHO-x32: AVG Web TuneUp -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files (x86)\AVG Web TuneUp\4.1.0.411\AVG Web TuneUp.dll [2015-03-16] (AVG)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-09-28] (Oracle Corporation)
    Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-04-25] (Citrix Systems, Inc.)
    Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-04-25] (Citrix Systems, Inc.)
    Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-04-25] (Citrix Systems, Inc.)
    Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-04-25] (Citrix Systems, Inc.)
    Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-04-25] (Citrix Systems, Inc.)
    Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-04-25] (Citrix Systems, Inc.)
    Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-04-25] (Citrix Systems, Inc.)
    Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-04-25] (Citrix Systems, Inc.)
    Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-04-25] (Citrix Systems, Inc.)
    Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-04-25] (Citrix Systems, Inc.)
    Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-04-25] (Citrix Systems, Inc.)
    Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-04-25] (Citrix Systems, Inc.)
    Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-04-25] (Citrix Systems, Inc.)
    Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-04-25] (Citrix Systems, Inc.)
    Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-04-25] (Citrix Systems, Inc.)
    Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-04-25] (Citrix Systems, Inc.)
    Tcpip\Parameters: [DhcpNameServer] 64.59.135.143 64.59.128.110
    Tcpip\..\Interfaces\{14B786D7-48FF-461A-9F58-33B21704EBC7}: [NameServer] 10.14.0.1

    FireFox:
    ========
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll [2014-12-11] ( Microsoft Corporation)
    FF Plugin: adobe.com/AdobeAAMDetect_x86_64 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2015-01-07] (Adobe Systems)
    FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-21] ()
    FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.4.0\\npsitesafety.dll No File
    FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-09-28] (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-09-28] (Oracle Corporation)
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\npctrl.dll [2014-12-11] ( Microsoft Corporation)
    FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll [2013-08-17] (Nitro PDF)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
    FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2015-01-07] (Adobe Systems)

    Chrome:
    =======
    CHR HomePage: Default -> hxxp://homepage-web.com/?s=lenovo&m=home
    CHR StartupUrls: Default -> "hxxp://homepage-web.com/?s=lenovo&m=start"
    CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
    CHR Profile: C:\Users\Hilary\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Google Docs) - C:\Users\Hilary\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-05-16]
    CHR Extension: (Google Drive) - C:\Users\Hilary\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-05-16]
    CHR Extension: (YouTube) - C:\Users\Hilary\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-05-16]
    CHR Extension: (Google Search) - C:\Users\Hilary\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-05-16]
    CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Hilary\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-05]
    CHR Extension: (Google Wallet) - C:\Users\Hilary\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-16]
    CHR Extension: (Gmail) - C:\Users\Hilary\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-05-16]
    CHR HKLM-x32\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - http://clients2.google.com/service/update2/crx

    ==================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-10-14] (Advanced Micro Devices, Inc.) [File not signed]
    R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [312448 2013-09-25] (Windows (R) Win 7 DDK provider) [File not signed]
    R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3416016 2015-03-25] (AVG Technologies CZ, s.r.o.)
    R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [309232 2015-03-25] (AVG Technologies CZ, s.r.o.)
    S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-28] (Microsoft Corporation)
    R2 ETDService; C:\Program Files\Elantech\ETDService.exe [92160 2013-07-28] (ELAN Microelectronics Corp.)
    S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [272776 2014-09-03] ()
    S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)
    S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
    R2 NitroDriverReadSpool8; C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [230408 2013-08-17] (Nitro PDF Software)
    R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2012-04-24] ()
    R2 VeriFaceSrv; C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe [68368 2014-03-19] ()
    R2 vToolbarUpdater18.4.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.4.0\ToolbarUpdater.exe [1875480 2015-03-16] (AVG Secure Search)
    S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-03] (Microsoft Corporation)
    S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-03] (Microsoft Corporation)
    R2 WtuSystemSupport; C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe [620056 2015-03-16] ()
    R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2013-09-25] (Atheros) [File not signed]

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R2 APXACC; C:\Windows\system32\DRIVERS\appexDrv.sys [219360 2013-04-18] (AppEx Networks Corporation)
    R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3859968 2013-08-15] (Qualcomm Atheros Communications, Inc.)
    R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [138240 2013-06-22] (Advanced Micro Devices)
    S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [20496 2013-09-04] (AVG Technologies CZ, s.r.o.)
    R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-06-18] (AVG Technologies CZ, s.r.o.)
    R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [281056 2015-03-25] (AVG Technologies CZ, s.r.o.)
    R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [203544 2014-11-18] (AVG Technologies CZ, s.r.o.)
    R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [243480 2014-08-28] (AVG Technologies CZ, s.r.o.)
    R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [341472 2015-02-03] (AVG Technologies CZ, s.r.o.)
    R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [133088 2015-02-05] (AVG Technologies CZ, s.r.o.)
    R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-18] (AVG Technologies CZ, s.r.o.)
    R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [289248 2015-03-19] (AVG Technologies CZ, s.r.o.)
    R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-09-25] (Qualcomm Atheros)
    R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
    R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2015-03-17] (Malwarebytes Corporation)
    S3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-04-20] (Malwarebytes Corporation)
    S3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [64216 2015-03-17] (Malwarebytes Corporation)
    S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [3344352 2013-07-08] (Intel Corporation)
    R3 rtsuvc; C:\Windows\system32\DRIVERS\rtsuvc.sys [8247640 2013-07-19] (Realtek Semiconductor Corp.)
    S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-03] (Microsoft Corporation)
    S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)

    ==================== NetSvcs (Whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


    ==================== One Month Created Files and Folders ========

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-04-21 16:30 - 2015-04-21 16:31 - 00023586 _____ () C:\Users\Hilary\Desktop\FRST.txt
    2015-04-21 16:30 - 2015-04-21 16:31 - 00000000 ____D () C:\FRST
    2015-04-21 16:30 - 2015-04-21 16:26 - 02099712 _____ (Farbar) C:\Users\Hilary\Desktop\FRST64.exe
    2015-04-20 22:19 - 2015-04-20 22:19 - 00136408 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
    2015-04-20 22:19 - 2015-04-20 22:19 - 00001125 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2015-04-20 22:19 - 2015-04-20 22:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2015-04-20 22:19 - 2015-04-20 22:19 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
    2015-04-20 22:19 - 2015-03-17 06:15 - 00107736 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
    2015-04-20 22:19 - 2015-03-17 06:15 - 00064216 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
    2015-04-20 22:19 - 2015-03-17 06:15 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
    2015-04-20 22:18 - 2015-04-16 14:22 - 21540440 _____ (Malwarebytes Corporation ) C:\Users\Hilary\Desktop\mbam-setup-2.1.4.1018.exe
    2015-04-20 09:27 - 2015-04-20 09:27 - 00000000 ____D () C:\windows\pss
    2015-04-16 17:10 - 2015-04-17 09:55 - 00000000 ____D () C:\Users\Hilary\Desktop\Photos
    2015-04-15 00:01 - 2015-03-23 15:59 - 07476032 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
    2015-04-15 00:01 - 2015-03-23 15:59 - 01733952 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
    2015-04-15 00:01 - 2015-03-23 15:59 - 00360480 _____ (Microsoft Corporation) C:\windows\system32\sechost.dll
    2015-04-15 00:01 - 2015-03-23 15:58 - 01498872 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll
    2015-04-15 00:01 - 2015-03-23 15:45 - 00257216 _____ (Microsoft Corporation) C:\windows\SysWOW64\sechost.dll
    2015-04-15 00:01 - 2015-03-19 22:12 - 00246272 _____ (Microsoft Corporation) C:\windows\system32\microsoft-windows-system-events.dll
    2015-04-15 00:01 - 2015-03-19 22:10 - 00285184 _____ (Microsoft Corporation) C:\windows\system32\wow64.dll
    2015-04-15 00:01 - 2015-03-19 22:10 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\wow64cpu.dll
    2015-04-15 00:01 - 2015-03-19 21:17 - 00411648 _____ (Microsoft Corporation) C:\windows\system32\tracerpt.exe
    2015-04-15 00:01 - 2015-03-19 20:41 - 00369152 _____ (Microsoft Corporation) C:\windows\SysWOW64\tracerpt.exe
    2015-04-15 00:01 - 2015-03-19 20:40 - 00950784 _____ (Microsoft Corporation) C:\windows\system32\tdh.dll
    2015-04-15 00:01 - 2015-03-19 20:16 - 00749568 _____ (Microsoft Corporation) C:\windows\SysWOW64\tdh.dll
    2015-04-15 00:01 - 2015-03-14 02:20 - 01385256 _____ (Microsoft Corporation) C:\windows\system32\msctf.dll
    2015-04-15 00:01 - 2015-03-14 02:13 - 01124352 _____ (Microsoft Corporation) C:\windows\SysWOW64\msctf.dll
    2015-04-15 00:01 - 2015-03-12 22:32 - 24980480 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
    2015-04-15 00:01 - 2015-03-12 21:42 - 19695616 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
    2015-04-15 00:01 - 2015-03-12 20:58 - 00259072 _____ (Microsoft Corporation) C:\windows\system32\pku2u.dll
    2015-04-15 00:01 - 2015-03-12 20:37 - 00208896 _____ (Microsoft Corporation) C:\windows\SysWOW64\pku2u.dll
    2015-04-15 00:01 - 2015-02-20 17:49 - 00780800 _____ (Microsoft Corporation) C:\windows\system32\lsm.dll
    2015-04-15 00:00 - 2015-03-22 16:45 - 00227328 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
    2015-04-15 00:00 - 2015-03-22 16:09 - 01111552 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
    2015-04-15 00:00 - 2015-03-22 16:09 - 00957440 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll
    2015-04-15 00:00 - 2015-03-22 16:09 - 00769024 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll
    2015-04-15 00:00 - 2015-03-22 16:09 - 00726528 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
    2015-04-15 00:00 - 2015-03-22 16:09 - 00419328 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
    2015-04-15 00:00 - 2015-03-22 16:09 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\acmigration.dll
    2015-04-15 00:00 - 2015-03-14 02:54 - 00133256 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe
    2015-04-15 00:00 - 2015-03-13 19:56 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\wups.dll
    2015-04-15 00:00 - 2015-03-13 19:56 - 00052224 _____ (Microsoft Corporation) C:\windows\system32\wups2.dll
    2015-04-15 00:00 - 2015-03-13 19:51 - 00015360 _____ (Microsoft Corporation) C:\windows\system32\wu.upgrade.ps.dll
    2015-04-15 00:00 - 2015-03-13 19:37 - 00267264 _____ (Microsoft Corporation) C:\windows\system32\WinSetupUI.dll
    2015-04-15 00:00 - 2015-03-13 19:14 - 00027136 _____ (Microsoft Corporation) C:\windows\SysWOW64\wups.dll
    2015-04-15 00:00 - 2015-03-13 18:22 - 03678720 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll
    2015-04-15 00:00 - 2015-03-13 18:12 - 00140288 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll
    2015-04-15 00:00 - 2015-03-13 18:12 - 00035840 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe
    2015-04-15 00:00 - 2015-03-13 18:09 - 00200192 _____ (Microsoft Corporation) C:\windows\system32\storewuauth.dll
    2015-04-15 00:00 - 2015-03-13 18:08 - 00408064 _____ (Microsoft Corporation) C:\windows\system32\WUSettingsProvider.dll
    2015-04-15 00:00 - 2015-03-13 18:08 - 00095744 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll
    2015-04-15 00:00 - 2015-03-13 18:06 - 02373632 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll
    2015-04-15 00:00 - 2015-03-13 18:06 - 00891392 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll
    2015-04-15 00:00 - 2015-03-13 18:02 - 00124928 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuwebv.dll
    2015-04-15 00:00 - 2015-03-13 18:02 - 00029696 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapp.exe
    2015-04-15 00:00 - 2015-03-13 17:59 - 00721920 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapi.dll
    2015-04-15 00:00 - 2015-03-13 17:59 - 00081920 _____ (Microsoft Corporation) C:\windows\SysWOW64\wudriver.dll
    2015-04-15 00:00 - 2015-03-12 22:08 - 00584192 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
    2015-04-15 00:00 - 2015-03-12 22:07 - 02886144 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
    2015-04-15 00:00 - 2015-03-12 21:53 - 00816128 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
    2015-04-15 00:00 - 2015-03-12 21:50 - 06025216 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
    2015-04-15 00:00 - 2015-03-12 21:28 - 00503296 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
    2015-04-15 00:00 - 2015-03-12 21:26 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
    2015-04-15 00:00 - 2015-03-12 21:22 - 02278400 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
    2015-04-15 00:00 - 2015-03-12 21:17 - 01032704 _____ (Microsoft Corporation) C:\windows\system32\inetcomm.dll
    2015-04-15 00:00 - 2015-03-12 21:16 - 00664064 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
    2015-04-15 00:00 - 2015-03-12 21:08 - 00720384 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
    2015-04-15 00:00 - 2015-03-12 21:07 - 00801280 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
    2015-04-15 00:00 - 2015-03-12 21:00 - 14397440 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
    2015-04-15 00:00 - 2015-03-12 20:50 - 00880128 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcomm.dll
    2015-04-15 00:00 - 2015-03-12 20:49 - 04305408 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
    2015-04-15 00:00 - 2015-03-12 20:45 - 02358784 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
    2015-04-15 00:00 - 2015-03-12 20:44 - 00689152 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
    2015-04-15 00:00 - 2015-03-12 20:34 - 12825600 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
    2015-04-15 00:00 - 2015-03-12 20:33 - 01548288 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
    2015-04-15 00:00 - 2015-03-12 20:22 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
    2015-04-15 00:00 - 2015-03-12 20:20 - 01888256 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
    2015-04-15 00:00 - 2015-03-12 20:16 - 01311232 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
    2015-04-15 00:00 - 2015-03-12 20:14 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
    2015-04-15 00:00 - 2015-03-04 04:25 - 00377152 _____ (Microsoft Corporation) C:\windows\system32\Drivers\clfs.sys
    2015-04-15 00:00 - 2015-03-03 21:04 - 00075264 _____ (Microsoft Corporation) C:\windows\system32\clfsw32.dll
    2015-04-15 00:00 - 2015-03-03 20:19 - 00058880 _____ (Microsoft Corporation) C:\windows\SysWOW64\clfsw32.dll
    2015-04-15 00:00 - 2015-02-24 02:32 - 00991552 _____ (Microsoft Corporation) C:\windows\system32\Drivers\http.sys
    2015-04-09 09:45 - 2015-04-14 19:45 - 00000000 ____D () C:\Users\Hilary\Desktop\BABY EINSTEIN
    2015-04-04 08:08 - 2015-04-04 08:12 - 00000000 ___SD () C:\windows\system32\GWX
    2015-04-04 08:08 - 2015-04-04 08:08 - 00000000 ___SD () C:\windows\SysWOW64\GWX
    2015-03-31 12:15 - 2015-03-31 12:16 - 03246669 _____ () C:\Users\Hilary\Downloads\IMG_5698.MOV
    2015-03-27 15:26 - 2015-03-27 15:26 - 00002112 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop Lightroom 5.7.1 64-bit.lnk
    2015-03-27 15:26 - 2015-03-27 15:26 - 00002092 _____ () C:\Users\Public\Desktop\Lightroom 5.7.1 64-bit.lnk
    2015-03-27 13:22 - 2015-03-27 13:22 - 00001340 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk
    2015-03-27 13:22 - 2015-03-27 13:22 - 00001328 _____ () C:\Users\Public\Desktop\Adobe Creative Cloud.lnk
    2015-03-26 15:14 - 2015-03-26 15:30 - 00000000 ____D () C:\Users\Hilary\Desktop\Develop pic
    2015-03-25 11:21 - 2015-03-25 11:21 - 00281056 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgidsdrivera.sys

    ==================== One Month Modified Files and Folders =======

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-04-21 16:31 - 2015-01-06 19:22 - 00000000 ____D () C:\Users\Hilary\AppData\Roaming\BitTorrent
    2015-04-21 16:23 - 2014-06-30 11:00 - 00000926 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA1cf9484db10ee9c.job
    2015-04-21 16:15 - 2014-03-19 21:02 - 01051986 _____ () C:\windows\WindowsUpdate.log
    2015-04-21 16:10 - 2013-08-22 09:36 - 00000000 ____D () C:\windows\system32\sru
    2015-04-21 16:10 - 2013-08-22 08:46 - 00092849 _____ () C:\windows\setupact.log
    2015-04-21 16:09 - 2014-11-16 14:44 - 00000000 ____D () C:\Users\Hilary\AppData\Roaming\Skype
    2015-04-21 16:02 - 2014-05-16 10:55 - 00000922 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    2015-04-21 16:01 - 2014-05-25 09:28 - 00000000 ____D () C:\Users\Hilary\AppData\Local\Adobe
    2015-04-21 16:01 - 2014-05-14 16:27 - 00000000 ____D () C:\Users\Hilary\AppData\Local\Pokki
    2015-04-21 16:00 - 2014-05-14 16:33 - 00000000 __RDO () C:\Users\Hilary\SkyDrive
    2015-04-21 16:00 - 2013-08-22 08:45 - 00000006 ____H () C:\windows\Tasks\SA.DAT
    2015-04-21 15:59 - 2014-05-17 13:56 - 08067512 _____ () C:\Users\Public\CAFADEBUG.log
    2015-04-21 15:59 - 2014-03-19 22:16 - 00006656 _____ () C:\windows\system32\VfService.trf
    2015-04-21 15:59 - 2013-08-22 07:25 - 00524288 ___SH () C:\windows\system32\config\BBI
    2015-04-21 15:57 - 2014-05-30 10:20 - 00000000 ____D () C:\Users\Hilary\AppData\Local\CrashDumps
    2015-04-21 15:57 - 2013-10-07 12:27 - 00863592 _____ () C:\windows\system32\PerfStringBackup.INI
    2015-04-21 13:27 - 2014-10-05 19:58 - 00000000 ____D () C:\ProgramData\MFAData
    2015-04-21 11:03 - 2014-05-15 20:07 - 00003934 _____ () C:\windows\System32\Tasks\User_Feed_Synchronization-{0D923CEF-7F9B-4BEA-AB6B-09AC8B551D3F}
    2015-04-21 07:18 - 2013-10-07 12:23 - 00029488 _____ () C:\windows\PFRO.log
    2015-04-20 22:53 - 2014-05-14 16:36 - 00003598 _____ () C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-427269326-3713369890-2418317862-1002
    2015-04-20 11:16 - 2013-08-22 09:36 - 00000000 ____D () C:\windows\system32\NDF
    2015-04-19 23:07 - 2013-08-22 09:36 - 00000000 ____D () C:\windows\AppReadiness
    2015-04-19 09:24 - 2014-11-01 19:16 - 00000000 ____D () C:\Users\Hilary\AppData\Roaming\ExpressVPN
    2015-04-18 18:32 - 2013-08-22 09:36 - 00000000 ____D () C:\windows\rescache
    2015-04-18 16:05 - 2013-08-22 07:25 - 00262144 ___SH () C:\windows\system32\config\ELAM
    2015-04-17 15:27 - 2014-05-16 10:56 - 00002214 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
    2015-04-17 10:09 - 2013-08-22 09:36 - 00000000 ____D () C:\windows\AppCompat
    2015-04-16 17:22 - 2013-08-22 09:20 - 00000000 ____D () C:\windows\CbsTemp
    2015-04-16 17:11 - 2014-05-14 16:34 - 00002342 _____ () C:\Users\Hilary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC App Store.lnk
    2015-04-16 16:21 - 2014-12-11 00:34 - 00000000 ____D () C:\windows\system32\appraiser
    2015-04-16 16:21 - 2014-07-10 20:42 - 00000000 ___SD () C:\windows\system32\CompatTel
    2015-04-15 14:39 - 2014-05-26 10:18 - 00836608 ___SH () C:\Users\Hilary\Desktop\Thumbs.db
    2015-04-15 02:24 - 2014-05-17 14:41 - 00000000 ____D () C:\windows\system32\MRT
    2015-04-15 02:14 - 2014-05-17 14:40 - 128913832 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
    2015-04-14 23:59 - 2014-11-12 18:11 - 00017408 _____ (Microsoft Corporation) C:\windows\system32\wuaext.dll
    2015-04-14 19:44 - 2015-01-11 11:06 - 00000000 ____D () C:\Users\Hilary\Downloads\Miriam Makeba [1972] Pata Pata (Remastered LP-rip)
    2015-04-13 17:24 - 2015-03-16 09:55 - 00792056 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
    2015-04-13 17:24 - 2015-03-16 09:55 - 00178168 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
    2015-04-09 18:31 - 2014-05-19 10:45 - 00296960 ___SH () C:\Users\Hilary\Downloads\Thumbs.db
    2015-04-09 18:29 - 2015-01-28 17:09 - 00000000 ____D () C:\Users\Hilary\Downloads\Baby.Einstein[Baby Mozart]DVDRip[Eng]Xvid-10vol
    2015-04-08 12:44 - 2014-09-09 18:39 - 00002246 ____H () C:\Users\Hilary\Documents\Default.rdp
    2015-04-08 11:33 - 2013-08-22 09:36 - 00000000 ____D () C:\windows\system32\FxsTmp
    2015-04-08 11:16 - 2014-05-25 09:28 - 00000000 ____D () C:\Users\Hilary\AppData\Roaming\Nitro PDF
    2015-04-02 21:31 - 2014-05-14 16:27 - 00000000 ____D () C:\Users\Hilary
    2015-03-31 08:33 - 2014-10-05 20:02 - 00000992 _____ () C:\Users\Public\Desktop\AVG 2015.lnk
    2015-03-31 08:33 - 2014-10-05 20:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
    2015-03-27 15:23 - 2014-05-26 09:23 - 00000000 ____D () C:\Program Files\Adobe
    2015-03-27 13:22 - 2014-05-14 16:29 - 00000000 ____D () C:\Users\Hilary\AppData\Roaming\Adobe
    2015-03-27 13:22 - 2014-03-19 21:21 - 00000000 ____D () C:\ProgramData\Package Cache
    2015-03-27 13:19 - 2014-03-19 22:03 - 00000000 ____D () C:\Program Files (x86)\Adobe

    ==================== Files in the root of some directories =======

    2015-01-10 12:44 - 2015-01-10 12:49 - 0000854 _____ () C:\Users\Hilary\AppData\Local\7396d5af-93b3-4d36-bfec-04bbd1449761.dat
    2014-03-19 21:30 - 2014-03-19 21:30 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

    Some content of TEMP:
    ====================
    C:\Users\Hilary\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
    C:\Users\Hilary\AppData\Local\Temp\jre-8u31-windows-au.exe
    C:\Users\Hilary\AppData\Local\Temp\oct1ADC.tmp.exe
    C:\Users\Hilary\AppData\Local\Temp\oct274A.tmp.exe
    C:\Users\Hilary\AppData\Local\Temp\oct4237.tmp.exe
    C:\Users\Hilary\AppData\Local\Temp\oct84A4.tmp.exe
    C:\Users\Hilary\AppData\Local\Temp\octBE63.tmp.exe
    C:\Users\Hilary\AppData\Local\Temp\octD43D.tmp.exe
    C:\Users\Hilary\AppData\Local\Temp\octD557.tmp.exe
    C:\Users\Hilary\AppData\Local\Temp\octDD9A.tmp.exe
    C:\Users\Hilary\AppData\Local\Temp\SkypeSetup.exe
    C:\Users\Hilary\AppData\Local\Temp\uttE34D.tmp.exe


    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2015-04-15 02:06

    ==================== End Of Log ============================
     
  2. Hilary Lungu

    Hilary Lungu TS Rookie Topic Starter

    Here is the second part to the report:

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-04-2015
    Ran by Hilary at 2015-04-21 16:32:44
    Running from C:\Users\Hilary\Desktop
    Boot Mode: Normal
    ==========================================================


    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AV: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}

    ==================== Installed Programs ======================

    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    2cB7Cc6A75a (HKLM\...\{d1e17d14-cabc-4f6f-9f46-c7ecf813645e}.sdb) (Version: - )
    Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 15.0.0.356 - Adobe Systems Incorporated)
    Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 2.9.0.465 - Adobe Systems Incorporated)
    Adobe Illustrator CC (HKLM-x32\...\{F2321021-08A2-44D6-B1DF-BDB415F23EC3}) (Version: 17.0 - Adobe Systems Incorporated)
    Adobe Photoshop 7.0 (HKLM-x32\...\Adobe Photoshop 7.0) (Version: 7.0 - Adobe Systems, Inc.)
    Adobe Photoshop Lightroom 5.7.1 64-bit (HKLM\...\{BC86B82C-8C0E-4408-9AC1-6B0F2D636963}) (Version: 5.7.1 - Adobe Systems Incorporated)
    Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
    AMD Catalyst Install Manager (HKLM\...\{4FA5FECF-B537-2B14-1CA8-F6C9A5053281}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
    AMD Quick Stream (HKLM\...\{E9EED4AE-682B-4501-9574-D09A21717599}_is1) (Version: 3.4.4.2 - AppEx Networks)
    Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
    AVG 2015 (HKLM\...\AVG) (Version: 2015.0.5863 - AVG Technologies)
    AVG 2015 (Version: 15.0.4331 - AVG Technologies) Hidden
    AVG 2015 (Version: 15.0.5863 - AVG Technologies) Hidden
    AVG Web TuneUp (HKLM-x32\...\AVG Web TuneUp) (Version: 4.1.0.411 - AVG Technologies)
    BitTorrent (HKU\S-1-5-21-427269326-3713369890-2418317862-1002\...\BitTorrent) (Version: 7.9.2.38914 - BitTorrent Inc.)
    Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
    Citrix online plug-in - web (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 12.1.44.1 - Citrix Systems, Inc.)
    Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.65.3.53 - Conexant)
    CyberLink PhotoDirector 3 (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.1.4107 - CyberLink Corp.)
    CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.2810 - CyberLink Corp.)
    CyberLink PowerDirector 10 (Version: 10.0.0.2810 - CyberLink Corp.) Hidden
    Dolby Digital Plus Advanced Audio (HKLM\...\{B0BFC63F-EA07-419E-960B-3FB2ED5DD0B2}) (Version: 7.3.2.2 - Dolby Laboratories Inc)
    Energy Management (HKLM-x32\...\InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 8.0.2.14 - Lenovo)
    Energy Management (x32 Version: 8.0.2.14 - Lenovo) Hidden
    ExpressVPN v3.626 (HKLM-x32\...\ExpressVPN) (Version: v3.626 - ExpressVPN)
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 42.0.2311.90 - Google Inc.)
    Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
    Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
    Host App Service (HKU\S-1-5-21-427269326-3713369890-2418317862-1002\...\Pokki) (Version: 0.269.7.611 - Pokki)
    iCloud (HKLM\...\{6096C0CC-7E19-4355-87F0-627EC5AA146D}) (Version: 4.0.3.56 - Apple Inc.)
    iTunes (HKLM\...\{1CF5754A-545B-4360-BFDE-2847BC728DFC}) (Version: 11.2.0.115 - Apple Inc.)
    Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
    Lenovo EasyCamera (HKLM-x32\...\{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}) (Version: 6.2.9200.10240 - Realtek Semiconductor Corp.)
    Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.0.0.2105 - CyberLink Corp.)
    Lenovo OneKey Recovery (Version: 8.0.0.2105 - CyberLink Corp.) Hidden
    Lenovo Photos (HKLM-x32\...\Lenovo Photos) (Version: 4.8.5 - CEWE COLOR AG u Co. OHG)
    Lenovo pointing device (HKLM\...\Elantech) (Version: 11.4.25.1 - ELAN Microelectronic Corp.)
    Lenovo PowerDVD10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5630.52 - CyberLink Corp.)
    Lenovo PowerDVD10 (x32 Version: 10.0.5630.52 - CyberLink Corp.) Hidden
    Lenovo Reach (HKLM-x32\...\{0B5E0E89-4BCA-4035-BBA1-D1439724B6E2}) (Version: 1.1.0.166 - Stoneware, Inc.)
    Lenovo Solution Center (HKLM\...\{13BD494D-9ACD-420B-A291-E145DED92EF6}) (Version: 2.6.001.00 - Lenovo Group Limited)
    Lenovo VeriFace (HKLM\...\Lenovo VeriFace) (Version: 5.0.13.5261 - Lenovo)
    Malwarebytes Anti-Malware version 2.1.4.1018 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.4.1018 - Malwarebytes Corporation)
    Maxthon Cloud Browser (HKLM-x32\...\Maxthon3) (Version: 4.1.2.4000 - Maxthon International Limited)
    McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
    Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.31211.0 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
    Nitro Pro 8 (HKLM\...\{392C767D-4EE2-49B5-A3B4-A4C3AB6DC145}) (Version: 8.5.7.1 - Nitro)
    OEM Application Profile (HKLM-x32\...\{70D5F822-F4C4-33D9-7EEC-2A4AF4EA7BDC}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
    PDF Settings CC (x32 Version: 12.0 - Adobe Systems Incorporated) Hidden
    Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.0.10525 - CyberLink Corp.)
    Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.306 - Qualcomm Atheros Communications)
    Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
    Qualcomm Atheros Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.21 - Qualcomm Atheros Inc.)
    Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.39048 - Realtek Semiconductor Corp.)
    Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
    Start Menu (HKU\S-1-5-21-427269326-3713369890-2418317862-1002\...\Pokki_Start_Menu) (Version: 0.269.7.611 - Pokki)
    UserGuide (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 1.0.0.17 - Lenovo)
    UserGuide (x32 Version: 1.0.0.17 - Lenovo) Hidden
    Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
    Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
    Windows Driver Package - Lenovo (ACPIVPC) System (02/17/2013 9.52.0.776) (HKLM\...\35DD26BE48DAF4A9F35F969F3CB1E3E1435E661E) (Version: 02/17/2013 9.52.0.776 - Lenovo)
    Windows Driver Package - Lenovo (WUDFRd) LenovoVhid (07/25/2013 10.30.0.288) (HKLM\...\6BCA401E9CBEED970D75F55FA5320F60D11984E9) (Version: 07/25/2013 10.30.0.288 - Lenovo)

    ==================== Custom CLSID (selected items): ==========================

    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


    ==================== Restore Points =========================

    04-04-2015 08:01:41 Windows Update
    13-04-2015 09:58:07 Scheduled Checkpoint
    16-04-2015 17:21:46 Windows Update

    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2013-08-22 07:25 - 2013-08-22 07:25 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts

    ==================== Scheduled Tasks (whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

    Task: {045A5440-0254-4E71-B804-37A29B70D3A3} - System32\Tasks\Maxthon Update => C:\Program Files (x86)\Maxthon\Bin\mxup.exe [2013-08-01] (Maxthon International ltd.)
    Task: {05EC28A9-0641-4BFF-8930-B16DD9D68C06} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSCService.exe [2014-09-03] (Lenovo)
    Task: {1610FF72-732A-4CE6-93A8-71C19DF1A29F} - System32\Tasks\GenericSettingsHandler\Windows-Credentials\RetrySyncTask_for_S-1-5-21-427269326-3713369890-2418317862-1002
    Task: {2601209B-4F5A-47A7-B726-4249D4B965A2} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2014-09-03] ()
    Task: {2720A080-6717-4649-B1A9-7F3191BDB2AD} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
    Task: {284F76B9-2042-4AB9-8233-DF302D1DD424} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-05-16] (Google Inc.)
    Task: {3D261453-4FE7-4E3D-925A-4D7948EE8819} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2014-09-03] (Lenovo)
    Task: {4FD0653C-EFC4-4383-9BB6-4E6BDE6B8868} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-23] (Microsoft Corporation)
    Task: {67C50AA5-DE76-44E2-ADCD-ED0EC3FF9CD3} - System32\Tasks\OFFICE2013ACT => C:\ProgramData\Office2013\OFFICEICON.vbs [2013-06-03] ()
    Task: {79A3D485-5452-4706-AC95-A7EDD11F6FFB} - System32\Tasks\PDVDServ Task => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.EXE [2013-03-08] (CyberLink Corp.)
    Task: {7C9F22CE-5FE2-47FA-9165-E0D0218A54F3} - System32\Tasks\Lenovo\LSC\Lenovo Solution Center Notifications => C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe [2014-09-03] (Lenovo)
    Task: {7F810EE8-8CEE-403F-9906-CDF792D405F5} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-23] (Microsoft Corporation)
    Task: {869CFAD4-D9F6-4A7E-AE5F-14504FC8C4F6} - System32\Tasks\Lenovo\LSC\Time72Task => C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCService.exe [2014-09-03] (Lenovo)
    Task: {8BC12DEB-1B8D-442A-AC86-B9EE3C43A580} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-23] (Microsoft Corporation)
    Task: {90837F4B-FC19-4293-9C8F-58639ECCEA18} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-23] (Microsoft Corporation)
    Task: {95665855-362C-4F01-AB5C-6261E8943E1C} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\windows\system32\MRT.exe [2015-04-15] (Microsoft Corporation)
    Task: {BD5ABF9E-4510-4808-8264-2629F29A3ED7} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
    Task: {BF523D66-3117-461B-92B3-6D318232B9C4} - System32\Tasks\Lenovo\LSC\RebootCountTask => C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCService.exe [2014-09-03] (Lenovo)
    Task: {EE84CE09-BF14-44F7-9613-75D95C8D5FFB} - System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-hilarylungu@hotmail.com => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2014-09-19] (Adobe Systems Incorporated)
    Task: {F90FA68E-563A-43F5-BE61-045065A07658} - System32\Tasks\GoogleUpdateTaskMachineUA1cf9484db10ee9c => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-05-16] (Google Inc.)
    Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA1cf9484db10ee9c.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

    ==================== Loaded Modules (whitelisted) ==============

    2015-03-16 10:10 - 2015-03-16 10:09 - 00620056 ____N () C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe
    2013-10-14 06:52 - 2013-10-14 06:52 - 00127488 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
    2014-03-19 22:01 - 2012-04-24 04:43 - 00390632 ____N () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
    2014-03-19 22:15 - 2014-03-19 22:15 - 00068368 _____ () C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe
    2014-03-19 22:15 - 2014-03-19 22:15 - 00669288 _____ () C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfDataStorageInterface.dll
    2015-03-16 10:10 - 2015-03-16 10:09 - 00159768 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.4.0\loggingserver.exe
    2014-12-19 15:57 - 2014-12-19 15:57 - 01039008 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
    2013-09-25 04:04 - 2013-09-25 04:04 - 00011264 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
    2013-09-25 04:01 - 2013-09-25 04:01 - 00086016 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\Map\MAP.dll
    2013-09-25 04:08 - 2013-09-25 04:08 - 00012928 _____ () C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
    2015-03-16 10:10 - 2015-03-16 10:09 - 03033112 _____ () C:\Program Files (x86)\AVG Web TuneUp\vprot.exe
    2014-12-19 15:57 - 2014-12-19 15:57 - 05979808 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
    2014-04-23 16:05 - 2014-04-23 16:05 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
    2014-04-23 16:04 - 2014-04-23 16:04 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
    2015-03-16 10:10 - 2015-03-16 10:09 - 00519704 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.4.0\log4cplusU.dll
    2015-01-07 21:27 - 2015-01-07 21:27 - 36730032 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CEF\libcef.dll
    2015-03-16 10:10 - 2015-03-16 10:09 - 01711128 _____ () C:\Program Files (x86)\AVG Web TuneUp\TBAPI.dll
    2015-03-16 10:10 - 2015-03-16 10:09 - 40630296 _____ () C:\Program Files (x86)\AVG Web TuneUp\libcef.dll
    2015-01-03 22:06 - 2015-01-03 22:06 - 00569856 _____ () C:\Users\Hilary\AppData\Local\Pokki\Engine\ppGoogleNaClPluginChrome.dll
    2015-01-03 22:06 - 2015-01-03 22:06 - 01400846 _____ () C:\Users\Hilary\AppData\Local\Pokki\Engine\avcodec-54.dll
    2015-01-03 22:06 - 2015-01-03 22:06 - 00151054 _____ () C:\Users\Hilary\AppData\Local\Pokki\Engine\avutil-51.dll
    2015-01-03 22:06 - 2015-01-03 22:06 - 00222734 _____ () C:\Users\Hilary\AppData\Local\Pokki\Engine\avformat-54.dll

    ==================== Alternate Data Streams (whitelisted) =========

    (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

    AlternateDataStreams: C:\Windows:nlsPreferences
    AlternateDataStreams: C:\Users\Hilary\SkyDrive:ms-properties

    ==================== Safe Mode (whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""

    ==================== EXE Association (whitelisted) ===============

    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, the associated entry will be removed from the registry.)

    IE trusted site: HKU\S-1-5-21-427269326-3713369890-2418317862-1002\...\bluera.ca -> hxxps://portal.bluera.ca


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-427269326-3713369890-2418317862-1002\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Theme2\img11.jpg
    DNS Servers: 10.14.0.1

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (Currently there is no automatic fix for this section.)


    ==================== Accounts: =============================

    Administrator (S-1-5-21-427269326-3713369890-2418317862-500 - Administrator - Disabled)
    Guest (S-1-5-21-427269326-3713369890-2418317862-501 - Limited - Disabled)
    Hilary (S-1-5-21-427269326-3713369890-2418317862-1002 - Administrator - Enabled) => C:\Users\Hilary
    HomeGroupUser$ (S-1-5-21-427269326-3713369890-2418317862-1004 - Limited - Enabled)

    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (04/21/2015 03:56:34 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: chrome.exe, version: 42.0.2311.90, time stamp: 0x552c2225
    Faulting module name: chrome.dll, version: 42.0.2311.90, time stamp: 0x552c1dea
    Exception code: 0x80000003
    Fault offset: 0x0051f9eb
    Faulting process id: 0x1ff8
    Faulting application start time: 0xchrome.exe0
    Faulting application path: chrome.exe1
    Faulting module path: chrome.exe2
    Report Id: chrome.exe3
    Faulting package full name: chrome.exe4
    Faulting package-relative application ID: chrome.exe5

    Error: (04/21/2015 03:56:16 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 10625

    Error: (04/21/2015 03:56:16 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 10625

    Error: (04/21/2015 03:56:16 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second

    Error: (04/21/2015 07:45:31 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: wfcrun32.exe, version: 12.1.44.1, time stamp: 0x4db51380
    Faulting module name: ntdll.dll, version: 6.3.9600.17736, time stamp: 0x550f42c2
    Exception code: 0xc0000005
    Fault offset: 0x00018ad9
    Faulting process id: 0xef8
    Faulting application start time: 0xwfcrun32.exe0
    Faulting application path: wfcrun32.exe1
    Faulting module path: wfcrun32.exe2
    Report Id: wfcrun32.exe3
    Faulting package full name: wfcrun32.exe4
    Faulting package-relative application ID: wfcrun32.exe5

    Error: (04/20/2015 10:14:06 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program LiveComm.exe version 17.5.9600.20689 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

    Process ID: cf0

    Start Time: 01d07be583765a2c

    Termination Time: 4294967295

    Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe

    Report Id: d0a37900-e7d9-11e4-828b-28e34785731e

    Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe

    Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1

    Error: (04/20/2015 09:33:42 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program wwahost.exe version 6.3.9600.17415 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

    Process ID: 658

    Start Time: 01d07be33dde8108

    Termination Time: 4294967295

    Application Path: C:\windows\syswow64\wwahost.exe

    Report Id: 32bb646a-e7d7-11e4-828b-28e34785731e

    Faulting package full name: Microsoft.SkypeApp_3.1.0.1007_x86__kzf8qxf38zg5c

    Faulting package-relative application ID: App

    Error: (04/20/2015 09:25:00 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: wfcrun32.exe, version: 12.1.44.1, time stamp: 0x4db51380
    Faulting module name: ntdll.dll, version: 6.3.9600.17736, time stamp: 0x550f42c2
    Exception code: 0xc0000005
    Fault offset: 0x00018ad9
    Faulting process id: 0x1544
    Faulting application start time: 0xwfcrun32.exe0
    Faulting application path: wfcrun32.exe1
    Faulting module path: wfcrun32.exe2
    Report Id: wfcrun32.exe3
    Faulting package full name: wfcrun32.exe4
    Faulting package-relative application ID: wfcrun32.exe5

    Error: (04/20/2015 09:19:36 AM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2005) (User: NT AUTHORITY)
    Description: There was an error communicating to the Orion DCS server

    Error: (04/20/2015 09:15:56 AM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2005) (User: NT AUTHORITY)
    Description: There was an error communicating to the Orion DCS server


    System errors:
    =============
    Error: (04/21/2015 03:59:27 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
    Description: The Superfetch service terminated with the following error:
    %%1062

    Error: (04/21/2015 07:46:26 AM) (Source: DCOM) (EventID: 10010) (User: POOPSICLE)
    Description: {D085A4AB-CAB1-4729-9DF8-FCEEDDBD19E4}

    Error: (04/20/2015 09:14:00 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
    Description: The Superfetch service terminated with the following error:
    %%1062

    Error: (04/20/2015 09:33:13 AM) (Source: DCOM) (EventID: 10005) (User: POOPSICLE)
    Description: 1084WSearchUnavailable{9E175B68-F52A-11D8-B9A5-505054503030}

    Error: (04/20/2015 09:33:12 AM) (Source: DCOM) (EventID: 10005) (User: POOPSICLE)
    Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}

    Error: (04/20/2015 09:32:58 AM) (Source: DCOM) (EventID: 10005) (User: POOPSICLE)
    Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}

    Error: (04/20/2015 09:32:48 AM) (Source: DCOM) (EventID: 10005) (User: POOPSICLE)
    Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}

    Error: (04/20/2015 09:32:38 AM) (Source: DCOM) (EventID: 10005) (User: POOPSICLE)
    Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}

    Error: (04/20/2015 09:32:11 AM) (Source: DCOM) (EventID: 10005) (User: POOPSICLE)
    Description: 1084WSearchUnavailable{9E175B6D-F52A-11D8-B9A5-505054503030}

    Error: (04/20/2015 09:32:11 AM) (Source: DCOM) (EventID: 10005) (User: POOPSICLE)
    Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}


    Microsoft Office Sessions:
    =========================
    Error: (04/21/2015 03:56:34 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: chrome.exe42.0.2311.90552c2225chrome.dll42.0.2311.90552c1dea800000030051f9eb1ff801d07c7e04645850C:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\42.0.2311.90\chrome.dll466b9088-e871-11e4-828c-28e34785731e

    Error: (04/21/2015 03:56:16 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 10625

    Error: (04/21/2015 03:56:16 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 10625

    Error: (04/21/2015 03:56:16 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second

    Error: (04/21/2015 07:45:31 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: wfcrun32.exe12.1.44.14db51380ntdll.dll6.3.9600.17736550f42c2c000000500018ad9ef801d07c396eca8faeC:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exeC:\windows\SYSTEM32\ntdll.dllad1fe83b-e82c-11e4-828c-28e34785731e

    Error: (04/20/2015 10:14:06 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: LiveComm.exe17.5.9600.20689cf001d07be583765a2c4294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exed0a37900-e7d9-11e4-828b-28e34785731emicrosoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1

    Error: (04/20/2015 09:33:42 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: wwahost.exe6.3.9600.1741565801d07be33dde81084294967295C:\windows\syswow64\wwahost.exe32bb646a-e7d7-11e4-828b-28e34785731eMicrosoft.SkypeApp_3.1.0.1007_x86__kzf8qxf38zg5cApp

    Error: (04/20/2015 09:25:00 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: wfcrun32.exe12.1.44.14db51380ntdll.dll6.3.9600.17736550f42c2c000000500018ad9154401d07b7e23ef1c76C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exeC:\windows\SYSTEM32\ntdll.dll683a2bb2-e771-11e4-8287-28e34785731e

    Error: (04/20/2015 09:19:36 AM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2005) (User: NT AUTHORITY)
    Description: -2147012889

    Error: (04/20/2015 09:15:56 AM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2005) (User: NT AUTHORITY)
    Description: -2147012889


    ==================== Memory info ===========================

    Processor: AMD A10-5750M APU with Radeon(tm) HD Graphics
    Percentage of memory in use: 33%
    Total physical RAM: 5327.26 MB
    Available physical RAM: 3549.89 MB
    Total Pagefile: 6287.26 MB
    Available Pagefile: 4474.71 MB
    Total Virtual: 131072 MB
    Available Virtual: 131071.8 MB

    ==================== Drives ================================

    Drive c: (Windows8_OS) (Fixed) (Total:891.95 GB) (Free:559.88 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:22.07 GB) NTFS
    Drive e: (ExtremeRipped01) (CDROM) (Total:3.94 GB) (Free:0 GB) UDF
    Drive f: (Lexar) (Removable) (Total:7.45 GB) (Free:5.28 GB) FAT32

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (Size: 931.5 GB) (Disk ID: 495515E2)

    Partition: GPT Partition Type.

    ========================================================
    Disk: 1 (MBR Code: Windows XP) (Size: 7.5 GB) (Disk ID: C3072E18)
    Partition 1: (Not Active) - (Size=7.5 GB) - (Type=0C)

    ==================== End Of Log ============================
     
  3. Broni

    Broni Malware Annihilator Posts: 52,884   +344

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ============================

    [​IMG] Are you posting from some other computer since you don't have connection?

    [​IMG] Uninstall McAfee Security Scan Plus, typical foistware.

    [​IMG] Download RogueKiller from one of the following links and save it to your Desktop:

    Link 1
    Link 2

    • Close all the running programs
    • Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    [​IMG] Please download Malwarebytes Anti-Malware (MBAM) to your desktop.
    NOTE. If you already have MBAM 2.0 installed scroll down.

    • Double-click mbam-setup-2.0.0.1000.exe and follow the prompts to install the program.
    • At the end, be sure a checkmark is placed next to the following:
      • Launch Malwarebytes Anti-Malware
      • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
    • Click Finish.
    • On the Dashboard, click the 'Update Now >>' link
    • After the update completes, click the 'Scan Now >>' button.
    • Or, on the Dashboard, click the Scan Now >> button.
    • If an update is available, click the Update Now button.
    • A Threat Scan will begin.
    • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
    • In most cases, a restart will be required.
    • Wait for the prompt to restart the computer to appear, then click on Yes.


    If you already have MBAM 2.0 installed:

    • On the Dashboard, click the 'Update Now >>' link
    • After the update completes, click the 'Scan Now >>' button.
    • Or, on the Dashboard, click the Scan Now >> button.
    • If an update is available, click the Update Now button.
    • A Threat Scan will begin.
    • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
    • In most cases, a restart will be required.
    • Wait for the prompt to restart the computer to appear, then click on Yes.

    How to get logs:
    (Export log to save as txt)


    • After the restart once you are back at your desktop, open MBAM once more.
    • Click on the History tab > Application Logs.
    • Double click on the Scan Log which shows the Date and time of the scan just performed.
    • Click 'Export'.
    • Click 'Text file (*.txt)'
    • In the Save File dialog box which appears, click on Desktop.
    • In the File name: box type a name for your scan log.
    • A message box named 'File Saved' should appear stating "Your file has been successfully exported".
    • Click Ok
    • Attach that saved log to your next reply.


    (Copy to clipboard for pasting into forum replies or tickets)

    • After the restart once you are back at your desktop, open MBAM once more.
    • Click on the History tab > Application Logs.
    • Double click on the Scan Log which shows the Date and time of the scan just performed.
    • Click 'Copy to Clipboard'
    • Paste the contents of the clipboard into your reply.

    [​IMG] Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Scan button.
    • When the scan has finished click on Clean button.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.

    [​IMG] Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...