Jump to content

Virus from Tusfiles


Recommended Posts

I clicked on a download link from tusfiles which deleted all my google chrome extensions, and won't let me redownload them, or anything else from the google chrome store. I downloaded/ran malwarebytes, which didn't detect the virus at all, so I'll just follow the instructions on the pinned post... Thank you!

 

 

Link to post
Share on other sites

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-01-2015
Ran by angel_000 (administrator) on CELLOANGELNINJA on 20-01-2015 00:40:28
Running from C:\Users\angel_000\Downloads
Loaded Profiles: angel_000 (Available profiles: Angel & angel_000)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files (x86)\DELL\DELLOSD\DellOSDService.exe
(DELL INC.) C:\Program Files (x86)\DELL\DELLOSD\MediaButtons.exe
(Freemake) C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(DELL INC.) C:\Program Files (x86)\DELL\DELLOSD\DELLOSD.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(SoftEther VPN Project at University of Tsukuba, Japan.) C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe
() C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudService.exe
(Microsoft Corporation) C:\Windows\System32\InputMethod\KOR\KorIME.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesApp64.exe
(Atheros) C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunes.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Qualcomm Atheros) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtTray.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(SoftEther VPN Project at University of Tsukuba, Japan.) C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
(Spotify Ltd) C:\Users\angel_000\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(SoftEther VPN Project at University of Tsukuba, Japan.) C:\Program Files\SoftEther VPN Client\vpncmgr_x64.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe
(Microsoft Corporation) C:\Windows\SysWOW64\WWAHost.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Toaster.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Components\DBRUpdate\DBRUpd.exe
() C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRCrawler.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\nacl64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\nacl64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [btTray] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtTray.exe [763520 2012-08-08] (Qualcomm Atheros)
HKLM\...\Run: [btvStack] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe [127616 2012-08-08] (Qualcomm Atheros Commnucations)
HKLM\...\Run: [softEther VPN Client UI Helper] => C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe [4352568 2014-07-16] (SoftEther VPN Project at University of Tsukuba, Japan.)
HKLM-x32\...\Run: [iAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [285240 2012-09-01] (Intel Corporation)
HKLM-x32\...\Run: [iMSS] => C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe [133440 2012-07-20] (Intel Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [mobilegeni daemon] => C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-09-01] (Apple Inc.)
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] => C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe [54072 2014-11-21] (Malwarebytes Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3185498996-4193421974-3688649314-1002\...\Run: [iCloudServices] => C:\iCloudServices.exe
HKU\S-1-5-21-3185498996-4193421974-3688649314-1002\...\Run: [ApplePhotoStreams] => C:\ApplePhotoStreams.exe
HKU\S-1-5-21-3185498996-4193421974-3688649314-1002\...\Run: [skyDrive] => C:\Users\angel_000\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe [277672 2014-10-09] (Microsoft Corporation)
HKU\S-1-5-21-3185498996-4193421974-3688649314-1002\...\Run: [Google Update] => C:\Users\angel_000\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-12-17] (Google Inc.)
HKU\S-1-5-21-3185498996-4193421974-3688649314-1002\...\Run: [GoogleChromeAutoLaunch_900F9CC4B4D22051D48B527451FDF944] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [856904 2015-01-08] (Google Inc.)
HKU\S-1-5-21-3185498996-4193421974-3688649314-1002\...\Run: [spotify Web Helper] => C:\Users\angel_000\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1676344 2014-12-26] (Spotify Ltd)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SoftEther VPN Client Manager Startup.lnk
ShortcutTarget: SoftEther VPN Client Manager Startup.lnk -> C:\Program Files\SoftEther VPN Client\vpncmgr_x64.exe (SoftEther VPN Project at University of Tsukuba, Japan.)
Startup: C:\Users\Angel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Officejet 4620 series.lnk
ShortcutTarget: Monitor Ink Alerts - HP Officejet 4620 series.lnk -> C:\Program Files\HP\HP Officejet 4620 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKU\S-1-5-21-3185498996-4193421974-3688649314-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://dell13.msn.com
SearchScopes: HKLM-x32 -> DefaultScope value is missing.
DPF: HKLM-x32 {6CE20149-ABE3-462E-A1B4-5B549971AA38} C:\Users\angel_000\Downloads\TouchEnKey_Installer.exe
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @softforum.com/npKeyPro -> C:\WINDOWS\system32\npKeyPro.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin HKU\S-1-5-21-3185498996-4193421974-3688649314-1002: @talk.google.com/GoogleTalkPlugin -> C:\Users\angel_000\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKU\S-1-5-21-3185498996-4193421974-3688649314-1002: @talk.google.com/O1DPlugin -> C:\Users\angel_000\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKU\S-1-5-21-3185498996-4193421974-3688649314-1002: @tools.google.com/Google Update;version=3 -> C:\Users\angel_000\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-3185498996-4193421974-3688649314-1002: @tools.google.com/Google Update;version=9 -> C:\Users\angel_000\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-3185498996-4193421974-3688649314-1002: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\angel_000\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Users\angel_000\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\angel_000\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\angel_000\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Theme Creator) - C:\Users\angel_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\akpelnjfckgfiplcikojhomllgombffc [2014-03-27]
CHR Extension: (Google Drive) - C:\Users\angel_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-03-27]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\angel_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-23]
CHR Extension: (YouTube) - C:\Users\angel_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-03-27]
CHR Extension: (Google Search) - C:\Users\angel_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-03-27]
CHR Extension: (No Name) - C:\Users\angel_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlppkpafhbajpcmmoheippocdidnckmm [2015-01-19]
CHR Extension: (No Name) - C:\Users\angel_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-01-19]
CHR Extension: (No Name) - C:\Users\angel_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijfecbiladpinddbjfodaaiahggomhaf [2015-01-20]
CHR Extension: (No Name) - C:\Users\angel_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcnhkahnjcbndmmehfkdnkjomaanaooo [2015-01-19]
CHR Extension: (Google Wallet) - C:\Users\angel_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
CHR HKLM-x32\...\Chrome\Extension: [jbolfgndggfhhpbnkgnpjkfhinclbigj] - C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Chrome\Freemake.Plugin.Chrome.crx [Not Found]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AtherosSvc; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [211072 2012-08-08] (Qualcomm Atheros Commnucations)
R2 Dell WMI Service; C:\Program Files (x86)\DELL\DELLOSD\DellOSDService.exe [73728 2012-08-01] () [File not signed]
R2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [101888 2013-09-10] (Freemake) [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-07-20] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 SEVPNCLIENT; C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe [4352568 2014-07-16] (SoftEther VPN Project at University of Tsukuba, Japan.)
R2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\sftservice.exe [1915480 2013-05-23] (SoftThinks SAS)
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe [2401632 2012-11-29] (TuneUp Software)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-21] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-21] (Microsoft Corporation)
R2 WysePocketCloud; C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudService.exe [16176 2013-06-21] ()
R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [77824 2012-08-07] (Atheros) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [76952 2012-08-08] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R3 FintekCIR; C:\Windows\system32\DRIVERS\FintekCIR.sys [33128 2012-06-07] (Fintek)
R3 JRSUKD25; C:\WINDOWS\system32\JRSUKD25.SYS [19016 2014-11-13] (Soft Security Corporation)
U0 jvlulkuv; C:\Windows\System32\drivers\ljvfyx.sys [79064 2015-01-20] (Malwarebytes Corporation)
S3 kcrtx64; C:\WINDOWS\system32\kcrtx64.sys [141848 2014-11-13] (Kings Information & Network)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-19] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2014-11-21] (Malwarebytes Corporation)
S3 Neo_VPN; C:\Windows\system32\DRIVERS\Neo_VPN.sys [28768 2014-07-16] (SoftEther VPN Project at University of Tsukuba, Japan.)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-21] (Microsoft Corporation)
S3 EagleX64; \??\C:\WINDOWS\system32\drivers\EagleX64.sys [X]
S3 IntcAzAudAddService; \SystemRoot\system32\drivers\RTKVHD64.sys [X]
S3 JRSKD24; \??\C:\WINDOWS\system32\JRSKD24.SYS [X]
S3 TuneUpUtilitiesDrv; \??\C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-20 00:40 - 2015-01-20 00:40 - 00018141 _____ () C:\Users\angel_000\Downloads\FRST.txt
2015-01-20 00:40 - 2015-01-20 00:40 - 00000000 ____D () C:\FRST
2015-01-20 00:39 - 2015-01-20 00:40 - 02126848 _____ (Farbar) C:\Users\angel_000\Downloads\FRST64.exe
2015-01-20 00:23 - 2015-01-20 00:23 - 00079064 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\ljvfyx.sys
2015-01-19 23:55 - 2015-01-19 23:55 - 00001120 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-01-19 23:55 - 2015-01-19 23:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-01-19 23:24 - 2015-01-19 23:57 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-01-19 23:24 - 2015-01-19 23:55 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-01-19 23:24 - 2015-01-19 23:24 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-19 23:24 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-01-19 23:24 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-01-19 23:24 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-01-19 23:22 - 2015-01-19 23:22 - 00003250 _____ () C:\WINDOWS\System32\Tasks\{2D0B9695-B9ED-43F0-BC05-222D6EFACC0D}
2015-01-19 23:21 - 2015-01-19 23:21 - 00000000 ____D () C:\ProgramData\ce62398100007500
2015-01-19 23:18 - 2015-01-19 23:20 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\angel_000\Downloads\mbam-setup-2-0-3-1025.exe
2015-01-19 22:50 - 2015-01-19 22:50 - 00000000 ____D () C:\ProgramData\14314028360431792611
2015-01-19 22:50 - 2015-01-19 22:50 - 00000000 ____D () C:\Program Files (x86)\uinisaless
2015-01-19 22:49 - 2015-01-19 22:49 - 00000000 ____D () C:\ProgramData\mpdmeeliomfdhlnhnnpdcihakjcoebjm
2015-01-15 22:23 - 2015-01-15 22:23 - 00000000 ____D () C:\Users\angel_000\Downloads\various_artists_-_pinocchio_ost_[www.k2nblog.com]
2015-01-15 22:17 - 2015-01-15 22:22 - 131061715 _____ () C:\Users\angel_000\Downloads\various_artists_-_pinocchio_ost_[www.k2nblog.com].rar
2015-01-15 21:17 - 2015-01-15 21:21 - 116654112 _____ () C:\Users\angel_000\Downloads\Various Artists - Pinocchio OST [www.k2nblog.com].7z
2015-01-13 14:33 - 2014-12-19 00:26 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys
2015-01-13 14:33 - 2014-12-11 20:04 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWbPrxy.exe
2015-01-13 14:33 - 2014-12-11 18:51 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys
2015-01-13 14:33 - 2014-12-08 19:50 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2015-01-13 14:33 - 2014-12-08 13:42 - 00535640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2015-01-13 14:33 - 2014-12-08 13:42 - 00531616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2015-01-13 14:33 - 2014-12-08 13:42 - 00448792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2015-01-13 14:33 - 2014-12-08 13:42 - 00413248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2015-01-13 14:33 - 2014-12-08 13:42 - 00372408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2015-01-13 14:33 - 2014-12-08 13:42 - 00108944 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll
2015-01-13 14:33 - 2014-12-08 13:42 - 00038264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
2015-01-13 14:33 - 2014-12-08 13:42 - 00033584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe
2015-01-13 14:33 - 2014-12-05 21:17 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll
2015-01-13 14:33 - 2014-12-05 19:41 - 00391680 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll
2015-01-13 14:33 - 2014-12-05 19:35 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2015-01-13 14:33 - 2014-10-28 22:00 - 00465320 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2015-01-13 14:33 - 2014-10-28 22:00 - 00139984 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2015-01-13 14:33 - 2014-10-28 21:52 - 00500016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2015-01-13 14:33 - 2014-10-28 21:52 - 00482872 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2015-01-13 14:33 - 2014-10-28 21:52 - 00394120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2015-01-13 14:33 - 2014-10-28 21:52 - 00272248 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2015-01-13 14:33 - 2014-10-28 21:12 - 00413136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2015-01-13 14:33 - 2014-10-28 21:12 - 00136296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2015-01-13 14:33 - 2014-10-28 21:07 - 00424544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2015-01-13 14:33 - 2014-10-28 21:07 - 00370424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2015-01-13 14:33 - 2014-10-28 21:07 - 00344536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2015-01-13 14:33 - 2014-10-28 20:44 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\system32\werdiagcontroller.dll
2015-01-13 14:33 - 2014-10-28 19:59 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werdiagcontroller.dll
2015-01-13 14:33 - 2014-10-28 19:24 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlaapi.dll
2015-01-13 14:33 - 2014-10-28 19:02 - 00911360 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2015-01-13 14:33 - 2014-10-28 19:01 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nlaapi.dll
2015-01-12 21:08 - 2015-01-12 21:08 - 00000000 ____D () C:\Users\angel_000\Downloads\Lee Seung Gi - Lee Seung Gi~THE BEST~ (320k)
2015-01-12 20:40 - 2015-01-12 21:03 - 141716797 _____ () C:\Users\angel_000\Downloads\Lee Seung Gi - Lee Seung Gi~THE BEST~ (320k).rar
2015-01-06 21:51 - 2015-01-06 22:47 - 00003142 _____ () C:\WINDOWS\System32\Tasks\PCDoctorBackgroundMonitorTask-Retry
2014-12-31 21:18 - 2014-12-31 21:19 - 00000000 ____D () C:\Users\angel_000\Downloads\Various Artists - Misaeng OST [www.k2nblog.com]
2014-12-31 21:10 - 2014-12-31 21:16 - 158970977 _____ () C:\Users\angel_000\Downloads\Various Artists - Misaeng OST [www.k2nblog.com].7z
2014-12-26 21:06 - 2014-12-26 21:06 - 00000000 ____D () C:\Users\angel_000\Downloads\I-F-K2N-full
2014-12-26 21:03 - 2014-12-26 21:06 - 28721627 _____ () C:\Users\angel_000\Downloads\I-F-K2N-full.7z
2014-12-26 19:41 - 2015-01-13 00:10 - 00000000 ____D () C:\Users\angel_000\AppData\Local\Spotify
2014-12-26 19:41 - 2014-12-26 19:41 - 00001835 _____ () C:\Users\angel_000\Desktop\Spotify.lnk
2014-12-26 19:41 - 2014-12-26 19:41 - 00001821 _____ () C:\Users\angel_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2014-12-26 19:38 - 2015-01-13 00:16 - 00000000 ____D () C:\Users\angel_000\AppData\Roaming\Spotify
2014-12-26 19:37 - 2014-12-26 19:38 - 00137888 _____ (Spotify Ltd) C:\Users\angel_000\Downloads\SpotifySetup.exe
2014-12-25 17:42 - 2014-12-25 17:42 - 00000000 ____D () C:\Users\angel_000\Downloads\EXO - EXOLOGY CHAPTER 1 THE LOST PLANET CD 2 [www.k2nblog.com]
2014-12-25 17:42 - 2014-12-25 17:42 - 00000000 ____D () C:\Users\angel_000\Downloads\EXO - EXOLOGY CHAPTER 1 THE LOST PLANET CD 1 [www.k2nblog.com]
2014-12-25 17:32 - 2014-12-25 17:41 - 120904204 _____ () C:\Users\angel_000\Downloads\EXO - EXOLOGY CHAPTER 1 THE LOST PLANET CD 2 [www.k2nblog.com].7z
2014-12-25 17:32 - 2014-12-25 17:39 - 131585309 _____ () C:\Users\angel_000\Downloads\EXO - EXOLOGY CHAPTER 1 THE LOST PLANET CD 1 [www.k2nblog.com].7z

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-20 00:34 - 2014-01-28 23:49 - 01920010 _____ () C:\WINDOWS\WindowsUpdate.log
2015-01-20 00:30 - 2013-08-14 14:43 - 00000938 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-20 00:30 - 2013-08-14 14:43 - 00000934 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-20 00:23 - 2013-09-14 14:28 - 00000000 ____D () C:\Users\angel_000\AppData\Local\CRE
2015-01-20 00:01 - 2013-08-14 16:40 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3185498996-4193421974-3688649314-1002
2015-01-20 00:00 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-01-19 23:57 - 2013-05-18 00:03 - 00000000 ____D () C:\Program Files (x86)\Dell Backup and Recovery
2015-01-19 23:51 - 2013-08-27 20:54 - 00000000 ___DO () C:\Users\angel_000\SkyDrive
2015-01-19 23:50 - 2014-07-16 13:16 - 00000000 ____D () C:\Program Files\SoftEther VPN Client
2015-01-19 23:49 - 2013-11-14 01:20 - 00671716 _____ () C:\WINDOWS\PFRO.log
2015-01-19 23:49 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\Performance
2015-01-19 23:49 - 2013-08-22 08:46 - 00336226 _____ () C:\WINDOWS\setupact.log
2015-01-19 23:49 - 2013-08-22 08:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-01-19 23:48 - 2014-02-12 20:23 - 00000000 ____D () C:\Users\angel_000\AppData\Local\genienext
2015-01-19 23:48 - 2013-09-14 14:29 - 00000000 ____D () C:\ProgramData\Conduit
2015-01-19 23:48 - 2013-08-22 07:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI
2015-01-19 23:46 - 2013-12-17 21:03 - 00000956 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3185498996-4193421974-3688649314-1002UA.job
2015-01-19 23:20 - 2013-09-07 18:18 - 00000000 ____D () C:\Users\angel_000\AppData\Roaming\BitTorrent
2015-01-19 23:05 - 2013-08-22 09:36 - 00000000 __RHD () C:\Users\Public\Libraries
2015-01-19 00:46 - 2013-12-17 21:03 - 00000904 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3185498996-4193421974-3688649314-1002Core.job
2015-01-17 22:35 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-01-17 12:43 - 2013-08-14 14:55 - 00000000 ____D () C:\RADS
2015-01-16 22:31 - 2013-08-14 14:45 - 00002205 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-01-14 22:42 - 2013-08-15 13:21 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-01-14 22:35 - 2013-08-15 13:21 - 113365784 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-01-13 20:39 - 2012-07-26 01:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-01-05 18:08 - 2014-08-17 12:36 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-01-05 18:08 - 2014-08-17 12:36 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-01 23:48 - 2013-11-14 01:28 - 00865408 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-12-31 05:14 - 2013-09-17 21:08 - 00298120 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe

==================== Files in the root of some directories =======
2014-01-14 17:23 - 2014-01-14 17:23 - 4216840 _____ (Microsoft Corporation) C:\Program Files (x86)\Common Files\vcredist.exe
2013-12-10 05:17 - 2013-12-10 05:17 - 0000046 _____ () C:\Users\angel_000\AppData\Roaming\Camdata.ini
2013-12-10 05:17 - 2013-12-10 05:17 - 0000408 _____ () C:\Users\angel_000\AppData\Roaming\CamLayout.ini
2013-12-10 05:17 - 2013-12-10 05:17 - 0000408 _____ () C:\Users\angel_000\AppData\Roaming\CamShapes.ini
2013-12-10 03:25 - 2013-12-10 03:26 - 0004535 _____ () C:\Users\angel_000\AppData\Roaming\CamStudio.cfg
2013-12-09 23:21 - 2013-12-09 23:21 - 0000096 _____ () C:\Users\angel_000\AppData\Roaming\version2.xml
2013-10-13 20:43 - 2013-10-13 20:43 - 0003584 _____ () C:\Users\angel_000\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-08-14 15:55 - 2013-08-14 15:55 - 0000057 _____ () C:\ProgramData\Ament.ini
2014-02-12 20:34 - 2014-02-12 20:34 - 0000032 _____ () C:\ProgramData\Temp.log
2013-05-18 00:03 - 2013-05-18 00:03 - 0000119 _____ () C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log
2013-05-17 23:59 - 2013-05-18 00:00 - 0000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log
2013-05-18 00:00 - 2013-05-18 00:01 - 0000111 _____ () C:\ProgramData\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}.log
2013-05-17 23:59 - 2013-05-17 23:59 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
2013-05-18 00:02 - 2013-05-18 00:02 - 0000108 _____ () C:\ProgramData\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}.log

Some content of TEMP:
====================
C:\Users\angel_000\AppData\Local\Temp\2DfbbF6A.exe
C:\Users\angel_000\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\angel_000\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe
C:\Users\angel_000\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\angel_000\AppData\Local\Temp\NGMDll.dll
C:\Users\angel_000\AppData\Local\Temp\NGMResource.dll
C:\Users\angel_000\AppData\Local\Temp\unicows.dll
C:\Users\angel_000\AppData\Local\Temp\vcredist_x64.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-14 22:35

==================== End Of Log ============================

Link to post
Share on other sites

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-01-2015
Ran by angel_000 at 2015-01-20 00:41:16
Running from C:\Users\angel_000\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version: - )
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 15.0.0.249 - Adobe Systems Incorporated)
Amazon Browser App (HKLM-x32\...\{0A7D6F3C-F2AB-48ED-BE23-99791BFF87D6}) (Version: 1.0.0.0 - Amazon)
Amazon Music Importer (HKLM-x32\...\com.amazon.music.uploader) (Version: 3.0.0 - Amazon Services LLC)
Amazon Music Importer (x32 Version: 3.0.0 - Amazon Services LLC) Hidden
Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{B678797F-DF38-4556-8A31-8B818E261868}) (Version: 8.0.0.23 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
B1 Free Archiver (HKLM-x32\...\B1FreeArchiver) (Version: 1.4.69.4546 - Catalina Group Ltd)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Backup and Recovery - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 1.5.0.0 - Dell Inc.)
Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.5.0.0 - Dell Inc.)
Dell Product Registration (HKLM-x32\...\{2A0F2CC5-3065-492C-8380-B03AA7106B1A}) (Version: 1.16.1 - Dell Inc.)
Dell WLAN and Bluetooth Client Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Dell Inc.)
DELLOSD (HKLM-x32\...\{B0F29C6D-C7A9-40AC-9658-921961818E2B}) (Version: 1.0.0.17 - DELL)
DragonNest (HKLM-x32\...\DragonNest) (Version: - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.99 - Google Inc.)
Google Talk Plugin (HKLM-x32\...\{0C5C1177-94C5-3EFB-A8BE-3F6AF1AF887F}) (Version: 5.38.6.0 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
HP Officejet 4620 series Basic Device Software (HKLM\...\{B411AD10-1BC9-4939-8848-BC5E66F662B7}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Officejet 4620 series Help (HKLM-x32\...\{606C37AB-EB04-4270-A592-201A03C2DB36}) (Version: 6.0.0 - Hewlett Packard)
HP Officejet 4620 series Product Improvement Study (HKLM\...\{83F51BBA-48BE-4BB6-B96A-F4AAE4C462F9}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Update (HKLM-x32\...\{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}) (Version: 5.003.003.001 - Hewlett-Packard)
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1008 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1281 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3379 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.6.0.1030 - Intel Corporation)
iTunes (HKLM\...\{F46AA0F1-E284-4878-A462-5F11B9166C0E}) (Version: 11.4.0.18 - Apple Inc.)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217040FF}) (Version: 7.0.670 - Oracle)
KakaoTalk (HKLM-x32\...\KakaoTalk) (Version: 1.1.4.474 - Kakao)
KiwiG PhonTunes (HKLM-x32\...\KiwiG PhonTunes_is1) (Version: - KiwiGeeker)
League of Legends (HKLM-x32\...\League of Legends 3.0.0) (Version: 3.0.0 - Riot Games)
League of Legends (x32 Version: 3.0.0 - Riot Games) Hidden
LibreOffice 4.1.1.2 (HKLM-x32\...\{F1EE568A-171F-4C06-9BE6-2395BED067A3}) (Version: 4.1.1.2 - The Document Foundation)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3185498996-4193421974-3688649314-1002\...\OneDriveSetup.exe) (Version: 17.3.1229.0918 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
My Dell (HKLM\...\PC-Doctor for Windows) (Version: 3.5.6426.22 - PC-Doctor, Inc.)
Nexon Game Manager (HKLM-x32\...\{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}) (Version: - )
PocketCloud (HKLM-x32\...\{AAF1E996-6AE6-4684-88A8-41F4E98E2899}) (Version: 2.6.21 - Wyse Technology)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.206 - Qualcomm Atheros Communications)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
SoftEther VPN Client (HKLM\...\softether_sevpnclient) (Version: 4.10.9473 - SoftEther VPN Project)
Spotify (HKU\S-1-5-21-3185498996-4193421974-3688649314-1002\...\Spotify) (Version: 0.9.15.27.g87efe634 - Spotify AB)
TouchEn Key with E2E for 32bit (HKLM-x32\...\XecureCK) (Version: - Lumensoft Co., Ltd.)
TuneUp Utilities 2013 (x32 Version: 13.0.3000.138 - TuneUp Software) Hidden
TuneUp Utilities Language Pack (en-US) (x32 Version: 13.0.3000.138 - TuneUp Software) Hidden
Unity Web Player (HKU\S-1-5-21-3185498996-4193421974-3688649314-1002\...\UnityWebPlayer) (Version: - Unity Technologies ApS)
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
WinZip 18.5 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240E3}) (Version: 18.5.11111 - WinZip Computing, S.L. )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3185498996-4193421974-3688649314-1002_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\angel_000\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3185498996-4193421974-3688649314-1002_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\angel_000\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3185498996-4193421974-3688649314-1002_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\angel_000\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3185498996-4193421974-3688649314-1002_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\angel_000\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3185498996-4193421974-3688649314-1002_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\angel_000\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3185498996-4193421974-3688649314-1002_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\angel_000\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\amd64\FileSyncApi64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3185498996-4193421974-3688649314-1002_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\angel_000\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File

==================== Restore Points =========================

02-01-2015 00:13:41 Scheduled Checkpoint
10-01-2015 17:22:20 Scheduled Checkpoint
13-01-2015 20:37:39 Windows Update
19-01-2015 23:04:36 Removed BlueStacks Notification Center

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 07:25 - 2013-08-22 07:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {158F4FCD-426B-4398-AE9C-0C08AE79277D} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3185498996-4193421974-3688649314-1002UA => C:\Users\angel_000\AppData\Local\Google\Update\GoogleUpdate.exe [2013-12-17] (Google Inc.)
Task: {1E417BE3-68FF-4D6B-B119-A5F22C3AEDAD} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {200DA5A0-7925-4253-AD11-58340F2DD8FA} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {219E09D6-72F1-4E6E-AE35-94BB671A4ACD} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-08-14] (Google Inc.)
Task: {2D0E73BE-8BC7-4917-A490-A73FC9F3F5EA} - System32\Tasks\Dell\Dell System Registration => C:\Program Files (x86)\System Registration\prodreg.exe [2012-07-09] (Dell, Inc.)
Task: {4BD672C7-AB42-4869-A911-3A0155216859} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files (x86)\TuneUp Utilities 2013\OneClick.exe
Task: {6A8D586E-464F-4F07-8171-212F48DBA4B3} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-08-14] (Google Inc.)
Task: {808FBBA5-AB04-49B8-A85E-9FA8FE41DDF8} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-3185498996-4193421974-3688649314-1002 => %localappdata%\Microsoft\SkyDrive\SkyDrive.exe
Task: {84CF60DF-1174-4C99-933C-78105CCDB874} - System32\Tasks\HPCustParticipation HP Officejet 4620 series => C:\Program Files\HP\HP Officejet 4620 series\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {88F9D860-54EB-4C13-B20E-6AB2863CFDB5} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-01-14] (Microsoft Corporation)
Task: {8DD0E066-7936-4DED-8B5A-C3C6BE9EF88B} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3185498996-4193421974-3688649314-1002Core => C:\Users\angel_000\AppData\Local\Google\Update\GoogleUpdate.exe [2013-12-17] (Google Inc.)
Task: {B77A2665-2205-4EFF-BC7B-C741839D75F1} - System32\Tasks\{2D0B9695-B9ED-43F0-BC05-222D6EFACC0D} => pcalua.exe -a "C:\ProgramData\Battle.net\Agent\Blizzard Uninstaller.exe" -c --lang=enUS --uid=battle.net "--displayname=Battle.net"
Task: {C50B4D9E-7AE3-424D-95C8-49296B4530D6} - System32\Tasks\PCDoctorBackgroundMonitorTask-Retry => C:\Program Files\My Dell\uaclauncher.exe [2014-01-31] (PC-Doctor, Inc.)
Task: {CC951266-DCFF-48C7-99EB-9F03CB6E15EB} - System32\Tasks\PocketCloudVirtualChannel => C:\Program Files (x86)\Wyse\PocketCloud Windows Companion\WPCRDPVirtualChannelServer.exe
Task: {D7706CDC-22F2-43BF-9526-4170F8A239F8} - System32\Tasks\PocketCloud => C:\Program
Task: {D8F81A5F-412F-46A8-90F5-FD5DFDC990DB} - System32\Tasks\HPCustPartic.exe_{857EEECC-03BE-4B64-BD05-F5DB542129D6} => C:\Program Files\HP\HP Officejet 4620 series\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {E5EC8E96-F6AD-4131-BF51-CC66B45320F9} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\My Dell\sessionchecker.exe [2014-01-31] (PC-Doctor, Inc.)
Task: {EF631CEE-13BA-42BE-B321-CFE2BC1B5CEF} - System32\Tasks\PocketCloudUpdater => C:\Program
Task: {F8C305DC-7AC4-404B-BEED-88B0E6A9621E} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\My Dell\uaclauncher.exe [2014-01-31] (PC-Doctor, Inc.)
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3185498996-4193421974-3688649314-1002Core.job => C:\Users\angel_000\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3185498996-4193421974-3688649314-1002UA.job => C:\Users\angel_000\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-05-17 23:53 - 2012-08-01 13:03 - 00073728 _____ () C:\Program Files (x86)\DELL\DELLOSD\DellOSDService.exe
2013-06-21 19:46 - 2013-06-21 19:46 - 00016176 _____ () C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudService.exe
2013-06-21 19:35 - 2013-06-21 19:35 - 00032256 _____ () C:\Program Files (x86)\Wyse\PocketCloud\AetherServiceLib.dll
2013-06-21 19:31 - 2013-06-21 19:31 - 00035840 _____ () C:\Program Files (x86)\Wyse\PocketCloud\AetherHelperLib.dll
2013-12-21 00:02 - 2013-12-21 00:02 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-08-08 15:11 - 2012-08-08 15:11 - 00384128 _____ () C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\ContactsApi.dll
2013-08-22 01:19 - 2013-08-22 00:54 - 00174592 _____ () C:\WINDOWS\system32\WinMetadata\Windows.UI.winmd
2013-07-06 10:09 - 2013-04-19 16:51 - 00023328 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRCrawler.exe
2013-07-06 10:09 - 2013-04-19 16:52 - 00049440 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\STCommonShellIntegration.dll
2014-02-12 19:58 - 2014-02-12 19:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-12 19:58 - 2014-02-12 19:58 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-02-12 19:58 - 2014-02-12 19:58 - 00237384 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxslt.dll
2015-01-16 22:31 - 2015-01-08 18:35 - 01077064 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\libglesv2.dll
2015-01-16 22:31 - 2015-01-08 18:35 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\libegl.dll
2014-10-16 03:26 - 2014-10-16 03:26 - 00016384 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PSIClient\1706c668394b6917a63634ebd3bedcf2\PSIClient.ni.dll
2013-05-17 23:53 - 2012-07-19 04:55 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2013-07-06 10:09 - 2013-05-02 17:01 - 01813792 _____ () C:\Program Files (x86)\Dell Backup and Recovery\OLCoreWrapper.dll
2015-01-16 22:31 - 2015-01-08 18:35 - 09009480 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\pdf.dll
2015-01-16 22:31 - 2015-01-08 18:35 - 01677128 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\ffmpegsumo.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\angel_000\SkyDrive:ms-properties

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run: => "BtvStack"
HKLM\...\StartupApproved\Run32: => "IAStorIcon"
HKLM\...\StartupApproved\Run32: => "mcpltui_exe"
HKU\S-1-5-21-3185498996-4193421974-3688649314-1002\...\StartupApproved\Run: => "ApplePhotoStreams"
HKU\S-1-5-21-3185498996-4193421974-3688649314-1002\...\StartupApproved\Run: => "BitTorrent"

========================= Accounts: ==========================

Administrator (S-1-5-21-3185498996-4193421974-3688649314-500 - Administrator - Disabled)
Angel (S-1-5-21-3185498996-4193421974-3688649314-1001 - Limited - Enabled) => C:\Users\Angel
angel_000 (S-1-5-21-3185498996-4193421974-3688649314-1002 - Administrator - Enabled) => C:\Users\angel_000
Guest (S-1-5-21-3185498996-4193421974-3688649314-501 - Limited - Disabled)

==================== Faulty Device Manager Devices =============

Name: Bluetooth Audio Device
Description: Bluetooth Audio Device
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: Qualcomm Atheros Communications
Service: BTATH_A2DP
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Virtual Bluetooth Support (Include Audio)
Description: Virtual Bluetooth Support (Include Audio)
Class Guid: {c7c038ad-1f2d-44d4-b2fe-d912be20e6d5}
Manufacturer: Qualcomm Atheros Communications
Service: AthBTPort
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Bluetooth LWFLT Device
Description: Bluetooth LWFLT Device
Class Guid: {c7c038ad-1f2d-44d4-b2fe-d912be20e6d5}
Manufacturer: Qualcomm Atheros Communications
Service: BTATH_LWFLT
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver


==================== Event log errors: =========================

Application errors:
==================
Error: (01/19/2015 11:21:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: EXIF Viewer.exe, version: 0.0.0.0, time stamp: 0x54a01d76
Faulting module name: EXIF Viewer.exe, version: 0.0.0.0, time stamp: 0x54a01d76
Exception code: 0xc0000005
Fault offset: 0x000057d3
Faulting process id: 0x900
Faulting application start time: 0xEXIF Viewer.exe0
Faulting application path: EXIF Viewer.exe1
Faulting module path: EXIF Viewer.exe2
Report Id: EXIF Viewer.exe3
Faulting package full name: EXIF Viewer.exe4
Faulting package-relative application ID: EXIF Viewer.exe5

Error: (01/19/2015 11:21:02 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Mr9HQ4ky78O261.exe, version: 0.0.0.0, time stamp: 0x54a01d76
Faulting module name: Mr9HQ4ky78O261.exe, version: 0.0.0.0, time stamp: 0x54a01d76
Exception code: 0xc0000005
Fault offset: 0x000057d3
Faulting process id: 0x10f8
Faulting application start time: 0xMr9HQ4ky78O261.exe0
Faulting application path: Mr9HQ4ky78O261.exe1
Faulting module path: Mr9HQ4ky78O261.exe2
Report Id: Mr9HQ4ky78O261.exe3
Faulting package full name: Mr9HQ4ky78O261.exe4
Faulting package-relative application ID: Mr9HQ4ky78O261.exe5

Error: (01/19/2015 11:20:39 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: BfuM5o5tXXe2XM.exe, version: 0.0.0.0, time stamp: 0x54a01d76
Faulting module name: BfuM5o5tXXe2XM.exe, version: 0.0.0.0, time stamp: 0x54a01d76
Exception code: 0xc0000005
Fault offset: 0x000057d3
Faulting process id: 0xdc8
Faulting application start time: 0xBfuM5o5tXXe2XM.exe0
Faulting application path: BfuM5o5tXXe2XM.exe1
Faulting module path: BfuM5o5tXXe2XM.exe2
Report Id: BfuM5o5tXXe2XM.exe3
Faulting package full name: BfuM5o5tXXe2XM.exe4
Faulting package-relative application ID: BfuM5o5tXXe2XM.exe5

Error: (01/19/2015 10:54:23 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Service cannot be started. System.IO.FileNotFoundException: Could not find file 'C:\ProgramData\BlueStacks\Android\Root.fs'.
File name: 'C:\ProgramData\BlueStacks\Android\Root.fs'
at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (01/17/2015 00:21:35 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: delegate_execute.exe, version: 39.0.2171.99, time stamp: 0x54aeef6e
Faulting module name: delegate_execute.exe, version: 39.0.2171.99, time stamp: 0x54aeef6e
Exception code: 0xc0000005
Fault offset: 0x00038458
Faulting process id: 0xc1c
Faulting application start time: 0xdelegate_execute.exe0
Faulting application path: delegate_execute.exe1
Faulting module path: delegate_execute.exe2
Report Id: delegate_execute.exe3
Faulting package full name: delegate_execute.exe4
Faulting package-relative application ID: delegate_execute.exe5

Error: (01/16/2015 08:58:59 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6531

Error: (01/16/2015 08:58:59 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 6531

Error: (01/16/2015 08:58:59 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (01/16/2015 08:58:58 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5312

Error: (01/16/2015 08:58:58 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 5312


System errors:
=============
Error: (01/19/2015 11:49:56 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The TuneUpUtilitiesDrv service failed to start due to the following error:
%%2

Error: (01/19/2015 11:05:48 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The BlueStacks Updater Service service terminated unexpectedly. It has done this 1 time(s).

Error: (01/19/2015 10:54:23 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The TuneUpUtilitiesDrv service failed to start due to the following error:
%%2

Error: (01/19/2015 10:54:23 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The BlueStacks Android Service service terminated with the following error:
%%1064

Error: (01/19/2015 09:59:48 PM) (Source: Server) (EventID: 2505) (User: )
Description: The server could not bind to the transport \Device\NetBT_Tcpip_{221D302B-D880-47C7-9E11-5C5C0A70BD2A} because another computer on the network has the same name. The server could not start.

Error: (01/19/2015 00:43:05 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

Error: (01/18/2015 11:11:17 PM) (Source: Server) (EventID: 2505) (User: )
Description: The server could not bind to the transport \Device\NetBT_Tcpip_{221D302B-D880-47C7-9E11-5C5C0A70BD2A} because another computer on the network has the same name. The server could not start.

Error: (01/18/2015 11:55:10 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.

Error: (01/17/2015 00:21:25 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.

Error: (01/16/2015 09:55:00 PM) (Source: Server) (EventID: 2505) (User: )
Description: The server could not bind to the transport \Device\NetBT_Tcpip_{221D302B-D880-47C7-9E11-5C5C0A70BD2A} because another computer on the network has the same name. The server could not start.


Microsoft Office Sessions:
=========================
Error: (01/19/2015 11:21:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: EXIF Viewer.exe0.0.0.054a01d76EXIF Viewer.exe0.0.0.054a01d76c0000005000057d390001d03470ecc40df5C:\Users\ANGEL_~1\AppData\Local\Temp\LLNVFM.tmp\EXIF Viewer.exeC:\Users\ANGEL_~1\AppData\Local\Temp\LLNVFM.tmp\EXIF Viewer.exe2a7ee827-a064-11e4-bea1-1c3e844787e2

Error: (01/19/2015 11:21:02 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Mr9HQ4ky78O261.exe0.0.0.054a01d76Mr9HQ4ky78O261.exe0.0.0.054a01d76c0000005000057d310f801d03470e171a63aC:\Users\ANGEL_~1\AppData\Local\Temp\RWVQHQ.tmp\Mr9HQ4ky78O261.exeC:\Users\ANGEL_~1\AppData\Local\Temp\RWVQHQ.tmp\Mr9HQ4ky78O261.exe1f60f4af-a064-11e4-bea1-1c3e844787e2

Error: (01/19/2015 11:20:39 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: BfuM5o5tXXe2XM.exe0.0.0.054a01d76BfuM5o5tXXe2XM.exe0.0.0.054a01d76c0000005000057d3dc801d03470d3c5707aC:\Users\ANGEL_~1\AppData\Local\Temp\NAQARH.tmp\BfuM5o5tXXe2XM.exeC:\Users\ANGEL_~1\AppData\Local\Temp\NAQARH.tmp\BfuM5o5tXXe2XM.exe11f79797-a064-11e4-bea1-1c3e844787e2

Error: (01/19/2015 10:54:23 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Service cannot be started. System.IO.FileNotFoundException: Could not find file 'C:\ProgramData\BlueStacks\Android\Root.fs'.
File name: 'C:\ProgramData\BlueStacks\Android\Root.fs'
at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (01/17/2015 00:21:35 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: delegate_execute.exe39.0.2171.9954aeef6edelegate_execute.exe39.0.2171.9954aeef6ec000000500038458c1c01d0328266ffb3a0C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\delegate_execute.exeC:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\delegate_execute.exeab19323e-9e75-11e4-bea0-1c3e844787e2

Error: (01/16/2015 08:58:59 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6531

Error: (01/16/2015 08:58:59 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 6531

Error: (01/16/2015 08:58:59 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (01/16/2015 08:58:58 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5312

Error: (01/16/2015 08:58:58 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 5312


CodeIntegrity Errors:
===================================
Date: 2015-01-19 22:52:08.155
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-01-19 22:52:07.994
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2014-12-06 22:50:44.581
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2014-12-06 22:50:44.472
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2014-10-27 03:34:58.705
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2014-10-27 03:34:58.596
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2014-07-02 20:42:49.737
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2014-07-02 20:42:49.655
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2014-02-12 20:25:03.242
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2014-02-12 20:25:03.204
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

Processor: Intel® Pentium® CPU G2020 @ 2.90GHz
Percentage of memory in use: 52%
Total physical RAM: 3969.11 MB
Available physical RAM: 1881.18 MB
Total Pagefile: 5121.11 MB
Available Pagefile: 2555.9 MB
Total Virtual: 131072 MB
Available Virtual: 131071.8 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:452.46 GB) (Free:329.77 GB) NTFS
Drive y: (WINRETOOLS) (Fixed) (Total:0.48 GB) (Free:0.2 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: DCED297C)

Partition: GPT Partition Type.

==================== End Of Log ============================

Link to post
Share on other sites

Hello,
    
 
They call me TwinHeadedEagle around here, and I'll be working with you.
 
     
    
Before we start please read and note the following:

  • Limit your internet access to posting here, some infections just wait to steal typed-in passwords.
  • Please be patient. I know it is frustrating when your PC isn't working properly, but malware removal takes time.
  • Don't run any scripts or tools on your own, unsupervised usage may cause more harm than good.
  • Do not paste the logs in your posts, attachments make my work easier. There is a More reply options button, that gives you Upload Files option below which you can use to attach your reports. Always attach reports from all tools.
  • Always execute my instructions in given order. If for some reason you cannot completely follow one instruction, inform me about that.
  • Stay with me to the end, the absence of symptoms doesn't mean that your machine is fully operational.
  • Note that we may live in totally different time zones, what may cause some delays between answers.
  • Do not ask for help for your business PC. Companies are making revenue via computers, so it is good thing to pay someone to repair it.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.

:excl: I can't foresee everything, so if anything unexpected happens, please stop and inform me!
:excl: There are no silly questions. Never be afraid to ask if in doubt!
 
 
 
  warning.gif Rules and policies
 
We won't support any piracy.
That being told, if any evidence of illegal OS, software, cracks/keygens or any other will be revealed, any further assistance will be suspended. If you are aware that there is this kind of stuff on your machine, remove it before proceeding!
The same applies to any use of P2P software: uTorrent, BitTorrent, Vuze, Kazaa, Ares... We don't provide any help for P2P, except for their removal. All P2P software has to be uninstalled or at least fully disabled before proceeding!
 
Failure to follow these guidelines will result with closing your topic and withdrawning any assistance.
 
 
 
 

51a612a8b27e2-Zoek.png Scan with ZOEK
 
Please download ZOEK by Smeenk and save it to your desktop (preferred version is the *.exe one)
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

createsrpoint;autoclean;emptyalltemp;ipconfig /flushdns;b
  • Right-click on 51a612a8b27e2-Zoek.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Wait patiently until the main console will appear, it may take a minute or two.
  • In the main box please paste in the following script:
  • Make sure that Scan All Users option is checked.
  • Push Run Script and wait patiently. The scan may take a couple of minutes.
  • When the scan completes, a zoek-results logfile should open in notepad.
  • If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)

Post its content into your next reply.

Link to post
Share on other sites

 

Zoek.exe v5.0.0.0 Updated 18-01-2015

Tool run by angel_000 on Tue 01/20/2015 at 23:57:28.83.

Microsoft Windows 8.1 6.3.9600  x64

Running in: Normal Mode Internet Access Detected

Launched: C:\Users\angel_000\Downloads\zoek.exe [scan all users] [script inserted] 

 

==== System Restore Info ======================

 

1/21/2015 12:01:17 AM Zoek.exe System Restore Point Created Succesfully.

 

==== Empty Folders Check ======================

 

C:\PROGRA~2\COMMON~1\Blizzard Entertainment deleted successfully

C:\Program Files\office.tmp deleted successfully

C:\PROGRA~3\CLSK deleted successfully

C:\PROGRA~3\Conduit deleted successfully

C:\PROGRA~3\Oracle deleted successfully

C:\PROGRA~3\Yahoo! deleted successfully

C:\Users\Angel\AppData\Roaming\HpUpdate deleted successfully

C:\Users\angel_000\AppData\Roaming\BitTorrent deleted successfully

C:\Users\Angel\AppData\Local\VirtualStore deleted successfully

C:\Users\angel_000\AppData\Local\cache deleted successfully

C:\Users\angel_000\AppData\Local\Conduit deleted successfully

C:\Users\angel_000\AppData\Local\CRE deleted successfully

C:\Users\angel_000\AppData\Local\genienext deleted successfully

C:\Users\angel_000\AppData\Local\softthinks deleted successfully

C:\Users\angel_000\AppData\Local\WMTools Downloaded Files deleted successfully

 

==== Deleting CLSID Registry Keys ======================

 

HKEY_USERS\S-1-5-21-3185498996-4193421974-3688649314-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1B50A38C-7C6F-44FD-BA39-878E29324AAB} deleted successfully

HKEY_USERS\S-1-5-21-3185498996-4193421974-3688649314-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1BD1AA6E-24EB-496F-9AA0-E2A79855D6C} deleted successfully

HKEY_USERS\S-1-5-21-3185498996-4193421974-3688649314-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2099687F-829F-42D8-9AA0-3ED0BC53C33} deleted successfully

HKEY_USERS\S-1-5-21-3185498996-4193421974-3688649314-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{62371E80-149E-4A6C-B1F4-661374BD7D9B} deleted successfully

HKEY_USERS\S-1-5-21-3185498996-4193421974-3688649314-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{62B7CD97-158C-46BD-8216-3BFC33363B36} deleted successfully

HKEY_USERS\S-1-5-21-3185498996-4193421974-3688649314-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6FA9B687-54A5-4B26-958C-5A2A55E8F159} deleted successfully

HKEY_USERS\S-1-5-21-3185498996-4193421974-3688649314-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{88DC156-5F4C-43C9-BC92-9E61969364E} deleted successfully

HKEY_USERS\S-1-5-21-3185498996-4193421974-3688649314-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9612236A-B0E-450E-963C-69649DCFE46A} deleted successfully

HKEY_USERS\S-1-5-21-3185498996-4193421974-3688649314-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9E6F62C0-1972-41FF-AED3-60C4228194D6} deleted successfully

HKEY_USERS\S-1-5-21-3185498996-4193421974-3688649314-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C13DF6E1-4981-4BF3-927A-2B761ABD2DD9} deleted successfully

HKEY_USERS\S-1-5-21-3185498996-4193421974-3688649314-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DCD9A97F-F214-4DB0-96BB-E18A733785EC} deleted successfully

HKEY_USERS\S-1-5-21-3185498996-4193421974-3688649314-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F4E39681-15F8-4fda-B8A3-B5C98378F2F3} deleted successfully

HKEY_USERS\S-1-5-21-3185498996-4193421974-3688649314-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F56D7A48-F66E-4E07-B767-88F1905FB612} deleted successfully

HKEY_CLASSES_ROOT\CLSID\{ae07101b-46d4-4a98-af68-0333ea26e113} deleted successfully

HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{ae07101b-46d4-4a98-af68-0333ea26e113} deleted successfully

 

==== Deleting CLSID Registry Values ======================

 

 

==== Deleting Services ======================

 

 

==== Batch Command(s) Run By Tool======================

 

 

==== Deleting Files \ Folders ======================

 

C:\PROGRA~3\mpdmeeliomfdhlnhnnpdcihakjcoebjm deleted

C:\PROGRA~3\14314028360431792611 deleted

C:\Users\angel_000\AppData\LocalLow\Conduit deleted

C:\Users\angel_000\daemonprocess.txt deleted

C:\Users\angel_000\.android deleted

C:\PROGRA~2\uinisaless deleted

C:\PROGRA~2\Conduit deleted

C:\lol.launcher.admin.exe deleted

C:\lol.launcher.exe deleted

C:\SearchProtect deleted

C:\PROGRA~3\APN deleted

C:\PROGRA~3\Package Cache deleted

C:\Users\angel_000\AppData\Local\Mobogenie deleted

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk deleted

C:\Users\angel_000\AppData\LocalLow\SkwConfig.bin deleted

C:\END deleted

C:\WINDOWS\Syswow64\jmdp deleted

C:\WINDOWS\Syswow64\ARFC deleted

C:\WINDOWS\Syswow64\WNLT deleted

C:\WINDOWS\Syswow64\SearchProtect deleted

C:\WINDOWS\SysWow64\AI_RecycleBin deleted

C:\Users\angel_000\Documents\Optimizer Pro deleted

C:\Users\angel_000\Documents\Mobogenie deleted

 

==== Chromium Look ======================

 

Google Chrome Version: 39.0.2171.99 (Up to date, latest Stable version: 39.0.2171.99)

 

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions

jbolfgndggfhhpbnkgnpjkfhinclbigj - C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Chrome\Freemake.Plugin.Chrome.crx[]

 

BIODIGITAL HUMAN - Angel\AppData\Local\Google\Chrome\User Data\Default\Extensions\agoenciogemlojlhccbcpcfflicgnaak

LoL Stream Browser - Angel\AppData\Local\Google\Chrome\User Data\Default\Extensions\edidfaijmhpefkbnobdcepampbncgejp

Pandora - Angel\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbangkleohkafngihneedemihgfeikcl

Wolf and the Ice Planet - Angel\AppData\Local\Google\Chrome\User Data\Default\Extensions\gffkhmkbijdmbncaoclaclldnbndflck

AdBlock - Angel\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom

Google Voice (by Google) - Angel\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcnhkahnjcbndmmehfkdnkjomaanaooo

Google Play - Angel\AppData\Local\Google\Chrome\User Data\Default\Extensions\komhbcfkdcgmcdoenjcjheifdiabikfi

EXIF Viewer - Angel\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmbhfeiddhndihdjeganjggkmjapkffm

fanfiction.net sort by review ratio - Angel\AppData\Local\Google\Chrome\User Data\Default\Extensions\obebokhpdpocfdindfhgliohbceeiabd

Theme Creator - angel_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\akpelnjfckgfiplcikojhomllgombffc

Google Voice Search Hotword (Beta) - angel_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn

 

==== Chromium Startpages ======================

 

C:\Users\angel_000\AppData\Local\Google\Chrome\User Data\Default\Preferences

"homepage": "

 

 

==== Chromium Fix ======================

 

C:\Users\angel_000\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.nid.naver.com_0.localstorage deleted successfully

C:\Users\angel_000\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.nid.naver.com_0.localstorage-journal deleted successfully

C:\Users\Angel\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmbhfeiddhndihdjeganjggkmjapkffm deleted successfully

 

==== Set IE to Default ======================

 

Old Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Use Search Asst"="yes"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl]

"Default"="www.google.com"

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\SearchUrl]

"Default"="www.google.com"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]

"Default"="www.google.com"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]

"DefaultScope"="{0C1A5DDF-CCFD-4256-B421-DA20EF299DF4}"

 

New Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]


"Use Search Asst"="no"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl]


[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\SearchUrl]


[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]

"DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"

 

==== All HKCU SearchScopes ======================

 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes

{012E1000-F331-11DB-8314-0800200C9A66} Google  Url="http://www.google.com/search?q={searchTerms}"

{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02"

{0C1A5DDF-CCFD-4256-B421-DA20EF299DF4} Unknown  Url="Not_Found"

 

==== Deleting CLSID Registry Keys ======================

 

HKEY_USERS\S-1-5-21-3185498996-4193421974-3688649314-1002\Software\Microsoft\Internet Explorer\SearchScopes\{0C1A5DDF-CCFD-4256-B421-DA20EF299DF4} deleted successfully

 

==== Deleting CLSID Registry Values ======================

 

 

==== Deleting Registry Keys ======================

 

HKEY_LOCAL_MACHINE\Software\wow6432node\Policies\Google deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj deleted successfully

 

==== Empty IE Cache ======================

 

C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\angel_000\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully

C:\Users\angel_000\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully

C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully

C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully

C:\WINDOWS\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully

C:\Users\angel_000\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully

C:\Users\angel_000\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully

C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully

C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully

 

==== Empty FireFox Cache ======================

 

No FireFox Profiles found

 

==== Empty Chrome Cache ======================

 

C:\Users\Angel\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

C:\Users\angel_000\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

 

==== Empty All Flash Cache ======================

 

Flash Cache Emptied Successfully

 

==== Empty All Java Cache ======================

 

Java Cache cleared successfully

 

==== C:\zoek_backup content ======================

 

C:\zoek_backup (files=1321 folders=148 114456523 bytes)

 

==== Empty Temp Folders ======================

 

C:\Users\Angel\AppData\Local\Temp emptied successfully

C:\Users\angel_000\AppData\Local\Temp will be emptied at reboot

C:\Users\Default\AppData\Local\Temp emptied successfully

C:\Users\Default User\AppData\Local\Temp emptied successfully

C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully

C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully

C:\WINDOWS\Temp will be emptied at reboot

 

==== After Reboot ======================

 

==== Empty Temp Folders ======================

 

C:\WINDOWS\Temp successfully emptied

C:\Users\ANGEL_~1\AppData\Local\Temp successfully emptied

 

==== Empty Recycle Bin ======================

 

C:\$RECYCLE.BIN successfully emptied

 

==== EOF on Wed 01/21/2015 at  0:15:18.53 ======================
Link to post
Share on other sites

Very good. How is your PC now?
 
 
 
 
FRST.gif Scan with Farbar Recovery Scan Tool
 
Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Make sure that Addition option is checked.
  • Press Scan button and wait.
  • The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.

Please upload them into your next reply.

Link to post
Share on other sites

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-01-2015

Ran by angel_000 (administrator) on CELLOANGELNINJA on 21-01-2015 17:49:14

Running from C:\Users\angel_000\Downloads

Loaded Profiles: angel_000 (Available profiles: Angel & angel_000)

Platform: Windows 8.1 (X64) OS Language: English (United States)

Internet Explorer Version 11 (Default browser: Chrome)

Boot Mode: Normal


 

==================== Processes (Whitelisted) =================

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

() C:\Program Files (x86)\DELL\DELLOSD\DellOSDService.exe

(Freemake) C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe

(Microsoft Corporation) C:\Windows\System32\dasHost.exe

(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe

(SoftEther VPN Project at University of Tsukuba, Japan.) C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe

(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe

() C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudService.exe

(Atheros) C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe

(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

(SoftThinks SAS) C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

(DELL INC.) C:\Program Files (x86)\DELL\DELLOSD\MediaButtons.exe

(DELL INC.) C:\Program Files (x86)\DELL\DELLOSD\DELLOSD.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe

(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe

(Intel Corporation) C:\Windows\System32\igfxtray.exe

(Intel Corporation) C:\Windows\System32\igfxsrvc.exe

(Intel Corporation) C:\Windows\System32\hkcmd.exe

(Intel Corporation) C:\Windows\System32\igfxpers.exe

(Qualcomm Atheros) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtTray.exe

(SoftEther VPN Project at University of Tsukuba, Japan.) C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe

(Spotify Ltd) C:\Users\angel_000\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe

(SoftEther VPN Project at University of Tsukuba, Japan.) C:\Program Files\SoftEther VPN Client\vpncmgr_x64.exe

(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe

(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe

(Apple Inc.) C:\Program Files (x86)\iTunes\iTunes.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe

(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesApp64.exe

(Microsoft Corporation) C:\Windows\System32\InputMethod\KOR\KorIME.exe

(Microsoft Corporation) C:\Windows\SysWOW64\WWAHost.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe

(SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Toaster.exe

(SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Components\DBRUpdate\DBRUpd.exe

() C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRCrawler.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Microsoft Corporation) C:\Windows\System32\msiexec.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

 

 

==================== Registry (Whitelisted) ==================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

HKLM\...\Run: [btTray] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtTray.exe [763520 2012-08-08] (Qualcomm Atheros)

HKLM\...\Run: [btvStack] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe [127616 2012-08-08] (Qualcomm Atheros Commnucations)

HKLM\...\Run: [softEther VPN Client UI Helper] => C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe [4352568 2014-07-16] (SoftEther VPN Project at University of Tsukuba, Japan.)

HKLM-x32\...\Run: [iAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [285240 2012-09-01] (Intel Corporation)

HKLM-x32\...\Run: [iMSS] => C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe [133440 2012-07-20] (Intel Corporation)

HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.)

HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)

HKLM-x32\...\Run: [] => [X]

HKLM-x32\...\Run: [mobilegeni daemon] => C:\Program Files (x86)\Mobogenie\DaemonProcess.exe

HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)

HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-09-01] (Apple Inc.)

Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)

HKU\S-1-5-21-3185498996-4193421974-3688649314-1002\...\Run: [iCloudServices] => C:\iCloudServices.exe

HKU\S-1-5-21-3185498996-4193421974-3688649314-1002\...\Run: [ApplePhotoStreams] => C:\ApplePhotoStreams.exe

HKU\S-1-5-21-3185498996-4193421974-3688649314-1002\...\Run: [skyDrive] => C:\Users\angel_000\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe [277672 2014-10-09] (Microsoft Corporation)

HKU\S-1-5-21-3185498996-4193421974-3688649314-1002\...\Run: [Google Update] => C:\Users\angel_000\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-12-17] (Google Inc.)

HKU\S-1-5-21-3185498996-4193421974-3688649314-1002\...\Run: [spotify Web Helper] => C:\Users\angel_000\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1676344 2014-12-26] (Spotify Ltd)

HKU\S-1-5-21-3185498996-4193421974-3688649314-1002\...\Run: [GoogleChromeAutoLaunch_900F9CC4B4D22051D48B527451FDF944] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [856904 2015-01-08] (Google Inc.)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SoftEther VPN Client Manager Startup.lnk

ShortcutTarget: SoftEther VPN Client Manager Startup.lnk -> C:\Program Files\SoftEther VPN Client\vpncmgr_x64.exe (SoftEther VPN Project at University of Tsukuba, Japan.)

Startup: C:\Users\Angel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Officejet 4620 series.lnk

ShortcutTarget: Monitor Ink Alerts - HP Officejet 4620 series.lnk -> C:\Program Files\HP\HP Officejet 4620 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)

ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File

ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File

ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File

ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File

ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File

ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File

 

==================== Internet (Whitelisted) ====================

 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

 

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com

HKU\S-1-5-21-3185498996-4193421974-3688649314-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://dell13.msn.com

SearchScopes: HKLM -> DefaultScope {0C1A5DDF-CCFD-4256-B421-DA20EF299DF4} URL = 

SearchScopes: HKLM-x32 -> DefaultScope value is missing.

SearchScopes: HKU\S-1-5-21-3185498996-4193421974-3688649314-1002 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = http://www.google.com/search?q={searchTerms}

DPF: HKLM-x32 {6CE20149-ABE3-462E-A1B4-5B549971AA38} C:\Users\angel_000\Downloads\TouchEnKey_Installer.exe

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

 

FireFox:

========

FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)

FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)

FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File

FF Plugin-x32: @softforum.com/npKeyPro -> C:\WINDOWS\system32\npKeyPro.dll No File

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF Plugin HKU\S-1-5-21-3185498996-4193421974-3688649314-1002: @talk.google.com/GoogleTalkPlugin -> C:\Users\angel_000\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)

FF Plugin HKU\S-1-5-21-3185498996-4193421974-3688649314-1002: @talk.google.com/O1DPlugin -> C:\Users\angel_000\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)

FF Plugin HKU\S-1-5-21-3185498996-4193421974-3688649314-1002: @tools.google.com/Google Update;version=3 -> C:\Users\angel_000\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)

FF Plugin HKU\S-1-5-21-3185498996-4193421974-3688649314-1002: @tools.google.com/Google Update;version=9 -> C:\Users\angel_000\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)

FF Plugin HKU\S-1-5-21-3185498996-4193421974-3688649314-1002: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\angel_000\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF Plugin ProgramFiles/Appdata: C:\Users\angel_000\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)

FF Plugin ProgramFiles/Appdata: C:\Users\angel_000\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)

FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK

 

Chrome: 

=======

CHR HomePage: Default -> hxxp://www.google.com/

CHR StartupUrls: Default -> "hxxp://plus.google.com/", "hxxp://wordlywise3000.com/", "hxxp://www.google.com/ig/redirectdomain?brand=LENP&bmod=LENP", "hxxp://search.conduit.com/?ctid=CT3310511&SearchSource=48&CUI=UN31685247315291250&UM=2", "hxxp://websearch.thesearchpage.info/?pid=2356&r=2015/01/20&hid=18175064463083087865&lg=EN&cc=US&unqvl=74"

CHR Profile: C:\Users\angel_000\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Google Slides) - C:\Users\angel_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-01-21]

CHR Extension: (Theme Creator) - C:\Users\angel_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\akpelnjfckgfiplcikojhomllgombffc [2015-01-21]

CHR Extension: (Google Docs) - C:\Users\angel_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-01-21]

CHR Extension: (Google Drive) - C:\Users\angel_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-21]

CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\angel_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-01-21]

CHR Extension: (YouTube) - C:\Users\angel_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-21]

CHR Extension: (Google Search) - C:\Users\angel_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-21]

CHR Extension: (Google+) - C:\Users\angel_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlppkpafhbajpcmmoheippocdidnckmm [2015-01-21]

CHR Extension: (Google Sheets) - C:\Users\angel_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-01-21]

CHR Extension: (AdBlock) - C:\Users\angel_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-01-21]

CHR Extension: (Google Voice (by Google)) - C:\Users\angel_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcnhkahnjcbndmmehfkdnkjomaanaooo [2015-01-21]

CHR Extension: (Google Wallet) - C:\Users\angel_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-21]

CHR Extension: (Gmail) - C:\Users\angel_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-21]

 

==================== Services (Whitelisted) =================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

R2 AtherosSvc; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [211072 2012-08-08] (Qualcomm Atheros Commnucations)

R2 Dell WMI Service; C:\Program Files (x86)\DELL\DELLOSD\DellOSDService.exe [73728 2012-08-01] () [File not signed]

R2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [101888 2013-09-10] (Freemake) [File not signed]

R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-07-20] (Intel Corporation)

R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)

R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)

R2 SEVPNCLIENT; C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe [4352568 2014-07-16] (SoftEther VPN Project at University of Tsukuba, Japan.)

R2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\sftservice.exe [1915480 2013-05-23] (SoftThinks SAS)

R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe [2401632 2012-11-29] (TuneUp Software)

S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-21] (Microsoft Corporation)

S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-21] (Microsoft Corporation)

R2 WysePocketCloud; C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudService.exe [16176 2013-06-21] ()

R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [77824 2012-08-07] (Atheros) [File not signed]

 

==================== Drivers (Whitelisted) ====================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [76952 2012-08-08] (Qualcomm Atheros)

R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)

R3 FintekCIR; C:\Windows\system32\DRIVERS\FintekCIR.sys [33128 2012-06-07] (Fintek)

R3 JRSUKD25; C:\WINDOWS\system32\JRSUKD25.SYS [19016 2014-11-13] (Soft Security Corporation)

S3 kcrtx64; C:\WINDOWS\system32\kcrtx64.sys [141848 2014-11-13] (Kings Information & Network)

R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)

R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-21] (Malwarebytes Corporation)

R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2014-11-21] (Malwarebytes Corporation)

S3 Neo_VPN; C:\Windows\system32\DRIVERS\Neo_VPN.sys [28768 2014-07-16] (SoftEther VPN Project at University of Tsukuba, Japan.)

S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-21] (Microsoft Corporation)

S3 EagleX64; \??\C:\WINDOWS\system32\drivers\EagleX64.sys [X]

S3 IntcAzAudAddService; \SystemRoot\system32\drivers\RTKVHD64.sys [X]

S3 JRSKD24; \??\C:\WINDOWS\system32\JRSKD24.SYS [X]

S3 TuneUpUtilitiesDrv; \??\C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys [X]

 

==================== NetSvcs (Whitelisted) ===================

 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

 

 

==================== One Month Created Files and Folders ========

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2015-01-21 17:43 - 2015-01-21 17:43 - 00002281 _____ () C:\Users\Public\Desktop\Google Chrome.lnk

2015-01-21 17:43 - 2015-01-21 17:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome

2015-01-21 17:41 - 2015-01-21 17:46 - 00000936 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job

2015-01-21 17:41 - 2015-01-21 17:46 - 00000932 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job

2015-01-21 17:41 - 2015-01-21 17:41 - 00003908 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA

2015-01-21 17:41 - 2015-01-21 17:41 - 00003672 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore

2015-01-21 00:12 - 2015-01-20 23:57 - 00024064 _____ () C:\WINDOWS\zoek-delete.exe

2015-01-21 00:00 - 2015-01-21 00:15 - 00012505 _____ () C:\zoek-results.log

2015-01-20 23:57 - 2015-01-21 00:11 - 00000000 ____D () C:\zoek_backup

2015-01-20 23:56 - 2015-01-20 23:56 - 01295360 _____ () C:\Users\angel_000\Downloads\zoek.exe

2015-01-20 19:21 - 2015-01-20 19:21 - 00003970 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{AE601F5E-2C4C-462B-801D-DE411155159D}

2015-01-20 19:21 - 2015-01-20 19:21 - 00000000 __SHD () C:\Users\angel_000\AppData\Local\EmieUserList

2015-01-20 19:21 - 2015-01-20 19:21 - 00000000 __SHD () C:\Users\angel_000\AppData\Local\EmieSiteList

2015-01-20 19:21 - 2015-01-20 19:21 - 00000000 __SHD () C:\Users\angel_000\AppData\Local\EmieBrowserModeList

2015-01-20 00:41 - 2015-01-20 00:41 - 00032898 _____ () C:\Users\angel_000\Downloads\Addition.txt

2015-01-20 00:40 - 2015-01-21 17:49 - 00018827 _____ () C:\Users\angel_000\Downloads\FRST.txt

2015-01-20 00:40 - 2015-01-21 17:49 - 00000000 ____D () C:\FRST

2015-01-20 00:39 - 2015-01-20 00:40 - 02126848 _____ (Farbar) C:\Users\angel_000\Downloads\FRST64.exe

2015-01-19 23:55 - 2015-01-19 23:55 - 00001120 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2015-01-19 23:55 - 2015-01-19 23:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2015-01-19 23:24 - 2015-01-21 17:41 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys

2015-01-19 23:24 - 2015-01-19 23:55 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2015-01-19 23:24 - 2015-01-19 23:24 - 00000000 ____D () C:\ProgramData\Malwarebytes

2015-01-19 23:24 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys

2015-01-19 23:24 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys

2015-01-19 23:24 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys

2015-01-19 23:22 - 2015-01-19 23:22 - 00003250 _____ () C:\WINDOWS\System32\Tasks\{2D0B9695-B9ED-43F0-BC05-222D6EFACC0D}

2015-01-19 23:21 - 2015-01-19 23:21 - 00000000 ____D () C:\ProgramData\ce62398100007500

2015-01-19 23:18 - 2015-01-19 23:20 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\angel_000\Downloads\mbam-setup-2-0-3-1025.exe

2015-01-15 22:23 - 2015-01-15 22:23 - 00000000 ____D () C:\Users\angel_000\Downloads\various_artists_-_pinocchio_ost_[www.k2nblog.com]

2015-01-15 22:17 - 2015-01-15 22:22 - 131061715 _____ () C:\Users\angel_000\Downloads\various_artists_-_pinocchio_ost_[www.k2nblog.com].rar

2015-01-15 21:17 - 2015-01-15 21:21 - 116654112 _____ () C:\Users\angel_000\Downloads\Various Artists - Pinocchio OST [www.k2nblog.com].7z

2015-01-13 14:33 - 2014-12-19 00:26 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys

2015-01-13 14:33 - 2014-12-11 20:04 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWbPrxy.exe

2015-01-13 14:33 - 2014-12-11 18:51 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys

2015-01-13 14:33 - 2014-12-08 19:50 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll

2015-01-13 14:33 - 2014-12-08 13:42 - 00535640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll

2015-01-13 14:33 - 2014-12-08 13:42 - 00531616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll

2015-01-13 14:33 - 2014-12-08 13:42 - 00448792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll

2015-01-13 14:33 - 2014-12-08 13:42 - 00413248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll

2015-01-13 14:33 - 2014-12-08 13:42 - 00372408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll

2015-01-13 14:33 - 2014-12-08 13:42 - 00108944 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll

2015-01-13 14:33 - 2014-12-08 13:42 - 00038264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe

2015-01-13 14:33 - 2014-12-08 13:42 - 00033584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe

2015-01-13 14:33 - 2014-12-05 21:17 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll

2015-01-13 14:33 - 2014-12-05 19:41 - 00391680 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll

2015-01-13 14:33 - 2014-12-05 19:35 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll

2015-01-13 14:33 - 2014-10-28 22:00 - 00465320 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe

2015-01-13 14:33 - 2014-10-28 22:00 - 00139984 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe

2015-01-13 14:33 - 2014-10-28 21:52 - 00500016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll

2015-01-13 14:33 - 2014-10-28 21:52 - 00482872 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll

2015-01-13 14:33 - 2014-10-28 21:52 - 00394120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll

2015-01-13 14:33 - 2014-10-28 21:52 - 00272248 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe

2015-01-13 14:33 - 2014-10-28 21:12 - 00413136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe

2015-01-13 14:33 - 2014-10-28 21:12 - 00136296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe

2015-01-13 14:33 - 2014-10-28 21:07 - 00424544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll

2015-01-13 14:33 - 2014-10-28 21:07 - 00370424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll

2015-01-13 14:33 - 2014-10-28 21:07 - 00344536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll

2015-01-13 14:33 - 2014-10-28 20:44 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\system32\werdiagcontroller.dll

2015-01-13 14:33 - 2014-10-28 19:59 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werdiagcontroller.dll

2015-01-13 14:33 - 2014-10-28 19:24 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlaapi.dll

2015-01-13 14:33 - 2014-10-28 19:02 - 00911360 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll

2015-01-13 14:33 - 2014-10-28 19:01 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nlaapi.dll

2015-01-12 21:08 - 2015-01-12 21:08 - 00000000 ____D () C:\Users\angel_000\Downloads\Lee Seung Gi - Lee Seung Gi~THE BEST~ (320k)

2015-01-12 20:40 - 2015-01-12 21:03 - 141716797 _____ () C:\Users\angel_000\Downloads\Lee Seung Gi - Lee Seung Gi~THE BEST~ (320k).rar

2015-01-06 21:51 - 2015-01-06 22:47 - 00003142 _____ () C:\WINDOWS\System32\Tasks\PCDoctorBackgroundMonitorTask-Retry

2014-12-31 21:18 - 2014-12-31 21:19 - 00000000 ____D () C:\Users\angel_000\Downloads\Various Artists - Misaeng OST [www.k2nblog.com]

2014-12-31 21:10 - 2014-12-31 21:16 - 158970977 _____ () C:\Users\angel_000\Downloads\Various Artists - Misaeng OST [www.k2nblog.com].7z

2014-12-26 21:06 - 2014-12-26 21:06 - 00000000 ____D () C:\Users\angel_000\Downloads\I-F-K2N-full

2014-12-26 21:03 - 2014-12-26 21:06 - 28721627 _____ () C:\Users\angel_000\Downloads\I-F-K2N-full.7z

2014-12-26 19:41 - 2015-01-13 00:10 - 00000000 ____D () C:\Users\angel_000\AppData\Local\Spotify

2014-12-26 19:41 - 2014-12-26 19:41 - 00001835 _____ () C:\Users\angel_000\Desktop\Spotify.lnk

2014-12-26 19:41 - 2014-12-26 19:41 - 00001821 _____ () C:\Users\angel_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk

2014-12-26 19:38 - 2015-01-13 00:16 - 00000000 ____D () C:\Users\angel_000\AppData\Roaming\Spotify

2014-12-26 19:37 - 2014-12-26 19:38 - 00137888 _____ (Spotify Ltd) C:\Users\angel_000\Downloads\SpotifySetup.exe

2014-12-25 17:42 - 2014-12-25 17:42 - 00000000 ____D () C:\Users\angel_000\Downloads\EXO - EXOLOGY CHAPTER 1 THE LOST PLANET CD 2 [www.k2nblog.com]

2014-12-25 17:42 - 2014-12-25 17:42 - 00000000 ____D () C:\Users\angel_000\Downloads\EXO - EXOLOGY CHAPTER 1 THE LOST PLANET CD 1 [www.k2nblog.com]

2014-12-25 17:32 - 2014-12-25 17:41 - 120904204 _____ () C:\Users\angel_000\Downloads\EXO - EXOLOGY CHAPTER 1 THE LOST PLANET CD 2 [www.k2nblog.com].7z

2014-12-25 17:32 - 2014-12-25 17:39 - 131585309 _____ () C:\Users\angel_000\Downloads\EXO - EXOLOGY CHAPTER 1 THE LOST PLANET CD 1 [www.k2nblog.com].7z

 

==================== One Month Modified Files and Folders =======

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2015-01-21 17:48 - 2013-08-14 16:40 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3185498996-4193421974-3688649314-1002

2015-01-21 17:46 - 2014-01-28 23:49 - 01264984 _____ () C:\WINDOWS\WindowsUpdate.log

2015-01-21 17:46 - 2013-12-17 21:03 - 00000956 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3185498996-4193421974-3688649314-1002UA.job

2015-01-21 17:43 - 2013-08-14 16:55 - 00000000 ____D () C:\Users\angel_000\AppData\Local\Google

2015-01-21 17:43 - 2013-08-14 14:43 - 00000000 ____D () C:\Program Files (x86)\Google

2015-01-21 17:29 - 2013-05-18 00:03 - 00000000 ____D () C:\Program Files (x86)\Dell Backup and Recovery

2015-01-21 17:24 - 2013-08-27 20:54 - 00000000 ___DO () C:\Users\angel_000\SkyDrive

2015-01-21 17:16 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\system32\sru

2015-01-21 00:46 - 2013-12-17 21:03 - 00000904 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3185498996-4193421974-3688649314-1002Core.job

2015-01-21 00:14 - 2014-07-16 13:16 - 00000000 ____D () C:\Program Files\SoftEther VPN Client

2015-01-21 00:13 - 2013-11-14 01:20 - 00673542 _____ () C:\WINDOWS\PFRO.log

2015-01-21 00:13 - 2013-08-22 08:46 - 00336380 _____ () C:\WINDOWS\setupact.log

2015-01-21 00:13 - 2013-08-22 08:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT

2015-01-21 00:13 - 2013-08-22 07:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI

2015-01-21 00:10 - 2014-01-28 23:37 - 00000000 ____D () C:\Users\angel_000

2015-01-20 22:38 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\AppReadiness

2015-01-19 23:49 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\Performance

2015-01-19 23:05 - 2013-08-22 09:36 - 00000000 __RHD () C:\Users\Public\Libraries

2015-01-17 12:43 - 2013-08-14 14:55 - 00000000 ____D () C:\RADS

2015-01-14 22:42 - 2013-08-15 13:21 - 00000000 ____D () C:\WINDOWS\system32\MRT

2015-01-14 22:35 - 2013-08-15 13:21 - 113365784 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

2015-01-13 20:39 - 2012-07-26 01:59 - 00000000 ____D () C:\WINDOWS\CbsTemp

2015-01-05 18:08 - 2014-08-17 12:36 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe

2015-01-05 18:08 - 2014-08-17 12:36 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl

2015-01-01 23:48 - 2013-11-14 01:28 - 00865408 _____ () C:\WINDOWS\system32\PerfStringBackup.INI

2014-12-31 05:14 - 2013-09-17 21:08 - 00298120 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe

 

==================== Files in the root of some directories =======

2014-01-14 17:23 - 2014-01-14 17:23 - 4216840 _____ (Microsoft Corporation) C:\Program Files (x86)\Common Files\vcredist.exe

2013-12-10 05:17 - 2013-12-10 05:17 - 0000046 _____ () C:\Users\angel_000\AppData\Roaming\Camdata.ini

2013-12-10 05:17 - 2013-12-10 05:17 - 0000408 _____ () C:\Users\angel_000\AppData\Roaming\CamLayout.ini

2013-12-10 05:17 - 2013-12-10 05:17 - 0000408 _____ () C:\Users\angel_000\AppData\Roaming\CamShapes.ini

2013-12-10 03:25 - 2013-12-10 03:26 - 0004535 _____ () C:\Users\angel_000\AppData\Roaming\CamStudio.cfg

2013-12-09 23:21 - 2013-12-09 23:21 - 0000096 _____ () C:\Users\angel_000\AppData\Roaming\version2.xml

2013-10-13 20:43 - 2013-10-13 20:43 - 0003584 _____ () C:\Users\angel_000\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

2013-08-14 15:55 - 2013-08-14 15:55 - 0000057 _____ () C:\ProgramData\Ament.ini

2014-02-12 20:34 - 2014-02-12 20:34 - 0000032 _____ () C:\ProgramData\Temp.log

2013-05-18 00:03 - 2013-05-18 00:03 - 0000119 _____ () C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log

2013-05-17 23:59 - 2013-05-18 00:00 - 0000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log

2013-05-18 00:00 - 2013-05-18 00:01 - 0000111 _____ () C:\ProgramData\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}.log

2013-05-17 23:59 - 2013-05-17 23:59 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log

2013-05-18 00:02 - 2013-05-18 00:02 - 0000108 _____ () C:\ProgramData\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}.log

 

==================== Bamital & volsnap Check =================

 

(There is no automatic fix for files that do not pass verification.)

 

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

 

 

LastRegBack: 2015-01-14 22:35

 

==================== End Of Log ============================

Link to post
Share on other sites

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-01-2015

Ran by angel_000 at 2015-01-21 17:50:24

Running from C:\Users\angel_000\Downloads

Boot Mode: Normal

==========================================================

 

 

==================== Security Center ========================

 

(If an entry is included in the fixlist, it will be removed.)

 

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

 

==================== Installed Programs ======================

 

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 

7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version:  - )

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 15.0.0.249 - Adobe Systems Incorporated)

Amazon Browser App (HKLM-x32\...\{0A7D6F3C-F2AB-48ED-BE23-99791BFF87D6}) (Version: 1.0.0.0 - Amazon)

Amazon Music Importer (HKLM-x32\...\com.amazon.music.uploader) (Version: 3.0.0 - Amazon Services LLC)

Amazon Music Importer (x32 Version: 3.0.0 - Amazon Services LLC) Hidden

Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)

Apple Mobile Device Support (HKLM\...\{B678797F-DF38-4556-8A31-8B818E261868}) (Version: 8.0.0.23 - Apple Inc.)

Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)

Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)

B1 Free Archiver (HKLM-x32\...\B1FreeArchiver) (Version: 1.4.69.4546 - Catalina Group Ltd)

Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)

Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)

D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden

Dell Backup and Recovery - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 1.5.0.0 - Dell Inc.)

Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.5.0.0 - Dell Inc.)

Dell Product Registration (HKLM-x32\...\{2A0F2CC5-3065-492C-8380-B03AA7106B1A}) (Version: 1.16.1 - Dell Inc.)

Dell WLAN and Bluetooth Client Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Dell Inc.)

DELLOSD (HKLM-x32\...\{B0F29C6D-C7A9-40AC-9658-921961818E2B}) (Version: 1.0.0.17 - DELL)

DragonNest (HKLM-x32\...\DragonNest) (Version:  - )

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.99 - Google Inc.)

Google Talk Plugin (HKLM-x32\...\{0C5C1177-94C5-3EFB-A8BE-3F6AF1AF887F}) (Version: 5.38.6.0 - Google)

Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden

HP Officejet 4620 series Basic Device Software (HKLM\...\{B411AD10-1BC9-4939-8848-BC5E66F662B7}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)

HP Officejet 4620 series Help (HKLM-x32\...\{606C37AB-EB04-4270-A592-201A03C2DB36}) (Version: 6.0.0 - Hewlett Packard)

HP Officejet 4620 series Product Improvement Study (HKLM\...\{83F51BBA-48BE-4BB6-B96A-F4AAE4C462F9}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)

HP Update (HKLM-x32\...\{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}) (Version: 5.003.003.001 - Hewlett-Packard)

I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)

Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1008 - Intel Corporation)

Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1281 - Intel Corporation)

Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3379 - Intel Corporation)

Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.6.0.1030 - Intel Corporation)

iTunes (HKLM\...\{F46AA0F1-E284-4878-A462-5F11B9166C0E}) (Version: 11.4.0.18 - Apple Inc.)

Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217040FF}) (Version: 7.0.670 - Oracle)

KakaoTalk (HKLM-x32\...\KakaoTalk) (Version: 1.1.4.474 - Kakao)

KiwiG PhonTunes (HKLM-x32\...\KiwiG PhonTunes_is1) (Version:  - KiwiGeeker)

League of Legends (HKLM-x32\...\League of Legends 3.0.0) (Version: 3.0.0 - Riot Games)

League of Legends (x32 Version: 3.0.0 - Riot Games) Hidden

LibreOffice 4.1.1.2 (HKLM-x32\...\{F1EE568A-171F-4C06-9BE6-2395BED067A3}) (Version: 4.1.1.2 - The Document Foundation)

Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)

Microsoft OneDrive (HKU\S-1-5-21-3185498996-4193421974-3688649314-1002\...\OneDriveSetup.exe) (Version: 17.3.1229.0918 - Microsoft Corporation)

Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)

Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden

My Dell (HKLM\...\PC-Doctor for Windows) (Version: 3.5.6426.22 - PC-Doctor, Inc.)

Nexon Game Manager (HKLM-x32\...\{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}) (Version:  - )

PocketCloud (HKLM-x32\...\{AAF1E996-6AE6-4684-88A8-41F4E98E2899}) (Version: 2.6.21 - Wyse Technology)

Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.206 - Qualcomm Atheros Communications)

Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)

SoftEther VPN Client (HKLM\...\softether_sevpnclient) (Version: 4.10.9473 - SoftEther VPN Project)

Spotify (HKU\S-1-5-21-3185498996-4193421974-3688649314-1002\...\Spotify) (Version: 0.9.15.27.g87efe634 - Spotify AB)

TouchEn Key with E2E for 32bit (HKLM-x32\...\XecureCK) (Version:  - Lumensoft Co., Ltd.)

TuneUp Utilities 2013 (x32 Version: 13.0.3000.138 - TuneUp Software) Hidden

TuneUp Utilities Language Pack (en-US) (x32 Version: 13.0.3000.138 - TuneUp Software) Hidden

Unity Web Player (HKU\S-1-5-21-3185498996-4193421974-3688649314-1002\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)

VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)

Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)

WinZip 18.5 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240E3}) (Version: 18.5.11111 - WinZip Computing, S.L. )

 

==================== Custom CLSID (selected items): ==========================

 

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

 

CustomCLSID: HKU\S-1-5-21-3185498996-4193421974-3688649314-1002_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\angel_000\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File

CustomCLSID: HKU\S-1-5-21-3185498996-4193421974-3688649314-1002_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\angel_000\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File

CustomCLSID: HKU\S-1-5-21-3185498996-4193421974-3688649314-1002_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\angel_000\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File

CustomCLSID: HKU\S-1-5-21-3185498996-4193421974-3688649314-1002_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\angel_000\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.)

CustomCLSID: HKU\S-1-5-21-3185498996-4193421974-3688649314-1002_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\angel_000\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.)

CustomCLSID: HKU\S-1-5-21-3185498996-4193421974-3688649314-1002_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\angel_000\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\amd64\FileSyncApi64.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-3185498996-4193421974-3688649314-1002_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\angel_000\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File

 

==================== Restore Points  =========================

 

02-01-2015 00:13:41 Scheduled Checkpoint

10-01-2015 17:22:20 Scheduled Checkpoint

13-01-2015 20:37:39 Windows Update

19-01-2015 23:04:36 Removed BlueStacks Notification Center

21-01-2015 00:00:44 zoek.exe restore point

 

==================== Hosts content: ==========================

 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

 

2013-08-22 07:25 - 2013-08-22 07:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

 

==================== Scheduled Tasks (whitelisted) =============

 

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

 

Task: {06B7743C-6F75-430F-8929-668226FE4D89} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-21] (Google Inc.)

Task: {158F4FCD-426B-4398-AE9C-0C08AE79277D} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3185498996-4193421974-3688649314-1002UA => C:\Users\angel_000\AppData\Local\Google\Update\GoogleUpdate.exe [2013-12-17] (Google Inc.)

Task: {1E417BE3-68FF-4D6B-B119-A5F22C3AEDAD} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)

Task: {200DA5A0-7925-4253-AD11-58340F2DD8FA} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe

Task: {2D0E73BE-8BC7-4917-A490-A73FC9F3F5EA} - System32\Tasks\Dell\Dell System Registration => C:\Program Files (x86)\System Registration\prodreg.exe [2012-07-09] (Dell, Inc.)

Task: {4BD672C7-AB42-4869-A911-3A0155216859} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files (x86)\TuneUp Utilities 2013\OneClick.exe

Task: {808FBBA5-AB04-49B8-A85E-9FA8FE41DDF8} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-3185498996-4193421974-3688649314-1002 => %localappdata%\Microsoft\SkyDrive\SkyDrive.exe

Task: {84CF60DF-1174-4C99-933C-78105CCDB874} - System32\Tasks\HPCustParticipation HP Officejet 4620 series => C:\Program Files\HP\HP Officejet 4620 series\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)

Task: {88F9D860-54EB-4C13-B20E-6AB2863CFDB5} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-01-14] (Microsoft Corporation)

Task: {8DD0E066-7936-4DED-8B5A-C3C6BE9EF88B} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3185498996-4193421974-3688649314-1002Core => C:\Users\angel_000\AppData\Local\Google\Update\GoogleUpdate.exe [2013-12-17] (Google Inc.)

Task: {B1E1F8B3-AC16-4769-B8F6-75F744650D66} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-21] (Google Inc.)

Task: {B77A2665-2205-4EFF-BC7B-C741839D75F1} - System32\Tasks\{2D0B9695-B9ED-43F0-BC05-222D6EFACC0D} => pcalua.exe -a "C:\ProgramData\Battle.net\Agent\Blizzard Uninstaller.exe" -c --lang=enUS --uid=battle.net "--displayname=Battle.net"

Task: {C50B4D9E-7AE3-424D-95C8-49296B4530D6} - System32\Tasks\PCDoctorBackgroundMonitorTask-Retry => C:\Program Files\My Dell\uaclauncher.exe [2014-01-31] (PC-Doctor, Inc.)

Task: {CC951266-DCFF-48C7-99EB-9F03CB6E15EB} - System32\Tasks\PocketCloudVirtualChannel => C:\Program Files (x86)\Wyse\PocketCloud Windows Companion\WPCRDPVirtualChannelServer.exe

Task: {D7706CDC-22F2-43BF-9526-4170F8A239F8} - System32\Tasks\PocketCloud => C:\Program

Task: {D8F81A5F-412F-46A8-90F5-FD5DFDC990DB} - System32\Tasks\HPCustPartic.exe_{857EEECC-03BE-4B64-BD05-F5DB542129D6} => C:\Program Files\HP\HP Officejet 4620 series\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)

Task: {E5EC8E96-F6AD-4131-BF51-CC66B45320F9} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\My Dell\sessionchecker.exe [2014-01-31] (PC-Doctor, Inc.)

Task: {EF631CEE-13BA-42BE-B321-CFE2BC1B5CEF} - System32\Tasks\PocketCloudUpdater => C:\Program

Task: {F8C305DC-7AC4-404B-BEED-88B0E6A9621E} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\My Dell\uaclauncher.exe [2014-01-31] (PC-Doctor, Inc.)

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3185498996-4193421974-3688649314-1002Core.job => C:\Users\angel_000\AppData\Local\Google\Update\GoogleUpdate.exe

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3185498996-4193421974-3688649314-1002UA.job => C:\Users\angel_000\AppData\Local\Google\Update\GoogleUpdate.exe

 

==================== Loaded Modules (whitelisted) =============

 

2013-05-17 23:53 - 2012-08-01 13:03 - 00073728 _____ () C:\Program Files (x86)\DELL\DELLOSD\DellOSDService.exe

2013-06-21 19:46 - 2013-06-21 19:46 - 00016176 _____ () C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudService.exe

2013-06-21 19:35 - 2013-06-21 19:35 - 00032256 _____ () C:\Program Files (x86)\Wyse\PocketCloud\AetherServiceLib.dll

2013-06-21 19:31 - 2013-06-21 19:31 - 00035840 _____ () C:\Program Files (x86)\Wyse\PocketCloud\AetherHelperLib.dll

2013-12-21 00:02 - 2013-12-21 00:02 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll

2012-08-08 15:11 - 2012-08-08 15:11 - 00384128 _____ () C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\ContactsApi.dll

2013-08-22 01:19 - 2013-08-22 00:54 - 00174592 _____ () C:\WINDOWS\system32\WinMetadata\Windows.UI.winmd

2013-07-06 10:09 - 2013-04-19 16:51 - 00023328 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRCrawler.exe

2013-07-06 10:09 - 2013-04-19 16:52 - 00049440 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\STCommonShellIntegration.dll

2014-02-12 19:58 - 2014-02-12 19:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll

2014-02-12 19:58 - 2014-02-12 19:58 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

2014-10-16 03:26 - 2014-10-16 03:26 - 00016384 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PSIClient\1706c668394b6917a63634ebd3bedcf2\PSIClient.ni.dll

2013-05-17 23:53 - 2012-07-19 04:55 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll

2014-02-12 19:58 - 2014-02-12 19:58 - 00237384 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxslt.dll

2013-07-06 10:09 - 2013-05-02 17:01 - 01813792 _____ () C:\Program Files (x86)\Dell Backup and Recovery\OLCoreWrapper.dll

2015-01-21 17:43 - 2015-01-08 18:35 - 01077064 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\libglesv2.dll

2015-01-21 17:43 - 2015-01-08 18:35 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\libegl.dll

2015-01-21 17:43 - 2015-01-08 18:35 - 09009480 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\pdf.dll

2015-01-21 17:43 - 2015-01-08 18:35 - 01677128 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\ffmpegsumo.dll

 

==================== Alternate Data Streams (whitelisted) =========

 

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

 

AlternateDataStreams: C:\Users\angel_000\SkyDrive:ms-properties

 

==================== Safe Mode (whitelisted) ===================

 

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

 

 

==================== EXE Association (whitelisted) =============

 

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

 

 

==================== MSCONFIG/TASK MANAGER disabled items =========

 

(Currently there is no automatic fix for this section.)

 

HKLM\...\StartupApproved\Run: => "BtvStack"

HKLM\...\StartupApproved\Run32: => "IAStorIcon"

HKLM\...\StartupApproved\Run32: => "mcpltui_exe"

HKU\S-1-5-21-3185498996-4193421974-3688649314-1002\...\StartupApproved\Run: => "ApplePhotoStreams"

HKU\S-1-5-21-3185498996-4193421974-3688649314-1002\...\StartupApproved\Run: => "BitTorrent"

 

========================= Accounts: ==========================

 

Administrator (S-1-5-21-3185498996-4193421974-3688649314-500 - Administrator - Disabled)

Angel (S-1-5-21-3185498996-4193421974-3688649314-1001 - Limited - Enabled) => C:\Users\Angel

angel_000 (S-1-5-21-3185498996-4193421974-3688649314-1002 - Administrator - Enabled) => C:\Users\angel_000

Guest (S-1-5-21-3185498996-4193421974-3688649314-501 - Limited - Disabled)

 

==================== Faulty Device Manager Devices =============

 

Name: Bluetooth Audio Device

Description: Bluetooth Audio Device

Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}

Manufacturer: Qualcomm Atheros Communications

Service: BTATH_A2DP

Problem: : This device cannot start. (Code10)

Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.

On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

 

Name: Virtual Bluetooth Support (Include Audio)

Description: Virtual Bluetooth Support (Include Audio)

Class Guid: {c7c038ad-1f2d-44d4-b2fe-d912be20e6d5}

Manufacturer: Qualcomm Atheros Communications

Service: AthBTPort

Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)

Resolution: Update the driver

 

Name: Bluetooth LWFLT Device

Description: Bluetooth LWFLT Device

Class Guid: {c7c038ad-1f2d-44d4-b2fe-d912be20e6d5}

Manufacturer: Qualcomm Atheros Communications

Service: BTATH_LWFLT

Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)

Resolution: Update the driver

 

 

==================== Event log errors: =========================

 

Application errors:

==================

Error: (01/21/2015 00:12:56 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: DBRCrawler.exe, version: 1.0.0.43458, time stamp: 0x516ff4a7

Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000

Exception code: 0xc0000005

Fault offset: 0x0000000075c9db2b

Faulting process id: 0xe08

Faulting application start time: 0xDBRCrawler.exe0

Faulting application path: DBRCrawler.exe1

Faulting module path: DBRCrawler.exe2

Report Id: DBRCrawler.exe3

Faulting package full name: DBRCrawler.exe4

Faulting package-relative application ID: DBRCrawler.exe5

 

Error: (01/20/2015 10:27:07 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 1831328

 

Error: (01/20/2015 10:27:07 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledEvent 1831328

 

Error: (01/20/2015 10:27:07 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: Continuously busy for more than a second

 

Error: (01/20/2015 08:33:15 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 12672

 

Error: (01/20/2015 08:33:15 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledEvent 12672

 

Error: (01/20/2015 08:33:15 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: Continuously busy for more than a second

 

Error: (01/19/2015 11:21:20 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: EXIF Viewer.exe, version: 0.0.0.0, time stamp: 0x54a01d76

Faulting module name: EXIF Viewer.exe, version: 0.0.0.0, time stamp: 0x54a01d76

Exception code: 0xc0000005

Fault offset: 0x000057d3

Faulting process id: 0x900

Faulting application start time: 0xEXIF Viewer.exe0

Faulting application path: EXIF Viewer.exe1

Faulting module path: EXIF Viewer.exe2

Report Id: EXIF Viewer.exe3

Faulting package full name: EXIF Viewer.exe4

Faulting package-relative application ID: EXIF Viewer.exe5

 

Error: (01/19/2015 11:21:02 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: Mr9HQ4ky78O261.exe, version: 0.0.0.0, time stamp: 0x54a01d76

Faulting module name: Mr9HQ4ky78O261.exe, version: 0.0.0.0, time stamp: 0x54a01d76

Exception code: 0xc0000005

Fault offset: 0x000057d3

Faulting process id: 0x10f8

Faulting application start time: 0xMr9HQ4ky78O261.exe0

Faulting application path: Mr9HQ4ky78O261.exe1

Faulting module path: Mr9HQ4ky78O261.exe2

Report Id: Mr9HQ4ky78O261.exe3

Faulting package full name: Mr9HQ4ky78O261.exe4

Faulting package-relative application ID: Mr9HQ4ky78O261.exe5

 

Error: (01/19/2015 11:20:39 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: BfuM5o5tXXe2XM.exe, version: 0.0.0.0, time stamp: 0x54a01d76

Faulting module name: BfuM5o5tXXe2XM.exe, version: 0.0.0.0, time stamp: 0x54a01d76

Exception code: 0xc0000005

Fault offset: 0x000057d3

Faulting process id: 0xdc8

Faulting application start time: 0xBfuM5o5tXXe2XM.exe0

Faulting application path: BfuM5o5tXXe2XM.exe1

Faulting module path: BfuM5o5tXXe2XM.exe2

Report Id: BfuM5o5tXXe2XM.exe3

Faulting package full name: BfuM5o5tXXe2XM.exe4

Faulting package-relative application ID: BfuM5o5tXXe2XM.exe5

 

 

System errors:

=============

Error: (01/21/2015 05:25:06 PM) (Source: Service Control Manager) (EventID: 7011) (User: )

Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.

 

Error: (01/21/2015 00:14:28 AM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The TuneUpUtilitiesDrv service failed to start due to the following error: 

%%2

 

Error: (01/21/2015 00:10:18 AM) (Source: Service Control Manager) (EventID: 7030) (User: )

Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

 

Error: (01/21/2015 00:10:18 AM) (Source: Service Control Manager) (EventID: 7030) (User: )

Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

 

Error: (01/21/2015 00:10:17 AM) (Source: Service Control Manager) (EventID: 7030) (User: )

Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

 

Error: (01/21/2015 00:10:17 AM) (Source: Service Control Manager) (EventID: 7030) (User: )

Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

 

Error: (01/21/2015 00:10:17 AM) (Source: Service Control Manager) (EventID: 7030) (User: )

Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

 

Error: (01/20/2015 07:18:02 PM) (Source: Service Control Manager) (EventID: 7011) (User: )

Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.

 

Error: (01/20/2015 00:55:30 AM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The TuneUpUtilitiesDrv service failed to start due to the following error: 

%%2

 

Error: (01/19/2015 11:49:56 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The TuneUpUtilitiesDrv service failed to start due to the following error: 

%%2

 

 

Microsoft Office Sessions:

=========================

Error: (01/21/2015 00:12:56 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: DBRCrawler.exe1.0.0.43458516ff4a7unknown0.0.0.000000000c00000050000000075c9db2be0801d035414ac65003C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRCrawler.exeunknown8a2bcf99-a134-11e4-bea3-1c3e844787e2

 

Error: (01/20/2015 10:27:07 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 1831328

 

Error: (01/20/2015 10:27:07 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledEvent 1831328

 

Error: (01/20/2015 10:27:07 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: Continuously busy for more than a second

 

Error: (01/20/2015 08:33:15 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 12672

 

Error: (01/20/2015 08:33:15 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledEvent 12672

 

Error: (01/20/2015 08:33:15 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: Continuously busy for more than a second

 

Error: (01/19/2015 11:21:20 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: EXIF Viewer.exe0.0.0.054a01d76EXIF Viewer.exe0.0.0.054a01d76c0000005000057d390001d03470ecc40df5C:\Users\ANGEL_~1\AppData\Local\Temp\LLNVFM.tmp\EXIF Viewer.exeC:\Users\ANGEL_~1\AppData\Local\Temp\LLNVFM.tmp\EXIF Viewer.exe2a7ee827-a064-11e4-bea1-1c3e844787e2

 

Error: (01/19/2015 11:21:02 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Mr9HQ4ky78O261.exe0.0.0.054a01d76Mr9HQ4ky78O261.exe0.0.0.054a01d76c0000005000057d310f801d03470e171a63aC:\Users\ANGEL_~1\AppData\Local\Temp\RWVQHQ.tmp\Mr9HQ4ky78O261.exeC:\Users\ANGEL_~1\AppData\Local\Temp\RWVQHQ.tmp\Mr9HQ4ky78O261.exe1f60f4af-a064-11e4-bea1-1c3e844787e2

 

Error: (01/19/2015 11:20:39 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: BfuM5o5tXXe2XM.exe0.0.0.054a01d76BfuM5o5tXXe2XM.exe0.0.0.054a01d76c0000005000057d3dc801d03470d3c5707aC:\Users\ANGEL_~1\AppData\Local\Temp\NAQARH.tmp\BfuM5o5tXXe2XM.exeC:\Users\ANGEL_~1\AppData\Local\Temp\NAQARH.tmp\BfuM5o5tXXe2XM.exe11f79797-a064-11e4-bea1-1c3e844787e2

 

 

CodeIntegrity Errors:

===================================

  Date: 2015-01-19 22:52:08.155

  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2015-01-19 22:52:07.994

  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2014-12-06 22:50:44.581

  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2014-12-06 22:50:44.472

  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2014-10-27 03:34:58.705

  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2014-10-27 03:34:58.596

  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2014-07-02 20:42:49.737

  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2014-07-02 20:42:49.655

  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2014-02-12 20:25:03.242

  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2014-02-12 20:25:03.204

  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

 

==================== Memory info =========================== 

 

Processor: Intel® Pentium® CPU G2020 @ 2.90GHz

Percentage of memory in use: 54%

Total physical RAM: 3969.11 MB

Available physical RAM: 1796.48 MB

Total Pagefile: 5121.11 MB

Available Pagefile: 2606.39 MB

Total Virtual: 131072 MB

Available Virtual: 131071.84 MB

 

==================== Drives ================================

 

Drive c: (OS) (Fixed) (Total:452.46 GB) (Free:343.03 GB) NTFS

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (Size: 465.8 GB) (Disk ID: DCED297C)

 

Partition: GPT Partition Type.

 

==================== End Of Log ============================

Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.