Jump to content

Proxy server isn't responding


Recommended Posts

I'm helping a friend with this error on her Windows 8.1 Dell notebook PC. Since I am unable to use it's internet, I've just transferred the data via a flash card. Thanks !

 

FRST Log

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-02-2015
Ran by rose (administrator) on ROSECHAMBERS on 15-02-2015 20:17:17
Running from E:\
Loaded Profiles: rose (Available profiles: rose)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCService.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(IObit) C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Atheros) C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 8\Monitor.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe
(IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
() C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\ActivateDesktop.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
() C:\Users\rose\AppData\Roaming\OAS\mcc.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Toaster.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Components\DBRUpdate\DBRUpd.exe
() C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRCrawler.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6846096 2012-11-19] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1253520 2012-11-19] (Realtek Semiconductor)
HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [5762408 2013-02-01] (Dell Inc.)
HKLM\...\Run: [btPreLoad] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtPreLoad.exe [64640 2012-12-28] ()
HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3010952 2012-12-21] (Synaptics Incorporated)
HKLM-x32\...\Run: [iAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [285240 2012-11-19] (Intel Corporation)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [102928 2012-10-23] (CyberLink Corp.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-01-09] (AVAST Software)
HKLM\...\Policies\Explorer\Run: [btvStack] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe [129664 2012-12-28] ( (Qualcomm Atheros Commnucations))
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-3548871218-304450476-362987887-1001\...\Run: [GoogleChromeAutoLaunch_4878BA9AB6674643E1160A3519305162] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [843592 2015-01-25] (Google Inc.)
HKU\S-1-5-21-3548871218-304450476-362987887-1001\...\Run: [Facebook Update] => C:\Users\rose\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2014-03-19] (Facebook Inc.)
HKU\S-1-5-21-3548871218-304450476-362987887-1001\...\Run: [skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [22041192 2014-08-27] (Skype Technologies S.A.)
HKU\S-1-5-21-3548871218-304450476-362987887-1001\...\Run: [Online Ad Scanner] => C:\Users\rose\AppData\Roaming\OAS\oasupd.exe [28672 2014-10-20] ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [HKLM] => ProxyEnable is set.
ProxyEnable: [HKLM-x32] => ProxyEnable is set.
ProxyServer: [HKLM] => http=127.0.0.1:8800;https=127.0.0.1:8800
ProxyServer: [HKLM-x32] => http=127.0.0.1:8800;https=127.0.0.1:8800
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=AV01
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-3548871218-304450476-362987887-1001\Software\Microsoft\Internet Explorer\Main,DisableRequiresActiveXPrompt = moviestarplanet.com;www.moviestarplanet.com
HKU\S-1-5-21-3548871218-304450476-362987887-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.msn.com/?pc=AV01
HKU\S-1-5-21-3548871218-304450476-362987887-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKU\S-1-5-21-3548871218-304450476-362987887-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
SearchScopes: HKLM-x32 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3548871218-304450476-362987887-1001 -> DefaultScope {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKU\S-1-5-21-3548871218-304450476-362987887-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3548871218-304450476-362987887-1001 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll (IObit)
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Advanced SystemCare Surfing Protection -> {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} -> C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll (IObit)
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKU\S-1-5-21-3548871218-304450476-362987887-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: HKLM-x32 {6A060448-60F9-11D5-A6CD-0002B31F7455}
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76

FireFox:
========
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll No File
FF Plugin HKU\S-1-5-21-3548871218-304450476-362987887-1001: @nsroblox.roblox.com/launcher -> C:\Users\rose\AppData\Local\Roblox\Versions\version-2c1f992c1a264ecc\\NPRobloxProxy.dll ( ROBLOX Corporation)
FF Plugin HKU\S-1-5-21-3548871218-304450476-362987887-1001: @nsroblox.roblox.com/launcher64 -> C:\Users\rose\AppData\Local\Roblox\Versions\version-2c1f992c1a264ecc\\NPRobloxProxy64.dll ( ROBLOX Corporation)
FF Plugin HKU\S-1-5-21-3548871218-304450476-362987887-1001: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\rose\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-11-10]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK

Chrome:
=======
CHR Profile: C:\Users\rose\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Awesome Screenshot App) - C:\Users\rose\AppData\Local\Google\Chrome\User Data\Default\Extensions\afkccfnochoebimhhniekgcegeeiepmi [2014-10-06]
CHR Extension: (Awesome Screenshot: Capture & Annotate) - C:\Users\rose\AppData\Local\Google\Chrome\User Data\Default\Extensions\alelhddbbhepgpmgidjdcjakblofbmce [2014-11-29]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\rose\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-07-11]
CHR Extension: (YouTube) - C:\Users\rose\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-07-22]
CHR Extension: (Google Search) - C:\Users\rose\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-07-22]
CHR Extension: (Hack this page) - C:\Users\rose\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhlmoffoggikiefmphhkgjeocbfmcojf [2015-01-14]
CHR Extension: (Sufway Surfers Online) - C:\Users\rose\AppData\Local\Google\Chrome\User Data\Default\Extensions\giambjehodbppcnagcpnpblkafclddej [2015-01-13]
CHR Extension: (AdBlock) - C:\Users\rose\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-10-10]
CHR Extension: (Avast Online Security) - C:\Users\rose\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2013-11-10]
CHR Extension: (Love Smoke) - C:\Users\rose\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgibfhhccaknggplelmbaepoikkcnllb [2015-01-14]
CHR Extension: (Smart Shopper) - C:\Users\rose\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbiofflfdlpgchfieeclnffadkejchnn [2014-10-06]
CHR Extension: (Androck: Play Apps on PC) - C:\Users\rose\AppData\Local\Google\Chrome\User Data\Default\Extensions\ldlnjmihlobndnkoenkobmkaaccpmfgo [2015-01-13]
CHR Extension: (Skype Click to Call) - C:\Users\rose\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2013-10-17]
CHR Extension: (Google Wallet) - C:\Users\rose\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-25]
CHR Extension: (Instagram) - C:\Users\rose\AppData\Local\Google\Chrome\User Data\Default\Extensions\oacfdfgmgfbpgjgpgghdcjfaajdiggho [2015-01-13]
CHR Extension: (Messenger) - C:\Users\rose\AppData\Local\Google\Chrome\User Data\Default\Extensions\omnnhmocnbkcoacgepnpecalmhkfdgnb [2015-01-13]
CHR Extension: (Gmail) - C:\Users\rose\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-07-22]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-11-30]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdvancedSystemCareService8; C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCService.exe [815392 2014-11-04] (IObit)
R2 AtherosSvc; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [226944 2012-12-28] (Qualcomm Atheros Commnucations)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-11-30] (AVAST Software)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4012248 2014-11-30] (Avast Software)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
S2 DellDigitalDelivery; c:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe [173056 2012-06-19] (Dell Products, LP.) [File not signed]
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [314696 2014-05-20] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
R2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2631456 2014-12-10] (IObit)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
S4 PuranDefrag; C:\Windows\SYSTEM32\PuranDefragS.exe [292736 2013-08-15] (Puran Software) [File not signed]
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [254512 2012-04-24] ()
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [201872 2012-11-23] (Realtek Semiconductor)
R2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\sftservice.exe [1915480 2013-05-23] (SoftThinks SAS)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-21] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-21] (Microsoft Corporation)
R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [81536 2012-12-26] (Atheros)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-11-30] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-11-30] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-11-30] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-11-30] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-11-30] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-11-30] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-11-30] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-11-30] ()
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2012-12-28] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-09-24] (Microsoft Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
S3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [10752 2013-01-24] (OSR Open Systems Resources, Inc.)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2014-11-21] (Malwarebytes Corporation)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [28040 2012-12-21] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [32136 2012-12-21] (Synaptics Incorporated)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [271752 2014-11-30] (Avast Software)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-21] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-15 16:39 - 2015-02-15 05:29 - 00048377 _____ () C:\zoek-results2015-02-15-112954.log
2015-02-15 13:58 - 2015-02-15 13:58 - 00000000 ___RD () C:\Users\rose\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2015-02-15 13:57 - 2015-02-15 14:01 - 00000197 _____ () C:\WINDOWS\system32\2015-02-15-19-57-13.058-AvastVBoxSVC.exe-3776.log
2015-02-15 08:53 - 2015-02-15 08:53 - 00037624 _____ () C:\WINDOWS\system32\Drivers\TrueSight.sys
2015-02-15 08:51 - 2015-02-15 08:53 - 00000197 _____ () C:\WINDOWS\system32\2015-02-15-14-51-18.008-AvastVBoxSVC.exe-2756.log
2015-02-15 06:35 - 2015-02-15 14:01 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-02-15 06:34 - 2015-02-15 06:34 - 00001116 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-02-15 06:34 - 2015-02-15 06:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-02-15 06:34 - 2015-02-15 06:34 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-02-15 06:34 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-02-15 06:34 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-02-15 06:34 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-02-15 06:32 - 2015-02-15 06:34 - 00000197 _____ () C:\WINDOWS\system32\2015-02-15-12-32-18.095-AvastVBoxSVC.exe-2388.log
2015-02-15 05:30 - 2015-02-15 05:30 - 00000000 ____D () C:\Users\rose\AppData\Roaming\ProductData
2015-02-15 05:30 - 2015-02-15 05:30 - 00000000 ____D () C:\ProgramData\ProductData
2015-02-15 05:23 - 2015-02-15 05:23 - 00000197 _____ () C:\WINDOWS\system32\2015-02-15-11-23-03.041-AvastVBoxSVC.exe-2452.log
2015-02-15 05:20 - 2015-02-15 13:55 - 00008586 _____ () C:\WINDOWS\PFRO.log
2015-02-15 05:20 - 2015-02-15 13:55 - 00000308 _____ () C:\WINDOWS\setupact.log
2015-02-15 05:20 - 2015-02-15 05:20 - 00000000 _____ () C:\WINDOWS\setuperr.log
2015-02-15 03:25 - 2015-02-14 22:52 - 00000746 _____ () C:\zoek-results2015-02-15-045243.log
2015-02-15 02:56 - 2015-02-15 02:56 - 00003164 _____ () C:\WINDOWS\System32\Tasks\ASC8_PerformanceMonitor
2015-02-15 02:56 - 2015-02-15 02:56 - 00002400 _____ () C:\WINDOWS\System32\Tasks\Uninstaller_SkipUac_rose
2015-02-15 02:56 - 2015-02-15 02:56 - 00001246 _____ () C:\Users\Public\Desktop\IObit Uninstaller.lnk
2015-02-15 02:56 - 2015-02-15 02:56 - 00000302 _____ () C:\WINDOWS\Tasks\Uninstaller_SkipUac_rose.job
2015-02-15 02:55 - 2015-02-15 02:55 - 00002364 _____ () C:\WINDOWS\System32\Tasks\ASC8_SkipUac_rose
2015-02-15 02:55 - 2015-02-15 02:55 - 00002199 _____ () C:\Users\Public\Desktop\Advanced SystemCare 8.lnk
2015-02-15 02:55 - 2015-02-15 02:55 - 00000266 _____ () C:\WINDOWS\Tasks\ASC8_SkipUac_rose.job
2015-02-15 02:55 - 2015-02-15 02:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare 8
2015-02-15 01:26 - 2015-02-15 01:28 - 00000197 _____ () C:\WINDOWS\system32\2015-02-15-07-26-42.078-AvastVBoxSVC.exe-2304.log
2015-02-15 00:17 - 2015-02-15 00:20 - 00000197 _____ () C:\WINDOWS\system32\2015-02-15-06-17-12.040-AvastVBoxSVC.exe-3164.log
2015-02-14 22:52 - 2015-02-14 15:12 - 00047981 _____ () C:\zoek-results2015-02-14-211231.log
2015-02-14 21:05 - 2015-02-15 08:53 - 00000000 ____D () C:\ProgramData\RogueKiller
2015-02-14 20:37 - 2015-02-15 20:17 - 00000000 ____D () C:\FRST
2015-02-14 15:06 - 2015-02-14 15:07 - 00000197 _____ () C:\WINDOWS\system32\2015-02-14-21-06-22.055-AvastVBoxSVC.exe-2592.log
2015-02-14 13:47 - 2015-02-14 13:09 - 00051017 _____ () C:\zoek-results2015-02-14-190902.log
2015-02-14 13:22 - 2015-02-14 13:24 - 00000197 _____ () C:\WINDOWS\system32\2015-02-14-19-22-20.043-AvastVBoxSVC.exe-2692.log
2015-02-14 13:13 - 2015-02-14 13:18 - 00000000 ____D () C:\AdwCleaner
2015-02-14 13:10 - 2015-02-14 13:11 - 00000197 _____ () C:\WINDOWS\system32\2015-02-14-19-10-00.061-AvastVBoxSVC.exe-2536.log
2015-02-14 11:34 - 2015-02-15 16:48 - 00035307 _____ () C:\zoek-results.log
2015-02-14 11:27 - 2015-02-15 04:17 - 00000000 ____D () C:\zoek_backup
2015-02-14 11:13 - 2015-02-14 11:14 - 00000280 _____ () C:\WINDOWS\system32\2015-02-14-17-13-51.060-aswFe.exe-2228.log
2015-02-14 01:50 - 2015-02-14 01:52 - 00000197 _____ () C:\WINDOWS\system32\2015-02-14-07-50-59.002-AvastVBoxSVC.exe-2512.log
2015-02-13 21:56 - 2015-02-13 21:57 - 00000197 _____ () C:\WINDOWS\system32\2015-02-14-03-56-08.026-AvastVBoxSVC.exe-2548.log
2015-02-13 21:20 - 2015-02-15 00:05 - 00000000 ____D () C:\WINDOWS\pss
2015-02-13 21:09 - 2015-02-13 21:10 - 00000197 _____ () C:\WINDOWS\system32\2015-02-14-03-09-16.071-AvastVBoxSVC.exe-2488.log
2015-02-13 20:39 - 2015-02-13 20:42 - 00000197 _____ () C:\WINDOWS\system32\2015-02-14-02-39-20.060-AvastVBoxSVC.exe-2540.log
2015-02-13 18:21 - 2015-02-13 18:22 - 00000197 _____ () C:\WINDOWS\system32\2015-02-14-00-21-23.029-AvastVBoxSVC.exe-2528.log
2015-02-13 13:14 - 2015-02-13 13:17 - 00000197 _____ () C:\WINDOWS\system32\2015-02-13-19-14-27.051-AvastVBoxSVC.exe-2976.log
2015-02-13 10:44 - 2015-02-13 10:44 - 00000000 ____D () C:\Users\rose\AppData\Roaming\Apple Computer
2015-02-13 10:43 - 2015-02-15 02:55 - 00000000 ____D () C:\ProgramData\IObit
2015-02-13 10:43 - 2015-02-13 10:43 - 00000000 ____D () C:\WINDOWS\Tasks\ImCleanDisabled
2015-02-13 10:42 - 2015-02-15 00:06 - 00000000 ____D () C:\Users\rose\AppData\Roaming\IObit
2015-02-13 10:42 - 2015-02-13 10:44 - 00000000 ____D () C:\Program Files (x86)\IObit
2015-02-13 10:22 - 2015-02-13 10:24 - 00000197 _____ () C:\WINDOWS\system32\2015-02-13-16-22-11.043-AvastVBoxSVC.exe-2164.log
2015-02-13 08:45 - 2015-02-13 08:45 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-02-10 18:58 - 2015-01-13 16:11 - 01762840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2015-02-10 18:58 - 2015-01-10 03:10 - 01733440 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-02-10 18:58 - 2015-01-10 02:28 - 01498360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-02-10 18:58 - 2015-01-10 01:00 - 00430080 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2015-02-10 18:58 - 2014-12-19 02:57 - 00788680 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2015-02-10 18:58 - 2014-12-08 19:56 - 00538624 _____ (Microsoft Corporation) C:\WINDOWS\system32\scesrv.dll
2015-02-10 18:58 - 2014-10-28 20:02 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2015-02-10 18:58 - 2014-10-28 20:02 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64cpu.dll
2015-02-10 18:58 - 2014-10-28 19:31 - 01441792 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2015-02-10 18:57 - 2015-01-11 20:48 - 02885632 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-02-10 18:57 - 2015-01-11 19:27 - 02865152 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-02-10 18:57 - 2015-01-11 19:27 - 02358272 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-02-10 18:57 - 2015-01-11 19:14 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-02-10 18:57 - 2014-12-19 02:25 - 00602776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2015-02-10 17:46 - 2015-02-10 17:50 - 00000197 _____ () C:\WINDOWS\system32\2015-02-10-23-46-12.078-AvastVBoxSVC.exe-2464.log
2015-02-04 16:37 - 2015-02-04 16:43 - 00000197 _____ () C:\WINDOWS\system32\2015-02-04-22-37-42.005-AvastVBoxSVC.exe-2452.log
2015-01-30 16:59 - 2015-01-30 17:02 - 00000197 _____ () C:\WINDOWS\system32\2015-01-30-22-59-28.083-AvastVBoxSVC.exe-2536.log
2015-01-18 18:56 - 2015-01-18 18:59 - 00000197 _____ () C:\WINDOWS\system32\2015-01-19-00-56-54.024-AvastVBoxSVC.exe-2608.log
2015-01-17 21:07 - 2015-01-17 21:07 - 00000000 ____D () C:\541b62f42b4f13f1218b371309

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-15 20:19 - 2014-11-20 19:20 - 00000000 ____D () C:\Users\rose\AppData\Roaming\OAS
2015-02-15 20:04 - 2013-11-10 18:58 - 00004052 _____ () C:\WINDOWS\System32\Tasks\avast! Emergency Update
2015-02-15 20:00 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-02-15 19:58 - 2013-07-22 21:34 - 00000000 ____D () C:\Users\rose\AppData\Roaming\Skype
2015-02-15 19:57 - 2014-03-19 12:52 - 00000950 _____ () C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-3548871218-304450476-362987887-1001UA.job
2015-02-15 19:20 - 2013-07-22 13:23 - 00000932 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-15 14:20 - 2013-07-22 13:23 - 00000928 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-15 14:04 - 2013-05-09 14:45 - 00000000 ____D () C:\Program Files (x86)\Dell Backup and Recovery
2015-02-15 14:02 - 2013-05-16 23:18 - 00003594 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3548871218-304450476-362987887-1001
2015-02-15 13:57 - 2014-10-21 23:03 - 00000000 ___RD () C:\Users\rose\OneDrive
2015-02-15 13:57 - 2014-03-19 12:52 - 00000928 _____ () C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-3548871218-304450476-362987887-1001Core.job
2015-02-15 13:56 - 2014-10-21 22:17 - 00000000 ____D () C:\Users\rose
2015-02-15 13:55 - 2013-08-22 08:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-02-15 12:15 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-02-15 12:04 - 2014-10-21 22:51 - 01834960 _____ () C:\WINDOWS\WindowsUpdate.log
2015-02-15 08:56 - 2013-06-24 13:30 - 00000000 ____D () C:\Users\rose\AppData\Local\CrashDumps
2015-02-15 08:48 - 2013-08-22 07:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2015-02-15 08:48 - 2013-05-09 14:48 - 00000000 ____D () C:\WINDOWS\en
2015-02-15 05:29 - 2014-10-21 22:58 - 00000008 __RSH () C:\Users\rose\ntuser.pol
2015-02-15 04:08 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\GroupPolicy
2015-02-15 04:08 - 2012-07-26 02:12 - 00000000 ___HD () C:\WINDOWS\system32\GroupPolicy
2015-02-15 03:14 - 2014-12-28 21:15 - 00001944 _____ () C:\WINDOWS\System32\Tasks\avastBCLRestartS-1-5-21-3548871218-304450476-362987887-1001
2015-02-15 02:55 - 2013-07-22 13:23 - 00003066 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-15 02:55 - 2013-07-22 13:23 - 00002830 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-02-15 01:22 - 2013-08-22 09:36 - 00000000 __RSD () C:\WINDOWS\Media
2015-02-15 01:22 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\WinStore
2015-02-15 01:22 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\WinMetadata
2015-02-15 01:22 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\system32\zh-HK
2015-02-15 01:22 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\system32\WinMetadata
2015-02-15 01:22 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\system32\uk-UA
2015-02-15 01:22 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\system32\tr-TR
2015-02-15 01:22 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\system32\th-TH
2015-02-15 01:22 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\system32\sl-SI
2015-02-15 01:22 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\system32\sk-SK
2015-02-15 01:22 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\system32\setup
2015-02-15 01:22 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\system32\ro-RO
2015-02-15 01:22 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\system32\lv-LV
2015-02-15 01:22 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\system32\lt-LT
2015-02-15 01:22 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\system32\hr-HR
2015-02-15 01:22 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\system32\he-IL
2015-02-15 01:22 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\system32\et-EE
2015-02-15 01:22 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\system32\en-GB
2015-02-15 01:22 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\system32\bg-BG
2015-02-15 01:22 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\system32\ar-SA
2015-02-15 01:22 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\PolicyDefinitions
2015-02-15 01:22 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\MediaViewer
2015-02-15 01:22 - 2013-08-22 09:36 - 00000000 ____D () C:\Program Files\Windows Defender
2015-02-15 01:18 - 2014-11-03 19:03 - 00000000 ____D () C:\Users\rose\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Screencast-O-Matic
2015-02-15 01:18 - 2014-08-23 15:29 - 00000000 ____D () C:\Users\rose\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU
2015-02-15 01:18 - 2014-08-23 15:28 - 00000000 ____D () C:\Users\rose\AppData\Roaming\IMVUClient
2015-02-15 01:18 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\Macromed
2015-02-15 01:18 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\system32\WindowsInternal.Inbox.Shared
2015-02-15 01:18 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\system32\Macromed
2015-02-15 01:18 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\Globalization
2015-02-15 01:18 - 2013-08-22 07:36 - 00000000 ____D () C:\WINDOWS\system32\Sysprep
2015-02-15 01:18 - 2013-08-22 07:36 - 00000000 ____D () C:\WINDOWS\servicing
2015-02-15 01:17 - 2014-11-03 19:03 - 00000000 ____D () C:\Users\rose\AppData\Local\Screencast-O-Matic
2015-02-15 01:17 - 2014-10-13 10:16 - 00000000 ____D () C:\Users\rose\AppData\Roaming\0K1L2Z1T1C1T
2015-02-15 01:17 - 2013-05-16 23:07 - 00000000 ____D () C:\Users\rose\AppData\Local\Packages
2015-02-15 01:16 - 2013-08-22 09:36 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2015-02-15 01:16 - 2013-07-22 13:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-02-15 01:16 - 2013-05-16 23:11 - 00000000 ____D () C:\ProgramData\Atheros
2015-02-15 01:16 - 2013-05-09 14:35 - 00000000 ____D () C:\ProgramData\PCDr
2015-02-15 00:58 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\registration
2015-02-15 00:38 - 2013-07-22 13:23 - 00000000 ____D () C:\Users\rose\AppData\Local\Google
2015-02-15 00:38 - 2013-05-09 14:36 - 00000000 ____D () C:\ProgramData\CyberLink
2015-02-14 06:46 - 2013-07-22 13:41 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-02-13 15:51 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2015-02-13 15:06 - 2012-07-26 01:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-02-13 12:22 - 2013-07-24 14:24 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-02-13 12:18 - 2014-10-22 01:02 - 00000000 ___DC () C:\WINDOWS\Panther
2015-02-13 08:29 - 2014-10-18 17:40 - 00000000 ____D () C:\Users\rose\Documents\Calibre Library
2015-02-12 21:45 - 2014-08-23 15:29 - 00000000 ____D () C:\Users\rose\AppData\Roaming\IMVU
2015-02-11 21:25 - 2013-06-13 13:35 - 00000000 ____D () C:\Users\rose\Documents\CyberLink
2015-02-11 21:25 - 2013-06-13 13:35 - 00000000 ____D () C:\Users\rose\AppData\Roaming\CyberLink
2015-01-26 18:44 - 2013-07-26 08:50 - 00003938 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{23CC49CF-8724-4751-BABF-F1F1AAAABEF2}
2015-01-18 18:53 - 2013-08-22 07:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI(83)
2015-01-18 18:53 - 2013-08-22 07:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI(69)
2015-01-17 21:07 - 2013-05-21 06:59 - 113365784 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

==================== Files in the root of some directories =======

2014-10-10 06:36 - 2014-10-10 06:36 - 0000010 _____ () C:\Users\rose\AppData\Local\DSI.DAT
2013-05-09 14:42 - 2013-05-09 14:42 - 0000119 _____ () C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log
2013-05-09 14:37 - 2013-05-09 14:38 - 0000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log
2013-05-09 14:38 - 2013-05-09 14:40 - 0000111 _____ () C:\ProgramData\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}.log
2013-05-09 14:36 - 2013-05-09 14:37 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
2013-05-09 14:40 - 2013-05-09 14:42 - 0000108 _____ () C:\ProgramData\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}.log

Some content of TEMP:
====================
C:\Users\rose\AppData\Local\Temp\DaS_21.exe
C:\Users\rose\AppData\Local\Temp\dllnt_dump.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-02-14 15:25

==================== End Of Log ============================

 

Malwarebytes log

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 2/15/2015
Scan Time: 2:01:09 PM
Logfile: mblog.txt
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2015.02.15.05
Rootkit Database: v2015.02.03.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 8.1
CPU: x64
File System: NTFS
User: rose

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 330485
Time Elapsed: 36 min, 58 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)

 

RogueKiller Log

 

RogueKiller V10.2.0.0 (x64) [Jan 19 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 8.1 (6.3.9200 ) 64 bits version
Started in : Normal mode
User : rose [Administrator]
Mode : Scan -- Date : 02/15/2015  09:02:12

¤¤¤ Processes : 2 ¤¤¤
[suspicious.Path] mcc.exe(1264) -- C:\Users\rose\AppData\Roaming\oas\mcc.exe[-] -> Killed [TermProc]
[suspicious.Path] oas.exe(8416) -- C:\Users\rose\AppData\Roaming\oas\oas.exe[-] -> Killed [TermThr]

¤¤¤ Registry : 6 ¤¤¤
[suspicious.Path] (X64) HKEY_USERS\S-1-5-21-3548871218-304450476-362987887-1001\Software\Microsoft\Windows\CurrentVersion\Run | Online Ad Scanner : C:\Users\rose\AppData\Roaming\OAS\oasupd.exe  -> Found
[suspicious.Path] (X86) HKEY_USERS\S-1-5-21-3548871218-304450476-362987887-1001\Software\Microsoft\Windows\CurrentVersion\Run | Online Ad Scanner : C:\Users\rose\AppData\Roaming\OAS\oasupd.exe  -> Found
[PUM.Proxy] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1  -> Found
[PUM.Proxy] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1  -> Found
[PUM.Proxy] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:8800;https=127.0.0.1:8800  -> Found
[PUM.Proxy] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:8800;https=127.0.0.1:8800  -> Found

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: Hitachi HTS545050A7E380 +++++
--- User ---
[MBR] 9dc2985f0e8c30cd70065084143bd4fc
[bSP] 43beef60d3904610c96f739e1c0f8ce0 : Empty MBR Code
Partition table:
0 - [XXXXXX] UNKNOWN (0x0) [VISIBLE] Offset (sectors): 1 | Size: 2097152 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: ADATA USB Flash Drive USB Device +++++
--- User ---
[MBR] 8c2c7e585e9276a962ec4b13eb6c8ffe
[bSP] 3ae2f63fd28f08613cd9a26ea0304a7c : Unknown MBR Code
Partition table:
0 - [XXXXXX] UNKNOWN (0x0) [VISIBLE] Offset (sectors): 778135908 | Size: 557377 MB
1 - [XXXXXX] UNKNOWN (0x0) [VISIBLE] Offset (sectors): 168689522 | Size: 945326 MB
2 - [XXXXXX] UNKNOWN (0x0) [VISIBLE] Offset (sectors): 1869881465 | Size: 945326 MB
3 - [XXXXXX] UNKNOWN (0x0) [VISIBLE] Offset (sectors): -1409286144 | Size: 27 MB
User = LL1 ... OK
Error reading LL2 MBR! ([32] The request is not supported. )

============================================
RKreport_DEL_02142015_211646.log - RKreport_DEL_02142015_211655.log - RKreport_SCN_02142015_211221.log

Link to post
Share on other sites

Hello josephofantioch, welcome to Malwarebytes' Malware Removal forum!
 
My name is Adam. I will be assisting you with your malware-related problems.
If you would allow me to call you by your first name I would prefer that. :)
 
======================================================
 
Please read through the points below to ensure this process moves as quickly and efficiently as possible.

  • Ensure you read through my instructions thoroughly, and carry out each step in the order specified.
  • Please do not run any tools or take any steps other than those I provide for you. Independent efforts may make matters worse, and will affect my ability in providing the best set of instructions for you.
  • Please backup important files before proceeding with my instructions. Malware removal can be unpredictable at times.   
  • If you come across any issues whilst following my instructions, please stop and inform me of the issue in as much detail as possible. Please do not hesitate to ask before proceeding.
  • Topics are locked if no response is made after 4 days. Please inform me if you require additional time to complete my instructions.
  • I will notify you when I believe your computer is free of malware. Please bear in mind, absence of symptoms does not necessarily correlate to absence of malware, so please wait until the "All Clean". 
  • Ensure you are following this topic. Click etYzdbu.png at the top of the page. 

======================================================

 

Two logs (FRST.txt & Addition.txt) should have been created by FRST.

Please copy the contents of Addition.txt and paste in your next reply. 

Link to post
Share on other sites

Upon launching the FRST64 a box appears with the following ::

 

Application Error
Exception EAccessViolation in module ERUNT.exe at 00003A38.
Access violation at address 00403A38 in module 'ERUNT.exe'.Read of
address 0076005D.

 

---------------------------

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-02-2015
Ran by rose at 2015-02-16 09:59:55
Running from E:\
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Advanced SystemCare 8 (HKLM-x32\...\Advanced SystemCare 8_is1) (Version: 8.0.3 - IObit)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.0.2208 - AVAST Software)
calibre (HKLM-x32\...\{D4D433B0-D012-490D-98FC-7A365059AC96}) (Version: 0.8.67 - Kovid Goyal)
Cisco Connect (HKLM-x32\...\Cisco Connect) (Version: 1.4.13025.0 - Cisco Consumer Products LLC)
CyberLink Media Suite Essentials (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Backup and Recovery - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 1.5.0.0 - Dell Inc.)
Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.5.0.0 - Dell Inc.)
Dell Digital Delivery (HKLM-x32\...\{D9ED3EFC-AB00-4CE0-ADED-80EE6B1158A7}) (Version: 2.2.2000.0 - Dell Products, LP)
Dell Product Registration (HKLM-x32\...\{2A0F2CC5-3065-492C-8380-B03AA7106B1A}) (Version: 1.16.1 - Dell Inc.)
Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 16.3.7.0 - Synaptics Incorporated)
Dell WLAN and Bluetooth Client Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Dell Inc.)
Dropbox (HKU\S-1-5-21-3548871218-304450476-362987887-1001\...\Dropbox) (Version: 2.10.52 - Dropbox, Inc.)
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
File Opener Packages (HKU\S-1-5-21-3548871218-304450476-362987887-1001\...\File Opener Packages) (Version:  - ) <==== ATTENTION
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.111 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
IMVU Avatar Chat Software (HKU\S-1-5-21-3548871218-304450476-362987887-1001\...\IMVU Avatar chat client software BETA) (Version:  - )
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3621 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.7.0.1013 - Intel Corporation)
IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 4.1.6.25 - IObit)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
OAS (HKU\S-1-5-21-3548871218-304450476-362987887-1001\...\Online Ad Scanner) (Version: 1.00 - OAS Corp)
Play Pickle Games Console (HKU\S-1-5-21-3548871218-304450476-362987887-1001\...\PlayPickle) (Version: 1.1.4 - Play Turtle,LLC)
PlayPickle Packages (HKU\S-1-5-21-3548871218-304450476-362987887-1001\...\PlayPickle Packages) (Version:  - ) <==== ATTENTION
Potplayer-64 Bits (HKLM\...\PotPlayer64) (Version:  - Daum Communications Corp.)
Puran Utilities 3.0 (HKLM\...\Puran Utilities_is1) (Version:  - Puran Software)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.218 - Qualcomm Atheros Communications)
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 10.15.017 - Dell Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6788 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.39030 - Realtek Semiconductor Corp.)
ROBLOX Player for rose (HKU\S-1-5-21-3548871218-304450476-362987887-1001\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version:  - ROBLOX Corporation)
Screencast-O-Matic (HKU\S-1-5-21-3548871218-304450476-362987887-1001\...\Screencast-O-Matic) (Version:  - Screencast-O-Matic)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
SkypeTalking 0.9.6 (HKLM-x32\...\SkypeTalking_is1) (Version: 0.9.6 - Hrvoje Katić)
Skype™ 6.20 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.20.104 - Skype Technologies S.A.)
Surfing Protection (HKLM-x32\...\IObit Surfing Protection_is1) (Version: 1.2 - IObit)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3548871218-304450476-362987887-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\rose\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3548871218-304450476-362987887-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-3548871218-304450476-362987887-1001_Classes\CLSID\{DEE03C2B-0C0C-41A9-9877-FD4B4D7B6EA3}\InprocServer32 -> C:\Users\rose\AppData\Local\Roblox\Versions\version-2c1f992c1a264ecc\RobloxProxy64.dll (ROBLOX Corporation)
CustomCLSID: HKU\S-1-5-21-3548871218-304450476-362987887-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\rose\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3548871218-304450476-362987887-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\rose\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3548871218-304450476-362987887-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\rose\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3548871218-304450476-362987887-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\rose\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3548871218-304450476-362987887-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\rose\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3548871218-304450476-362987887-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\rose\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3548871218-304450476-362987887-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\rose\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3548871218-304450476-362987887-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\rose\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

==================== Restore Points  =========================

27-01-2015 19:25:56 Windows Update
09-02-2015 20:00:32 Windows Update
13-02-2015 12:19:16 Windows Update
14-02-2015 23:13:32 Restore Operation

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 07:25 - 2013-08-22 07:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {06014760-4932-422A-A5F1-50FF493DBDF5} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe
Task: {0A5CCD38-8CA7-4382-89E8-822E40CBEF4B} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-11-30] (AVAST Software)
Task: {0D0B901E-8574-4A58-9779-AA9C99F5CBA2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-07-22] (Google Inc.)
Task: {1C33CE67-31EC-45CA-BC1E-35B0FB043DFB} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2012-12-03] (CyberLink Corp.)
Task: {1FE9612A-BAAB-43BE-A27B-C084A55754BE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-07-22] (Google Inc.)
Task: {2047874E-BCC6-4630-945B-50CAD7D64E79} - System32\Tasks\ASC8_SkipUac_rose => C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASC.exe [2015-01-12] (IObit)
Task: {21D4B9D5-7DC4-43E5-B2F7-501D7CD55BA3} - \PastaQuotes No Task File <==== ATTENTION
Task: {46359C54-4D35-4828-B582-1287C42AC009} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-3548871218-304450476-362987887-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe
Task: {5E4012B5-6232-4652-8C06-5FA05410A077} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-3548871218-304450476-362987887-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe
Task: {73D23788-3933-4030-B9C5-55242483AB5E} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-01-17] (Microsoft Corporation)
Task: {837C6485-9498-4E2C-80D2-00EFFA139B71} - System32\Tasks\avastBCLRestartS-1-5-21-3548871218-304450476-362987887-1001 => Chrome.exe
Task: {84DADE1C-A02C-4FBE-B5A9-F09320F54843} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-3548871218-304450476-362987887-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe
Task: {967EA05B-E83F-4139-A943-390BB8BCD210} - System32\Tasks\Dell\Dell System Registration => C:\Program Files (x86)\System Registration\prodreg.exe [2012-07-09] (Dell, Inc.)
Task: {991E58F4-C9FE-4453-8045-9312EF9D25CA} - System32\Tasks\ASC8_PerformanceMonitor => C:\Program Files (x86)\IObit\Advanced SystemCare 8\Monitor.exe [2014-12-10] (IObit)
Task: {B2C2A117-8CCE-402D-A18D-4B1E2AFB6B68} - System32\Tasks\Uninstaller_SkipUac_rose => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2014-12-09] (IObit)
Task: {B3D921CC-66B2-4DB0-9166-7361B89B310A} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3548871218-304450476-362987887-1001UA => C:\Users\rose\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-03-19] (Facebook Inc.)
Task: {C9158937-98AC-4C43-ABA1-4B27F5334B86} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2012-12-03] (CyberLink)
Task: {F57E21D4-7E8B-4924-8C25-547D5B97CAF5} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3548871218-304450476-362987887-1001Core => C:\Users\rose\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-03-19] (Facebook Inc.)
Task: C:\WINDOWS\Tasks\ASC8_SkipUac_rose.job => C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASC.exe
Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-3548871218-304450476-362987887-1001Core.job => C:\Users\rose\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-3548871218-304450476-362987887-1001UA.job => C:\Users\rose\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
Task: C:\WINDOWS\Tasks\Uninstaller_SkipUac_rose.job => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe

==================== Loaded Modules (whitelisted) ==============

2013-05-09 14:40 - 2012-04-24 20:43 - 00254512 ____N () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
2014-11-30 18:56 - 2014-11-30 18:56 - 00388208 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxDDU.dll
2014-11-30 18:56 - 2014-11-30 18:56 - 05851328 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxRT.dll
2012-12-28 14:39 - 2012-12-28 14:39 - 00011264 _____ () C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2012-12-28 14:36 - 2012-12-28 14:36 - 00084480 _____ () C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Modules\Map\MAP.dll
2012-12-28 14:41 - 2012-12-28 14:41 - 00012928 _____ () C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\ActivateDesktop.exe
2014-09-23 01:09 - 2014-09-23 01:09 - 00007168 _____ () C:\Users\rose\AppData\Roaming\oas\mcc.exe
2013-07-06 10:09 - 2013-04-19 16:51 - 00023328 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRCrawler.exe
2013-07-06 10:09 - 2013-04-19 16:52 - 00049440 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\STCommonShellIntegration.dll
2015-02-15 02:55 - 2013-10-25 12:08 - 00517408 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare 8\sqlite3.dll
2014-11-30 18:56 - 2014-11-30 18:56 - 04495336 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\x86\VBoxRT-x86.dll
2015-02-15 13:56 - 2015-02-15 13:56 - 02911744 _____ () C:\Program Files\AVAST Software\Avast\defs\15021501\algo.dll
2015-02-16 06:02 - 2015-02-16 06:02 - 02911744 _____ () C:\Program Files\AVAST Software\Avast\defs\15021600\algo.dll
2015-02-13 10:42 - 2013-01-15 18:48 - 00348992 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare 8\madExcept_.bpl
2015-02-13 10:42 - 2013-01-15 18:48 - 00183616 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare 8\madBasic_.bpl
2015-02-13 10:42 - 2013-01-15 18:48 - 00051008 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare 8\madDisAsm_.bpl
2015-02-15 02:55 - 2014-10-16 10:26 - 00622880 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare 8\ProductStatistics.dll
2013-05-09 14:38 - 2012-06-07 21:34 - 00627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2012-06-08 12:34 - 2012-06-08 12:34 - 00016400 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2015-02-13 10:43 - 2013-01-15 18:48 - 00348992 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madExcept_.bpl
2015-02-13 10:43 - 2013-01-15 18:48 - 00183616 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madBasic_.bpl
2015-02-13 10:43 - 2013-01-15 18:48 - 00051008 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madDisAsm_.bpl
2014-11-30 18:56 - 2014-11-30 18:56 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-11-07 16:05 - 2014-11-07 16:05 - 00016384 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PSIClient\2133a50009fa3b357bfbd29a218be0f6\PSIClient.ni.dll
2013-05-09 14:29 - 2012-06-25 12:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2013-07-06 10:09 - 2013-05-02 17:01 - 01813792 _____ () C:\Program Files (x86)\Dell Backup and Recovery\OLCoreWrapper.dll
2014-09-22 05:36 - 2014-09-22 05:36 - 00177152 _____ () C:\Users\rose\AppData\Roaming\oas\oas.exe

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\rose\OneDrive:ms-properties

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3548871218-304450476-362987887-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Dell\Win LTBLUE 1920x1200.jpg
DNS Servers: 75.75.75.75 - 75.75.76.76

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run: => "BtPreLoad"
HKLM\...\StartupApproved\Run32: => "TkBellExe"
HKLM\...\StartupApproved\Run32: => "RemoteControl10"
HKLM\...\StartupApproved\Run32: => "PC Cleaners"
HKLM\...\StartupApproved\Run32: => "PerforMax Cleaner"
HKU\S-1-5-21-3548871218-304450476-362987887-1001\...\StartupApproved\StartupFolder: => "MyPC Backup.lnk"
HKU\S-1-5-21-3548871218-304450476-362987887-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_4878BA9AB6674643E1160A3519305162"
HKU\S-1-5-21-3548871218-304450476-362987887-1001\...\StartupApproved\Run: => "Facebook Update"
HKU\S-1-5-21-3548871218-304450476-362987887-1001\...\StartupApproved\Run: => "Optimizer Pro"
HKU\S-1-5-21-3548871218-304450476-362987887-1001\...\StartupApproved\Run: => "PC Cleaners"

==================== Accounts: =============================

Administrator (S-1-5-21-3548871218-304450476-362987887-500 - Administrator - Disabled)
Guest (S-1-5-21-3548871218-304450476-362987887-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3548871218-304450476-362987887-1005 - Limited - Enabled)
rose (S-1-5-21-3548871218-304450476-362987887-1001 - Administrator - Enabled) => C:\Users\rose

==================== Faulty Device Manager Devices =============

Name: Bluetooth Audio Device
Description: Bluetooth Audio Device
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: Qualcomm Atheros Communications
Service: BTATH_A2DP
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Virtual Bluetooth Support (Include Audio)
Description: Virtual Bluetooth Support (Include Audio)
Class Guid: {c7c038ad-1f2d-44d4-b2fe-d912be20e6d5}
Manufacturer: Qualcomm Atheros Communications
Service: AthBTPort
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Bluetooth LWFLT Device
Description: Bluetooth LWFLT Device
Class Guid: {c7c038ad-1f2d-44d4-b2fe-d912be20e6d5}
Manufacturer: Qualcomm Atheros Communications
Service: BTATH_LWFLT
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: E:\
Description: USB Flash Drive
Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Manufacturer: ADATA  
Service: WUDFWpdFs
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

==================== Event log errors: =========================

Application errors:
==================
Error: (02/16/2015 09:45:31 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LiveComm.exe version 17.5.9600.20689 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 16c4

Start Time: 01d049fee0f1ac47

Termination Time: 4294967295

Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe

Report Id: d4749b23-b5f2-11e4-bed5-1c3e84938f3e

Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe

Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1

Error: (02/16/2015 09:15:31 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LiveComm.exe version 17.5.9600.20689 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 10c8

Start Time: 01d049fab00e72a4

Termination Time: 4294967295

Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe

Report Id: a3956ec3-b5ee-11e4-bed5-1c3e84938f3e

Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe

Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1

Error: (02/16/2015 08:45:31 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LiveComm.exe version 17.5.9600.20689 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 15d0

Start Time: 01d049f67f298113

Termination Time: 4294967295

Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe

Report Id: 72b03591-b5ea-11e4-bed5-1c3e84938f3e

Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe

Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1

Error: (02/16/2015 08:15:31 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LiveComm.exe version 17.5.9600.20689 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 8c4

Start Time: 01d049f24e458a52

Termination Time: 4294967295

Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe

Report Id: 41c83baf-b5e6-11e4-bed5-1c3e84938f3e

Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe

Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1

Error: (02/16/2015 07:45:31 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LiveComm.exe version 17.5.9600.20689 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 15b4

Start Time: 01d049ee1d5c914e

Termination Time: 4294967295

Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe

Report Id: 10e53d51-b5e2-11e4-bed5-1c3e84938f3e

Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe

Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1

Error: (02/16/2015 07:15:31 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LiveComm.exe version 17.5.9600.20689 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1108

Start Time: 01d049e9ec77bf74

Termination Time: 4294967295

Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe

Report Id: dff8f583-b5dd-11e4-bed5-1c3e84938f3e

Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe

Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1

Error: (02/16/2015 06:45:31 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LiveComm.exe version 17.5.9600.20689 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 152c

Start Time: 01d049e5bb916439

Termination Time: 4294967295

Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe

Report Id: af18b064-b5d9-11e4-bed5-1c3e84938f3e

Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe

Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1

Error: (02/16/2015 06:15:31 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LiveComm.exe version 17.5.9600.20689 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1070

Start Time: 01d049e18aafbeb3

Termination Time: 4294967295

Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe

Report Id: 7e331090-b5d5-11e4-bed5-1c3e84938f3e

Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe

Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1

Error: (02/16/2015 05:45:31 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LiveComm.exe version 17.5.9600.20689 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: a48

Start Time: 01d049dd59ce8606

Termination Time: 4294967295

Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe

Report Id: 4d50414c-b5d1-11e4-bed5-1c3e84938f3e

Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe

Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1

Error: (02/16/2015 05:15:31 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LiveComm.exe version 17.5.9600.20689 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 12a4

Start Time: 01d049d928e41fe5

Termination Time: 4294967295

Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe

Report Id: 1c6f1725-b5cd-11e4-bed5-1c3e84938f3e

Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe

Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1

System errors:
=============
Error: (02/15/2015 01:59:07 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Dell Digital Delivery Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (02/15/2015 01:58:47 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error:
%%1053

Error: (02/15/2015 01:58:47 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Google Update Service (gupdate) service to connect.

Error: (02/15/2015 01:57:08 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 40. The Windows SChannel error state is 107.

Error: (02/15/2015 01:57:08 PM) (Source: Schannel) (EventID: 4106) (User: NT AUTHORITY)
Description: An SSL 3.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.

Error: (02/15/2015 01:57:08 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 40. The Windows SChannel error state is 107.

Error: (02/15/2015 01:57:08 PM) (Source: Schannel) (EventID: 4106) (User: NT AUTHORITY)
Description: An SSL 3.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.

Error: (02/15/2015 01:56:36 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: 1053AvastVBoxSvcUnavailable{F319F1B8-7587-4146-AF9C-0D6D77819BF1}

Error: (02/15/2015 01:56:34 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The AvastVBox COM Service service failed to start due to the following error:
%%1053

Error: (02/15/2015 01:56:34 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the AvastVBox COM Service service to connect.

Microsoft Office Sessions:
=========================
Error: (02/16/2015 09:45:31 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.2068916c401d049fee0f1ac474294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exed4749b23-b5f2-11e4-bed5-1c3e84938f3emicrosoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1

Error: (02/16/2015 09:15:31 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.2068910c801d049fab00e72a44294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exea3956ec3-b5ee-11e4-bed5-1c3e84938f3emicrosoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1

Error: (02/16/2015 08:45:31 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.2068915d001d049f67f2981134294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe72b03591-b5ea-11e4-bed5-1c3e84938f3emicrosoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1

Error: (02/16/2015 08:15:31 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.206898c401d049f24e458a524294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe41c83baf-b5e6-11e4-bed5-1c3e84938f3emicrosoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1

Error: (02/16/2015 07:45:31 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.2068915b401d049ee1d5c914e4294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe10e53d51-b5e2-11e4-bed5-1c3e84938f3emicrosoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1

Error: (02/16/2015 07:15:31 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.20689110801d049e9ec77bf744294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exedff8f583-b5dd-11e4-bed5-1c3e84938f3emicrosoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1

Error: (02/16/2015 06:45:31 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.20689152c01d049e5bb9164394294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exeaf18b064-b5d9-11e4-bed5-1c3e84938f3emicrosoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1

Error: (02/16/2015 06:15:31 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.20689107001d049e18aafbeb34294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe7e331090-b5d5-11e4-bed5-1c3e84938f3emicrosoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1

Error: (02/16/2015 05:45:31 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.20689a4801d049dd59ce86064294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe4d50414c-b5d1-11e4-bed5-1c3e84938f3emicrosoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1

Error: (02/16/2015 05:15:31 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.2068912a401d049d928e41fe54294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe1c6f1725-b5cd-11e4-bed5-1c3e84938f3emicrosoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1

CodeIntegrity Errors:
===================================
  Date: 2014-09-13 17:42:09.879
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\rpcrt4.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-09-13 17:28:54.122
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\rpcrt4.dll because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: Intel® Pentium® CPU 2117U @ 1.80GHz
Percentage of memory in use: 44%
Total physical RAM: 3965.27 MB
Available physical RAM: 2205.99 MB
Total Pagefile: 5309.27 MB
Available Pagefile: 3507.17 MB
Total Virtual: 131072 MB
Available Virtual: 131071.84 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:449.86 GB) (Free:205.27 GB) NTFS
Drive e: () (Removable) (Total:14.96 GB) (Free:14.87 GB) FAT32
Drive y: (WINRETOOLS) (Fixed) (Total:0.49 GB) (Free:0.21 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 1DACEDB2)

Partition: GPT Partition Type.

========================================================
Disk: 1 (Size: 15 GB) (Disk ID: 6F20736B)
No partition Table on disk 1.
Disk 1 is a removable device.

==================== End Of Log ============================

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-02-2015
Ran by rose (administrator) on ROSECHAMBERS on 16-02-2015 09:58:56
Running from E:\
Loaded Profiles: rose (Available profiles: rose)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCService.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(IObit) C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Atheros) C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 8\Monitor.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe
(IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
() C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\ActivateDesktop.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
() C:\Users\rose\AppData\Roaming\OAS\mcc.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Toaster.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Components\DBRUpdate\DBRUpd.exe
() C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRCrawler.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6846096 2012-11-19] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1253520 2012-11-19] (Realtek Semiconductor)
HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [5762408 2013-02-01] (Dell Inc.)
HKLM\...\Run: [btPreLoad] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtPreLoad.exe [64640 2012-12-28] ()
HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3010952 2012-12-21] (Synaptics Incorporated)
HKLM-x32\...\Run: [iAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [285240 2012-11-19] (Intel Corporation)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [102928 2012-10-23] (CyberLink Corp.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-01-09] (AVAST Software)
HKLM\...\Policies\Explorer\Run: [btvStack] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe [129664 2012-12-28] ( (Qualcomm Atheros Commnucations))
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-3548871218-304450476-362987887-1001\...\Run: [GoogleChromeAutoLaunch_4878BA9AB6674643E1160A3519305162] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [843592 2015-01-25] (Google Inc.)
HKU\S-1-5-21-3548871218-304450476-362987887-1001\...\Run: [Facebook Update] => C:\Users\rose\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2014-03-19] (Facebook Inc.)
HKU\S-1-5-21-3548871218-304450476-362987887-1001\...\Run: [skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [22041192 2014-08-27] (Skype Technologies S.A.)
HKU\S-1-5-21-3548871218-304450476-362987887-1001\...\Run: [Online Ad Scanner] => C:\Users\rose\AppData\Roaming\OAS\oasupd.exe [28672 2014-10-20] ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [HKLM] => ProxyEnable is set.
ProxyEnable: [HKLM-x32] => ProxyEnable is set.
ProxyServer: [HKLM] => http=127.0.0.1:8800;https=127.0.0.1:8800
ProxyServer: [HKLM-x32] => http=127.0.0.1:8800;https=127.0.0.1:8800
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=AV01
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-3548871218-304450476-362987887-1001\Software\Microsoft\Internet Explorer\Main,DisableRequiresActiveXPrompt = moviestarplanet.com;www.moviestarplanet.com
HKU\S-1-5-21-3548871218-304450476-362987887-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.msn.com/?pc=AV01
HKU\S-1-5-21-3548871218-304450476-362987887-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKU\S-1-5-21-3548871218-304450476-362987887-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
SearchScopes: HKLM-x32 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3548871218-304450476-362987887-1001 -> DefaultScope {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKU\S-1-5-21-3548871218-304450476-362987887-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3548871218-304450476-362987887-1001 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll (IObit)
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Advanced SystemCare Surfing Protection -> {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} -> C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll (IObit)
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKU\S-1-5-21-3548871218-304450476-362987887-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: HKLM-x32 {6A060448-60F9-11D5-A6CD-0002B31F7455}
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76

FireFox:
========
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll No File
FF Plugin HKU\S-1-5-21-3548871218-304450476-362987887-1001: @nsroblox.roblox.com/launcher -> C:\Users\rose\AppData\Local\Roblox\Versions\version-2c1f992c1a264ecc\\NPRobloxProxy.dll ( ROBLOX Corporation)
FF Plugin HKU\S-1-5-21-3548871218-304450476-362987887-1001: @nsroblox.roblox.com/launcher64 -> C:\Users\rose\AppData\Local\Roblox\Versions\version-2c1f992c1a264ecc\\NPRobloxProxy64.dll ( ROBLOX Corporation)
FF Plugin HKU\S-1-5-21-3548871218-304450476-362987887-1001: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\rose\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-11-10]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK

Chrome:
=======
CHR Profile: C:\Users\rose\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Awesome Screenshot App) - C:\Users\rose\AppData\Local\Google\Chrome\User Data\Default\Extensions\afkccfnochoebimhhniekgcegeeiepmi [2014-10-06]
CHR Extension: (Awesome Screenshot: Capture & Annotate) - C:\Users\rose\AppData\Local\Google\Chrome\User Data\Default\Extensions\alelhddbbhepgpmgidjdcjakblofbmce [2014-11-29]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\rose\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-07-11]
CHR Extension: (YouTube) - C:\Users\rose\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-07-22]
CHR Extension: (Google Search) - C:\Users\rose\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-07-22]
CHR Extension: (Hack this page) - C:\Users\rose\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhlmoffoggikiefmphhkgjeocbfmcojf [2015-01-14]
CHR Extension: (Sufway Surfers Online) - C:\Users\rose\AppData\Local\Google\Chrome\User Data\Default\Extensions\giambjehodbppcnagcpnpblkafclddej [2015-01-13]
CHR Extension: (AdBlock) - C:\Users\rose\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-10-10]
CHR Extension: (Avast Online Security) - C:\Users\rose\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2013-11-10]
CHR Extension: (Love Smoke) - C:\Users\rose\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgibfhhccaknggplelmbaepoikkcnllb [2015-01-14]
CHR Extension: (Smart Shopper) - C:\Users\rose\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbiofflfdlpgchfieeclnffadkejchnn [2014-10-06]
CHR Extension: (Androck: Play Apps on PC) - C:\Users\rose\AppData\Local\Google\Chrome\User Data\Default\Extensions\ldlnjmihlobndnkoenkobmkaaccpmfgo [2015-01-13]
CHR Extension: (Skype Click to Call) - C:\Users\rose\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2013-10-17]
CHR Extension: (Google Wallet) - C:\Users\rose\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-25]
CHR Extension: (Instagram) - C:\Users\rose\AppData\Local\Google\Chrome\User Data\Default\Extensions\oacfdfgmgfbpgjgpgghdcjfaajdiggho [2015-01-13]
CHR Extension: (Messenger) - C:\Users\rose\AppData\Local\Google\Chrome\User Data\Default\Extensions\omnnhmocnbkcoacgepnpecalmhkfdgnb [2015-01-13]
CHR Extension: (Gmail) - C:\Users\rose\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-07-22]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-11-30]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdvancedSystemCareService8; C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCService.exe [815392 2014-11-04] (IObit)
R2 AtherosSvc; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [226944 2012-12-28] (Qualcomm Atheros Commnucations)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-11-30] (AVAST Software)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4012248 2014-11-30] (Avast Software)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
S2 DellDigitalDelivery; c:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe [173056 2012-06-19] (Dell Products, LP.) [File not signed]
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [314696 2014-05-20] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
R2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2631456 2014-12-10] (IObit)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
S4 PuranDefrag; C:\Windows\SYSTEM32\PuranDefragS.exe [292736 2013-08-15] (Puran Software) [File not signed]
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [254512 2012-04-24] ()
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [201872 2012-11-23] (Realtek Semiconductor)
R2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\sftservice.exe [1915480 2013-05-23] (SoftThinks SAS)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-21] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-21] (Microsoft Corporation)
R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [81536 2012-12-26] (Atheros)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-11-30] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-11-30] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-11-30] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-11-30] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-11-30] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-11-30] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-11-30] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-11-30] ()
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2012-12-28] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-09-24] (Microsoft Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
S3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [10752 2013-01-24] (OSR Open Systems Resources, Inc.)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2014-11-21] (Malwarebytes Corporation)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [28040 2012-12-21] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [32136 2012-12-21] (Synaptics Incorporated)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [271752 2014-11-30] (Avast Software)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-21] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-15 16:39 - 2015-02-15 05:29 - 00048377 _____ () C:\zoek-results2015-02-15-112954.log
2015-02-15 13:58 - 2015-02-15 13:58 - 00000000 ___RD () C:\Users\rose\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2015-02-15 13:57 - 2015-02-15 14:01 - 00000197 _____ () C:\WINDOWS\system32\2015-02-15-19-57-13.058-AvastVBoxSVC.exe-3776.log
2015-02-15 08:53 - 2015-02-15 08:53 - 00037624 _____ () C:\WINDOWS\system32\Drivers\TrueSight.sys
2015-02-15 08:51 - 2015-02-15 08:53 - 00000197 _____ () C:\WINDOWS\system32\2015-02-15-14-51-18.008-AvastVBoxSVC.exe-2756.log
2015-02-15 06:35 - 2015-02-15 14:01 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-02-15 06:34 - 2015-02-15 06:34 - 00001116 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-02-15 06:34 - 2015-02-15 06:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-02-15 06:34 - 2015-02-15 06:34 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-02-15 06:34 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-02-15 06:34 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-02-15 06:34 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-02-15 06:32 - 2015-02-15 06:34 - 00000197 _____ () C:\WINDOWS\system32\2015-02-15-12-32-18.095-AvastVBoxSVC.exe-2388.log
2015-02-15 05:30 - 2015-02-15 21:57 - 00000000 ____D () C:\ProgramData\ProductData
2015-02-15 05:30 - 2015-02-15 05:30 - 00000000 ____D () C:\Users\rose\AppData\Roaming\ProductData
2015-02-15 05:23 - 2015-02-15 05:23 - 00000197 _____ () C:\WINDOWS\system32\2015-02-15-11-23-03.041-AvastVBoxSVC.exe-2452.log
2015-02-15 05:20 - 2015-02-15 13:55 - 00008586 _____ () C:\WINDOWS\PFRO.log
2015-02-15 05:20 - 2015-02-15 13:55 - 00000308 _____ () C:\WINDOWS\setupact.log
2015-02-15 05:20 - 2015-02-15 05:20 - 00000000 _____ () C:\WINDOWS\setuperr.log
2015-02-15 03:25 - 2015-02-14 22:52 - 00000746 _____ () C:\zoek-results2015-02-15-045243.log
2015-02-15 02:56 - 2015-02-15 22:01 - 00000302 _____ () C:\WINDOWS\Tasks\Uninstaller_SkipUac_rose.job
2015-02-15 02:56 - 2015-02-15 02:56 - 00003164 _____ () C:\WINDOWS\System32\Tasks\ASC8_PerformanceMonitor
2015-02-15 02:56 - 2015-02-15 02:56 - 00002400 _____ () C:\WINDOWS\System32\Tasks\Uninstaller_SkipUac_rose
2015-02-15 02:55 - 2015-02-15 02:55 - 00002364 _____ () C:\WINDOWS\System32\Tasks\ASC8_SkipUac_rose
2015-02-15 02:55 - 2015-02-15 02:55 - 00002199 _____ () C:\Users\Public\Desktop\Advanced SystemCare 8.lnk
2015-02-15 02:55 - 2015-02-15 02:55 - 00000266 _____ () C:\WINDOWS\Tasks\ASC8_SkipUac_rose.job
2015-02-15 02:55 - 2015-02-15 02:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare 8
2015-02-15 01:26 - 2015-02-15 01:28 - 00000197 _____ () C:\WINDOWS\system32\2015-02-15-07-26-42.078-AvastVBoxSVC.exe-2304.log
2015-02-15 00:17 - 2015-02-15 00:20 - 00000197 _____ () C:\WINDOWS\system32\2015-02-15-06-17-12.040-AvastVBoxSVC.exe-3164.log
2015-02-14 22:52 - 2015-02-14 15:12 - 00047981 _____ () C:\zoek-results2015-02-14-211231.log
2015-02-14 21:05 - 2015-02-15 08:53 - 00000000 ____D () C:\ProgramData\RogueKiller
2015-02-14 20:37 - 2015-02-16 09:58 - 00000000 ____D () C:\FRST
2015-02-14 15:06 - 2015-02-14 15:07 - 00000197 _____ () C:\WINDOWS\system32\2015-02-14-21-06-22.055-AvastVBoxSVC.exe-2592.log
2015-02-14 13:47 - 2015-02-14 13:09 - 00051017 _____ () C:\zoek-results2015-02-14-190902.log
2015-02-14 13:22 - 2015-02-14 13:24 - 00000197 _____ () C:\WINDOWS\system32\2015-02-14-19-22-20.043-AvastVBoxSVC.exe-2692.log
2015-02-14 13:13 - 2015-02-14 13:18 - 00000000 ____D () C:\AdwCleaner
2015-02-14 13:10 - 2015-02-14 13:11 - 00000197 _____ () C:\WINDOWS\system32\2015-02-14-19-10-00.061-AvastVBoxSVC.exe-2536.log
2015-02-14 11:34 - 2015-02-15 16:48 - 00035307 _____ () C:\zoek-results.log
2015-02-14 11:27 - 2015-02-15 04:17 - 00000000 ____D () C:\zoek_backup
2015-02-14 11:13 - 2015-02-14 11:14 - 00000280 _____ () C:\WINDOWS\system32\2015-02-14-17-13-51.060-aswFe.exe-2228.log
2015-02-14 01:50 - 2015-02-14 01:52 - 00000197 _____ () C:\WINDOWS\system32\2015-02-14-07-50-59.002-AvastVBoxSVC.exe-2512.log
2015-02-13 21:56 - 2015-02-13 21:57 - 00000197 _____ () C:\WINDOWS\system32\2015-02-14-03-56-08.026-AvastVBoxSVC.exe-2548.log
2015-02-13 21:20 - 2015-02-15 00:05 - 00000000 ____D () C:\WINDOWS\pss
2015-02-13 21:09 - 2015-02-13 21:10 - 00000197 _____ () C:\WINDOWS\system32\2015-02-14-03-09-16.071-AvastVBoxSVC.exe-2488.log
2015-02-13 20:39 - 2015-02-13 20:42 - 00000197 _____ () C:\WINDOWS\system32\2015-02-14-02-39-20.060-AvastVBoxSVC.exe-2540.log
2015-02-13 18:21 - 2015-02-13 18:22 - 00000197 _____ () C:\WINDOWS\system32\2015-02-14-00-21-23.029-AvastVBoxSVC.exe-2528.log
2015-02-13 13:14 - 2015-02-13 13:17 - 00000197 _____ () C:\WINDOWS\system32\2015-02-13-19-14-27.051-AvastVBoxSVC.exe-2976.log
2015-02-13 10:44 - 2015-02-13 10:44 - 00000000 ____D () C:\Users\rose\AppData\Roaming\Apple Computer
2015-02-13 10:43 - 2015-02-15 02:55 - 00000000 ____D () C:\ProgramData\IObit
2015-02-13 10:43 - 2015-02-13 10:43 - 00000000 ____D () C:\WINDOWS\Tasks\ImCleanDisabled
2015-02-13 10:42 - 2015-02-15 22:01 - 00000000 ____D () C:\Users\rose\AppData\Roaming\IObit
2015-02-13 10:42 - 2015-02-13 10:44 - 00000000 ____D () C:\Program Files (x86)\IObit
2015-02-13 10:22 - 2015-02-13 10:24 - 00000197 _____ () C:\WINDOWS\system32\2015-02-13-16-22-11.043-AvastVBoxSVC.exe-2164.log
2015-02-13 08:45 - 2015-02-13 08:45 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-02-10 18:58 - 2015-01-13 16:11 - 01762840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2015-02-10 18:58 - 2015-01-10 03:10 - 01733440 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-02-10 18:58 - 2015-01-10 02:28 - 01498360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-02-10 18:58 - 2015-01-10 01:00 - 00430080 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2015-02-10 18:58 - 2014-12-19 02:57 - 00788680 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2015-02-10 18:58 - 2014-12-08 19:56 - 00538624 _____ (Microsoft Corporation) C:\WINDOWS\system32\scesrv.dll
2015-02-10 18:58 - 2014-10-28 20:02 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2015-02-10 18:58 - 2014-10-28 20:02 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64cpu.dll
2015-02-10 18:58 - 2014-10-28 19:31 - 01441792 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2015-02-10 18:57 - 2015-01-11 20:48 - 02885632 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-02-10 18:57 - 2015-01-11 19:27 - 02865152 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-02-10 18:57 - 2015-01-11 19:27 - 02358272 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-02-10 18:57 - 2015-01-11 19:14 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-02-10 18:57 - 2014-12-19 02:25 - 00602776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2015-02-10 17:46 - 2015-02-10 17:50 - 00000197 _____ () C:\WINDOWS\system32\2015-02-10-23-46-12.078-AvastVBoxSVC.exe-2464.log
2015-02-04 16:37 - 2015-02-04 16:43 - 00000197 _____ () C:\WINDOWS\system32\2015-02-04-22-37-42.005-AvastVBoxSVC.exe-2452.log
2015-01-30 16:59 - 2015-01-30 17:02 - 00000197 _____ () C:\WINDOWS\system32\2015-01-30-22-59-28.083-AvastVBoxSVC.exe-2536.log
2015-01-18 18:56 - 2015-01-18 18:59 - 00000197 _____ () C:\WINDOWS\system32\2015-01-19-00-56-54.024-AvastVBoxSVC.exe-2608.log
2015-01-17 21:07 - 2015-01-17 21:07 - 00000000 ____D () C:\541b62f42b4f13f1218b371309

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-16 09:59 - 2014-11-20 19:20 - 00000000 ____D () C:\Users\rose\AppData\Roaming\OAS
2015-02-16 09:58 - 2013-07-22 21:34 - 00000000 ____D () C:\Users\rose\AppData\Roaming\Skype
2015-02-16 09:47 - 2013-11-10 18:58 - 00004052 _____ () C:\WINDOWS\System32\Tasks\avast! Emergency Update
2015-02-16 09:27 - 2014-10-21 22:51 - 01165233 _____ () C:\WINDOWS\WindowsUpdate.log
2015-02-16 09:20 - 2013-07-22 13:23 - 00000932 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-16 09:00 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-02-16 07:57 - 2014-03-19 12:52 - 00000950 _____ () C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-3548871218-304450476-362987887-1001UA.job
2015-02-15 22:44 - 2013-05-16 23:18 - 00003596 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3548871218-304450476-362987887-1001
2015-02-15 22:38 - 2014-10-18 09:38 - 00000000 ____D () C:\Program Files\Games for Windows
2015-02-15 22:02 - 2013-06-24 13:30 - 00000000 ____D () C:\Users\rose\AppData\Local\CrashDumps
2015-02-15 14:20 - 2013-07-22 13:23 - 00000928 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-15 14:04 - 2013-05-09 14:45 - 00000000 ____D () C:\Program Files (x86)\Dell Backup and Recovery
2015-02-15 13:57 - 2014-10-21 23:03 - 00000000 ___RD () C:\Users\rose\OneDrive
2015-02-15 13:57 - 2014-03-19 12:52 - 00000928 _____ () C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-3548871218-304450476-362987887-1001Core.job
2015-02-15 13:56 - 2014-10-21 22:17 - 00000000 ____D () C:\Users\rose
2015-02-15 13:55 - 2013-08-22 08:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-02-15 12:15 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-02-15 08:48 - 2013-08-22 07:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2015-02-15 08:48 - 2013-05-09 14:48 - 00000000 ____D () C:\WINDOWS\en
2015-02-15 05:29 - 2014-10-21 22:58 - 00000008 __RSH () C:\Users\rose\ntuser.pol
2015-02-15 04:08 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\GroupPolicy
2015-02-15 04:08 - 2012-07-26 02:12 - 00000000 ___HD () C:\WINDOWS\system32\GroupPolicy
2015-02-15 03:14 - 2014-12-28 21:15 - 00001944 _____ () C:\WINDOWS\System32\Tasks\avastBCLRestartS-1-5-21-3548871218-304450476-362987887-1001
2015-02-15 02:55 - 2013-07-22 13:23 - 00003066 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-15 02:55 - 2013-07-22 13:23 - 00002830 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-02-15 01:22 - 2013-08-22 09:36 - 00000000 __RSD () C:\WINDOWS\Media
2015-02-15 01:22 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\WinStore
2015-02-15 01:22 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\WinMetadata
2015-02-15 01:22 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\system32\zh-HK
2015-02-15 01:22 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\system32\WinMetadata
2015-02-15 01:22 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\system32\uk-UA
2015-02-15 01:22 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\system32\tr-TR
2015-02-15 01:22 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\system32\th-TH
2015-02-15 01:22 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\system32\sl-SI
2015-02-15 01:22 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\system32\sk-SK
2015-02-15 01:22 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\system32\setup
2015-02-15 01:22 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\system32\ro-RO
2015-02-15 01:22 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\system32\lv-LV
2015-02-15 01:22 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\system32\lt-LT
2015-02-15 01:22 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\system32\hr-HR
2015-02-15 01:22 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\system32\he-IL
2015-02-15 01:22 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\system32\et-EE
2015-02-15 01:22 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\system32\en-GB
2015-02-15 01:22 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\system32\bg-BG
2015-02-15 01:22 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\system32\ar-SA
2015-02-15 01:22 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\PolicyDefinitions
2015-02-15 01:22 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\MediaViewer
2015-02-15 01:22 - 2013-08-22 09:36 - 00000000 ____D () C:\Program Files\Windows Defender
2015-02-15 01:18 - 2014-11-03 19:03 - 00000000 ____D () C:\Users\rose\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Screencast-O-Matic
2015-02-15 01:18 - 2014-08-23 15:29 - 00000000 ____D () C:\Users\rose\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU
2015-02-15 01:18 - 2014-08-23 15:28 - 00000000 ____D () C:\Users\rose\AppData\Roaming\IMVUClient
2015-02-15 01:18 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\Macromed
2015-02-15 01:18 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\system32\WindowsInternal.Inbox.Shared
2015-02-15 01:18 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\system32\Macromed
2015-02-15 01:18 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\Globalization
2015-02-15 01:18 - 2013-08-22 07:36 - 00000000 ____D () C:\WINDOWS\system32\Sysprep
2015-02-15 01:18 - 2013-08-22 07:36 - 00000000 ____D () C:\WINDOWS\servicing
2015-02-15 01:17 - 2014-11-03 19:03 - 00000000 ____D () C:\Users\rose\AppData\Local\Screencast-O-Matic
2015-02-15 01:17 - 2014-10-13 10:16 - 00000000 ____D () C:\Users\rose\AppData\Roaming\0K1L2Z1T1C1T
2015-02-15 01:17 - 2013-05-16 23:07 - 00000000 ____D () C:\Users\rose\AppData\Local\Packages
2015-02-15 01:16 - 2013-08-22 09:36 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2015-02-15 01:16 - 2013-07-22 13:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-02-15 01:16 - 2013-05-16 23:11 - 00000000 ____D () C:\ProgramData\Atheros
2015-02-15 01:16 - 2013-05-09 14:35 - 00000000 ____D () C:\ProgramData\PCDr
2015-02-15 00:58 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\registration
2015-02-15 00:38 - 2013-07-22 13:23 - 00000000 ____D () C:\Users\rose\AppData\Local\Google
2015-02-15 00:38 - 2013-05-09 14:36 - 00000000 ____D () C:\ProgramData\CyberLink
2015-02-14 06:46 - 2013-07-22 13:41 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-02-13 15:51 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2015-02-13 15:06 - 2012-07-26 01:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-02-13 12:22 - 2013-07-24 14:24 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-02-13 12:18 - 2014-10-22 01:02 - 00000000 ___DC () C:\WINDOWS\Panther
2015-02-13 08:29 - 2014-10-18 17:40 - 00000000 ____D () C:\Users\rose\Documents\Calibre Library
2015-02-12 21:45 - 2014-08-23 15:29 - 00000000 ____D () C:\Users\rose\AppData\Roaming\IMVU
2015-02-11 21:25 - 2013-06-13 13:35 - 00000000 ____D () C:\Users\rose\Documents\CyberLink
2015-02-11 21:25 - 2013-06-13 13:35 - 00000000 ____D () C:\Users\rose\AppData\Roaming\CyberLink
2015-01-26 18:44 - 2013-07-26 08:50 - 00003938 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{23CC49CF-8724-4751-BABF-F1F1AAAABEF2}
2015-01-18 18:53 - 2013-08-22 07:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI(83)
2015-01-18 18:53 - 2013-08-22 07:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI(69)
2015-01-17 21:07 - 2013-05-21 06:59 - 113365784 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

==================== Files in the root of some directories =======

2014-10-10 06:36 - 2014-10-10 06:36 - 0000010 _____ () C:\Users\rose\AppData\Local\DSI.DAT
2013-05-09 14:42 - 2013-05-09 14:42 - 0000119 _____ () C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log
2013-05-09 14:37 - 2013-05-09 14:38 - 0000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log
2013-05-09 14:38 - 2013-05-09 14:40 - 0000111 _____ () C:\ProgramData\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}.log
2013-05-09 14:36 - 2013-05-09 14:37 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
2013-05-09 14:40 - 2013-05-09 14:42 - 0000108 _____ () C:\ProgramData\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}.log

Some content of TEMP:
====================
C:\Users\rose\AppData\Local\Temp\DaS_21.exe
C:\Users\rose\AppData\Local\Temp\dllnt_dump.dll
C:\Users\rose\AppData\Local\Temp\Uninstall.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-02-14 15:25

==================== End Of Log ============================

 

Thank you.

Link to post
Share on other sites

Hello, 
 

Upon launching the FRST64 a box appears with the following ::

That's OK. 
 
Please work your way through the following. 
 
STEP 1
mlEX1wH.png RogueKiller Fix

  • Close any running programmes.
  • Right-Click RogueKiller.exe and select Run as administrator to run the programme.
  • Allow the Prescan to complete.
  • A browser window may open. Close the browser window.
  • Click jpgUwzp.png
  • Upon completion, do the following:
     
  • Click 5UKuIKl.png and place a checkmark next to the following items. Ensure any other items are unchecked.
    • [PUM.Proxy] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1  -> Found
    • [PUM.Proxy] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1  -> Found
    • [PUM.Proxy] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:8800;https=127.0.0.1:8800  -> Found
    • [PUM.Proxy] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:8800;https=127.0.0.1:8800  -> Found
  • Click QEIRkTE.png.
     
  • Click phPvmc6.png.
  • Copy the contents of the log and paste in your next reply.
     

STEP 2
xAFZxnZc.jpg.pagespeed.ic.8db6OVtjOI.png DelFix

  • Please download DelFix and save the file to your Desktop.
  • Double-Click DelFix.exe to run the programme.
  • Remove the checkmark next to the following items:
    • Remove disinfection tools
  • Place a checkmark next to the following items:
    • Create registry backup
  • Click the Run button.
     

STEP 3
zLV3uLJ.png Uninstall IOBit Software

I see you have IOBit software installed on your computer. The company behind this product was found to be stealing Malwarebytes' database and other intellectual property. I would not trust installing software from a company that resorts to stealing someone's technology to sell their product.

I strongly recommend removing IOBit software from your computer. Instructions on how to do so can be found in STEP 3. 
 
 
STEP 4
6JO0hXH.png Revo Uninstaller

  • Please download and install Revo Uninstaller.
  • Double-Click Revo Uninstaller to run the programme. 
  • From the list of programmes, locate the following, or anything similar and carry out the steps below one at a time.
    • Advanced SystemCare 8
    • File Opener Packages
    • IObit Uninstaller
    • OAS
    • Play Pickle Games Console
    • PlayPickle Packages
    • Surfing Protection 
  • Double-Click the programme. 
  • When prompted if you want to uninstall click Yes.
  • Ensure the Moderate option is selected and click Next.
  • The programme uninstaller will run. If prompted again click Yes.
  • Work your way through the uninstaller, ensuring you read each page thoroughly.
  • Note: If you are offered the choice to install additional software, ensure you decline
  • Once the built-in uninstaller is finished click Next.
  • Once the programme has searched for leftovers click Next.
  • Check items in bold only in the list and click Delete. You may have to expand folders by clicking the "+" mark.
  • When prompted click Yes, followed by Next.
  • Click Select all, followed by Delete.
  • When prompted click Yes, followed by Next.
  • Upon completion, click Finish.
  • In your next reply, confirm you were successful in uninstalling all programmes listed above. 
     

STEP 5
xlK5Hdb.png Farbar Recovery Scan Tool (FRST) Script

  • Press the Windows Key pdKOQKY.png + r on your keyboard at the same time. Type Notepad and click OK.
  • Copy the entire contents of the codebox below and paste into the Notepad document.
    startCreateRestorePoint:() C:\Users\rose\AppData\Roaming\OAS\mcc.exeHKU\S-1-5-21-3548871218-304450476-362987887-1001\...\Run: [Online Ad Scanner] => C:\Users\rose\AppData\Roaming\OAS\oasupd.exe [28672 2014-10-20] ()C:\Users\rose\AppData\Roaming\OASToolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No FileToolbar: HKU\S-1-5-21-3548871218-304450476-362987887-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No FileTask: {21D4B9D5-7DC4-43E5-B2F7-501D7CD55BA3} - \PastaQuotes No Task File <==== ATTENTIONreg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32" /v "PC Cleaners" /freg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32" /v "PerforMax Cleaner" /freg: reg delete "HKEY_USERS\S-1-5-21-3548871218-304450476-362987887-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\StartupFolder" /v "MyPC Backup.lnk" /freg: reg delete "HKEY_USERS\S-1-5-21-3548871218-304450476-362987887-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run" /v "Optimizer Pro" /freg: reg delete "HKEY_USERS\S-1-5-21-3548871218-304450476-362987887-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run" /v "PC Cleaners" /fFolder: C:\541b62f42b4f13f1218b3713092015-02-15 01:17 - 2014-10-13 10:16 - 00000000 ____D () C:\Users\rose\AppData\Roaming\0K1L2Z1T1C1TC:\Users\rose\AppData\Local\Temp\DaS_21.exeC:\Users\rose\AppData\Local\Temp\Uninstall.exeCMD: ipconfig /flushdnsEmptyTemp:end
  • Click FileSave As and type fixlist.txt as the File Name
  • Important: The file must be saved in the same location as FRST64.exe. 

NOTICE: This script is intended for use on this particular machine. Do not use this script on any other machine; doing so may cause damage to your Operating System.

  • Right-Click FRST64.exe and select Run as administrator to run the programme.
  • Click Fix.
  • A log (Fixlog.txt) will open on your desktop. Copy the contents of the log and paste in your next reply.
     

======================================================
 
STEP 6
xpfNZP4A.png.pagespeed.ic.bp5cRl1pJg.jpg Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

  • RKreport.txt
  • Did the programmes uninstall successfully?
  • Fixlog.txt
Link to post
Share on other sites

Hi Adam, my name is Joe BTW ... All programs uninstalled correctly. Same Proxy server isn't responding error.

 

RogueKiller V10.2.0.0 (x64) [Jan 19 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 8.1 (6.3.9200 ) 64 bits version
Started in : Normal mode
User : rose [Administrator]
Mode : Scan -- Date : 02/17/2015  05:34:01

¤¤¤ Processes : 1 ¤¤¤
[suspicious.Path] mcc.exe(5364) -- C:\Users\rose\AppData\Roaming\oas\mcc.exe[-] -> Killed [TermProc]

¤¤¤ Registry : 4 ¤¤¤
[PUM.Proxy] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1  -> Found
[PUM.Proxy] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1  -> Found
[PUM.Proxy] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:8800;https=127.0.0.1:8800  -> Found
[PUM.Proxy] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:8800;https=127.0.0.1:8800  -> Found

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: Hitachi HTS545050A7E380 +++++
--- User ---
[MBR] 9dc2985f0e8c30cd70065084143bd4fc
[bSP] 43beef60d3904610c96f739e1c0f8ce0 : Empty MBR Code
Partition table:
0 - [XXXXXX] UNKNOWN (0x0) [VISIBLE] Offset (sectors): 1 | Size: 2097152 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: ADATA USB Flash Drive USB Device +++++
--- User ---
[MBR] 8c2c7e585e9276a962ec4b13eb6c8ffe
[bSP] 3ae2f63fd28f08613cd9a26ea0304a7c : Unknown MBR Code
Partition table:
0 - [XXXXXX] UNKNOWN (0x0) [VISIBLE] Offset (sectors): 778135908 | Size: 557377 MB
1 - [XXXXXX] UNKNOWN (0x0) [VISIBLE] Offset (sectors): 168689522 | Size: 945326 MB
2 - [XXXXXX] UNKNOWN (0x0) [VISIBLE] Offset (sectors): 1869881465 | Size: 945326 MB
3 - [XXXXXX] UNKNOWN (0x0) [VISIBLE] Offset (sectors): -1409286144 | Size: 27 MB
User = LL1 ... OK
Error reading LL2 MBR! ([32] The request is not supported. )

============================================
RKreport_DEL_02142015_211646.log - RKreport_DEL_02142015_211655.log - RKreport_SCN_02142015_211221.log - RKreport_SCN_02152015_090212.log
RKreport_SCN_02172015_052206.log - RKreport_DEL_02172015_05295

 

 

Here's fixlog.txt

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 14-02-2015
Ran by rose at 2015-02-17 07:11:24 Run:1
Running from E:\
Loaded Profiles: rose (Available profiles: rose)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
CreateRestorePoint:
() C:\Users\rose\AppData\Roaming\OAS\mcc.exe
HKU\S-1-5-21-3548871218-304450476-362987887-1001\...\Run: [Online Ad Scanner] => C:\Users\rose\AppData\Roaming\OAS\oasupd.exe [28672 2014-10-20] ()
C:\Users\rose\AppData\Roaming\OAS
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKU\S-1-5-21-3548871218-304450476-362987887-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Task: {21D4B9D5-7DC4-43E5-B2F7-501D7CD55BA3} - \PastaQuotes No Task File <==== ATTENTION
reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32" /v "PC Cleaners" /f
reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32" /v "PerforMax Cleaner" /f
reg: reg delete "HKEY_USERS\S-1-5-21-3548871218-304450476-362987887-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\StartupFolder" /v "MyPC Backup.lnk" /f
reg: reg delete "HKEY_USERS\S-1-5-21-3548871218-304450476-362987887-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run" /v "Optimizer Pro" /f
reg: reg delete "HKEY_USERS\S-1-5-21-3548871218-304450476-362987887-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run" /v "PC Cleaners" /f
Folder: C:\541b62f42b4f13f1218b371309
2015-02-15 01:17 - 2014-10-13 10:16 - 00000000 ____D () C:\Users\rose\AppData\Roaming\0K1L2Z1T1C1T
C:\Users\rose\AppData\Local\Temp\DaS_21.exe
C:\Users\rose\AppData\Local\Temp\Uninstall.exe
CMD: ipconfig /flushdns
EmptyTemp:
end

*****************

Restore point was successfully created.
C:\Users\rose\AppData\Roaming\OAS\mcc.exe => No running process found
HKU\S-1-5-21-3548871218-304450476-362987887-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Online Ad Scanner => Value not found.
"C:\Users\rose\AppData\Roaming\OAS" => File/Directory not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => value deleted successfully.
HKCR\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => Key not found.
HKU\S-1-5-21-3548871218-304450476-362987887-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value deleted successfully.
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{21D4B9D5-7DC4-43E5-B2F7-501D7CD55BA3}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{21D4B9D5-7DC4-43E5-B2F7-501D7CD55BA3}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PastaQuotes" => Key deleted successfully.

========= reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32" /v "PC Cleaners" /f =========

The operation completed successfully.

 

========= End of Reg: =========

========= reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32" /v "PerforMax Cleaner" /f =========

The operation completed successfully.

 

========= End of Reg: =========

========= reg delete "HKEY_USERS\S-1-5-21-3548871218-304450476-362987887-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\StartupFolder" /v "MyPC Backup.lnk" /f =========

The operation completed successfully.

 

========= End of Reg: =========

========= reg delete "HKEY_USERS\S-1-5-21-3548871218-304450476-362987887-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run" /v "Optimizer Pro" /f =========

The operation completed successfully.

 

========= End of Reg: =========

========= reg delete "HKEY_USERS\S-1-5-21-3548871218-304450476-362987887-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run" /v "PC Cleaners" /f =========

The operation completed successfully.

 

========= End of Reg: =========

========================= Folder: C:\541b62f42b4f13f1218b371309 ========================

2015-01-17 21:07 - 2015-01-17 21:07 - 0000788 ____H () C:\541b62f42b4f13f1218b371309\$shtdwn$.req
2014-12-31 13:18 - 2014-12-31 13:18 - 7642178 _____ () C:\541b62f42b4f13f1218b371309\mrt.exe._p
2014-12-31 13:11 - 2014-12-31 13:11 - 0093376 _____ (Microsoft Corporation) C:\541b62f42b4f13f1218b371309\mrtstub.exe

====== End of Folder: ======

C:\Users\rose\AppData\Roaming\0K1L2Z1T1C1T => Moved successfully.
C:\Users\rose\AppData\Local\Temp\DaS_21.exe => Moved successfully.
C:\Users\rose\AppData\Local\Temp\Uninstall.exe => Moved successfully.

=========  ipconfig /flushdns =========

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

EmptyTemp: => Removed 295.2 MB temporary data.

The system needed a reboot.

==== End of Fixlog 07:23:34 ====

 

 

Thanks !

Link to post
Share on other sites

Hi Joe, 
 
Please do the following. 
 
xlK5Hdb.png Farbar Recovery Scan Tool (FRST) Scan

  • Right-Click FRST64.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Ensure the Addition.txt box is checked.
  • Click the Scan button and let the programme run.
  • Upon completion, click OK, then OK on the Addition.txt pop up screen.
  • Two logs (FRST.txt & Addition.txt) will now be open on your Desktop. Copy the contents of both logs and paste in your next reply. 
Link to post
Share on other sites

Here they are

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-02-2015
Ran by rose at 2015-02-17 09:46:06
Running from E:\
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.0.2208 - AVAST Software)
calibre (HKLM-x32\...\{D4D433B0-D012-490D-98FC-7A365059AC96}) (Version: 0.8.67 - Kovid Goyal)
Cisco Connect (HKLM-x32\...\Cisco Connect) (Version: 1.4.13025.0 - Cisco Consumer Products LLC)
CyberLink Media Suite Essentials (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Backup and Recovery - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 1.5.0.0 - Dell Inc.)
Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.5.0.0 - Dell Inc.)
Dell Digital Delivery (HKLM-x32\...\{D9ED3EFC-AB00-4CE0-ADED-80EE6B1158A7}) (Version: 2.2.2000.0 - Dell Products, LP)
Dell Product Registration (HKLM-x32\...\{2A0F2CC5-3065-492C-8380-B03AA7106B1A}) (Version: 1.16.1 - Dell Inc.)
Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 16.3.7.0 - Synaptics Incorporated)
Dell WLAN and Bluetooth Client Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Dell Inc.)
Dropbox (HKU\S-1-5-21-3548871218-304450476-362987887-1001\...\Dropbox) (Version: 2.10.52 - Dropbox, Inc.)
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.111 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
IMVU Avatar Chat Software (HKU\S-1-5-21-3548871218-304450476-362987887-1001\...\IMVU Avatar chat client software BETA) (Version:  - )
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3621 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.7.0.1013 - Intel Corporation)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Potplayer-64 Bits (HKLM\...\PotPlayer64) (Version:  - Daum Communications Corp.)
Puran Utilities 3.0 (HKLM\...\Puran Utilities_is1) (Version:  - Puran Software)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.218 - Qualcomm Atheros Communications)
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 10.15.017 - Dell Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6788 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.39030 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
ROBLOX Player for rose (HKU\S-1-5-21-3548871218-304450476-362987887-1001\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version:  - ROBLOX Corporation)
Screencast-O-Matic (HKU\S-1-5-21-3548871218-304450476-362987887-1001\...\Screencast-O-Matic) (Version:  - Screencast-O-Matic)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
SkypeTalking 0.9.6 (HKLM-x32\...\SkypeTalking_is1) (Version: 0.9.6 - Hrvoje Katić)
Skype™ 6.20 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.20.104 - Skype Technologies S.A.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3548871218-304450476-362987887-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\rose\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3548871218-304450476-362987887-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-3548871218-304450476-362987887-1001_Classes\CLSID\{DEE03C2B-0C0C-41A9-9877-FD4B4D7B6EA3}\InprocServer32 -> C:\Users\rose\AppData\Local\Roblox\Versions\version-2c1f992c1a264ecc\RobloxProxy64.dll (ROBLOX Corporation)
CustomCLSID: HKU\S-1-5-21-3548871218-304450476-362987887-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\rose\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3548871218-304450476-362987887-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\rose\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3548871218-304450476-362987887-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\rose\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3548871218-304450476-362987887-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\rose\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3548871218-304450476-362987887-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\rose\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3548871218-304450476-362987887-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\rose\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3548871218-304450476-362987887-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\rose\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3548871218-304450476-362987887-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\rose\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

==================== Restore Points  =========================

27-01-2015 19:25:56 Windows Update
09-02-2015 20:00:32 Windows Update
13-02-2015 12:19:16 Windows Update
14-02-2015 23:13:32 Restore Operation
17-02-2015 05:58:50 Revo Uninstaller's restore point - Advanced SystemCare 8
17-02-2015 07:11:25 Restore Point Created by FRST

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 07:25 - 2013-08-22 07:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {06014760-4932-422A-A5F1-50FF493DBDF5} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe
Task: {0A5CCD38-8CA7-4382-89E8-822E40CBEF4B} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-11-30] (AVAST Software)
Task: {0D0B901E-8574-4A58-9779-AA9C99F5CBA2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-07-22] (Google Inc.)
Task: {1C33CE67-31EC-45CA-BC1E-35B0FB043DFB} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2012-12-03] (CyberLink Corp.)
Task: {1FE9612A-BAAB-43BE-A27B-C084A55754BE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-07-22] (Google Inc.)
Task: {46359C54-4D35-4828-B582-1287C42AC009} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-3548871218-304450476-362987887-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe
Task: {5E4012B5-6232-4652-8C06-5FA05410A077} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-3548871218-304450476-362987887-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe
Task: {73D23788-3933-4030-B9C5-55242483AB5E} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-01-17] (Microsoft Corporation)
Task: {837C6485-9498-4E2C-80D2-00EFFA139B71} - System32\Tasks\avastBCLRestartS-1-5-21-3548871218-304450476-362987887-1001 => Chrome.exe
Task: {84DADE1C-A02C-4FBE-B5A9-F09320F54843} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-3548871218-304450476-362987887-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe
Task: {967EA05B-E83F-4139-A943-390BB8BCD210} - System32\Tasks\Dell\Dell System Registration => C:\Program Files (x86)\System Registration\prodreg.exe [2012-07-09] (Dell, Inc.)
Task: {B3D921CC-66B2-4DB0-9166-7361B89B310A} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3548871218-304450476-362987887-1001UA => C:\Users\rose\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-03-19] (Facebook Inc.)
Task: {C9158937-98AC-4C43-ABA1-4B27F5334B86} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2012-12-03] (CyberLink)
Task: {F57E21D4-7E8B-4924-8C25-547D5B97CAF5} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3548871218-304450476-362987887-1001Core => C:\Users\rose\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-03-19] (Facebook Inc.)
Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-3548871218-304450476-362987887-1001Core.job => C:\Users\rose\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-3548871218-304450476-362987887-1001UA.job => C:\Users\rose\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

==================== Loaded Modules (whitelisted) ==============

2013-05-09 14:40 - 2012-04-24 20:43 - 00254512 ____N () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
2014-11-30 18:56 - 2014-11-30 18:56 - 00388208 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxDDU.dll
2014-11-30 18:56 - 2014-11-30 18:56 - 05851328 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxRT.dll
2012-12-28 14:39 - 2012-12-28 14:39 - 00011264 _____ () C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2012-12-28 14:36 - 2012-12-28 14:36 - 00084480 _____ () C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Modules\Map\MAP.dll
2012-12-28 14:41 - 2012-12-28 14:41 - 00012928 _____ () C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\ActivateDesktop.exe
2013-07-06 10:09 - 2013-04-19 16:51 - 00023328 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRCrawler.exe
2013-07-06 10:09 - 2013-04-19 16:52 - 00049440 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\STCommonShellIntegration.dll
2015-02-17 06:05 - 2015-02-17 06:05 - 02911744 _____ () C:\Program Files\AVAST Software\Avast\defs\15021701\algo.dll
2014-11-30 18:56 - 2014-11-30 18:56 - 04495336 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\x86\VBoxRT-x86.dll
2013-05-09 14:38 - 2012-06-07 21:34 - 00627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2012-06-08 12:34 - 2012-06-08 12:34 - 00016400 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2014-11-30 18:56 - 2014-11-30 18:56 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-11-07 16:05 - 2014-11-07 16:05 - 00016384 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PSIClient\2133a50009fa3b357bfbd29a218be0f6\PSIClient.ni.dll
2013-05-09 14:29 - 2012-06-25 12:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2013-07-06 10:09 - 2013-05-02 17:01 - 01813792 _____ () C:\Program Files (x86)\Dell Backup and Recovery\OLCoreWrapper.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\rose\OneDrive:ms-properties

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3548871218-304450476-362987887-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Dell\Win LTBLUE 1920x1200.jpg
DNS Servers: 75.75.75.75 - 75.75.76.76

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run: => "BtPreLoad"
HKLM\...\StartupApproved\Run32: => "TkBellExe"
HKLM\...\StartupApproved\Run32: => "RemoteControl10"
HKU\S-1-5-21-3548871218-304450476-362987887-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_4878BA9AB6674643E1160A3519305162"
HKU\S-1-5-21-3548871218-304450476-362987887-1001\...\StartupApproved\Run: => "Facebook Update"

==================== Accounts: =============================

Administrator (S-1-5-21-3548871218-304450476-362987887-500 - Administrator - Disabled)
Guest (S-1-5-21-3548871218-304450476-362987887-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3548871218-304450476-362987887-1005 - Limited - Enabled)
rose (S-1-5-21-3548871218-304450476-362987887-1001 - Administrator - Enabled) => C:\Users\rose

==================== Faulty Device Manager Devices =============

Name: Bluetooth Audio Device
Description: Bluetooth Audio Device
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: Qualcomm Atheros Communications
Service: BTATH_A2DP
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Virtual Bluetooth Support (Include Audio)
Description: Virtual Bluetooth Support (Include Audio)
Class Guid: {c7c038ad-1f2d-44d4-b2fe-d912be20e6d5}
Manufacturer: Qualcomm Atheros Communications
Service: AthBTPort
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Bluetooth LWFLT Device
Description: Bluetooth LWFLT Device
Class Guid: {c7c038ad-1f2d-44d4-b2fe-d912be20e6d5}
Manufacturer: Qualcomm Atheros Communications
Service: BTATH_LWFLT
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: E:\
Description: USB Flash Drive
Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Manufacturer: ADATA  
Service: WUDFWpdFs
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

==================== Event log errors: =========================

Application errors:
==================
Error: (02/17/2015 09:45:32 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LiveComm.exe version 17.5.9600.20689 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: d0c

Start Time: 01d04ac80bcac361

Termination Time: 4294967295

Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe

Report Id: ff4a89ce-b6bb-11e4-bed6-1c3e84938f3e

Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe

Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1

Error: (02/17/2015 09:15:32 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LiveComm.exe version 17.5.9600.20689 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 530

Start Time: 01d04ac3dae72af8

Termination Time: 4294967295

Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe

Report Id: ce6c1b9e-b6b7-11e4-bed6-1c3e84938f3e

Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe

Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1

Error: (02/17/2015 08:45:32 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LiveComm.exe version 17.5.9600.20689 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1160

Start Time: 01d04abfaa036f7c

Termination Time: 4294967295

Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe

Report Id: 9d8add77-b6b3-11e4-bed6-1c3e84938f3e

Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe

Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1

Error: (02/17/2015 08:15:31 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LiveComm.exe version 17.5.9600.20689 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: b44

Start Time: 01d04abb791dcde5

Termination Time: 4294967295

Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe

Report Id: 6ca2a8ce-b6af-11e4-bed6-1c3e84938f3e

Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe

Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1

Error: (02/17/2015 07:41:42 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LiveComm.exe version 17.5.9600.20689 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 4a8

Start Time: 01d04ab6bf9c3b28

Termination Time: 4294967295

Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe

Report Id: b31d4baa-b6aa-11e4-bed6-1c3e84938f3e

Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe

Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1

Error: (02/17/2015 07:31:54 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LiveComm.exe version 17.5.9600.20689 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: bac

Start Time: 01d04ab54c2f055c

Termination Time: 4294967295

Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe

Report Id: 54617040-b6a9-11e4-bed6-1c3e84938f3e

Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe

Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1

Error: (02/17/2015 07:15:32 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LiveComm.exe version 17.5.9600.20689 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 14b8

Start Time: 01d04ab31757a73b

Termination Time: 4294967295

Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe

Report Id: 0af03da7-b6a7-11e4-bed5-1c3e84938f3e

Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe

Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1

Error: (02/17/2015 06:45:31 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LiveComm.exe version 17.5.9600.20689 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1ad8

Start Time: 01d04aaee66e72e7

Termination Time: 4294967295

Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe

Report Id: d9f5913c-b6a2-11e4-bed5-1c3e84938f3e

Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe

Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1

Error: (02/17/2015 06:15:32 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LiveComm.exe version 17.5.9600.20689 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1614

Start Time: 01d04aaab591b0fe

Termination Time: 4294967295

Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe

Report Id: a92eadae-b69e-11e4-bed5-1c3e84938f3e

Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe

Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1

Error: (02/17/2015 05:45:31 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LiveComm.exe version 17.5.9600.20689 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1bfc

Start Time: 01d04aa684b196cb

Termination Time: 4294967295

Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe

Report Id: 782fbb34-b69a-11e4-bed5-1c3e84938f3e

Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe

Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1

System errors:
=============
Error: (02/17/2015 07:28:36 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Dell Digital Delivery Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (02/17/2015 07:28:28 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error:
%%1053

Error: (02/17/2015 07:28:28 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Google Update Service (gupdate) service to connect.

Error: (02/17/2015 07:24:30 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Superfetch service terminated with the following error:
%%1062

Error: (02/17/2015 06:00:12 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Advanced SystemCare Service 8 service terminated unexpectedly.  It has done this 1 time(s).

Error: (02/15/2015 01:59:07 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Dell Digital Delivery Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (02/15/2015 01:58:47 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error:
%%1053

Error: (02/15/2015 01:58:47 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Google Update Service (gupdate) service to connect.

Error: (02/15/2015 01:57:08 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 40. The Windows SChannel error state is 107.

Error: (02/15/2015 01:57:08 PM) (Source: Schannel) (EventID: 4106) (User: NT AUTHORITY)
Description: An SSL 3.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.

Microsoft Office Sessions:
=========================
Error: (02/17/2015 09:45:32 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.20689d0c01d04ac80bcac3614294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exeff4a89ce-b6bb-11e4-bed6-1c3e84938f3emicrosoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1

Error: (02/17/2015 09:15:32 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.2068953001d04ac3dae72af84294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exece6c1b9e-b6b7-11e4-bed6-1c3e84938f3emicrosoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1

Error: (02/17/2015 08:45:32 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.20689116001d04abfaa036f7c4294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe9d8add77-b6b3-11e4-bed6-1c3e84938f3emicrosoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1

Error: (02/17/2015 08:15:31 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.20689b4401d04abb791dcde54294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe6ca2a8ce-b6af-11e4-bed6-1c3e84938f3emicrosoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1

Error: (02/17/2015 07:41:42 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.206894a801d04ab6bf9c3b284294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exeb31d4baa-b6aa-11e4-bed6-1c3e84938f3emicrosoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1

Error: (02/17/2015 07:31:54 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.20689bac01d04ab54c2f055c4294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe54617040-b6a9-11e4-bed6-1c3e84938f3emicrosoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1

Error: (02/17/2015 07:15:32 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.2068914b801d04ab31757a73b4294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe0af03da7-b6a7-11e4-bed5-1c3e84938f3emicrosoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1

Error: (02/17/2015 06:45:31 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.206891ad801d04aaee66e72e74294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exed9f5913c-b6a2-11e4-bed5-1c3e84938f3emicrosoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1

Error: (02/17/2015 06:15:32 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.20689161401d04aaab591b0fe4294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exea92eadae-b69e-11e4-bed5-1c3e84938f3emicrosoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1

Error: (02/17/2015 05:45:31 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.206891bfc01d04aa684b196cb4294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe782fbb34-b69a-11e4-bed5-1c3e84938f3emicrosoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1

CodeIntegrity Errors:
===================================
  Date: 2014-09-13 17:42:09.879
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\rpcrt4.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-09-13 17:28:54.122
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\rpcrt4.dll because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: Intel® Pentium® CPU 2117U @ 1.80GHz
Percentage of memory in use: 33%
Total physical RAM: 3965.27 MB
Available physical RAM: 2642.55 MB
Total Pagefile: 5181.27 MB
Available Pagefile: 3753.21 MB
Total Virtual: 131072 MB
Available Virtual: 131071.85 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:449.86 GB) (Free:203.4 GB) NTFS
Drive e: () (Removable) (Total:14.96 GB) (Free:14.87 GB) FAT32
Drive y: (WINRETOOLS) (Fixed) (Total:0.49 GB) (Free:0.21 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 1DACEDB2)

Partition: GPT Partition Type.

========================================================
Disk: 1 (Size: 15 GB) (Disk ID: 6F20736B)
No partition Table on disk 1.
Disk 1 is a removable device.

==================== End Of Log ============================

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-02-2015
Ran by rose (administrator) on ROSECHAMBERS on 17-02-2015 09:45:03
Running from E:\
Loaded Profiles: rose (Available profiles: rose)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Atheros) C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe
() C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\ActivateDesktop.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Components\DBRUpdate\DBRUpd.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Toaster.exe
() C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRCrawler.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\livecomm.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6846096 2012-11-19] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1253520 2012-11-19] (Realtek Semiconductor)
HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [5762408 2013-02-01] (Dell Inc.)
HKLM\...\Run: [btPreLoad] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtPreLoad.exe [64640 2012-12-28] ()
HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3010952 2012-12-21] (Synaptics Incorporated)
HKLM-x32\...\Run: [iAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [285240 2012-11-19] (Intel Corporation)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [102928 2012-10-23] (CyberLink Corp.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-01-09] (AVAST Software)
HKLM\...\Policies\Explorer\Run: [btvStack] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe [129664 2012-12-28] ( (Qualcomm Atheros Commnucations))
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-3548871218-304450476-362987887-1001\...\Run: [GoogleChromeAutoLaunch_4878BA9AB6674643E1160A3519305162] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [843592 2015-01-25] (Google Inc.)
HKU\S-1-5-21-3548871218-304450476-362987887-1001\...\Run: [Facebook Update] => C:\Users\rose\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2014-03-19] (Facebook Inc.)
HKU\S-1-5-21-3548871218-304450476-362987887-1001\...\Run: [skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [22041192 2014-08-27] (Skype Technologies S.A.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [HKLM] => ProxyEnable is set.
ProxyEnable: [HKLM-x32] => ProxyEnable is set.
ProxyServer: [HKLM] => http=127.0.0.1:8800;https=127.0.0.1:8800
ProxyServer: [HKLM-x32] => http=127.0.0.1:8800;https=127.0.0.1:8800
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=AV01
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-3548871218-304450476-362987887-1001\Software\Microsoft\Internet Explorer\Main,DisableRequiresActiveXPrompt = moviestarplanet.com;www.moviestarplanet.com
HKU\S-1-5-21-3548871218-304450476-362987887-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.msn.com/?pc=AV01
HKU\S-1-5-21-3548871218-304450476-362987887-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKU\S-1-5-21-3548871218-304450476-362987887-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
SearchScopes: HKLM-x32 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3548871218-304450476-362987887-1001 -> DefaultScope {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKU\S-1-5-21-3548871218-304450476-362987887-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3548871218-304450476-362987887-1001 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
DPF: HKLM-x32 {6A060448-60F9-11D5-A6CD-0002B31F7455}
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76

FireFox:
========
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll No File
FF Plugin HKU\S-1-5-21-3548871218-304450476-362987887-1001: @nsroblox.roblox.com/launcher -> C:\Users\rose\AppData\Local\Roblox\Versions\version-2c1f992c1a264ecc\\NPRobloxProxy.dll ( ROBLOX Corporation)
FF Plugin HKU\S-1-5-21-3548871218-304450476-362987887-1001: @nsroblox.roblox.com/launcher64 -> C:\Users\rose\AppData\Local\Roblox\Versions\version-2c1f992c1a264ecc\\NPRobloxProxy64.dll ( ROBLOX Corporation)
FF Plugin HKU\S-1-5-21-3548871218-304450476-362987887-1001: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\rose\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-11-10]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK

Chrome:
=======
CHR Profile: C:\Users\rose\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Awesome Screenshot App) - C:\Users\rose\AppData\Local\Google\Chrome\User Data\Default\Extensions\afkccfnochoebimhhniekgcegeeiepmi [2014-10-06]
CHR Extension: (Awesome Screenshot: Capture & Annotate) - C:\Users\rose\AppData\Local\Google\Chrome\User Data\Default\Extensions\alelhddbbhepgpmgidjdcjakblofbmce [2014-11-29]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\rose\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-07-11]
CHR Extension: (YouTube) - C:\Users\rose\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-07-22]
CHR Extension: (Google Search) - C:\Users\rose\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-07-22]
CHR Extension: (Hack this page) - C:\Users\rose\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhlmoffoggikiefmphhkgjeocbfmcojf [2015-01-14]
CHR Extension: (Sufway Surfers Online) - C:\Users\rose\AppData\Local\Google\Chrome\User Data\Default\Extensions\giambjehodbppcnagcpnpblkafclddej [2015-01-13]
CHR Extension: (AdBlock) - C:\Users\rose\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-10-10]
CHR Extension: (Avast Online Security) - C:\Users\rose\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2013-11-10]
CHR Extension: (Love Smoke) - C:\Users\rose\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgibfhhccaknggplelmbaepoikkcnllb [2015-01-14]
CHR Extension: (Smart Shopper) - C:\Users\rose\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbiofflfdlpgchfieeclnffadkejchnn [2014-10-06]
CHR Extension: (Androck: Play Apps on PC) - C:\Users\rose\AppData\Local\Google\Chrome\User Data\Default\Extensions\ldlnjmihlobndnkoenkobmkaaccpmfgo [2015-01-13]
CHR Extension: (Skype Click to Call) - C:\Users\rose\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2013-10-17]
CHR Extension: (Google Wallet) - C:\Users\rose\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-25]
CHR Extension: (Instagram) - C:\Users\rose\AppData\Local\Google\Chrome\User Data\Default\Extensions\oacfdfgmgfbpgjgpgghdcjfaajdiggho [2015-01-13]
CHR Extension: (Messenger) - C:\Users\rose\AppData\Local\Google\Chrome\User Data\Default\Extensions\omnnhmocnbkcoacgepnpecalmhkfdgnb [2015-01-13]
CHR Extension: (Gmail) - C:\Users\rose\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-07-22]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-11-30]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AtherosSvc; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [226944 2012-12-28] (Qualcomm Atheros Commnucations)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-11-30] (AVAST Software)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4012248 2014-11-30] (Avast Software)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
S2 DellDigitalDelivery; c:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe [173056 2012-06-19] (Dell Products, LP.) [File not signed]
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [314696 2014-05-20] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
S4 PuranDefrag; C:\Windows\SYSTEM32\PuranDefragS.exe [292736 2013-08-15] (Puran Software) [File not signed]
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [254512 2012-04-24] ()
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [201872 2012-11-23] (Realtek Semiconductor)
R2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\sftservice.exe [1915480 2013-05-23] (SoftThinks SAS)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-21] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-21] (Microsoft Corporation)
R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [81536 2012-12-26] (Atheros)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-11-30] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-11-30] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-11-30] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-11-30] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-11-30] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-11-30] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-11-30] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-11-30] ()
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2012-12-28] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-09-24] (Microsoft Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
S3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [10752 2013-01-24] (OSR Open Systems Resources, Inc.)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2014-11-21] (Malwarebytes Corporation)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [28040 2012-12-21] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [32136 2012-12-21] (Synaptics Incorporated)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [271752 2014-11-30] (Avast Software)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-21] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-17 09:43 - 2015-02-17 09:43 - 00000280 _____ () C:\WINDOWS\system32\2015-02-17-15-43-13.044-aswFe.exe-3140.log
2015-02-17 07:28 - 2015-02-17 07:30 - 00000197 _____ () C:\WINDOWS\system32\2015-02-17-13-28-55.091-AvastVBoxSVC.exe-2284.log
2015-02-17 07:27 - 2015-02-17 07:27 - 00000000 ___RD () C:\Users\rose\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2015-02-17 05:59 - 2015-02-17 05:59 - 00000000 ____D () C:\ProgramData\{BAF091CA-86C4-4627-ADA1-897E2621C1B0}
2015-02-17 05:57 - 2015-02-17 05:57 - 00001282 _____ () C:\Users\rose\Desktop\Revo Uninstaller.lnk
2015-02-17 05:56 - 2015-02-17 05:56 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2015-02-17 05:41 - 2015-02-17 05:45 - 00000238 _____ () C:\DelFix.txt
2015-02-17 05:39 - 2015-02-17 04:26 - 00709564 _____ () C:\Users\rose\Desktop\delfix_10.8.exe
2015-02-15 16:39 - 2015-02-15 05:29 - 00048377 _____ () C:\zoek-results2015-02-15-112954.log
2015-02-15 13:57 - 2015-02-15 14:01 - 00000197 _____ () C:\WINDOWS\system32\2015-02-15-19-57-13.058-AvastVBoxSVC.exe-3776.log
2015-02-15 08:53 - 2015-02-17 05:12 - 00037624 _____ () C:\WINDOWS\system32\Drivers\TrueSight.sys
2015-02-15 08:51 - 2015-02-15 08:53 - 00000197 _____ () C:\WINDOWS\system32\2015-02-15-14-51-18.008-AvastVBoxSVC.exe-2756.log
2015-02-15 06:35 - 2015-02-15 14:01 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-02-15 06:34 - 2015-02-15 06:34 - 00001116 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-02-15 06:34 - 2015-02-15 06:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-02-15 06:34 - 2015-02-15 06:34 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-02-15 06:34 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-02-15 06:34 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-02-15 06:34 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-02-15 06:32 - 2015-02-15 06:34 - 00000197 _____ () C:\WINDOWS\system32\2015-02-15-12-32-18.095-AvastVBoxSVC.exe-2388.log
2015-02-15 05:30 - 2015-02-15 21:57 - 00000000 ____D () C:\ProgramData\ProductData
2015-02-15 05:30 - 2015-02-15 05:30 - 00000000 ____D () C:\Users\rose\AppData\Roaming\ProductData
2015-02-15 05:23 - 2015-02-15 05:23 - 00000197 _____ () C:\WINDOWS\system32\2015-02-15-11-23-03.041-AvastVBoxSVC.exe-2452.log
2015-02-15 05:20 - 2015-02-17 07:25 - 00013102 _____ () C:\WINDOWS\PFRO.log
2015-02-15 05:20 - 2015-02-17 07:25 - 00000385 _____ () C:\WINDOWS\setupact.log
2015-02-15 05:20 - 2015-02-15 05:20 - 00000000 _____ () C:\WINDOWS\setuperr.log
2015-02-15 03:25 - 2015-02-14 22:52 - 00000746 _____ () C:\zoek-results2015-02-15-045243.log
2015-02-15 01:26 - 2015-02-15 01:28 - 00000197 _____ () C:\WINDOWS\system32\2015-02-15-07-26-42.078-AvastVBoxSVC.exe-2304.log
2015-02-15 00:17 - 2015-02-15 00:20 - 00000197 _____ () C:\WINDOWS\system32\2015-02-15-06-17-12.040-AvastVBoxSVC.exe-3164.log
2015-02-14 22:52 - 2015-02-14 15:12 - 00047981 _____ () C:\zoek-results2015-02-14-211231.log
2015-02-14 21:05 - 2015-02-15 08:53 - 00000000 ____D () C:\ProgramData\RogueKiller
2015-02-14 20:37 - 2015-02-17 09:45 - 00000000 ____D () C:\FRST
2015-02-14 15:06 - 2015-02-14 15:07 - 00000197 _____ () C:\WINDOWS\system32\2015-02-14-21-06-22.055-AvastVBoxSVC.exe-2592.log
2015-02-14 13:47 - 2015-02-14 13:09 - 00051017 _____ () C:\zoek-results2015-02-14-190902.log
2015-02-14 13:22 - 2015-02-14 13:24 - 00000197 _____ () C:\WINDOWS\system32\2015-02-14-19-22-20.043-AvastVBoxSVC.exe-2692.log
2015-02-14 13:13 - 2015-02-14 13:18 - 00000000 ____D () C:\AdwCleaner
2015-02-14 13:10 - 2015-02-14 13:11 - 00000197 _____ () C:\WINDOWS\system32\2015-02-14-19-10-00.061-AvastVBoxSVC.exe-2536.log
2015-02-14 11:34 - 2015-02-15 16:48 - 00035307 _____ () C:\zoek-results.log
2015-02-14 11:27 - 2015-02-15 04:17 - 00000000 ____D () C:\zoek_backup
2015-02-14 11:13 - 2015-02-14 11:14 - 00000280 _____ () C:\WINDOWS\system32\2015-02-14-17-13-51.060-aswFe.exe-2228.log
2015-02-14 01:50 - 2015-02-14 01:52 - 00000197 _____ () C:\WINDOWS\system32\2015-02-14-07-50-59.002-AvastVBoxSVC.exe-2512.log
2015-02-13 21:56 - 2015-02-13 21:57 - 00000197 _____ () C:\WINDOWS\system32\2015-02-14-03-56-08.026-AvastVBoxSVC.exe-2548.log
2015-02-13 21:20 - 2015-02-15 00:05 - 00000000 ____D () C:\WINDOWS\pss
2015-02-13 21:09 - 2015-02-13 21:10 - 00000197 _____ () C:\WINDOWS\system32\2015-02-14-03-09-16.071-AvastVBoxSVC.exe-2488.log
2015-02-13 20:39 - 2015-02-13 20:42 - 00000197 _____ () C:\WINDOWS\system32\2015-02-14-02-39-20.060-AvastVBoxSVC.exe-2540.log
2015-02-13 18:21 - 2015-02-13 18:22 - 00000197 _____ () C:\WINDOWS\system32\2015-02-14-00-21-23.029-AvastVBoxSVC.exe-2528.log
2015-02-13 13:14 - 2015-02-13 13:17 - 00000197 _____ () C:\WINDOWS\system32\2015-02-13-19-14-27.051-AvastVBoxSVC.exe-2976.log
2015-02-13 10:44 - 2015-02-13 10:44 - 00000000 ____D () C:\Users\rose\AppData\Roaming\Apple Computer
2015-02-13 10:43 - 2015-02-15 02:55 - 00000000 ____D () C:\ProgramData\IObit
2015-02-13 10:43 - 2015-02-13 10:43 - 00000000 ____D () C:\WINDOWS\Tasks\ImCleanDisabled
2015-02-13 10:42 - 2015-02-17 07:25 - 00000000 ____D () C:\Program Files (x86)\IObit
2015-02-13 10:42 - 2015-02-15 22:01 - 00000000 ____D () C:\Users\rose\AppData\Roaming\IObit
2015-02-13 10:22 - 2015-02-13 10:24 - 00000197 _____ () C:\WINDOWS\system32\2015-02-13-16-22-11.043-AvastVBoxSVC.exe-2164.log
2015-02-13 08:45 - 2015-02-13 08:45 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-02-10 18:58 - 2015-01-13 16:11 - 01762840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2015-02-10 18:58 - 2015-01-10 03:10 - 01733440 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-02-10 18:58 - 2015-01-10 02:28 - 01498360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-02-10 18:58 - 2015-01-10 01:00 - 00430080 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2015-02-10 18:58 - 2014-12-19 02:57 - 00788680 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2015-02-10 18:58 - 2014-12-08 19:56 - 00538624 _____ (Microsoft Corporation) C:\WINDOWS\system32\scesrv.dll
2015-02-10 18:58 - 2014-10-28 20:02 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2015-02-10 18:58 - 2014-10-28 20:02 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64cpu.dll
2015-02-10 18:58 - 2014-10-28 19:31 - 01441792 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2015-02-10 18:57 - 2015-01-11 20:48 - 02885632 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-02-10 18:57 - 2015-01-11 19:27 - 02865152 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-02-10 18:57 - 2015-01-11 19:27 - 02358272 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-02-10 18:57 - 2015-01-11 19:14 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-02-10 18:57 - 2014-12-19 02:25 - 00602776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2015-02-10 17:46 - 2015-02-10 17:50 - 00000197 _____ () C:\WINDOWS\system32\2015-02-10-23-46-12.078-AvastVBoxSVC.exe-2464.log
2015-02-04 16:37 - 2015-02-04 16:43 - 00000197 _____ () C:\WINDOWS\system32\2015-02-04-22-37-42.005-AvastVBoxSVC.exe-2452.log
2015-01-30 16:59 - 2015-01-30 17:02 - 00000197 _____ () C:\WINDOWS\system32\2015-01-30-22-59-28.083-AvastVBoxSVC.exe-2536.log
2015-01-18 18:56 - 2015-01-18 18:59 - 00000197 _____ () C:\WINDOWS\system32\2015-01-19-00-56-54.024-AvastVBoxSVC.exe-2608.log

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-17 09:29 - 2013-11-10 18:58 - 00004052 _____ () C:\WINDOWS\System32\Tasks\avast! Emergency Update
2015-02-17 09:27 - 2013-07-22 21:34 - 00000000 ____D () C:\Users\rose\AppData\Roaming\Skype
2015-02-17 09:20 - 2013-07-22 13:23 - 00000932 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-17 09:00 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-02-17 08:40 - 2014-10-21 22:51 - 01777970 _____ () C:\WINDOWS\WindowsUpdate.log
2015-02-17 07:57 - 2014-03-19 12:52 - 00000950 _____ () C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-3548871218-304450476-362987887-1001UA.job
2015-02-17 07:36 - 2013-05-16 23:18 - 00003596 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3548871218-304450476-362987887-1001
2015-02-17 07:33 - 2013-05-09 14:45 - 00000000 ____D () C:\Program Files (x86)\Dell Backup and Recovery
2015-02-17 07:26 - 2014-10-21 23:03 - 00000000 ___RD () C:\Users\rose\OneDrive
2015-02-17 07:26 - 2013-07-22 13:23 - 00000928 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-17 07:25 - 2013-08-22 08:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-02-17 07:24 - 2014-10-21 22:17 - 00000000 ____D () C:\Users\rose
2015-02-17 07:24 - 2013-08-22 07:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2015-02-16 13:57 - 2014-03-19 12:52 - 00000928 _____ () C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-3548871218-304450476-362987887-1001Core.job
2015-02-15 22:38 - 2014-10-18 09:38 - 00000000 ____D () C:\Program Files\Games for Windows
2015-02-15 22:02 - 2013-06-24 13:30 - 00000000 ____D () C:\Users\rose\AppData\Local\CrashDumps
2015-02-15 12:15 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-02-15 08:48 - 2013-05-09 14:48 - 00000000 ____D () C:\WINDOWS\en
2015-02-15 05:29 - 2014-10-21 22:58 - 00000008 __RSH () C:\Users\rose\ntuser.pol
2015-02-15 04:08 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\GroupPolicy
2015-02-15 04:08 - 2012-07-26 02:12 - 00000000 ___HD () C:\WINDOWS\system32\GroupPolicy
2015-02-15 03:14 - 2014-12-28 21:15 - 00001944 _____ () C:\WINDOWS\System32\Tasks\avastBCLRestartS-1-5-21-3548871218-304450476-362987887-1001
2015-02-15 02:55 - 2013-07-22 13:23 - 00003066 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-15 02:55 - 2013-07-22 13:23 - 00002830 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-02-15 01:22 - 2013-08-22 09:36 - 00000000 __RSD () C:\WINDOWS\Media
2015-02-15 01:22 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\WinStore
2015-02-15 01:22 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\WinMetadata
2015-02-15 01:22 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\system32\zh-HK
2015-02-15 01:22 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\system32\WinMetadata
2015-02-15 01:22 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\system32\uk-UA
2015-02-15 01:22 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\system32\tr-TR
2015-02-15 01:22 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\system32\th-TH
2015-02-15 01:22 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\system32\sl-SI
2015-02-15 01:22 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\system32\sk-SK
2015-02-15 01:22 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\system32\setup
2015-02-15 01:22 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\system32\ro-RO
2015-02-15 01:22 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\system32\lv-LV
2015-02-15 01:22 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\system32\lt-LT
2015-02-15 01:22 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\system32\hr-HR
2015-02-15 01:22 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\system32\he-IL
2015-02-15 01:22 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\system32\et-EE
2015-02-15 01:22 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\system32\en-GB
2015-02-15 01:22 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\system32\bg-BG
2015-02-15 01:22 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\system32\ar-SA
2015-02-15 01:22 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\PolicyDefinitions
2015-02-15 01:22 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\MediaViewer
2015-02-15 01:22 - 2013-08-22 09:36 - 00000000 ____D () C:\Program Files\Windows Defender
2015-02-15 01:18 - 2014-11-03 19:03 - 00000000 ____D () C:\Users\rose\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Screencast-O-Matic
2015-02-15 01:18 - 2014-08-23 15:29 - 00000000 ____D () C:\Users\rose\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU
2015-02-15 01:18 - 2014-08-23 15:28 - 00000000 ____D () C:\Users\rose\AppData\Roaming\IMVUClient
2015-02-15 01:18 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\Macromed
2015-02-15 01:18 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\system32\WindowsInternal.Inbox.Shared
2015-02-15 01:18 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\system32\Macromed
2015-02-15 01:18 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\Globalization
2015-02-15 01:18 - 2013-08-22 07:36 - 00000000 ____D () C:\WINDOWS\system32\Sysprep
2015-02-15 01:18 - 2013-08-22 07:36 - 00000000 ____D () C:\WINDOWS\servicing
2015-02-15 01:17 - 2014-11-03 19:03 - 00000000 ____D () C:\Users\rose\AppData\Local\Screencast-O-Matic
2015-02-15 01:17 - 2013-05-16 23:07 - 00000000 ____D () C:\Users\rose\AppData\Local\Packages
2015-02-15 01:16 - 2013-08-22 09:36 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2015-02-15 01:16 - 2013-07-22 13:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-02-15 01:16 - 2013-05-16 23:11 - 00000000 ____D () C:\ProgramData\Atheros
2015-02-15 01:16 - 2013-05-09 14:35 - 00000000 ____D () C:\ProgramData\PCDr
2015-02-15 00:58 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\registration
2015-02-15 00:38 - 2013-07-22 13:23 - 00000000 ____D () C:\Users\rose\AppData\Local\Google
2015-02-15 00:38 - 2013-05-09 14:36 - 00000000 ____D () C:\ProgramData\CyberLink
2015-02-14 06:46 - 2013-07-22 13:41 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-02-13 15:51 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2015-02-13 15:06 - 2012-07-26 01:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-02-13 12:22 - 2013-07-24 14:24 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-02-13 12:18 - 2014-10-22 01:02 - 00000000 ___DC () C:\WINDOWS\Panther
2015-02-13 08:29 - 2014-10-18 17:40 - 00000000 ____D () C:\Users\rose\Documents\Calibre Library
2015-02-12 21:45 - 2014-08-23 15:29 - 00000000 ____D () C:\Users\rose\AppData\Roaming\IMVU
2015-02-11 21:25 - 2013-06-13 13:35 - 00000000 ____D () C:\Users\rose\Documents\CyberLink
2015-02-11 21:25 - 2013-06-13 13:35 - 00000000 ____D () C:\Users\rose\AppData\Roaming\CyberLink
2015-01-26 18:44 - 2013-07-26 08:50 - 00003938 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{23CC49CF-8724-4751-BABF-F1F1AAAABEF2}
2015-01-18 18:53 - 2013-08-22 07:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI(83)
2015-01-18 18:53 - 2013-08-22 07:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI(69)

==================== Files in the root of some directories =======

2014-10-10 06:36 - 2014-10-10 06:36 - 0000010 _____ () C:\Users\rose\AppData\Local\DSI.DAT
2013-05-09 14:42 - 2013-05-09 14:42 - 0000119 _____ () C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log
2013-05-09 14:37 - 2013-05-09 14:38 - 0000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log
2013-05-09 14:38 - 2013-05-09 14:40 - 0000111 _____ () C:\ProgramData\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}.log
2013-05-09 14:36 - 2013-05-09 14:37 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
2013-05-09 14:40 - 2013-05-09 14:42 - 0000108 _____ () C:\ProgramData\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}.log

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-02-14 15:25

==================== End Of Log ============================

 

 

Thanks !

Link to post
Share on other sites

Hi Joe, 
 
STEP 1
xlK5Hdb.png Farbar Recovery Scan Tool (FRST) Script

  • Press the Windows Key pdKOQKY.png + r on your keyboard at the same time. Type Notepad and click OK.
  • Copy the entire contents of the codebox below and paste into the Notepad document.
    startCreateRestorePoint:ProxyEnable: [HKLM] => ProxyEnable is set.ProxyEnable: [HKLM-x32] => ProxyEnable is set.ProxyServer: [HKLM] => http=127.0.0.1:8800;https=127.0.0.1:8800ProxyServer: [HKLM-x32] => http=127.0.0.1:8800;https=127.0.0.1:8800Folder: C:\ProgramData\{BAF091CA-86C4-4627-ADA1-897E2621C1B0}CMD: ipconfig /flushdnsEmptyTemp:end
  • Click FileSave As and type fixlist.txt as the File Name
  • Important: The file must be saved in the same location as FRST64.exe. 

NOTICE: This script is intended for use on this particular machine. Do not use this script on any other machine; doing so may cause damage to your Operating System.

  • Right-Click FRST64.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Click Fix.
  • A log (Fixlog.txt) will open on your desktop. Copy the contents of the log and paste in your next reply.
     

STEP 2
E3feWj5.png Junkware Removal Tool (JRT)

  • Please download Junkware Removal Tool and save the file to your Desktop.
  • Create a System Restore Point. For instructions, please refer to the following link (W8).
  • Temporarily disable your anti-virus software. For instructions, please refer to the following link.
  • Right-Click JRT.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Follow the prompts and allow the scan to run uninterrupted. 
  • Upon completion, a log (JRT.txt) will open on your desktop.
  • Re-enable your anti-virus software.
  • Copy the contents of JRT.txt and paste in your next reply.
     

STEP 3
BY4dvz9.png AdwCleaner

  • Please download AdwCleaner and save the file to your Desktop.
  • Right-Click AdwCleaner.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Follow the prompts. 
  • Click Scan
  • Upon completion, click Report. A log (AdwCleaner[R0].txt) will open. Briefly check the log for anything you know to be legitimate. 
  • Ensure anything you know to be legitimate does not have a checkmark, and click Clean
  • Follow the prompts and allow your computer to reboot
  • After rebooting, a log (AdwCleaner[s0].txt) will open. Copy the contents of the log and paste in your next reply.

-- File and folder backups are made for items removed using this tool. Should a legitimate file or folder be removed (otherwise known as a 'false-positive'), simple steps can be taken to restore the item. Please do not overly concern yourself with the contents of AdwCleaner[R0].txt.
 
 
STEP 4

GzlsbnV.png ESET Online Scan
Note: This scan may take a long time to complete. Please do not browse the Internet whilst your Anti-Virus is disabled.

  • Please download ESET Online Scan and save the file to your Desktop.
  • Temporarily disable your anti-virus software. For instructions, please refer to the following link.
  • Double-click esetsmartinstaller_enu.exe to run the programme. 
  • Agree to the EULA by placing a checkmark next to Yes, I accept the Terms of Use. Then click Start.
  • Agree to the Terms of Use once more and click Start. Allow components to download.
  • Place a checkmark next to Enable detection of potentially unwanted applications.
  • Click Advanced settings. Place a checkmark next to:
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Ensure Remove found threats is unchecked.
  • Click Start.
  • Wait for the scan to finish. Please be patient as this can take some time.
  • Upon completion, click List of found threats. If no threats were found, skip the next two bullet points. 
  • Click Export to text file... and save the file to your Desktop, naming it something such as "MyEsetScan".
  • Push the Back button.
  • Place a checkmark next to Uninstall application on close and click Finish.
  • Re-enable your anti-virus software.
  • Copy the contents of the log and paste in your next reply.
     

======================================================

STEP 5
pfNZP4A.png Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

  • Fixlog.txt
  • JRT.txt
  • AdwCleaner[s0].txt
  • ESET log
Link to post
Share on other sites

Here we are ...

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 14-02-2015
Ran by rose at 2015-02-17 13:13:52 Run:2
Running from E:\
Loaded Profiles: rose (Available profiles: rose)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
CreateRestorePoint:
ProxyEnable: [HKLM] => ProxyEnable is set.
ProxyEnable: [HKLM-x32] => ProxyEnable is set.
ProxyServer: [HKLM] => http=127.0.0.1:8800;https=127.0.0.1:8800
ProxyServer: [HKLM-x32] => http=127.0.0.1:8800;https=127.0.0.1:8800
Folder: C:\ProgramData\{BAF091CA-86C4-4627-ADA1-897E2621C1B0}
CMD: ipconfig /flushdns
EmptyTemp:
end

*****************

Restore point was successfully created.
HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value deleted successfully.
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully.
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully.

========================= Folder: C:\ProgramData\{BAF091CA-86C4-4627-ADA1-897E2621C1B0} ========================

====== End of Folder: ======

=========  ipconfig /flushdns =========

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

EmptyTemp: => Removed 6.3 MB temporary data.

The system needed a reboot.

==== End of Fixlog 13:14:43 ====

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.2 (02.02.2015:1)
OS: Windows 8.1 x64
Ran by rose on Tue 02/17/2015 at 13:32:02.73
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Registry Values

 

~~~ Registry Keys

 

~~~ Files

 

~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\pcdr"

 

~~~ Event Viewer Logs were cleared

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 02/17/2015 at 13:36:26.43
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

# AdwCleaner v4.110 - Logfile created 17/02/2015 at 13:48:46
# Updated 05/02/2015 by Xplode
# Database : 2015-02-14.2 [server]
# Operating system : Windows 8.1  (x64)
# Username : rose - ROSECHAMBERS
# Running from : E:\AdwCleaner.exe
# Option : Cleaning

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\Users\rose\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbiofflfdlpgchfieeclnffadkejchnn

***** [ Scheduled tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\conduit.com
Key Deleted : HKCU\Software\MICROSOFT\INTERNET EXPLORER\DOMSTORAGE\superfish.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\wajam.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\conduit.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.com
Key Deleted : HKCU\Software\BABSOLUTION
Key Deleted : HKCU\Software\eSupport.com
Key Deleted : HKCU\Software\DriverRestore
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ask.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\delta-search.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\searchcompletion.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\sweetiegames.com

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17416

-\\ Google Chrome v40.0.2214.111

*************************

AdwCleaner[R0].txt - [4606 bytes] - [14/02/2015 13:13:54]
AdwCleaner[R1].txt - [2213 bytes] - [17/02/2015 13:43:21]
AdwCleaner[s0].txt - [4551 bytes] - [14/02/2015 13:18:14]
AdwCleaner[s1].txt - [1942 bytes] - [17/02/2015 13:48:46]

########## EOF - C:\AdwCleaner\AdwCleaner[s1].txt - [2001  bytes] ##########

 

C:\Program Files (x86)\Dell Backup and Recovery\Components\DBRUpdate\hstart.exe a variant of Win32/HiddenStart.A potentially unsafe application
C:\Windows\uninst.exe a variant of Win32/PCCleaners potentially unwanted application
C:\zoek_backup\C_windows_SysNative_drivers_{00aec75d-051f-41a9-9837-e94ac4f56303}Gw64.sys.vir a variant of Win64/BrowseFox.Q potentially unwanted application
C:\zoek_backup\C_windows_SysNative_drivers_{02bbe9df-d3b0-43f4-8dcb-e24500d3308f}Gw64.sys.vir a variant of Win64/BrowseFox.Q potentially unwanted application
C:\zoek_backup\C_windows_SysNative_drivers_{1de2a23f-1c23-4ea1-8ef4-79bc5c5cea78}Gw64.sys.vir a variant of Win64/BrowseFox.Q potentially unwanted application
C:\zoek_backup\C_windows_SysNative_drivers_{21abe523-36e2-4dad-9e0e-8fe9f0be1916}Gw64.sys.vir a variant of Win64/BrowseFox.Q potentially unwanted application
C:\zoek_backup\C_windows_SysNative_drivers_{2dded9e7-3203-4471-8b68-853135cdbf31}Gw64.sys.vir a variant of Win64/BrowseFox.Q potentially unwanted application
C:\zoek_backup\C_windows_SysNative_drivers_{32c6b9d7-6b2c-4b03-9178-01abbf9c7194}Gw64.sys.vir a variant of Win64/BrowseFox.Q potentially unwanted application
C:\zoek_backup\C_windows_SysNative_drivers_{336e37ae-3235-4f16-98ec-8cdf679be7d2}Gw64.sys.vir a variant of Win64/BrowseFox.Q potentially unwanted application
C:\zoek_backup\C_windows_SysNative_drivers_{3b808196-ff63-49ee-b33b-efdf51723eca}Gw64.sys.vir a variant of Win64/BrowseFox.Q potentially unwanted application
C:\zoek_backup\C_windows_SysNative_drivers_{3fa44d1f-c300-4673-a8c1-5ba05468b4bd}Gw64.sys.vir a variant of Win64/BrowseFox.Q potentially unwanted application
C:\zoek_backup\C_windows_SysNative_drivers_{84e24724-32a5-4ef8-b981-cc669543b4a4}Gw64.sys.vir a variant of Win64/BrowseFox.Q potentially unwanted application
C:\zoek_backup\C_windows_SysNative_drivers_{8ac13c32-b1f4-495e-8b0b-4bd4fd38c6b5}Gw64.sys.vir a variant of Win64/BrowseFox.Q potentially unwanted application
C:\zoek_backup\C_windows_SysNative_drivers_{bb7b7a60-f574-47c2-8a0b-4c56f2da9802}Gw64.sys.vir a variant of Win64/BrowseFox.Q potentially unwanted application
C:\zoek_backup\C_windows_SysNative_drivers_{c61f6471-95aa-405a-be3a-f3b2dc07fdfa}Gw64.sys.vir a variant of Win64/BrowseFox.Q potentially unwanted application
C:\zoek_backup\C_windows_SysNative_drivers_{d1c4c3bc-6b77-4033-9c86-e72fcf769bbe}Gw64.sys.vir a variant of Win64/BrowseFox.Q potentially unwanted application
C:\zoek_backup\C_windows_SysNative_drivers_{e9629596-2cbd-4eea-9329-7470e8b0fdae}Gw64.sys.vir a variant of Win64/BrowseFox.Q potentially unwanted application
C:\zoek_backup\C_PROGRA~2_Conduit\Community Alerts\Alert0.dll Win32/Toolbar.Conduit.Y potentially unwanted application
C:\zoek_backup\C_PROGRA~2_Conduit\CT3289847\plugins\TBVerifier.dll Win32/Toolbar.Conduit.AC potentially unwanted application
C:\zoek_backup\C_PROGRA~2_Conduit\CT3291325\plugins\TBVerifier.dll Win32/Toolbar.Conduit.AC potentially unwanted application
C:\zoek_backup\C_Users_rose_AppData_Local_Google_Chrome_User Data_Default_Extensions_pkbbmldjcnhopjhpifcocnmkooiadpbb\1.0.1_0\background.js Win32/BrowseFox.Q potentially unwanted application
C:\zoek_backup\C_Users_rose_AppData_Local_Google_Chrome_User Data_Default_Extensions_pkbbmldjcnhopjhpifcocnmkooiadpbb\1.0.1_0\content.js Win32/BrowseFox.Q potentially unwanted application
C:\zoek_backup\C_Users_rose_AppData_Local_Microsoft_Silverlight_OutOfBrowser_Speedchecker.PCSpeedUp\application.xap a variant of Win32/Speedchecker.A potentially unwanted application

 

Thanks !
 

Link to post
Share on other sites

Excellent. And with this in mind -
 
All Clean!
Congratulations, your computer appears clean! :)
I no longer see signs of malware on your computer, and feel satisfied that our work here is done. The steps below will remove the tools we have used, and reset any settings changed. I have also provided a list of resources and tools that you may find useful
 
My help will always be free. But if you are happy with the help provided, and would like to support my fight against malware and/or buy me a beer, please consider a donation. YSCcjW7.png
 
AFZxnZc.jpg DelFix

  • Please download DelFix and save the file to your Desktop.
  • Double-click DelFix.exe to run the programme.
  • Place a checkmark next to the following items:
    • Activate UAC
    • Remove disinfection tools
    • Create registry backup
    • Purge system restore
    • Reset system settings
  • Click the Run button.

-- This will remove the specialised tools we used to disinfect your system. Any leftover logs, files, folders or tools remaining on your Desktop which were not removed can be deleted manually (right-click the file + delete).
 
======================================================
 
I have compiled below a list of resources you may find useful. The articles document information on computer security, common infection vectors and how you can stay safe on the Internet.

The following programmes come highly recommended in the security community.

  • xKsUqI5A.png.pagespeed.ic.vn1Hlvqi8h.jpg AdBlock is a browser add-on that blocks annoying banners, pop-ups and video ads.
  • E8I37RF.pngCryptoPrevent places policy restrictions on loading points for ransomware (eg. CryptoWall), helping prevent the execution of malware. 
  • EG85Vjt.png Malwarebytes Anti-Exploit (MBAE) is designed to prevent zero-day malware from exploiting vulnerable software.
  • x6YRrgUC.png.pagespeed.ic.HjgFxjvw2Z.jpg Malwarebytes Anti-Malware Premium (MBAM) works in real-time along side your Anti-Virus to prevent malware execution.
  • xjv4nhMJ.png.pagespeed.ic.A5YbWn1eDO.png NoScript is a Firefox add-on that blocks the actions of malicious scripts by using whitelisting and other technology.
  • 3O8r9Uq.png Sandboxie isolates programmes of your choice, preventing files from being written to your HDD unless approved by you.
  • DgW1XL2.png.pagespeed.ce.v1OlJl_ZAS.png Secunia PSI will scan your computer for vulnerable software that is outdatedand automatically find the latest update for you.
  • xj1OLIec.png.pagespeed.ic.k6hhwopU0q.jpg SpywareBlaster is a form of passive protection, designed to block the actions of malicious websites and tracking cookies.
  • xJEP5iWI.png.pagespeed.ic.4tmM1lM7DQ.png Web of Trust (WOT) is a browser add-on designed to alert you before interacting with a potentially malicious website.

-- Please feel free to ask if you have any questions or concerns on computer security or the programmes above.
 
======================================================
 
Please confirm you have no outstanding issues, and are happy with the state of your computer. Once I have confirmation things are in order, we can wrap things up and I will close this thread. 
 
Thank you for using Malwarebytes.
 
Safe Surfing. :)    
Adam

Link to post
Share on other sites

  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.