TechSpot

Virus Malware FRST.txt

By Gesus
Sep 9, 2015
  1. Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:07-09-2015
    Ran by TYNDALE1 (administrator) on DAKUENJERU (09-09-2015 02:31:20)
    Running from C:\Users\TYNDALE1\Desktop
    Loaded Profiles: TYNDALE1 (Available Profiles: TYNDALE1)
    Platform: Windows 8.1 (X64) Language: English (United States)
    Internet Explorer Version 11 (Default browser: Chrome)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
    (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
    (Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    () C:\Program Files (x86)\BlueStacks\HD-Adb.exe
    (Qualcomm®Atheros®) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe
    () C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\ActivateDesktop.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    (Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastUI.exe
    (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    (Qualcomm Atheros) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtTray.exe
    (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Dropbox, Inc.) C:\Users\TYNDALE1\AppData\Roaming\Dropbox\bin\Dropbox.exe
    (NCSoft) C:\Program Files (x86)\NCSOFT\Aion\bin64\aion.bin
    (NCSOFT Corporation) C:\Program Files (x86)\NCWest\NCLauncher\NCUpdateHelper.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


    ==================== Registry (Whitelisted) ===========================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7202520 2013-08-27] (Realtek Semiconductor)
    HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-08-27] (Realtek Semiconductor)
    HKLM\...\Run: [RtHDVBg_PushButton] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-08-27] (Realtek Semiconductor)
    HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [5762408 2013-06-03] (Dell Inc.)
    HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [499608 2011-03-15] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [StartCCC] => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-11-17] (Advanced Micro Devices, Inc.)
    HKLM-x32\...\Run: [NCUpdateHelper] => C:\Program Files (x86)\NCWest\NCLauncher\NCUpdateHelper.exe [526240 2014-10-18] (NCSOFT Corporation)
    HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5512912 2015-04-11] (Avast Software s.r.o.)
    HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
    HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
    HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [896632 2015-07-22] (BlueStack Systems, Inc.)
    HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe [132736 2013-10-30] (Qualcomm®Atheros®)
    HKU\S-1-5-21-4201076837-888121987-1116610915-1002\...\Run: [AdobeBridge] => [X]
    HKU\S-1-5-21-4201076837-888121987-1116610915-1002\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [53655680 2015-07-28] (Skype Technologies S.A.)
    HKU\S-1-5-21-4201076837-888121987-1116610915-1002\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8202008 2015-04-08] (Piriform Ltd)
    HKU\S-1-5-21-4201076837-888121987-1116610915-1002\...\Run: [Dropbox Update] => C:\Users\TYNDALE1\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-29] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\TYNDALE1\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\TYNDALE1\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\TYNDALE1\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\TYNDALE1\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\TYNDALE1\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\TYNDALE1\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\TYNDALE1\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\TYNDALE1\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-04-11] (Avast Software s.r.o.)
    ShellIconOverlayIdentifiers: [DBARFileBackuped] -> {831cebdd-6baf-4432-be76-9e0989c14aef} => C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIconBackuped.dll [2014-12-30] (Softthinks SAS)
    ShellIconOverlayIdentifiers: [DBARFileNotBackuped] -> {275e4fd7-21ef-45cf-a836-832e5d2cc1b3} => C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIconNotBackuped.dll [2014-12-30] (Softthinks SAS)
    ShellIconOverlayIdentifiers: [DBRShellOverlayBackupFile] -> {831CEBDD-6BAF-4432-BE76-9E0989C14AEF} => C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIconBackuped.dll [2014-12-30] (Softthinks SAS)
    ShellIconOverlayIdentifiers: [DBRShellOverlayModifiedBackupFile] -> {275E4FD7-21EF-45CF-A836-832E5D2CC1B3} => C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIconNotBackuped.dll [2014-12-30] (Softthinks SAS)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Audible Download Manager.lnk [2015-08-09]
    ShortcutTarget: Audible Download Manager.lnk -> C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe (Audible, Inc.)
    Startup: C:\Users\TYNDALE1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-04-26]
    ShortcutTarget: Dropbox.lnk -> C:\Users\TYNDALE1\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    Startup: C:\Users\TYNDALE1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk [2015-06-01]
    ShortcutTarget: Rainmeter.lnk -> C:\Program Files\Rainmeter\Rainmeter.exe ()

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
    Tcpip\Parameters: [DhcpNameServer] 10.0.0.1
    Tcpip\..\Interfaces\{3868DBD4-57B2-4B8A-98A1-60B0364F33F9}: [DhcpNameServer] 10.0.0.1
    Tcpip\..\Interfaces\{725AF8EA-759D-471C-8DCF-ED2BA940DBAC}: [DhcpNameServer] 10.0.0.1
    Tcpip\..\Interfaces\{FB3974B2-47B2-45F1-A8C9-C7AB1A17D31D}: [DhcpNameServer] 8.8.8.8

    Internet Explorer:
    ==================
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
    HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
    BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-04-11] (Avast Software s.r.o.)
    BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
    BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
    BHO-x32: ArcPluginIEBHO Class -> {84BFE29A-8139-402a-B2A4-C23AE9E1A75F} -> C:\Program Files (x86)\Perfect World Entertainment\Arc\Plugins\ArcPluginIE.dll [2015-07-23] (Perfect World Entertainment Inc)
    BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-04-11] (Avast Software s.r.o.)
    BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
    Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
    Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
    StartMenuInternet: IEXPLORE.EXE - iexplore.exe

    FireFox:
    ========
    FF ProfilePath: C:\Users\TYNDALE1\AppData\Roaming\Mozilla\Firefox\Profiles\6433920z.default-1441369108283
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_188.dll [2015-06-01] ()
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_188.dll [2015-06-01] ()
    FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
    FF Plugin-x32: @perfectworld.com/npArcPlayNowPlugin -> C:\Program Files (x86)\Perfect World Entertainment\Arc\Plugins\npArcPluginFF.dll [2015-07-23] (Perfect World Entertainment Inc)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-27] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-27] (Google Inc.)
    FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
    FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
    FF Plugin HKU\S-1-5-21-4201076837-888121987-1116610915-1002: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\TYNDALE1\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-01-26] (Unity Technologies ApS)
    FF Extension: EnterDigital - C:\Program Files (x86)\Mozilla Firefox\extensions\{a29afc42-e51f-4f5a-99de-a63090d37cfb}.xpi [2015-04-20]
    FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-05-01]
    FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
    FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-10-19]

    Chrome:
    =======
    CHR StartupUrls: Default -> "hxxp://www.sweet-page.com/?type=hp&ts=1414694806&from=cor&uid=ST1000LM024XHN-M101MBB_S314J90F325706325706","hxxp://home.torchbrowser.com/?systemid=448&appid=32&ua=Torch"
    CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
    CHR Profile: C:\Users\TYNDALE1\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Google Slides) - C:\Users\TYNDALE1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-10-18]
    CHR Extension: (Google Docs) - C:\Users\TYNDALE1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-10-18]
    CHR Extension: (Google Drive) - C:\Users\TYNDALE1\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-10-18]
    CHR Extension: (YouTube) - C:\Users\TYNDALE1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-10-18]
    CHR Extension: (Google Search) - C:\Users\TYNDALE1\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-10-18]
    CHR Extension: (Anime Angel Beats! Kanade & Yuri Theme) - C:\Users\TYNDALE1\AppData\Local\Google\Chrome\User Data\Default\Extensions\doohigkdbijiaimgfjjamgnjcneogefa [2014-10-18]
    CHR Extension: (Google Sheets) - C:\Users\TYNDALE1\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-10-18]
    CHR Extension: (Google Docs Offline) - C:\Users\TYNDALE1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-03]
    CHR Extension: (Avast Online Security) - C:\Users\TYNDALE1\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-10-19]
    CHR Extension: (Chrome Hotword Shared Module) - C:\Users\TYNDALE1\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2014-12-11]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\TYNDALE1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-18]
    CHR Extension: (Gmail) - C:\Users\TYNDALE1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-10-18]
    CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-04-11]
    CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-05-01]

    ==================== Services (Whitelisted) ========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    S4 AMD FUEL Service; c:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-11-16] (Advanced Micro Devices, Inc.) [File not signed]
    S3 ArcService; C:\Program Files (x86)\Perfect World Entertainment\Arc\ArcService.exe [88400 2015-07-23] (Perfect World Entertainment Inc)
    S4 AtherosSvc; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [317568 2013-10-30] (Windows (R) Win 7 DDK provider) [File not signed]
    R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-04-11] (Avast Software s.r.o.)
    R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4030800 2015-04-11] (Avast Software)
    S3 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [433784 2015-06-16] (BlueStack Systems, Inc.)
    S3 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [413304 2015-06-16] (BlueStack Systems, Inc.)
    S3 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [831096 2015-07-21] (BlueStack Systems, Inc.)
    R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1394816 2015-05-01] (Microsoft Corporation)
    R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1772672 2015-05-01] (Microsoft Corporation)
    S4 DellDataVault; C:\Program Files\Dell\DellDataVault\DellDataVault.exe [2557136 2015-02-26] (Dell Inc.)
    S4 DellDataVaultWiz; C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe [201936 2015-02-26] (Dell Inc.)
    S4 DellUpdate; C:\Program Files (x86)\Dell Update\DellUpService.exe [211320 2015-02-11] (Dell Inc.)
    S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
    S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [3299328 2014-11-26] (INCA Internet Co., Ltd.)
    S4 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [253776 2013-07-30] (CyberLink)
    S4 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [246488 2013-08-27] (Realtek Semiconductor)
    S4 SftService; C:\Program Files (x86)\Dell Backup and Recovery\sftservice.exe [2005392 2015-02-12] (SoftThinks SAS)
    S4 SupportAssistAgent; C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [19288 2015-04-10] (Dell Inc.)
    S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
    S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
    S4 WysePocketCloud; C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudService.exe [16176 2013-08-22] ()
    S4 WyseRemoteAccess; C:\Program Files (x86)\Wyse\PocketCloud\WyseRemoteAccess.exe [1785344 2013-08-19] (DELL Inc.) [File not signed]

    ===================== Drivers (Whitelisted) ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 AODDriver4.2.0; c:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59648 2013-09-20] (Advanced Micro Devices)
    R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-04-11] ()
    R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [88408 2015-04-11] (Avast Software s.r.o.)
    R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-04-11] (Avast Software s.r.o.)
    R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-04-11] ()
    R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-04-11] (Avast Software s.r.o.)
    R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-04-11] (Avast Software s.r.o.)
    R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [136752 2015-04-11] (Avast Software s.r.o.)
    R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [271200 2015-04-11] ()
    R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3858944 2013-10-17] (Qualcomm Atheros Communications, Inc.)
    R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [222720 2013-09-25] (Advanced Micro Devices)
    R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [145528 2015-06-16] (BlueStack Systems)
    R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-10-30] (Qualcomm Atheros)
    R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-04-28] (Microsoft Corporation)
    R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink)
    R3 DDDriver; C:\Windows\system32\drivers\DDDriver64Dcsa.sys [23760 2015-01-30] (Dell Computer Corporation)
    R3 DellProf; C:\Windows\system32\drivers\DellProf.sys [23312 2015-01-30] (Dell Computer Corporation)
    R3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [10752 2013-01-24] (OSR Open Systems Resources, Inc.)
    S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider)
    S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows (R) Win 7 DDK provider)
    S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
    R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
    S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-04-14] (Malwarebytes Corporation)
    R2 NPF; C:\Windows\system32\drivers\npf.sys [35344 2014-12-07] (CACE Technologies, Inc.)
    S3 RimVSerPort; C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Research in Motion Ltd)
    R3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [30448 2013-09-06] (Synaptics Incorporated)
    S3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [34544 2013-09-06] (Synaptics Incorporated)
    R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [273824 2015-04-11] (Avast Software)
    S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
    S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
    S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
    S3 XSplit_Dummy; C:\Windows\system32\drivers\xspltspk.sys [26200 2014-07-02] (SplitmediaLabs Limited)
    S3 RimUsb; \SystemRoot\System32\Drivers\RimUsb_AMD64.sys [X]
    S3 WinRing0_1_2_0; \??\C:\Users\TYNDALE1\AppData\Local\Temp\tmp9590.tmp [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2015-09-09 02:31 - 2015-09-09 02:32 - 00024075 _____ C:\Users\TYNDALE1\Desktop\FRST.txt
    2015-09-09 02:31 - 2015-09-09 02:31 - 01660416 _____ C:\Users\TYNDALE1\Desktop\AdwCleaner.exe
    2015-09-09 02:31 - 2015-09-09 02:31 - 00000000 ____D C:\FRST
    2015-09-09 02:30 - 2015-09-09 02:30 - 02190336 _____ (Farbar) C:\Users\TYNDALE1\Desktop\FRST64.exe
    2015-09-09 02:30 - 2015-09-09 02:30 - 01692160 _____ (Farbar) C:\Users\TYNDALE1\Desktop\FRST.exe
    2015-09-08 23:25 - 2015-09-08 23:29 - 00001804 _____ C:\Users\TYNDALE1\Desktop\Rkill.txt
    2015-09-08 23:25 - 2015-09-08 23:25 - 01063160 _____ (Bleeping Computer, LLC) C:\Users\TYNDALE1\Downloads\iExplore64.exe
    2015-09-08 16:10 - 2015-08-03 16:15 - 00074928 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
    2015-09-08 16:10 - 2015-08-03 16:15 - 00065600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
    2015-09-08 16:10 - 2015-08-01 09:22 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
    2015-09-08 16:10 - 2015-07-13 22:27 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\tzsync.exe
    2015-09-08 16:10 - 2015-07-13 14:10 - 00411455 _____ C:\Windows\system32\ApnDatabase.xml
    2015-09-08 16:10 - 2015-06-19 12:07 - 02819072 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers.dll
    2015-09-07 20:35 - 2015-09-07 20:35 - 00000000 ___RD C:\Users\TYNDALE1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
    2015-09-04 15:28 - 2015-09-04 15:28 - 00000000 ____D C:\Users\TYNDALE1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
    2015-09-04 07:26 - 2015-09-04 07:26 - 00000000 ____D C:\Users\TYNDALE1\Desktop\Old Firefox Data
    2015-09-02 22:26 - 2015-09-02 22:26 - 00000000 ____D C:\Users\TYNDALE1\AppData\Roaming\(FE-8A-46-65-71-04)
    2015-08-29 11:02 - 2015-08-29 11:02 - 00961217 _____ C:\Users\TYNDALE1\Desktop\Don't fk wit me.mp4
    2015-08-20 23:07 - 2015-08-10 20:20 - 25191936 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2015-08-20 23:07 - 2015-08-10 19:20 - 19871232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2015-08-18 21:11 - 2015-08-18 21:11 - 00000000 ____D C:\Users\TYNDALE1\AppData\Roaming\(90-67-1C-A5-52-B4)
    2015-08-15 15:15 - 2015-07-30 09:04 - 00124624 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
    2015-08-15 15:15 - 2015-07-30 08:48 - 00103120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
    2015-08-12 22:04 - 2015-08-12 22:04 - 00010606 _____ C:\Users\TYNDALE1\Documents\Shena COntacts.pbo
    2015-08-12 22:03 - 2015-08-12 22:03 - 00000000 ____D C:\Users\TYNDALE1\AppData\Roaming\(0C-12-62-96-79-29)
    2015-08-12 05:29 - 2015-07-10 13:19 - 01101824 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
    2015-08-12 05:29 - 2015-07-10 12:14 - 00856064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
    2015-08-12 05:29 - 2015-07-10 12:13 - 07032320 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
    2015-08-12 05:29 - 2015-07-10 11:31 - 06213120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
    2015-08-12 05:28 - 2015-07-18 20:58 - 00136904 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
    2015-08-12 05:28 - 2015-07-18 13:51 - 03704320 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
    2015-08-12 05:28 - 2015-07-18 13:31 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
    2015-08-12 05:28 - 2015-07-18 13:31 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
    2015-08-12 05:28 - 2015-07-18 13:31 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
    2015-08-12 05:28 - 2015-07-18 13:29 - 00409088 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
    2015-08-12 05:28 - 2015-07-18 13:29 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
    2015-08-12 05:28 - 2015-07-18 13:29 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
    2015-08-12 05:28 - 2015-07-18 13:28 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
    2015-08-12 05:28 - 2015-07-18 13:12 - 02228736 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
    2015-08-12 05:28 - 2015-07-18 13:10 - 00891904 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
    2015-08-12 05:28 - 2015-07-18 13:09 - 00721920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
    2015-08-12 05:27 - 2015-07-16 15:26 - 05923328 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2015-08-12 05:27 - 2015-07-16 14:34 - 14451200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2015-08-12 05:27 - 2015-07-16 14:10 - 12856832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2015-08-12 05:26 - 2015-07-16 15:36 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
    2015-08-12 05:26 - 2015-07-16 15:36 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
    2015-08-12 05:26 - 2015-07-16 15:35 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2015-08-12 05:26 - 2015-07-16 15:23 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
    2015-08-12 05:26 - 2015-07-16 15:21 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
    2015-08-12 05:26 - 2015-07-16 14:53 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
    2015-08-12 05:26 - 2015-07-16 14:51 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2015-08-12 05:26 - 2015-07-16 14:50 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
    2015-08-12 05:26 - 2015-07-16 14:45 - 02279424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2015-08-12 05:26 - 2015-07-16 14:45 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
    2015-08-12 05:26 - 2015-07-16 14:41 - 00479232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2015-08-12 05:26 - 2015-07-16 14:39 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2015-08-12 05:26 - 2015-07-16 14:38 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
    2015-08-12 05:26 - 2015-07-16 14:36 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2015-08-12 05:26 - 2015-07-16 14:32 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
    2015-08-12 05:26 - 2015-07-16 14:14 - 02880000 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
    2015-08-12 05:26 - 2015-07-16 14:13 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
    2015-08-12 05:26 - 2015-07-16 14:12 - 04520448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2015-08-12 05:26 - 2015-07-16 14:12 - 02427904 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2015-08-12 05:26 - 2015-07-16 14:06 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2015-08-12 05:26 - 2015-07-16 14:01 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2015-08-12 05:26 - 2015-07-16 13:52 - 01048576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
    2015-08-12 05:26 - 2015-07-16 13:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
    2015-08-12 05:26 - 2015-07-16 13:42 - 01951232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2015-08-12 05:26 - 2015-07-16 13:38 - 01310720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2015-08-12 05:26 - 2015-07-16 13:37 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
    2015-08-12 05:25 - 2015-07-15 19:29 - 07458648 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
    2015-08-12 05:25 - 2015-07-15 19:29 - 01735000 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
    2015-08-12 05:25 - 2015-07-15 19:29 - 00101720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
    2015-08-12 05:25 - 2015-07-15 19:28 - 01499920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
    2015-08-12 05:25 - 2015-07-10 12:54 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\sysmain.dll
    2015-08-12 05:25 - 2015-07-07 04:40 - 00270168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdFilter.sys
    2015-08-12 05:25 - 2015-07-07 04:40 - 00114520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdNisDrv.sys
    2015-08-12 05:25 - 2015-07-07 04:40 - 00044560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdBoot.sys
    2015-08-12 05:25 - 2015-06-12 12:03 - 18823680 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.dll
    2015-08-12 05:25 - 2015-06-12 11:36 - 15159296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.dll
    2015-08-12 05:24 - 2015-07-28 18:24 - 00025776 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
    2015-08-12 05:24 - 2015-07-28 09:24 - 01148416 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
    2015-08-12 05:24 - 2015-07-28 09:24 - 01116160 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
    2015-08-12 05:24 - 2015-07-28 09:24 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
    2015-08-12 05:24 - 2015-07-28 09:24 - 00743424 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
    2015-08-12 05:24 - 2015-07-28 09:24 - 00437248 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
    2015-08-12 05:24 - 2015-07-28 09:24 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
    2015-08-12 05:24 - 2015-07-01 17:19 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
    2015-08-12 05:24 - 2015-07-01 17:16 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
    2015-08-12 05:24 - 2015-07-01 16:37 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
    2015-08-12 05:24 - 2015-07-01 16:35 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
    2015-08-12 05:23 - 2015-07-13 14:46 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
    2015-08-12 05:23 - 2015-07-13 14:45 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\basesrv.dll
    2015-08-12 05:22 - 2015-07-29 09:37 - 01994752 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
    2015-08-12 05:22 - 2015-07-29 09:30 - 01381888 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
    2015-08-12 05:22 - 2015-07-29 09:23 - 01559552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
    2015-08-12 05:22 - 2015-07-24 13:57 - 04177408 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
    2015-08-12 05:22 - 2015-07-24 13:57 - 00358912 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
    2015-08-12 05:22 - 2015-07-24 13:52 - 00044032 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
    2015-08-12 05:22 - 2015-07-24 12:27 - 00301568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
    2015-08-12 05:22 - 2015-07-24 12:23 - 00035840 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
    2015-08-12 05:22 - 2015-07-14 16:59 - 01113944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
    2015-08-12 05:22 - 2015-07-14 16:59 - 00487256 _____ (Microsoft Corporation) C:\Windows\system32\netcfgx.dll
    2015-08-12 05:22 - 2015-07-14 16:59 - 00393560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netcfgx.dll
    2015-08-12 05:22 - 2015-07-13 22:22 - 02529880 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
    2015-08-12 05:22 - 2015-07-13 22:21 - 01901776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
    2015-08-12 05:22 - 2015-07-10 12:42 - 02345472 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
    2015-08-12 05:22 - 2015-07-10 11:47 - 01556992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
    2015-08-12 05:22 - 2015-07-09 12:13 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\notepad.exe
    2015-08-12 05:22 - 2015-07-09 12:13 - 00221184 _____ (Microsoft Corporation) C:\Windows\notepad.exe
    2015-08-12 05:22 - 2015-07-09 11:30 - 00212992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
    2015-08-12 05:22 - 2015-06-11 15:12 - 02476376 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
    2015-08-12 05:22 - 2015-06-11 15:12 - 00428888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
    2015-08-11 03:04 - 2015-08-11 03:05 - 00281848 _____ C:\Windows\Minidump\081115-43171-01.dmp
    2015-08-11 03:04 - 2015-08-11 03:04 - 621288506 _____ C:\Windows\MEMORY.DMP
    2015-08-10 02:32 - 2015-08-10 02:32 - 00002201 _____ C:\Users\Public\Desktop\PWI.lnk

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2015-09-09 02:29 - 2015-07-14 23:43 - 01272932 _____ C:\Windows\WindowsUpdate.log
    2015-09-09 02:26 - 2015-05-24 04:01 - 00001643 _____ C:\Users\TYNDALE1\Documents\aionmemo_50d7a7b5.dat
    2015-09-09 02:21 - 2015-06-29 06:10 - 00000952 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-4201076837-888121987-1116610915-1002UA.job
    2015-09-09 02:08 - 2015-04-12 08:24 - 00000928 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2015-09-09 02:02 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\system32\sru
    2015-09-09 01:41 - 2014-12-07 10:35 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
    2015-09-09 00:14 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\AppReadiness
    2015-09-09 00:08 - 2014-09-12 00:15 - 00003596 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4201076837-888121987-1116610915-1002
    2015-09-08 23:53 - 2014-12-05 19:17 - 00000000 ____D C:\Users\TYNDALE1\Downloads\To sort out
    2015-09-08 23:46 - 2014-12-05 19:18 - 00000000 ____D C:\Users\TYNDALE1\Downloads\Sort some more
    2015-09-08 23:25 - 2015-01-10 12:46 - 00000000 ____D C:\Users\TYNDALE1\Downloads\Premiere Pro
    2015-09-08 23:14 - 2014-10-25 01:45 - 00000000 ____D C:\Users\TYNDALE1\AppData\Roaming\uTorrent
    2015-09-08 19:35 - 2013-08-22 10:20 - 00000000 ____D C:\Windows\CbsTemp
    2015-09-08 19:05 - 2014-10-30 14:19 - 00000000 ____D C:\ProgramData\Microsoft Help
    2015-09-08 18:35 - 2014-10-04 16:50 - 00000000 ____D C:\Windows\system32\MRT
    2015-09-08 17:20 - 2015-06-29 06:10 - 00000900 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-4201076837-888121987-1116610915-1002Core.job
    2015-09-08 13:08 - 2015-04-12 08:24 - 00000924 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2015-09-07 20:37 - 2014-10-18 23:34 - 00000000 ____D C:\Users\TYNDALE1\AppData\Local\CrashDumps
    2015-09-07 20:35 - 2014-09-12 00:11 - 00000000 ____D C:\Users\TYNDALE1\Documents\Bluetooth Folder
    2015-09-07 03:34 - 2014-10-19 00:36 - 00000000 ____D C:\Users\TYNDALE1\AppData\Roaming\vlc
    2015-09-06 16:19 - 2015-04-20 20:51 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
    2015-09-06 16:18 - 2014-10-30 17:50 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
    2015-09-04 19:07 - 2015-07-15 21:30 - 00021688 _____ C:\Windows\setupact.log
    2015-09-04 15:58 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\system32\NDF
    2015-09-04 15:29 - 2015-04-19 20:40 - 00000000 ___RD C:\Users\TYNDALE1\Documents\Dropbox
    2015-09-04 15:29 - 2015-04-19 16:28 - 00000000 ____D C:\Users\TYNDALE1\AppData\Roaming\Dropbox
    2015-09-04 08:18 - 2015-06-09 09:36 - 00000077 _____ C:\Users\TYNDALE1\Documents\aionmemo_a4c9 d65.dat
    2015-09-03 19:30 - 2014-04-28 21:20 - 00863592 _____ C:\Windows\system32\PerfStringBackup.INI
    2015-09-02 22:23 - 2014-12-08 23:39 - 00000000 ____D C:\Users\TYNDALE1\Desktop\AION
    2015-09-02 22:09 - 2014-09-12 00:11 - 00000000 ____D C:\Users\TYNDALE1\AppData\Roaming\Atheros
    2015-09-02 22:05 - 2014-04-28 21:49 - 00000000 ____D C:\ProgramData\PCDr
    2015-09-02 09:27 - 2013-08-22 09:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
    2015-09-02 09:25 - 2013-08-22 08:25 - 00262144 ___SH C:\Windows\system32\config\BBI
    2015-09-02 09:24 - 2014-09-12 00:08 - 00000000 ____D C:\Users\TYNDALE1
    2015-08-31 12:36 - 2015-06-01 13:27 - 00000000 ____D C:\Users\TYNDALE1\AppData\Roaming\Aion RainMeter
    2015-08-31 12:35 - 2015-06-01 13:27 - 00000000 ____D C:\Program Files (x86)\Aion RainMeter
    2015-08-31 12:28 - 2014-10-19 03:24 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
    2015-08-31 12:25 - 2015-07-25 19:15 - 00004570 _____ C:\Windows\PFRO.log
    2015-08-29 20:18 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\InputMethod
    2015-08-27 19:17 - 2014-10-30 16:46 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2015-08-27 19:08 - 2015-06-11 14:51 - 00000000 ____D C:\Users\TYNDALE1\AppData\Local\TERA
    2015-08-27 13:03 - 2015-04-12 08:24 - 00003900 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
    2015-08-27 13:03 - 2015-04-12 08:24 - 00003664 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
    2015-08-26 18:37 - 2014-10-04 16:50 - 134753440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
    2015-08-25 16:58 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\rescache
    2015-08-24 11:12 - 2014-11-02 21:05 - 00000000 ____D C:\Users\TYNDALE1\AppData\Roaming\Skype
    2015-08-22 09:23 - 2015-02-01 07:31 - 00000000 ____D C:\ProgramData\BlueStacksSetup
    2015-08-22 09:09 - 2015-05-19 12:36 - 00000000 ____D C:\Program Files (x86)\BlueStacks
    2015-08-18 22:28 - 2013-08-22 09:44 - 05057672 _____ C:\Windows\system32\FNTCACHE.DAT
    2015-08-18 22:27 - 2014-11-16 17:17 - 00000000 ____D C:\Program Files\Microsoft Silverlight
    2015-08-18 22:27 - 2014-11-16 17:17 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
    2015-08-18 22:24 - 2015-04-28 21:39 - 00000000 ____D C:\Windows\system32\appraiser
    2015-08-18 22:24 - 2015-03-28 22:17 - 00000000 ___SD C:\Windows\system32\CompatTel
    2015-08-18 22:24 - 2013-08-22 10:36 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
    2015-08-18 22:24 - 2013-08-22 10:36 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
    2015-08-18 22:24 - 2013-08-22 10:36 - 00000000 ____D C:\Program Files\Windows Defender
    2015-08-18 22:24 - 2013-08-22 10:36 - 00000000 ____D C:\Program Files (x86)\Windows Defender
    2015-08-15 15:15 - 2014-11-16 17:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
    2015-08-15 15:03 - 2013-08-22 10:36 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
    2015-08-15 15:03 - 2013-08-22 10:36 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
    2015-08-15 00:14 - 2014-09-12 00:09 - 00000000 ____D C:\Users\TYNDALE1\AppData\Local\Packages
    2015-08-13 14:03 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\tracing
    2015-08-11 23:55 - 2014-11-02 21:04 - 00000000 ____D C:\ProgramData\Skype
    2015-08-11 03:04 - 2014-10-23 22:32 - 00000000 ____D C:\Windows\Minidump
    2015-08-10 02:32 - 2015-08-09 20:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Perfect World Entertainment
    2015-08-10 02:32 - 2014-12-11 11:26 - 00000000 ___HD C:\ArcTemp
    2015-08-10 01:58 - 2015-08-09 20:05 - 00000000 ____D C:\Program Files (x86)\Perfect World Entertainment

    ==================== Files in the root of some directories =======

    2015-03-21 13:14 - 2015-03-21 13:14 - 0000000 _____ () C:\Users\TYNDALE1\AppData\Roaming\Rim.Desktop.Exception.log
    2015-03-21 13:11 - 2015-06-27 00:55 - 0001937 _____ () C:\Users\TYNDALE1\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
    2015-03-21 13:14 - 2015-03-21 13:14 - 0000000 _____ () C:\Users\TYNDALE1\AppData\Roaming\Rim.DesktopHelper.Exception.log

    Some files in TEMP:
    ====================
    C:\Users\TYNDALE1\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpojgfle.dll


    ==================== Bamital & volsnap =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\system32\winlogon.exe => File is digitally signed
    C:\Windows\system32\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\system32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\system32\services.exe => File is digitally signed
    C:\Windows\system32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\system32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\system32\rpcss.dll => File is digitally signed
    C:\Windows\system32\dnsapi.dll => File is digitally signed
    C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
    C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2015-09-08 08:27

    ==================== End of FRST.txt ============================
     
  2. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    =================================

    [​IMG] You're not saying what your computer issues are.

    [​IMG] I still need second log from FRST (Addition.txt).
     
  3. Gesus

    Gesus TS Rookie Topic Starter

    Additional scan result of Farbar Recovery Scan Tool (x64) Version:07-09-2015

    Ran by TYNDALE1 (2015-09-09 02:57:33)

    Running from C:\Users\TYNDALE1\Desktop

    Windows 8.1 (X64) (2014-09-12 05:08:04)

    Boot Mode: Normal

    ==========================================================



    ==================== Accounts: =============================


    Administrator (S-1-5-21-4201076837-888121987-1116610915-500 - Administrator - Disabled)

    Guest (S-1-5-21-4201076837-888121987-1116610915-501 - Limited - Disabled)

    TYNDALE1 (S-1-5-21-4201076837-888121987-1116610915-1002 - Administrator - Enabled) => C:\Users\TYNDALE1


    ==================== Security Center ========================


    (If an entry is included in the fixlist, it will be removed.)


    AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}

    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

    FW: avast! Antivirus (Disabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}


    ==================== Installed Programs ======================


    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)


    µTorrent (HKU\S-1-5-21-4201076837-888121987-1116610915-1002\...\uTorrent) (Version: 3.4.4.40911 - BitTorrent Inc.)

    Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 17.0.0.144 - Adobe Systems Incorporated)

    Adobe Audition CS5.5 (HKLM-x32\...\{D5B1535A-FDFC-4B40-B2E2-21DA83D9CB57}) (Version: 4.0 - Adobe Systems Incorporated)

    Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.4.980 - Adobe Systems Incorporated.)

    Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.188 - Adobe Systems Incorporated)

    Adobe Story (HKLM-x32\...\com.adobe.AdobeStory.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.0.571 - Adobe Systems Incorporated)

    Aion (HKLM-x32\...\{B9291CA2-6FA5-44EA-8EE0-923EB32ADAAB}) (Version: 4.0.0.3 - NC Interactive, LLC)

    Aion RainMeter version 2.1 (HKLM-x32\...\{284CFEE9-720C-43C6-A276-1945CA4F6DDF}_is1) (Version: 2.1 - Rainy.ws)

    Amazon 1Button App (HKLM-x32\...\{0A7D6F3C-F2AB-48ED-BE23-99791BFF87D6}) (Version: 1.0.0.4 - Amazon)

    AMD Catalyst Install Manager (HKLM\...\{605559F1-9CFB-F1BF-2C79-93D291C6A41A}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)

    Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)

    Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)

    Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)

    Arc (HKLM-x32\...\{CED8E25B-122A-4E80-B612-7F99B93284B3}) (Version: 1.0.0.9668 - Perfect World Entertainment)

    Audible Download Manager (HKLM-x32\...\AudibleDownloadManager) (Version: 6.6.0.19 - Audible, Inc.)

    Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.2.2215 - AVAST Software)

    BlueStacks App Player (HKLM-x32\...\BlueStacks App Player) (Version: 0.9.30.9239 - BlueStack Systems, Inc.)

    BlueStacks Notification Center (HKLM-x32\...\{79809712-A577-4B8C-A9FC-51945690C7DC}) (Version: 0.9.30.9239 - BlueStack Systems, Inc.)

    Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)

    CCleaner (HKLM\...\CCleaner) (Version: 5.05 - Piriform)

    CyberLink Media Suite Essentials (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.)

    D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden

    Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.8.1.70 - Dell Inc.)

    Dell Data Vault (Version: 4.2.2.0 - Dell Inc.) Hidden

    Dell Digital Delivery (HKLM-x32\...\{D850CB7E-72BC-4510-BA4F-48932BFAB295}) (Version: 2.9.901.0 - Dell Products, LP)

    Dell Product Registration (HKLM-x32\...\{2A0F2CC5-3065-492C-8380-B03AA7106B1A}) (Version: 1.16.1 - Dell Inc.)

    Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.1.6664.10 - Dell)

    Dell SupportAssistAgent (HKLM-x32\...\{287348C8-8B47-4C36-AF28-441A3B7D8722}) (Version: 1.0.3.60494 - Dell)

    Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 17.0.13.0 - Synaptics Incorporated)

    Dell Update (HKLM-x32\...\{D9E0A33F-19D6-45A7-83BB-535C7B5F699B}) (Version: 1.5.3000.0 - Dell Inc.)

    Dell WLAN and Bluetooth Client Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Dell Inc.)

    Dropbox (HKU\S-1-5-21-4201076837-888121987-1116610915-1002\...\Dropbox) (Version: 3.8.8 - Dropbox, Inc.)

    FormatFactory 3.6.0.0 (HKLM-x32\...\FormatFactory) (Version: 3.6.0.0 - Format Factory)

    Fraps (HKLM-x32\...\Fraps) (Version: - )

    Free YouTube Downloader 4.1.419 (HKLM-x32\...\{A7E19604-93AF-4611-8C9F-CE509C2B286F}_is1) (Version: - HOW Inc.)

    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 45.0.2454.85 - Google Inc.)

    Google Update Helper (x32 Version: 1.3.21.169 - Google Inc.) Hidden

    Google Update Helper (x32 Version: 1.3.28.13 - Google Inc.) Hidden

    iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)

    Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)

    Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)

    Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)

    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)

    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)

    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)

    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)

    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)

    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)

    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)

    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)

    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)

    Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden

    Mozilla Firefox 40.0.3 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 40.0.3 (x86 en-US)) (Version: 40.0.3 - Mozilla)

    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 40.0.3.5716 - Mozilla)

    NCSOFT Game Launcher (HKLM-x32\...\NCLauncher_NCWest) (Version: - NCSOFT)

    Nokia Connectivity Cable Driver (HKLM\...\{BC4AE628-81A4-4FC6-863A-7A9BA2E2531F}) (Version: 7.1.32.69 - )

    OEM Application Profile (HKLM-x32\...\{70D5F822-F4C4-33D9-7EEC-2A4AF4EA7BDC}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)

    PocketCloud (HKLM-x32\...\{D9752C7D-A595-4687-A0D5-362E9C311C55}) (Version: 2.7.14 - Wyse Technology)

    PxMergeModule (x32 Version: 1.00.0000 - Your Company Name) Hidden

    Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.308 - Qualcomm Atheros Communications)

    Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 10.15.021 - Dell Inc.)

    Rainmeter (HKLM-x32\...\Rainmeter) (Version: 3.2.1 r2386 - )

    Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.39048 - Realtek Semiconductor Corp.)

    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7023 - Realtek Semiconductor Corp.)

    SAMSUNG Intelli-studio (HKLM-x32\...\Intelli-studio) (Version: 3.1.32.1 - Samsung Electronics Co., Ltd.)

    Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.4.0.9058 - Microsoft Corporation)

    Skype™ 7.7 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.7.103 - Skype Technologies S.A.)

    Torch (HKU\S-1-5-21-4201076837-888121987-1116610915-1002\...\Torch) (Version: 36.0.0.8667 - Torch Media, Inc) <==== ATTENTION

    Unity Web Player (HKU\S-1-5-21-4201076837-888121987-1116610915-1002\...\UnityWebPlayer) (Version: 4.6.2f1 - Unity Technologies ApS)

    Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)

    Vegas Pro 13.0 (64-bit) (HKLM\...\{3814DB30-091D-11E4-BDE0-F04DA23A5C58}) (Version: 13.0.373 - Sony)

    Ventrilo Client for Windows x64 (HKLM\...\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}) (Version: 3.0.8.0 - Flagship Industries, Inc.)

    VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)

    Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)

    WinRAR 5.21 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)


    ==================== Custom CLSID (Whitelisted): ==========================


    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    CustomCLSID: HKU\S-1-5-21-4201076837-888121987-1116610915-1002_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\TYNDALE1\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

    CustomCLSID: HKU\S-1-5-21-4201076837-888121987-1116610915-1002_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\TYNDALE1\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)

    CustomCLSID: HKU\S-1-5-21-4201076837-888121987-1116610915-1002_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\TYNDALE1\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)

    CustomCLSID: HKU\S-1-5-21-4201076837-888121987-1116610915-1002_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\TYNDALE1\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)

    CustomCLSID: HKU\S-1-5-21-4201076837-888121987-1116610915-1002_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\TYNDALE1\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)

    CustomCLSID: HKU\S-1-5-21-4201076837-888121987-1116610915-1002_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\TYNDALE1\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)

    CustomCLSID: HKU\S-1-5-21-4201076837-888121987-1116610915-1002_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\TYNDALE1\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)

    CustomCLSID: HKU\S-1-5-21-4201076837-888121987-1116610915-1002_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\TYNDALE1\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)

    CustomCLSID: HKU\S-1-5-21-4201076837-888121987-1116610915-1002_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\TYNDALE1\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)

    CustomCLSID: HKU\S-1-5-21-4201076837-888121987-1116610915-1002_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\TYNDALE1\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)

    CustomCLSID: HKU\S-1-5-21-4201076837-888121987-1116610915-1002_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\TYNDALE1\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)


    ==================== Restore Points =========================


    18-08-2015 22:01:53 Windows Update

    27-08-2015 19:04:51 Removed TERA

    08-09-2015 04:45:10 Scheduled Checkpoint


    ==================== Hosts content: ==========================


    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)


    2014-10-30 16:14 - 2014-10-30 16:20 - 00001807 ____A C:\Windows\system32\Drivers\etc\hosts

    127.0.0.1 3dns.adobe.com 3dns-1.adobe.com 3dns-2.adobe.com 3dns-3.adobe.com 3dns-4.adobe.com activate.adobe.com activate-sea.adobe.com activate-sjc0.adobe.com activate.wip.adobe.com

    127.0.0.1 activate.wip1.adobe.com activate.wip2.adobe.com activate.wip3.adobe.com activate.wip4.adobe.com adobe-dns.adobe.com adobe-dns-1.adobe.com adobe-dns-2.adobe.com adobe-dns-3.adobe.com adobe-dns-4.adobe.com

    127.0.0.1 adobeereg.com practivate.adobe practivate.adobe.com practivate.adobe.newoa practivate.adobe.ntp practivate.adobe.ipp ereg.adobe.com ereg.wip.adobe.com ereg.wip1.adobe.com

    127.0.0.1 ereg.wip2.adobe.com ereg.wip3.adobe.com ereg.wip4.adobe.com hl2rcv.adobe.com wip.adobe.com wip1.adobe.com wip2.adobe.com wip3.adobe.com wip4.adobe.com

    127.0.0.1 www.adobeereg.com wwis-dubc1-vip60.adobe.com www.wip.adobe.com www.wip1.adobe.com

    127.0.0.1 www.wip2.adobe.com www.wip3.adobe.com www.wip4.adobe.com wwis-dubc1-vip60.adobe.com crl.verisign.net CRL.VERISIGN.NET ood.opsource.net



    ==================== Scheduled Tasks (Whitelisted) =============


    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    Task: {05440C9A-75EC-4517-93F4-30B46ACDBA0F} - System32\Tasks\Dell\Dell System Registration => C:\Program Files (x86)\System Registration\prodreg.exe [2012-07-09] (Dell, Inc.)

    Task: {112DF6AC-7484-42CA-96D8-3B244BA5A701} - System32\Tasks\PocketCloudUpdater => C:\Program

    Task: {158396C3-8E0A-4886-9F57-58708A1D1776} - System32\Tasks\{A58E2B7A-479C-4527-BDD3-6C1062B9B159} => pcalua.exe -a C:\Users\TYNDALE1\AppData\Local\Torch\uninstall.exe

    Task: {166E920F-C6C0-407C-B3C8-DDC800C8D441} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2013-03-04] (CyberLink)

    Task: {1AF4383D-C3B6-4461-8AD4-CFED77A150C8} - System32\Tasks\PocketCloudVirtualChannel => C:\Program Files (x86)\Wyse\PocketCloud\WPCRDPVirtualChannelServer.exe [2013-08-22] ()

    Task: {3187D17E-7ABD-449E-B567-47EC264EF5D8} - System32\Tasks\AdobeAAMUpdater-1.0-DAKUENJERU-TYNDALE1 => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2011-03-15] (Adobe Systems Incorporated)

    Task: {4E9189A9-851A-4CBD-8A46-6D771F13395C} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-4201076837-888121987-1116610915-1002UA => C:\Users\TYNDALE1\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-29] (Dropbox, Inc.)

    Task: {60A9B76E-8F78-4DFF-8300-FBC4D2FF677E} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-04-08] (Piriform Ltd)

    Task: {6A8590C3-E69B-4EBD-BCAF-33F1F134B2AD} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell\SupportAssist\uaclauncher.exe [2015-05-25] (PC-Doctor, Inc.)

    Task: {885977AC-2278-4A6B-8D0A-FCBD445303D5} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Rundll32.exe invagent.dll,RunUpdate -noappraiser

    Task: {887D00B8-A3F5-4712-A250-8813E2C66A82} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)

    Task: {8A7914CF-3897-4DC1-AA36-264098BEC7BD} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)

    Task: {9387BCF3-6E4E-47D5-8C2C-A927862894F8} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)

    Task: {A64B9C10-B028-4CCC-83EE-E3E1CDFF7137} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-08-26] (Microsoft Corporation)

    Task: {B83BB428-B10B-41B2-B9EE-5F6847E50C75} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-06-01] (Adobe Systems Incorporated)

    Task: {B86B0124-5BBA-416E-9258-19C6DCB6B1D9} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-4201076837-888121987-1116610915-1002Core => C:\Users\TYNDALE1\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-29] (Dropbox, Inc.)

    Task: {C8FBF638-7D18-4EC5-88E6-0B8B7BD7E257} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-06-19] (Avast Software s.r.o.)

    Task: {CBFB7A8C-25FA-4BE0-BCF4-F8967523D3D1} - System32\Tasks\PocketCloud => C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudDesktopApp.exe [2013-08-22] ()

    Task: {D6933D97-D8E4-49F9-96F5-F213BF6316D5} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2013-03-22] (CyberLink Corp.)

    Task: {D9217B2B-0B77-4431-9E62-FA1710624EC2} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-09-06] (Synaptics Incorporated)

    Task: {DB398DF3-8D73-45F7-946A-61B23EAE74A7} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe

    Task: {EFC874B7-D069-4F74-96A7-EEB99ED8FBE9} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssist.exe [2015-04-10] (Dell Inc.)

    Task: {FC90F3A3-4D1F-4999-A4BD-C71F0500C36E} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Dell\SupportAssist\sessionchecker.exe [2015-05-25] (PC-Doctor, Inc.)


    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

    Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-4201076837-888121987-1116610915-1002Core.job => C:\Users\TYNDALE1\AppData\Local\Dropbox\Update\DropboxUpdate.exe

    Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-4201076837-888121987-1116610915-1002UA.job => C:\Users\TYNDALE1\AppData\Local\Dropbox\Update\DropboxUpdate.exe

    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe


    ==================== Loaded Modules (Whitelisted) ==============


    2015-04-30 09:48 - 2015-04-29 23:18 - 01011200 _____ () C:\Program Files (x86)\BlueStacks\HD-Adb.exe

    2013-10-30 01:11 - 2013-10-30 01:11 - 00011264 _____ () C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll

    2013-10-30 01:07 - 2013-10-30 01:07 - 00086016 _____ () C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Modules\Map\MAP.dll

    2013-10-30 01:15 - 2013-10-30 01:15 - 00012928 _____ () C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\ActivateDesktop.exe

    2013-10-30 01:16 - 2013-10-30 01:16 - 00384128 _____ () C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\ContactsApi.dll

    2014-10-18 20:46 - 2015-07-22 16:08 - 01470464 _____ () C:\Program Files (x86)\NCSOFT\Aion\bin64\CryPhysics.dll

    2014-10-18 20:46 - 2015-07-22 16:08 - 01103360 _____ () C:\Program Files (x86)\NCSOFT\Aion\bin64\CryMovie.dll

    2014-10-18 19:25 - 2015-07-22 16:08 - 04120576 _____ () C:\Program Files (x86)\NCSOFT\Aion\bin64\XRenderD3D9.dll

    2014-10-18 20:46 - 2015-07-22 16:07 - 00028160 _____ () C:\Program Files (x86)\NCSOFT\Aion\bin64\CryInput.dll

    2014-10-18 20:46 - 2015-07-22 16:08 - 00429056 _____ () C:\Program Files (x86)\NCSOFT\Aion\bin64\CrySoundSystem.dll

    2014-10-18 20:46 - 2015-07-22 16:07 - 00654848 _____ () C:\Program Files (x86)\NCSOFT\Aion\bin64\CryFont.dll

    2014-10-18 19:07 - 2015-07-22 16:07 - 00694272 _____ () C:\Program Files (x86)\NCSOFT\Aion\bin64\CryEntitySystem.dll

    2014-10-18 20:46 - 2015-07-22 16:07 - 02139136 _____ () C:\Program Files (x86)\NCSOFT\Aion\bin64\CryAnimation.dll

    2014-10-18 19:07 - 2015-07-22 16:06 - 02686976 _____ () C:\Program Files (x86)\NCSOFT\Aion\bin64\Cry3DEngine.dll

    2014-10-18 19:25 - 2015-07-22 16:08 - 00326144 _____ () C:\Program Files (x86)\NCSOFT\Aion\bin64\TextEngine.dll

    2015-04-11 18:44 - 2015-04-11 18:44 - 00104400 _____ () C:\Program Files\AVAST Software\Avast\log.dll

    2015-04-11 18:44 - 2015-04-11 18:44 - 00081728 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll

    2015-09-02 07:14 - 2015-09-02 07:14 - 02961408 _____ () C:\Program Files\AVAST Software\Avast\defs\15090200\algo.dll

    2015-09-08 17:18 - 2015-09-08 17:18 - 02962432 _____ () C:\Program Files\AVAST Software\Avast\defs\15090803\algo.dll

    2015-04-11 18:44 - 2015-04-11 18:44 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll

    2015-09-04 15:28 - 2015-09-04 15:28 - 00071168 _____ () c:\users\tyndale1\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpojgfle.dll

    2015-09-04 15:28 - 2015-08-05 00:26 - 00012800 _____ () C:\Users\TYNDALE1\AppData\Roaming\Dropbox\bin\QtQuick.2\qtquick2plugin.dll

    2015-09-04 15:27 - 2015-08-05 00:26 - 00779776 _____ () C:\Users\TYNDALE1\AppData\Roaming\Dropbox\bin\QtQuick\Controls\qtquickcontrolsplugin.dll

    2015-09-04 15:28 - 2015-08-05 00:26 - 00056320 _____ () C:\Users\TYNDALE1\AppData\Roaming\Dropbox\bin\QtQuick\Layouts\qquicklayoutsplugin.dll

    2015-09-04 15:28 - 2015-08-05 00:26 - 00012288 _____ () C:\Users\TYNDALE1\AppData\Roaming\Dropbox\bin\QtQuick\Window.2\windowplugin.dll

    2015-09-03 01:16 - 2015-08-27 19:17 - 01501512 _____ () C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.85\libglesv2.dll

    2015-09-03 01:16 - 2015-08-27 19:17 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.85\libegl.dll

    2015-09-03 01:17 - 2015-08-27 19:17 - 16393032 _____ () C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.85\PepperFlash\pepflashplayer.dll

    2015-05-07 16:48 - 2014-09-01 08:23 - 00195584 _____ () C:\Program Files (x86)\BlueStacks\libEGL.dll

    2015-05-07 16:48 - 2014-09-01 08:23 - 01467392 _____ () C:\Program Files (x86)\BlueStacks\libGLESv2.dll


    ==================== Alternate Data Streams (Whitelisted) =========


    (If an entry is included in the fixlist, only the ADS will be removed.)


    AlternateDataStreams: C:\Users\TYNDALE1\Cookies:QD11JBjqm4yYR9jM6


    ==================== Safe Mode (Whitelisted) ===================


    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""


    ==================== EXE Association (Whitelisted) ===============


    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)



    ==================== Internet Explorer trusted/restricted ===============


    (If an entry is included in the fixlist, it will be removed from the registry.)


    IE trusted site: HKU\S-1-5-21-4201076837-888121987-1116610915-1002\...\dell.com -> dell.com



    ==================== Other Areas ============================


    (Currently there is no automatic fix for this section.)


    HKU\S-1-5-21-4201076837-888121987-1116610915-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\TYNDALE1\AppData\Roaming\Rainmeter\Wallpaper.bmp

    DNS Servers: 10.0.0.1

    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)

    Windows Firewall is enabled.


    ==================== MSCONFIG/TASK MANAGER disabled items ==


    (Currently there is no automatic fix for this section.)


    MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3

    MSCONFIG\Services: AERTFilters => 2

    MSCONFIG\Services: AMD External Events Utility => 2

    MSCONFIG\Services: AMD FUEL Service => 2

    MSCONFIG\Services: Apple Mobile Device => 2

    MSCONFIG\Services: AtherosSvc => 2

    MSCONFIG\Services: Blackberry Device Manager => 3

    MSCONFIG\Services: Bonjour Service => 2

    MSCONFIG\Services: BstHdAndroidSvc => 2

    MSCONFIG\Services: BstHdLogRotatorSvc => 2

    MSCONFIG\Services: BstHdUpdaterSvc => 2

    MSCONFIG\Services: DellDataVault => 2

    MSCONFIG\Services: DellDataVaultWiz => 2

    MSCONFIG\Services: DellUpdate => 2

    MSCONFIG\Services: gupdate => 2

    MSCONFIG\Services: gupdatem => 3

    MSCONFIG\Services: iPod Service => 3

    MSCONFIG\Services: MozillaMaintenance => 3

    MSCONFIG\Services: RichVideo => 2

    MSCONFIG\Services: RtkAudioService => 2

    MSCONFIG\Services: SftService => 2

    MSCONFIG\Services: SkypeUpdate => 2

    MSCONFIG\Services: SupportAssistAgent => 2

    MSCONFIG\Services: WysePocketCloud => 2

    MSCONFIG\Services: WyseRemoteAccess => 2

    HKLM\...\StartupApproved\Run: => "QuickSet"

    HKLM\...\StartupApproved\Run32: => "NCUpdateHelper"

    HKLM\...\StartupApproved\Run32: => "iTunesHelper"

    HKLM\...\StartupApproved\Run32: => "BlueStacks Agent"

    HKU\S-1-5-21-4201076837-888121987-1116610915-1002\...\StartupApproved\Run: => "Skype"

    HKU\S-1-5-21-4201076837-888121987-1116610915-1002\...\StartupApproved\Run: => "DellSystemDetect"

    HKU\S-1-5-21-4201076837-888121987-1116610915-1002\...\StartupApproved\Run: => "CCleaner Monitoring"


    ==================== FirewallRules (Whitelisted) ===============


    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139

    FirewallRules: [{6FD4F68C-F47E-495B-B6C8-8B673649B0CA}] => (Allow) C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudDesktopApp.exe

    FirewallRules: [{79CB4A86-0974-4AC2-8D01-C1C1C8A9465B}] => (Allow) C:\Program Files (x86)\Wyse\PocketCloud\WyseRemoteAccess.exe

    FirewallRules: [{03D82916-802E-4849-B8D9-CD767B84EA80}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE

    FirewallRules: [{775C0A1C-6469-4A64-A3CE-606217E50617}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD Cinema\PowerDVDCinema12.exe

    FirewallRules: [{210ED0A5-3AB0-4417-ADFA-B7E162B0E14C}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe

    FirewallRules: [{EACDCAFC-36EE-49D8-99BB-16B0106436F3}] => (Allow) LPort=2869

    FirewallRules: [{AA63EF49-221D-4DE6-9044-13770ACC9543}] => (Allow) LPort=1900

    FirewallRules: [{CDAEECEC-CA84-4A6A-AA1E-78CAB09FC3AB}] => (Allow) C:\Users\TYNDALE1\AppData\Roaming\uTorrent\uTorrent.exe

    FirewallRules: [{140D8633-ACC4-4439-99D2-3C8DFE9D4B83}] => (Allow) C:\Users\TYNDALE1\AppData\Roaming\uTorrent\uTorrent.exe

    FirewallRules: [{C1D6CA3B-7B2D-4034-A554-F5D3397679FD}] => (Allow) C:\Program Files (x86)\Amazon\Amazon1ButtonApp\Amazon1ButtonTaskbarApp.exe

    FirewallRules: [{49523AF5-2A97-47CA-A5DC-29B152CA6740}] => (Allow) C:\Program Files (x86)\Amazon\Amazon1ButtonApp\Amazon1ButtonTaskbarApp.exe

    FirewallRules: [{010CB328-2D98-4FEF-9578-A17E570D1B91}] => (Allow) C:\Program Files\Ventrilo\Ventrilo.exe

    FirewallRules: [{9DF183AD-63FF-4DBB-8167-8E7810F53BBD}] => (Allow) C:\Program Files\Ventrilo\Ventrilo.exe

    FirewallRules: [TCP Query User{4F56CCB2-2F0D-4D94-8419-D02BA65B3D06}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe

    FirewallRules: [UDP Query User{4AFBBD08-B79D-4232-8FEA-F3E0CB944821}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe

    FirewallRules: [TCP Query User{E8D0DA34-E307-40EE-8C38-E0D1DCB3F54B}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe

    FirewallRules: [{1AE4FE4D-7BF0-45A2-BC6B-9161B7DD3D2D}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe

    FirewallRules: [{81A7C681-C9ED-4C8F-984E-2D23E0327580}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe

    FirewallRules: [{B1F43FB8-A398-4D2E-BD9F-45ED80C7604C}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe

    FirewallRules: [{6443FE9B-E03E-4D09-AF2F-39FDE4BA50E1}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe

    FirewallRules: [{3B029037-66BC-4211-B976-0D4CA228B062}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe

    FirewallRules: [TCP Query User{517E5BE1-EDEA-4B38-9F5B-A93F600E4568}C:\program files (x86)\ncwest\nclauncher\ncupdatehelper.exe] => (Allow) C:\program files (x86)\ncwest\nclauncher\ncupdatehelper.exe

    FirewallRules: [UDP Query User{9561B7C5-4E43-4DE2-ACA2-66DE2C54D6BC}C:\program files (x86)\ncwest\nclauncher\ncupdatehelper.exe] => (Allow) C:\program files (x86)\ncwest\nclauncher\ncupdatehelper.exe

    FirewallRules: [TCP Query User{55173236-8DE6-4B85-B195-20773ED948D2}C:\program files (x86)\videolan\vlc\vlc.exe] => (Block) C:\program files (x86)\videolan\vlc\vlc.exe

    FirewallRules: [UDP Query User{0BC78C7D-FE4C-407A-B705-25A2EB7981B2}C:\program files (x86)\videolan\vlc\vlc.exe] => (Block) C:\program files (x86)\videolan\vlc\vlc.exe

    FirewallRules: [{F593DCE6-9E90-4DFA-B15F-CFDDBD01A1CE}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

    FirewallRules: [{6906AD26-A90E-481E-BDE2-AB786FABEB3F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

    FirewallRules: [TCP Query User{85F5E0E0-FB90-4AB9-91C8-EB3A66EA166E}C:\program files (x86)\freetime\formatfactory\formatfactory.exe] => (Allow) C:\program files (x86)\freetime\formatfactory\formatfactory.exe

    FirewallRules: [UDP Query User{B2966C5C-6EEA-46D2-9B63-16257A92A4E3}C:\program files (x86)\freetime\formatfactory\formatfactory.exe] => (Allow) C:\program files (x86)\freetime\formatfactory\formatfactory.exe

    FirewallRules: [TCP Query User{6F72CD70-035C-4C58-860D-EC162A6698FA}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe

    FirewallRules: [UDP Query User{8ECC641F-3895-4550-8EB0-60A7C51A0737}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe

    FirewallRules: [{D457719E-7E08-4733-8F85-EF3AC9B9EF13}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe

    FirewallRules: [{4FD309D1-C504-48CD-AF58-2668D2CB2DDE}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe

    FirewallRules: [{879CC475-A36C-4925-99D7-D190F6D9C0FE}] => (Allow) C:\Users\TYNDALE1\AppData\Roaming\Dropbox\bin\Dropbox.exe

    FirewallRules: [{15172F49-C803-4672-A0F5-F09EBA88B3C1}] => (Allow) C:\Users\TYNDALE1\AppData\Roaming\Dropbox\bin\Dropbox.exe

    FirewallRules: [TCP Query User{363D48E5-5971-459D-A33F-F8C1F519825D}C:\users\tyndale1\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\tyndale1\appdata\roaming\dropbox\bin\dropbox.exe

    FirewallRules: [UDP Query User{0A42360E-4E7C-4F66-A291-71914F4104E6}C:\users\tyndale1\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\tyndale1\appdata\roaming\dropbox\bin\dropbox.exe

    FirewallRules: [TCP Query User{ED184F5A-BC44-4A94-B751-27CB914498F7}C:\program files (x86)\videolan\vlc\vlc.exe] => (Block) C:\program files (x86)\videolan\vlc\vlc.exe

    FirewallRules: [UDP Query User{3BAEB753-BC97-459D-9C39-6C6D05FFDA36}C:\program files (x86)\videolan\vlc\vlc.exe] => (Block) C:\program files (x86)\videolan\vlc\vlc.exe

    FirewallRules: [{09B78F5D-A95C-4FB0-A00E-67038757C7DE}] => (Allow) C:\Program Files (x86)\NCWest\NCLauncher\NCLauncher.exe

    FirewallRules: [{2960C3FD-5469-4FA4-9733-7C39DB136155}] => (Allow) C:\Program Files (x86)\NCWest\NCLauncher\NCLauncher.exe

    FirewallRules: [TCP Query User{D3C882F3-4855-4973-95CA-CEDD0B85AC06}C:\program files (x86)\ncwest\nclauncher\ncupdatehelper.exe] => (Allow) C:\program files (x86)\ncwest\nclauncher\ncupdatehelper.exe

    FirewallRules: [UDP Query User{3DCEDCF9-B964-4183-81FF-D4B8D6A2C41B}C:\program files (x86)\ncwest\nclauncher\ncupdatehelper.exe] => (Allow) C:\program files (x86)\ncwest\nclauncher\ncupdatehelper.exe

    FirewallRules: [{4832D480-B5FE-40CC-BB8F-C0CF47A9EF49}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


    ==================== Faulty Device Manager Devices =============



    ==================== Event log errors: =========================


    Application errors:

    ==================

    Error: (09/07/2015 08:35:59 PM) (Source: Application Error) (EventID: 1000) (User: )

    Description: Faulting application name: GWXUX.exe, version: 6.3.9600.17924, time stamp: 0x55959290

    Faulting module name: ntdll.dll, version: 6.3.9600.17936, time stamp: 0x55a68e0c

    Exception code: 0xc0000005

    Fault offset: 0x000000000003d86e

    Faulting process id: 0x24a0

    Faulting application start time: 0xGWXUX.exe0

    Faulting application path: GWXUX.exe1

    Faulting module path: GWXUX.exe2

    Report Id: GWXUX.exe3

    Faulting package full name: GWXUX.exe4

    Faulting package-relative application ID: GWXUX.exe5


    Error: (09/05/2015 04:31:17 PM) (Source: Application Error) (EventID: 1000) (User: )

    Description: Faulting application name: svchost.exe_SSDPSRV, version: 6.3.9600.17415, time stamp: 0x54504177

    Faulting module name: ntdll.dll, version: 6.3.9600.17936, time stamp: 0x55a68e0c

    Exception code: 0xc0000008

    Fault offset: 0x000000000009311a

    Faulting process id: 0x8ac

    Faulting application start time: 0xsvchost.exe_SSDPSRV0

    Faulting application path: svchost.exe_SSDPSRV1

    Faulting module path: svchost.exe_SSDPSRV2

    Report Id: svchost.exe_SSDPSRV3

    Faulting package full name: svchost.exe_SSDPSRV4

    Faulting package-relative application ID: svchost.exe_SSDPSRV5


    Error: (09/05/2015 01:09:02 AM) (Source: Application Error) (EventID: 1000) (User: )

    Description: Faulting application name: NCUpdateHelper.exe, version: 0.0.0.1, time stamp: 0x525b6657

    Faulting module name: NCUpdateHelper.exe, version: 0.0.0.1, time stamp: 0x525b6657

    Exception code: 0xc000000d

    Fault offset: 0x0001d162

    Faulting process id: 0x2030

    Faulting application start time: 0xNCUpdateHelper.exe0

    Faulting application path: NCUpdateHelper.exe1

    Faulting module path: NCUpdateHelper.exe2

    Report Id: NCUpdateHelper.exe3

    Faulting package full name: NCUpdateHelper.exe4

    Faulting package-relative application ID: NCUpdateHelper.exe5


    Error: (09/04/2015 02:50:08 PM) (Source: Application Hang) (EventID: 1002) (User: )

    Description: The program elementclient.exe version 0.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.


    Process ID: 20d8


    Start Time: 01d0e6b485a08b5e


    Termination Time: 184


    Application Path: C:\Program Files (x86)\Perfect World Entertainment\PWI_en\element\elementclient.exe


    Report Id: 1fa3a8c8-533e-11e5-82d3-645a0434e437


    Faulting package full name:


    Faulting package-relative application ID:


    Error: (09/04/2015 02:45:20 PM) (Source: Application Hang) (EventID: 1002) (User: )

    Description: The program elementclient.exe version 0.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.


    Process ID: 2700


    Start Time: 01d0e73c2add5d96


    Termination Time: 89


    Application Path: C:\Program Files (x86)\Perfect World Entertainment\PWI_en\element\elementclient.exe


    Report Id: 3d2f2da2-533d-11e5-82d3-645a0434e437


    Faulting package full name:


    Faulting package-relative application ID:


    Error: (09/04/2015 11:28:24 AM) (Source: Application Error) (EventID: 1000) (User: )

    Description: Faulting application name: NCUpdateHelper.exe, version: 0.0.0.1, time stamp: 0x525b6657

    Faulting module name: NCUpdateHelper.exe, version: 0.0.0.1, time stamp: 0x525b6657

    Exception code: 0xc000000d

    Fault offset: 0x0001d162

    Faulting process id: 0x13b0

    Faulting application start time: 0xNCUpdateHelper.exe0

    Faulting application path: NCUpdateHelper.exe1

    Faulting module path: NCUpdateHelper.exe2

    Report Id: NCUpdateHelper.exe3

    Faulting package full name: NCUpdateHelper.exe4

    Faulting package-relative application ID: NCUpdateHelper.exe5


    Error: (09/04/2015 08:20:25 AM) (Source: Application Error) (EventID: 1000) (User: )

    Description: Faulting application name: aion.bin, version: 4815.107.707.9356, time stamp: 0x559bb1d3

    Faulting module name: XRenderD3D9.dll, version: 0.0.0.0, time stamp: 0x559bb017

    Exception code: 0xc0000005

    Fault offset: 0x000000000020de6c

    Faulting process id: 0x1934

    Faulting application start time: 0xaion.bin0

    Faulting application path: aion.bin1

    Faulting module path: aion.bin2

    Report Id: aion.bin3

    Faulting package full name: aion.bin4

    Faulting package-relative application ID: aion.bin5


    Error: (09/03/2015 06:41:35 PM) (Source: Application Hang) (EventID: 1002) (User: )

    Description: The program wwahost.exe version 6.3.9600.17415 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.


    Process ID: 13b0


    Start Time: 01d0e6a147e05bfd


    Termination Time: 4294967295


    Application Path: C:\Windows\system32\wwahost.exe


    Report Id: 8f8bfc37-5294-11e5-82d3-645a0434e437


    Faulting package full name: Microsoft.BingFoodAndDrink_3.0.4.336_x64__8wekyb3d8bbwe


    Faulting package-relative application ID: AppexFoodAndDrink


    Error: (09/03/2015 06:36:21 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DAKUENJERU)

    Description: Activation of app Microsoft.BingFoodAndDrink_8wekyb3d8bbwe!AppexFoodAndDrink failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.


    Error: (09/03/2015 06:36:11 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2486) (User: DAKUENJERU)

    Description: App Microsoft.BingFoodAndDrink_3.0.4.336_x64__8wekyb3d8bbwe+AppexFoodAndDrink did not launch within its allotted time.



    System errors:

    =============

    Error: (09/09/2015 12:16:24 AM) (Source: Ntfs) (EventID: 137) (User: )

    Description: The default transaction resource manager on volume \\?\Volume{62dc67f4-7532-4dd6-ada5-d19f943de20a} encountered a non-retryable error and could not start. The data contains the error code.


    Error: (09/08/2015 11:13:21 PM) (Source: Service Control Manager) (EventID: 7034) (User: )

    Description: The BlueStacks Log Rotator Service service terminated unexpectedly. It has done this 1 time(s).


    Error: (09/08/2015 11:13:18 PM) (Source: Service Control Manager) (EventID: 7034) (User: )

    Description: The BlueStacks Updater Service service terminated unexpectedly. It has done this 1 time(s).


    Error: (09/08/2015 06:51:39 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)

    Description: Installation Failure: Windows failed to install the following update with error 0x80071a90: Security Update for Windows 8.1 for x64-based Systems (KB3086255).


    Error: (09/08/2015 06:40:49 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

    Description: The Windows Search service failed to start due to the following error:

    %%1053


    Error: (09/08/2015 06:40:49 PM) (Source: Service Control Manager) (EventID: 7009) (User: )

    Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.


    Error: (09/08/2015 05:03:04 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)

    Description: Installation Failure: Windows failed to install the following update with error 0x80240020: Upgrade to Windows 10 Home.


    Error: (09/08/2015 08:28:35 AM) (Source: DCOM) (EventID: 10010) (User: DAKUENJERU)

    Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}


    Error: (09/08/2015 08:28:05 AM) (Source: DCOM) (EventID: 10010) (User: DAKUENJERU)

    Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}


    Error: (09/08/2015 04:54:24 AM) (Source: DCOM) (EventID: 10010) (User: DAKUENJERU)

    Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}



    Microsoft Office:

    =========================


    ==================== Memory info ===========================


    Processor: AMD A10-5745M APU with Radeon(tm) HD Graphics

    Percentage of memory in use: 77%

    Total physical RAM: 7365.01 MB

    Available physical RAM: 1656.3 MB

    Total Virtual: 14789.01 MB

    Available Virtual: 8531.5 MB


    ==================== Drives ================================


    Drive c: (OS) (Fixed) (Total:921.82 GB) (Free:474.35 GB) NTFS

    Drive d: (Movies) (CDROM) (Total:4.08 GB) (Free:0 GB) CDFS


    ==================== MBR & Partition Table ==================


    ========================================================

    Disk: 0 (Size: 931.5 GB) (Disk ID: CEE0B1D8)


    Partition: GPT.


    ==================== End of Addition.txt ============================
     
  4. Gesus

    Gesus TS Rookie Topic Starter

    The issue I'm having is that I'm only seeing 474.35 GB free and 125 GB of 921 GB is information I have. I am unable to locate the remaining GBs.
     
  5. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    Where is that information from?
     
  6. Gesus

    Gesus TS Rookie Topic Starter

    After checking the total space taken up by : Videos, Music, Desktop, Documents, Downloads and Pictures.
     
  7. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    It doesn't work that way.
    There is a space taken by operating system (Windows) nad other stuff.
    You can't simply add space taken by folders you see.

    Your FRST logs look clean btw.
     
  8. Gesus

    Gesus TS Rookie Topic Starter

    Thank you.
    So you're saying that I should uninstall other programs to see the space I have left.
     
  9. Broni

    Broni Malware Annihilator Posts: 52,892   +344

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...