Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

infected with primosearch and maybe more....help please. [Solved]


  • This topic is locked This topic is locked

#1
mrpooh3

mrpooh3

    Member

  • Member
  • PipPipPip
  • 281 posts

hi,my chrome browser keeps redirecting me to ads due to something called primosearch.I downloaded a trial of yac(yet anothercleaner)to try and remove it however I still have it and can't get rid of it....yac also picked up two pups which my kav2015 picked up around two weeks ago and eliminated so I don't know if yac removed or restored these aswell.

My laptop is running windows 7 pro 64-bit os.

 

I downloaded and ran FRST as admin.here are my logs :

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-04-2015
Ran by Ally (administrator) on ALLYBALLYBONGO on 11-04-2015 23:27:36
Running from C:\Users\Ally\Downloads
Loaded Profiles: Ally (Available profiles: Ally)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avp.exe
(Microsoft Corporation) C:\Windows\System32\CISVC.EXE
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
(Dell Inc.) C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
() C:\Program Files\pia_manager\pia_manager.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler64.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
() C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
() C:\Program Files (x86)\RocketDock\RocketDock.exe
(http://www.ruby-lang.org/) C:\Users\Ally\AppData\Local\Temp\ocr7203.tmp\bin\rubyw.exe
(Reflection Software Solutions Pvt. Ltd.) C:\Program Files (x86)\CraveWorldClock\CWClock.exe
(Spotify Ltd) C:\Users\Ally\AppData\Roaming\Spotify\SpotifyWebHelper.exe
() C:\Users\Ally\AppData\Roaming\AceWebExtension\updater\ace_web_extension.exe
(Dell Inc.) C:\Program Files\Dell\Dell System Manager\DCPSysMgr.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe
() C:\Program Files\pia_manager\pia_manager.exe
(http://www.ruby-lang.org/) C:\Users\Ally\AppData\Local\Temp\ocrC428.tmp\bin\rubyw.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avpui.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
() C:\Program Files\pia_manager\pia_tray\pia_tray.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVault.exe
(Elex do Brasil Participações Ltda) C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe
(Elex do Brasil Participações Ltda) C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc2.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\wmi64.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe [6492672 2011-01-18] (Dell Inc.)
HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [698712 2013-02-21] (Alps Electric Co., Ltd.)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [525312 2011-01-25] (IDT, Inc.)
HKLM\...\Run: [FreeFallProtection] => C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe [686744 2012-09-05] ()
HKLM-x32\...\Run: [DFX] => C:\Program Files (x86)\DFX\DFX.exe [1270064 2014-12-11] ()
HKLM-x32\...\Run: [RUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe [115048 2011-09-20] (Renesas Electronics Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-19\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-20\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-21-52834813-3660881880-2756664971-1000\...\Run: [RocketDock] => C:\Program Files (x86)\RocketDock\RocketDock.exe [495616 2007-09-02] ()
HKU\S-1-5-21-52834813-3660881880-2756664971-1000\...\Run: [Crave World Clock] => C:\Program Files (x86)\CraveWorldClock\CWClock.exe [3687120 2012-03-26] (Reflection Software Solutions Pvt. Ltd.)
HKU\S-1-5-21-52834813-3660881880-2756664971-1000\...\Run: [AceWebExtensionUpdater] => C:\Users\Ally\AppData\Roaming\AceWebExtension\updater\ace_web_extension.exe [22824 2015-02-28] ()
HKU\S-1-5-21-52834813-3660881880-2756664971-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-52834813-3660881880-2756664971-1000\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 1
HKU\S-1-5-21-52834813-3660881880-2756664971-1000\...\Policies\Explorer: [NoResolveSearch] 1
HKU\S-1-5-21-52834813-3660881880-2756664971-1000\...\Policies\Explorer: [NoInternetOpenWith] 1
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Dell System Manager.lnk
ShortcutTarget: Dell System Manager.lnk -> C:\Program Files\Dell\Dell System Manager\DCPSysMgr.exe (Dell Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = uk.yahoo.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = uk.yahoo.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = uk.yahoo.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = uk.yahoo.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = 
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = uk.yahoo.com
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = uk.yahoo.com
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = uk.yahoo.com
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = uk.yahoo.com
HKU\S-1-5-21-52834813-3660881880-2756664971-1000\Software\Microsoft\Internet Explorer\Main,Start Page = uk.yahoo.com
HKU\S-1-5-21-52834813-3660881880-2756664971-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = uk.yahoo.com
SearchScopes: HKLM -> DefaultScope {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.co...q={searchTerms}
SearchScopes: HKLM-x32 -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.co...q={searchTerms}
SearchScopes: HKU\S-1-5-21-52834813-3660881880-2756664971-1000 -> DefaultScope {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.co...q={searchTerms}
SearchScopes: HKU\S-1-5-21-52834813-3660881880-2756664971-1000 -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.co...q={searchTerms}
SearchScopes: HKU\S-1-5-21-52834813-3660881880-2756664971-1000 -> {3F1E9087-1A90-4D8D-BA81-E92C734D48C5} URL = https://search.yahoo...rtPage?}&fr=ie8
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2014-04-20] (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2015-01-28] (Kaspersky Lab ZAO)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll [2014-04-20] (Kaspersky Lab ZAO)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll [2014-04-20] (Kaspersky Lab ZAO)
BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2014-04-20] (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2015-01-28] (Kaspersky Lab ZAO)
BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\OnlineBanking\online_banking_bho.dll [2014-04-20] (Kaspersky Lab ZAO)
BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\UrlAdvisor\klwtbbho.dll [2014-04-20] (Kaspersky Lab ZAO)
Tcpip\Parameters: [DhcpNameServer] 194.168.4.100 194.168.8.100
 
FireFox:
========
FF ProfilePath: C:\Users\Ally\AppData\Roaming\Mozilla\Firefox\Profiles\irp808ed.default-1422547318810
FF NewTab: uk.yahoo.com
FF Homepage: uk.yahoo.com
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_134.dll [2015-04-02] ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-02-27] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_134.dll [2015-04-02] ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll [2014-11-21] (DivX, LLC)
FF Plugin-x32: @kaspersky.com/content_blocker -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com [2015-01-28] ()
FF Plugin-x32: @kaspersky.com/online_banking -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com [2015-01-28] ()
FF Plugin-x32: @kaspersky.com/virtual_keyboard -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com [2015-01-28] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-52834813-3660881880-2756664971-1000: @hola.org/vlc,version=1.6.654 -> C:\Users\Ally\AppData\Local\Hola\firefox\app\vlc [2015-02-13] ()
FF user.js: detected! => C:\Users\Ally\AppData\Roaming\Mozilla\Firefox\Profiles\irp808ed.default-1422547318810\user.js [2015-01-29]
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
FF Extension: AS Magic Player - C:\Users\Ally\AppData\Roaming\Mozilla\Firefox\Profiles\irp808ed.default-1422547318810\Extensions\magicplayer@acestream.org [2015-04-09]
FF Extension: YouTube High Definition - C:\Users\Ally\AppData\Roaming\Mozilla\Firefox\Profiles\irp808ed.default-1422547318810\Extensions\{7b1bf0b6-a1b9-42b0-b75d-252036438bdc}.xpi [2015-01-29]
FF Extension: Adblock Plus - C:\Users\Ally\AppData\Roaming\Mozilla\Firefox\Profiles\irp808ed.default-1422547318810\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-01-29]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com
FF Extension: Ngăn chặn trang web nguy hiểm - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com [2015-01-28]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Bàn phím ảo - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com [2015-01-28]
FF HKLM-x32\...\Firefox\Extensions: [url_advisor@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\url_advisor@kaspersky.com
FF Extension: Công cụ kiểm tra liên kết của Kaspersky - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\url_advisor@kaspersky.com [2015-01-28]
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\anti_banner@kaspersky.com
FF Extension: Chặn quảng cáo - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\anti_banner@kaspersky.com [2015-01-28]
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com
FF Extension: An toàn giao dịch tài chính - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com [2015-01-28]
FF Extension: No Name - C:\Users\Ally\AppData\Roaming\Mozilla\Firefox\Profiles\irp808ed.default-1422547318810\extensions\fftoolbar2014@etech.com [Not Found]
 
Chrome: 
=======
CHR HomePage: Default -> uk.yahoo.com
CHR StartupUrls: Default -> "uk.yahoo.com"
CHR DefaultSearchKeyword: Default -> google
CHR DefaultSuggestURL: Default -> 
CHR Profile: C:\Users\Ally\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Ally\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-30]
CHR Extension: (Click&Clean) - C:\Users\Ally\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod [2015-01-31]
CHR Extension: (Adblock Super) - C:\Users\Ally\AppData\Local\Google\Chrome\User Data\Default\Extensions\knebimhcckndhiglamoabbnifdkijidd [2015-01-30]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Ally\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-10]
CHR Extension: (Google Wallet) - C:\Users\Ally\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-30]
CHR Extension: (Click&Clean App) - C:\Users\Ally\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdabfienifkbhoihedcgeogidfmibmhp [2015-01-30]
CHR Extension: (Gmail) - C:\Users\Ally\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-30]
CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho [Not Found]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S4 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-23] (SUPERAntiSpyware.com)
R2 AVP15.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avp.exe [233552 2014-04-20] (Kaspersky Lab ZAO)
R2 DellDataVault; C:\Program Files\Dell\DellDataVault\DellDataVault.exe [2557136 2015-02-26] (Dell Inc.)
R2 DellDataVaultWiz; C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe [201936 2015-02-26] (Dell Inc.)
R2 iSafeService; C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe [118048 2015-03-27] (Elex do Brasil Participações Ltda)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)
S4 O2FLASH; C:\Windows\system32\o2flash.exe [244328 2011-11-16] (O2Micro International)
S4 O2SDIOAssist; C:\Windows\SysWOW64\srvany.exe [8192 2003-04-19] () [File not signed]
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [167424 2012-12-07] () [File not signed]
R2 SupportAssistAgent; C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [19288 2015-03-04] (Dell Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S4 wltrysvc; C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe [5839872 2011-01-18] (Dell Inc.) [File not signed]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 DDDriver; C:\Windows\System32\drivers\DDDriver64Dcsa.sys [23760 2015-02-26] (Dell Computer Corporation)
R3 DellProf; C:\Windows\System32\drivers\DellProf.sys [23312 2015-02-26] (Dell Computer Corporation)
R3 DFX11_1; C:\Windows\System32\drivers\dfx11_1x64.sys [28008 2012-12-13] (Windows ® Win 7 DDK provider)
R1 iSafeKrnl; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnl.sys [246296 2015-03-27] (Elex do Brasil Participações Ltda)
S3 iSafeKrnlBoot; C:\Windows\System32\DRIVERS\iSafeKrnlBoot.sys [42520 2015-03-27] (Elex do Brasil Participações Ltda)
R1 iSafeKrnlKit; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlKit.sys [96792 2015-03-27] (Elex do Brasil Participações Ltda)
R1 iSafeKrnlMon; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlMon.sys [39448 2015-03-27] (Elex do Brasil Participações Ltda)
R1 iSafeKrnlR3; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlR3.sys [90648 2015-03-27] (Elex do Brasil Participações Ltda)
R1 iSafeNetFilter; C:\Windows\System32\DRIVERS\iSafeNetFilter.sys [52392 2015-03-11] (Elex do Brasil Participações Ltda)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [457824 2014-02-20] (Kaspersky Lab ZAO)
R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [141320 2015-01-28] (Kaspersky Lab ZAO)
R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [243808 2014-04-10] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [793800 2015-01-28] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [30304 2014-02-25] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [28768 2014-03-28] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-08-08] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55904 2014-03-25] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [179296 2014-03-26] (Kaspersky Lab ZAO)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-03-17] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-03-17] (Malwarebytes Corporation)
R3 rusb3hub; C:\Windows\System32\DRIVERS\rusb3hub.sys [114568 2012-08-27] (Renesas Electronics Corporation)
R3 rusb3xhc; C:\Windows\System32\DRIVERS\rusb3xhc.sys [230280 2012-08-27] (Renesas Electronics Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 PCDSRVC{3B54B31B-D06B6431-06020200}_0; \??\c:\program files\dell\supportassist\pcdsrvc_x64.pkms [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-04-11 23:27 - 2015-04-11 23:27 - 00021640 _____ () C:\Users\Ally\Downloads\FRST.txt
2015-04-11 23:27 - 2015-04-11 23:27 - 00000000 ____D () C:\FRST
2015-04-11 23:09 - 2015-04-11 23:10 - 02095616 _____ (Farbar) C:\Users\Ally\Downloads\FRST64.exe
2015-04-11 22:27 - 2015-04-11 22:27 - 00000000 ____D () C:\Windows\LastGood
2015-04-11 22:26 - 2015-04-11 22:26 - 00000000 ____D () C:\Windows\system32\log
2015-04-11 22:26 - 2015-04-11 22:26 - 00000000 ____D () C:\Users\Ally\AppData\Roaming\Elex-tech
2015-04-11 22:26 - 2015-04-11 22:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YAC
2015-04-11 22:26 - 2015-04-11 22:26 - 00000000 ____D () C:\Program Files (x86)\Elex-tech
2015-04-11 22:26 - 2015-03-27 10:17 - 00042520 _____ (Elex do Brasil Participações Ltda) C:\Windows\system32\Drivers\iSafeKrnlBoot.sys
2015-04-11 22:26 - 2015-03-26 04:43 - 00027136 _____ (The OpenVPN Project) C:\Windows\system32\Drivers\tap0901.sys
2015-04-11 22:26 - 2015-03-11 13:59 - 00052392 _____ (Elex do Brasil Participações Ltda) C:\Windows\system32\Drivers\iSafeNetFilter.sys
2015-04-11 04:09 - 2015-04-11 21:03 - 00000224 _____ () C:\Windows\setupact.log
2015-04-11 04:09 - 2015-04-11 04:09 - 00000368 _____ () C:\Windows\PFRO.log
2015-04-11 04:09 - 2015-04-11 04:09 - 00000000 _____ () C:\Windows\setuperr.log
2015-04-11 01:47 - 2015-04-11 01:50 - 00000000 ____D () C:\Users\Ally\AppData\Roaming\vlc
2015-04-11 01:47 - 2015-04-11 01:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2015-04-10 23:36 - 2015-04-10 23:36 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-04-10 23:36 - 2015-04-10 23:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-04-10 23:36 - 2015-04-10 23:36 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-04-10 23:36 - 2015-03-17 06:15 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-04-10 23:36 - 2015-03-17 06:15 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-04-10 23:36 - 2015-03-17 06:15 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-04-10 23:35 - 2015-04-10 23:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Greenshot
2015-04-10 23:35 - 2015-04-10 23:35 - 00000000 ____D () C:\Program Files\Greenshot
2015-04-10 23:26 - 2015-04-11 21:54 - 00000000 ___RD () C:\Users\Ally\Documents\EPUB MOBI Library
2015-04-10 23:13 - 2015-04-10 23:14 - 00000000 ____D () C:\Users\Ally\.ebookreader
2015-04-10 23:12 - 2015-04-10 23:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Icecream Ebook Reader
2015-04-10 23:12 - 2015-04-10 23:12 - 00000000 ____D () C:\Program Files (x86)\Icecream Ebook Reader
2015-04-10 04:05 - 2015-04-11 21:54 - 00000000 ___RD () C:\Users\Ally\Documents\Calibre Library
2015-04-10 04:05 - 2015-04-10 04:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre - E-book Management
2015-04-10 04:05 - 2015-04-10 04:05 - 00000000 ____D () C:\Program Files (x86)\Calibre2
2015-04-09 19:44 - 2015-04-11 01:44 - 00000000 ____D () C:\Users\Ally\AppData\Roaming\ACEStream
2015-04-09 19:44 - 2015-04-09 19:45 - 00000000 ____D () C:\Users\Ally\AppData\Roaming\AceWebExtension
2015-04-09 19:19 - 2015-04-09 19:19 - 00000000 ____D () C:\Users\Ally\AppData\Roaming\StreamTorrent
2015-04-09 04:30 - 2015-04-10 19:59 - 00001958 _____ () C:\Users\Ally\.pia_manager_crash.log
2015-04-08 23:38 - 2015-03-23 04:25 - 00769536 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-04-08 23:38 - 2015-03-23 04:25 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-04-08 23:38 - 2015-03-23 04:24 - 00957952 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-04-08 23:38 - 2015-03-23 04:24 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-04-08 23:38 - 2015-03-23 04:24 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-04-08 23:38 - 2015-03-23 04:24 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-04-08 23:38 - 2015-03-23 04:24 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-04-08 23:38 - 2015-03-23 04:17 - 01111552 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-04-08 04:21 - 2015-04-09 04:34 - 00000000 ____D () C:\Users\Ally\AppData\Roaming\Spotify
2015-04-08 04:21 - 2015-04-09 04:34 - 00000000 ____D () C:\Users\Ally\AppData\Local\Spotify
2015-04-08 04:21 - 2015-04-08 04:21 - 00001792 _____ () C:\Users\Ally\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2015-04-04 06:30 - 2015-04-04 06:30 - 00000000 ____D () C:\Windows\Sun
2015-04-04 06:29 - 2015-04-04 06:29 - 00003150 _____ () C:\Windows\System32\Tasks\{2D32D84D-06CC-49C5-8DE5-7F41BB08A6C9}
2015-04-03 04:42 - 2015-04-03 04:42 - 00000000 ____D () C:\Users\Ally\AppData\Local\DDMSettings
2015-04-02 15:58 - 2015-04-02 15:58 - 00778928 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-04-02 15:58 - 2015-04-02 15:58 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-04-01 14:03 - 2015-04-11 22:37 - 00000000 ____D () C:\Users\Ally\AppData\Roaming\Skype
2015-04-01 14:03 - 2015-04-01 14:05 - 00000000 ____D () C:\ProgramData\Skype
2015-04-01 14:03 - 2015-04-01 14:03 - 00000000 ___SD () C:\Windows\SysWOW64\GWX
2015-04-01 14:03 - 2015-04-01 14:03 - 00000000 ___SD () C:\Windows\system32\GWX
2015-04-01 14:03 - 2015-04-01 14:03 - 00000000 ____D () C:\Users\Ally\AppData\Local\Skype
2015-04-01 13:23 - 2015-04-01 13:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-04-01 13:23 - 2015-04-01 13:23 - 00000000 ____D () C:\Program Files\CCleaner
2015-03-31 14:46 - 2015-04-09 23:36 - 00003484 _____ () C:\Windows\System32\Tasks\PCDEventLauncherTask
2015-03-31 14:46 - 2015-03-31 14:46 - 00004038 _____ () C:\Windows\System32\Tasks\PCDoctorBackgroundMonitorTask
2015-03-31 14:46 - 2015-03-31 14:46 - 00003228 _____ () C:\Windows\System32\Tasks\SystemToolsDailyTest
2015-03-31 14:46 - 2015-03-31 14:46 - 00000000 ____D () C:\ProgramData\PC-Doctor for Windows
2015-03-31 14:46 - 2015-03-31 14:46 - 00000000 ____D () C:\Program Files\Dell Support Center
2015-03-31 14:43 - 2015-03-31 21:58 - 00000000 ____D () C:\ProgramData\SupportAssistAgent
2015-03-31 14:43 - 2015-03-31 14:43 - 00003598 _____ () C:\Windows\System32\Tasks\Dell SupportAssistAgent AutoUpdate
2015-03-31 14:43 - 2015-03-31 14:43 - 00000000 __HDC () C:\ProgramData\{6AACA38B-2810-4B47-BDEC-D7A1F38B1531}
2015-03-28 18:35 - 2015-04-11 22:37 - 00000000 ____D () C:\Users\Ally\AppData\Roaming\dvdcss
2015-03-20 13:51 - 2015-03-20 13:51 - 00000463 _____ () C:\Users\Ally\Documents\scrot.txt
2015-03-15 07:45 - 2015-03-15 07:45 - 00000000 ____D () C:\Users\Ally\AppData\Roaming\Boilsoft
2015-03-15 07:45 - 2015-03-15 07:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Boilsoft
2015-03-15 07:45 - 2015-03-15 07:45 - 00000000 ____D () C:\Program Files (x86)\Boilsoft
2015-03-13 13:57 - 2015-03-13 13:57 - 00000000 ____D () C:\Program Files (x86)\STMicroelectronics
2015-03-13 13:57 - 2011-07-15 22:31 - 00022128 _____ (ST Microelectronics) C:\Windows\system32\Drivers\stdcfltn.sys
2015-03-13 13:45 - 2015-03-13 13:45 - 13536952 _____ (Dell Inc.) C:\Users\Ally\Documents\Chipset_Driver_RCHTX_WN_2.00.10.34_A11.EXE
2015-03-13 02:06 - 2012-05-21 12:54 - 00068208 _____ (STMicroelectronics) C:\Windows\system32\Drivers\ST_ACCEL.sys
2015-03-13 02:03 - 2015-03-13 01:54 - 10142928 _____ (Renesas Electronics Corporation ) C:\Users\Ally\Documents\RENESAS-USB3-Host-Driver-30230-setup.exe
2015-03-13 01:59 - 2015-03-13 01:59 - 00000000 ____D () C:\Windows\system32\2C0A
2015-03-13 01:59 - 2015-03-13 01:59 - 00000000 ____D () C:\Windows\system32\0C0A
2015-03-13 01:59 - 2015-03-13 01:59 - 00000000 ____D () C:\Windows\system32\0C04
2015-03-13 01:59 - 2015-03-13 01:59 - 00000000 ____D () C:\Windows\system32\0816
2015-03-13 01:59 - 2015-03-13 01:59 - 00000000 ____D () C:\Windows\system32\0804
2015-03-13 01:59 - 2015-03-13 01:59 - 00000000 ____D () C:\Windows\system32\0424
2015-03-13 01:59 - 2015-03-13 01:59 - 00000000 ____D () C:\Windows\system32\041F
2015-03-13 01:59 - 2015-03-13 01:59 - 00000000 ____D () C:\Windows\system32\041E
2015-03-13 01:59 - 2015-03-13 01:59 - 00000000 ____D () C:\Windows\system32\041D
2015-03-13 01:59 - 2015-03-13 01:59 - 00000000 ____D () C:\Windows\system32\041B
2015-03-13 01:59 - 2015-03-13 01:59 - 00000000 ____D () C:\Windows\system32\0419
2015-03-13 01:59 - 2015-03-13 01:59 - 00000000 ____D () C:\Windows\system32\0416
2015-03-13 01:59 - 2015-03-13 01:59 - 00000000 ____D () C:\Windows\system32\0415
2015-03-13 01:59 - 2015-03-13 01:59 - 00000000 ____D () C:\Windows\system32\0414
2015-03-13 01:59 - 2015-03-13 01:59 - 00000000 ____D () C:\Windows\system32\0413
2015-03-13 01:59 - 2015-03-13 01:59 - 00000000 ____D () C:\Windows\system32\0412
2015-03-13 01:59 - 2015-03-13 01:59 - 00000000 ____D () C:\Windows\system32\0411
2015-03-13 01:59 - 2015-03-13 01:59 - 00000000 ____D () C:\Windows\system32\0410
2015-03-13 01:59 - 2015-03-13 01:59 - 00000000 ____D () C:\Windows\system32\040E
2015-03-13 01:59 - 2015-03-13 01:59 - 00000000 ____D () C:\Windows\system32\040D
2015-03-13 01:59 - 2015-03-13 01:59 - 00000000 ____D () C:\Windows\system32\040C
2015-03-13 01:59 - 2015-03-13 01:59 - 00000000 ____D () C:\Windows\system32\040B
2015-03-13 01:59 - 2015-03-13 01:59 - 00000000 ____D () C:\Windows\system32\040A
2015-03-13 01:59 - 2015-03-13 01:59 - 00000000 ____D () C:\Windows\system32\0409
2015-03-13 01:59 - 2015-03-13 01:59 - 00000000 ____D () C:\Windows\system32\0408
2015-03-13 01:59 - 2015-03-13 01:59 - 00000000 ____D () C:\Windows\system32\0407
2015-03-13 01:59 - 2015-03-13 01:59 - 00000000 ____D () C:\Windows\system32\0406
2015-03-13 01:59 - 2015-03-13 01:59 - 00000000 ____D () C:\Windows\system32\0405
2015-03-13 01:59 - 2015-03-13 01:59 - 00000000 ____D () C:\Windows\system32\0404
2015-03-13 01:59 - 2015-03-13 01:59 - 00000000 ____D () C:\Windows\system32\0401
2015-03-13 01:59 - 2015-03-13 01:59 - 00000000 ____D () C:\Program Files (x86)\Renesas Electronics
2015-03-12 02:52 - 2015-03-12 02:52 - 00000000 ____D () C:\Users\Ally\AppData\Roaming\Titanium
2015-03-12 02:52 - 2015-03-12 02:52 - 00000000 ____D () C:\Users\Ally\AppData\Roaming\Apple Computer
2015-03-12 02:52 - 2015-03-12 02:52 - 00000000 ____D () C:\Users\Ally\AppData\Local\Apple Computer
2015-03-12 02:51 - 2015-03-12 02:53 - 00000000 ____D () C:\Program Files\pia_manager
2015-03-12 02:51 - 2015-03-12 02:51 - 00003168 _____ () C:\Windows\System32\Tasks\Private Internet Access Startup
2015-03-12 02:51 - 2015-03-12 02:51 - 00000000 ____D () C:\Users\Ally\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Private Internet Access
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-04-11 23:19 - 2015-01-30 14:06 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-11 23:18 - 2009-07-14 05:45 - 00021504 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-11 23:18 - 2009-07-14 05:45 - 00021504 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-11 23:07 - 2015-01-29 01:41 - 00000000 ____D () C:\ProgramData\TEMP
2015-04-11 23:06 - 2015-01-29 01:41 - 00000000 ____D () C:\Program Files (x86)\SpywareBlaster
2015-04-11 23:04 - 2015-01-30 20:37 - 00000000 ___RD () C:\Program Files\Tools
2015-04-11 22:50 - 2015-01-28 13:06 - 01132253 _____ () C:\Windows\WindowsUpdate.log
2015-04-11 22:37 - 2015-01-28 21:03 - 00000000 ____D () C:\Windows\Panther
2015-04-11 22:37 - 2015-01-28 13:10 - 00000000 ____D () C:\Users\Ally
2015-04-11 22:37 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Default
2015-04-11 22:17 - 2015-01-30 14:06 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-11 21:51 - 2015-01-28 17:17 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2015-04-11 21:48 - 2015-01-29 01:26 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2015-04-11 21:03 - 2015-02-22 06:42 - 00000356 _____ () C:\Windows\Tasks\DriverToolkit Autorun.job
2015-04-11 21:03 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-11 04:30 - 2015-01-28 20:18 - 00000000 ____D () C:\Users\Ally\AppData\Roaming\uTorrent
2015-04-11 01:44 - 2015-02-03 04:04 - 00000000 ____D () C:\Users\Ally\AppData\Roaming\.ACEStream
2015-04-11 00:09 - 2015-01-28 21:44 - 00000000 ___RD () C:\Users\Ally\Documents\My Kindle Content
2015-04-10 23:36 - 2015-01-30 20:31 - 00000000 ____D () C:\Program Files\Anti-Malware
2015-04-10 22:54 - 2015-02-20 15:29 - 00000000 ____D () C:\ProgramData\Origin
2015-04-10 06:35 - 2009-07-14 06:13 - 00756534 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-10 06:33 - 2015-02-04 00:29 - 00000000 ____D () C:\Users\Ally\AppData\Roaming\calibre
2015-04-10 05:12 - 2015-01-28 20:35 - 00000000 ____D () C:\Users\Ally\AppData\Roaming\Vso
2015-04-10 05:12 - 2015-01-28 20:35 - 00000000 ____D () C:\ProgramData\VSO
2015-04-10 04:38 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\AppCompat
2015-04-10 04:10 - 2015-02-04 00:34 - 00000000 ____D () C:\Users\Ally\AppData\Local\calibre-cache
2015-04-09 23:39 - 2015-01-28 20:37 - 00000000 ___RD () C:\Users\Ally\Documents\ConvertXtoDVD
2015-04-09 20:57 - 2015-02-03 04:05 - 00000000 ___HD () C:\_acestream_cache_
2015-04-09 19:36 - 2015-01-28 22:42 - 00000000 ____D () C:\Users\Ally\AppData\Roaming\Kodi
2015-04-09 07:15 - 2009-07-14 06:08 - 00032620 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-04-08 23:42 - 2015-01-28 16:45 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-04-08 23:42 - 2015-01-28 16:45 - 00000000 ____D () C:\Windows\system32\appraiser
2015-04-04 21:19 - 2015-01-28 20:35 - 00099384 _____ () C:\Users\Ally\AppData\Roaming\inst.exe
2015-04-04 21:19 - 2015-01-28 20:35 - 00082816 _____ (VSO Software) C:\Users\Ally\AppData\Roaming\pcouffin.sys
2015-04-04 21:19 - 2015-01-28 20:35 - 00007859 _____ () C:\Users\Ally\AppData\Roaming\pcouffin.cat
2015-04-04 21:19 - 2015-01-28 20:35 - 00000055 _____ () C:\Users\Ally\AppData\Roaming\pcouffin.log
2015-04-04 10:20 - 2015-01-28 18:02 - 00000000 ____D () C:\ProgramData\PCDr
2015-04-04 07:13 - 2015-01-28 14:37 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-04-04 06:35 - 2015-01-28 14:37 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-04-03 04:42 - 2015-01-29 16:48 - 00000000 ____D () C:\ProgramData\DivX
2015-04-02 15:58 - 2015-01-28 19:59 - 00000000 ____D () C:\Users\Ally\AppData\Local\Adobe
2015-04-01 13:23 - 2015-03-03 06:57 - 00002800 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2015-04-01 01:10 - 2015-01-28 21:44 - 00000000 ____D () C:\Users\Ally\AppData\Local\Amazon
2015-03-31 14:46 - 2015-01-28 18:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
2015-03-31 14:43 - 2015-01-28 14:06 - 00000000 ____D () C:\Program Files (x86)\Dell
2015-03-31 14:43 - 2015-01-28 13:55 - 00000000 ____D () C:\Program Files\Dell
2015-03-31 01:28 - 2015-01-28 20:10 - 00000000 ____D () C:\Users\Ally\AppData\Local\PokerStars.UK
2015-03-30 22:52 - 2015-01-28 20:09 - 00000000 ____D () C:\Program Files (x86)\PokerStars.UK
2015-03-27 13:03 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2015-03-13 13:57 - 2015-01-29 15:51 - 00000000 ____D () C:\Program Files\STMicroelectronics
2015-03-13 13:57 - 2015-01-28 13:47 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-03-13 01:28 - 2015-01-29 15:53 - 00000000 ____D () C:\ProgramData\Downloaded Installations
2015-03-12 23:48 - 2015-01-29 02:13 - 00000000 ____D () C:\Program Files (x86)\VideoLAN
2015-03-12 06:06 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF
 
==================== Files in the root of some directories =======
 
2015-02-08 21:09 - 2015-02-08 21:09 - 0000037 ___SH () C:\Users\Ally\AppData\Roaming\3383130714d37bd0a5e1c67.49796809
2015-01-28 20:35 - 2015-04-04 21:19 - 0099384 _____ () C:\Users\Ally\AppData\Roaming\inst.exe
2015-01-28 20:35 - 2015-04-04 21:19 - 0007859 _____ () C:\Users\Ally\AppData\Roaming\pcouffin.cat
2015-01-28 20:35 - 2015-04-04 21:19 - 0001167 _____ () C:\Users\Ally\AppData\Roaming\pcouffin.inf
2015-01-28 20:35 - 2015-04-04 21:19 - 0000055 _____ () C:\Users\Ally\AppData\Roaming\pcouffin.log
2015-01-28 20:35 - 2015-04-04 21:19 - 0082816 _____ (VSO Software) C:\Users\Ally\AppData\Roaming\pcouffin.sys
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-03-27 12:55
 
==================== End Of Log ============================
 
 
 
 
 
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-04-2015
Ran by Ally at 2015-04-11 23:28:06
Running from C:\Users\Ally\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Kaspersky Internet Security (Disabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886}
AS: Kaspersky Internet Security (Disabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Disabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-52834813-3660881880-2756664971-1000\...\uTorrent) (Version: 3.4.2.38913 - BitTorrent Inc.)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
AccelerometerP11 (HKLM-x32\...\{87434D51-51DB-4109-B68F-A829ECDCF380}) (Version: 2.00.10.34 - STMicroelectronics)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.134 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Amazon Kindle (HKU\S-1-5-21-52834813-3660881880-2756664971-1000\...\Amazon Kindle) (Version:  - Amazon)
Auslogics DiskDefrag (HKLM-x32\...\{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1) (Version: 5.2.0.0 - Auslogics Labs Pty Ltd)
Boilsoft Video Joiner 6.57 (HKLM-x32\...\{FD39EF4B-0B5C-4B33-8D57-2EE865A80EB1}_is1) (Version:  - Boilsoft, Inc.)
Broadcom NetXtreme-I Netlink Driver and Management Installer (HKLM\...\{64973F6A-8754-43D1-BDD0-FC6F0546347B}) (Version: 14.4.6.2 - Broadcom Corporation)
calibre (HKLM-x32\...\{A9EF1103-1033-463B-A057-E23CD65D087E}) (Version: 2.24.0 - Kovid Goyal)
CCleaner (HKLM\...\CCleaner) (Version: 5.04 - Piriform)
Cisco EAP-FAST Module (x32 Version: 2.2.14 - Cisco Systems, Inc.) Hidden
Cisco LEAP Module (x32 Version: 1.0.19 - Cisco Systems, Inc.) Hidden
Cisco PEAP Module (x32 Version: 1.1.6 - Cisco Systems, Inc.) Hidden
Crave World Clock Pro 1.6.3 (HKLM-x32\...\Crave World Clock Pro_is1) (Version:  - Reflection Software Solutions Pvt. Ltd.)
Dell Data Vault (Version: 4.2.2.0 - Dell Inc.) Hidden
Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.0.6584.81 - Dell)
Dell SupportAssistAgent (HKLM-x32\...\{287348C8-8B47-4C36-AF28-441A3B7D8722}) (Version: 1.0.2.57295 - Dell)
Dell System Manager (HKLM\...\{9CC89928-4787-4ED5-9942-4EBF6C2468E6}) (Version: 1.7.10000 - Dell Inc.)
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 8.1200.101.127 - ALPS ELECTRIC CO., LTD.)
DFX (HKLM-x32\...\DFX) (Version: 11.306.0.0 - Power Technology)
DivX Setup (HKLM-x32\...\DivX Setup) (Version: 2.7.0.31 - DivX, LLC)
DW WLAN Card Utility (HKLM\...\DW WLAN Card Utility) (Version: 5.100.235.13 - Dell Inc.)
Easy Graphic Converter 1.2 (HKLM-x32\...\Easy Graphic Converter 1.2_is1) (Version: 1.1 - Etru Software Development)
FileHippo App Manager (HKLM-x32\...\FileHippo.com) (Version:  - FileHippo.com)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 41.0.2272.118 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Greenshot 1.2.5.19 (HKLM\...\Greenshot_is1) (Version: 1.2.5.19 - Greenshot)
HTC Driver Installer (HKLM-x32\...\{4CEEE5D0-F905-4688-B9F9-ECC710507796}) (Version: 4.1.0.001 - HTC Corporation)
Icecream Ebook Reader version 1.55 (HKLM-x32\...\{B8C30F0F-1F23-49E1-A3ED-44DE17660EE2}_is1) (Version: 1.55 - Icecream Apps)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6324.0 - IDT)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
InstallVC90Support (x32 Version: 1.01.0000 - Novatel Wireless) Hidden
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.1.70.1205 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3040 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
IPTInstaller (HKLM-x32\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.8 - HTC)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.38 - Irfan Skiljan)
Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{653C1B5A-3287-47B1-8613-0745D4E771C4}) (Version: 15.0.0.463 - Kaspersky Lab)
Kaspersky Internet Security (x32 Version: 15.0.0.463 - Kaspersky Lab) Hidden
Malwarebytes Anti-Malware version 2.1.4.1018 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.4.1018 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Mozilla Firefox 37.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 37.0.1 (x86 en-US)) (Version: 37.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 35.0.1 - Mozilla)
O2Micro Flash Memory Card Windows Driver (HKLM-x32\...\InstallShield_{938A412F-78C1-4158-8590-038A1D670A57}) (Version: 3.0.07.47 - O2Micro International LTD.)
O2Micro Flash Memory Card Windows Driver (x32 Version: 3.0.07.47 - O2Micro International LTD.) Hidden
OpenOffice 4.1.1 (HKLM-x32\...\{9395F41D-0F80-432E-9A59-B8E477E7E163}) (Version: 4.11.9775 - Apache Software Foundation)
PokerStars.uk (HKLM-x32\...\PokerStars.uk) (Version:  - PokerStars.uk)
Private Internet Access Support Files (HKLM-x32\...\{7D72DAFF-DCB2-437B-BC22-4B2ABF21462B}) (Version: 1.0.0.0 - Private Internet Access)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{17528CE4-C333-48FB-A9E4-D841E795CDCE}) (Version: 3.0.23.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 3.0.23.0 - Renesas Electronics Corporation) Hidden
RocketDock 1.3.5 (HKLM-x32\...\RocketDock_is1) (Version:  - Punk Software)
SeaTools for Windows (HKLM-x32\...\SeaTools for Windows) (Version:  - Seagate Technology)
Speccy (HKLM\...\Speccy) (Version: 1.28 - Piriform)
Spotify (HKU\S-1-5-21-52834813-3660881880-2756664971-1000\...\Spotify) (Version: 1.0.3.101.gbfa97dfe - Spotify AB)
SpywareBlaster 5.0 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.0.0 - BrightFort LLC)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1170 - SUPERAntiSpyware.com)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Vista Shortcut Manager x64 (HKLM\...\{C7311329-C491-427B-8880-133E84869B3A}) (Version: 2.0 - Frameworkx)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.0 - VideoLAN)
VSO ConvertXToDVD (HKLM-x32\...\{CE1F93C0-4353-4C9D-84DA-AB4E7C63ED32}_is1) (Version: 5.2.0.64 - VSO Software)
Windows Driver Package - Google, Inc. (WinUSB) AndroidUsbDeviceClass  (08/28/2014 11.0.0000.00000) (HKLM\...\092555911492C6959D2596D612F52DCA71881CA2) (Version: 08/28/2014 11.0.0000.00000 - Google, Inc.)
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
XML Notepad 2007 (HKLM-x32\...\{FC7BACF0-1FFA-4605-B3B4-A66AB382752D}) (Version: 2.3.0.0 - Microsoft Corporation)
YAC(Yet Another Cleaner!) (HKLM-x32\...\iSafe) (Version:  - ELEX DO BRASIL PARTICIPAÇÕES LTDA) <==== ATTENTION
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
 
==================== Restore Points  =========================
 
ATTENTION: System Restore is disabled.
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {03CB5BCF-4193-4759-8D5C-F8F9EB4D29FF} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {2562F1F3-5250-459F-BE68-BCCF07807F73} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-30] (Google Inc.)
Task: {32BB4D30-99BE-413D-867C-2233DF6B6D3D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-30] (Google Inc.)
Task: {49F4C8FA-4D41-4670-A8A2-81B51DA71101} - System32\Tasks\{4E0039BE-A4CE-4E38-8956-57687356B15F} => pcalua.exe -a C:\Users\Ally\Downloads\SWB_DRVR_ME7P1_1P5M_7_1_70_1198_MR_A04_SETUP_ZPE.exe -d C:\Users\Ally\Downloads
Task: {586E96A6-42ED-48C6-A0DA-55DE51A50D95} - System32\Tasks\Private Internet Access Startup => C:\Program Files\pia_manager\pia_manager.exe [2015-03-12] ()
Task: {609818A9-5A8A-4137-801F-BADC64A061AB} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {7207E151-E7CE-46F6-87CC-BBC3DA4AEA16} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {807C2A68-BF56-493E-A58D-C81CBFCDBD37} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-25] (Microsoft Corporation)
Task: {9CD1E3A6-E46F-4BC0-B4AD-5E1D07675F4C} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssist.exe [2015-03-04] (Dell Inc.)
Task: {B93C1664-4784-45F6-9803-10174FA5C850} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {BAE1E7F3-5A44-41B8-8EBE-E18941C6E0E6} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell\SupportAssist\uaclauncher.exe [2015-03-20] (PC-Doctor, Inc.)
Task: {C8F27570-4146-4284-A446-BD1C6A405C08} - System32\Tasks\DriverToolkit Autorun => C:\Program Files (x86)\DriverToolkit\DriverToolkit.exe
Task: {D9FBE6D9-2EE2-4674-8ACB-0894BE5C47CC} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {E9AE60C8-6B54-4F95-BA5E-CB671DD5ABF8} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Dell\SupportAssist\sessionchecker.exe [2015-03-20] (PC-Doctor, Inc.)
Task: {EA9EED9B-D04B-4BFB-A549-193CA594555C} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-03-13] (Piriform Ltd)
Task: {F3E426BC-9448-4D03-996D-341808FFAF89} - System32\Tasks\{2D32D84D-06CC-49C5-8DE5-7F41BB08A6C9} => pcalua.exe -a C:\Users\Ally\Downloads\chromeinstall-8u40.exe -d C:\Users\Ally\Downloads
Task: C:\Windows\Tasks\DriverToolkit Autorun.job => C:\Program Files (x86)\DriverToolkit\DriverToolkit.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) ==============
 
2015-02-25 10:28 - 2012-12-07 18:26 - 00167424 _____ () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
2015-03-12 02:51 - 2015-03-12 02:51 - 08817658 _____ () C:\Program Files\pia_manager\pia_manager.exe
2015-01-28 13:42 - 2013-02-22 20:43 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2015-03-13 13:57 - 2012-09-05 13:51 - 00686744 _____ () C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
2015-01-30 20:19 - 2007-09-02 14:58 - 00495616 _____ () C:\Program Files (x86)\RocketDock\RocketDock.exe
2015-02-28 02:23 - 2015-02-28 02:23 - 00022824 _____ () C:\Users\Ally\AppData\Roaming\AceWebExtension\updater\ace_web_extension.exe
2015-03-12 02:51 - 2015-03-12 02:51 - 00184320 _____ () C:\Program Files\pia_manager\pia_tray\pia_tray.exe
2014-03-06 16:00 - 2014-03-06 16:00 - 01269952 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\kpcengine.2.3.dll
2015-01-30 20:19 - 2007-09-02 14:57 - 00069632 _____ () C:\Program Files (x86)\RocketDock\RocketDock.dll
2015-04-11 21:03 - 2015-04-11 21:03 - 00012800 _____ () C:\Users\Ally\AppData\Local\Temp\ocr7203.tmp\lib\ruby\1.9.1\i386-mingw32\enc\encdb.so
2015-04-11 21:03 - 2015-04-11 21:03 - 00009728 _____ () C:\Users\Ally\AppData\Local\Temp\ocr7203.tmp\lib\ruby\1.9.1\i386-mingw32\enc\iso_8859_1.so
2015-04-11 21:03 - 2015-04-11 21:03 - 00014848 _____ () C:\Users\Ally\AppData\Local\Temp\ocr7203.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\transdb.so
2015-04-11 21:03 - 2015-04-11 21:03 - 00094208 _____ () C:\Users\Ally\AppData\Local\Temp\ocr7203.tmp\src\rgloader\rgloader193.mswin.so
2015-04-11 21:04 - 2015-04-11 21:04 - 00009216 _____ () C:\Users\Ally\AppData\Local\Temp\ocr7203.tmp\lib\ruby\1.9.1\i386-mingw32\etc.so
2015-04-11 21:03 - 2015-04-11 21:03 - 00094208 _____ () C:\Users\Ally\AppData\Local\Temp\ocr7203.tmp\lib\ruby\site_ruby\1.9.1\rgloader\rgloader193.mswin.so
2015-04-11 21:04 - 2015-04-11 21:04 - 00126976 _____ () C:\Users\Ally\AppData\Local\Temp\ocr7203.tmp\lib\ruby\1.9.1\i386-mingw32\win32ole.so
2015-04-11 21:04 - 2015-04-11 21:04 - 00087552 _____ () C:\Users\Ally\AppData\Local\Temp\ocr7203.tmp\lib\ruby\1.9.1\i386-mingw32\dl.so
2015-04-11 21:04 - 2015-04-11 21:04 - 00016384 _____ () C:\Users\Ally\AppData\Local\Temp\ocr7203.tmp\lib\ruby\1.9.1\i386-mingw32\fiddle.so
2015-04-11 21:03 - 2015-04-11 21:03 - 00127316 _____ () C:\Users\Ally\AppData\Local\Temp\ocr7203.tmp\bin\libffi-6.dll
2015-04-11 21:03 - 2015-04-11 21:03 - 00008704 _____ () C:\Users\Ally\AppData\Local\Temp\ocr7203.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_16le.so
2015-04-11 21:03 - 2015-04-11 21:03 - 00013312 _____ () C:\Users\Ally\AppData\Local\Temp\ocr7203.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\utf_16_32.so
2015-04-11 21:03 - 2015-04-11 21:03 - 00095744 _____ () C:\Users\Ally\AppData\Local\Temp\ocr7203.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\single_byte.so
2015-04-11 21:04 - 2015-04-11 21:04 - 00026624 _____ () C:\Users\Ally\AppData\Local\Temp\ocr7203.tmp\lib\ruby\gems\1.9.1\gems\win32-api-1.5.0-universal-mingw32\lib\win32\ruby19\win32\api.so
2011-06-12 14:09 - 2011-06-12 14:09 - 00038400 _____ () C:\Users\Ally\AppData\Roaming\AceWebExtension\updater\lib\_socket.pyd
2011-06-12 14:09 - 2011-06-12 14:09 - 00720896 _____ () C:\Users\Ally\AppData\Roaming\AceWebExtension\updater\lib\_ssl.pyd
2014-01-23 12:37 - 2014-01-23 12:37 - 00036352 _____ () C:\Users\Ally\AppData\Roaming\AceWebExtension\updater\lib\_psutil_mswindows.pyd
2012-02-07 17:37 - 2012-02-07 17:37 - 00098816 _____ () C:\Users\Ally\AppData\Roaming\AceWebExtension\updater\lib\win32api.pyd
2012-02-07 17:35 - 2012-02-07 17:35 - 00110080 _____ () C:\Users\Ally\AppData\Roaming\AceWebExtension\updater\lib\pywintypes27.dll
2012-02-07 17:38 - 2012-02-07 17:38 - 00358912 _____ () C:\Users\Ally\AppData\Roaming\AceWebExtension\updater\lib\pythoncom27.dll
2012-02-07 17:42 - 2012-02-07 17:42 - 00266240 _____ () C:\Users\Ally\AppData\Roaming\AceWebExtension\updater\lib\win32com.shell.shell.pyd
2011-06-12 14:06 - 2011-06-12 14:06 - 00287232 _____ () C:\Users\Ally\AppData\Roaming\AceWebExtension\updater\lib\_hashlib.pyd
2011-06-12 14:06 - 2011-06-12 14:06 - 00106496 _____ () C:\Users\Ally\AppData\Roaming\AceWebExtension\updater\lib\_ctypes.pyd
2010-10-10 23:23 - 2010-10-10 23:23 - 00723968 _____ () C:\Users\Ally\AppData\Roaming\AceWebExtension\updater\lib\apsw.pyd
2011-01-18 22:56 - 2011-01-18 22:56 - 00334336 _____ () C:\Users\Ally\AppData\Roaming\AceWebExtension\updater\lib\M2Crypto.__m2crypto.pyd
2011-06-12 14:06 - 2011-06-12 14:06 - 00011776 _____ () C:\Users\Ally\AppData\Roaming\AceWebExtension\updater\lib\select.pyd
2011-06-12 14:06 - 2011-06-12 14:06 - 00152576 _____ () C:\Users\Ally\AppData\Roaming\AceWebExtension\updater\lib\pyexpat.pyd
2011-06-12 14:06 - 2011-06-12 14:06 - 00688128 _____ () C:\Users\Ally\AppData\Roaming\AceWebExtension\updater\lib\unicodedata.pyd
2015-04-11 21:04 - 2015-04-11 21:04 - 00012800 _____ () C:\Users\Ally\AppData\Local\Temp\ocrC428.tmp\lib\ruby\1.9.1\i386-mingw32\enc\encdb.so
2015-04-11 21:04 - 2015-04-11 21:04 - 00009728 _____ () C:\Users\Ally\AppData\Local\Temp\ocrC428.tmp\lib\ruby\1.9.1\i386-mingw32\enc\iso_8859_1.so
2015-04-11 21:04 - 2015-04-11 21:04 - 00014848 _____ () C:\Users\Ally\AppData\Local\Temp\ocrC428.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\transdb.so
2015-04-11 21:04 - 2015-04-11 21:04 - 00094208 _____ () C:\Users\Ally\AppData\Local\Temp\ocrC428.tmp\src\rgloader\rgloader193.mswin.so
2015-04-11 21:04 - 2015-04-11 21:04 - 00094208 _____ () C:\Users\Ally\AppData\Local\Temp\ocrC428.tmp\lib\ruby\site_ruby\1.9.1\rgloader\rgloader193.mswin.so
2015-04-11 21:04 - 2015-04-11 21:04 - 00118784 _____ () C:\Users\Ally\AppData\Local\Temp\ocrC428.tmp\lib\ruby\1.9.1\i386-mingw32\socket.so
2015-04-11 21:04 - 2015-04-11 21:04 - 00069120 _____ () C:\Users\Ally\AppData\Local\Temp\ocrC428.tmp\lib\ruby\1.9.1\i386-mingw32\zlib.so
2015-04-11 21:04 - 2015-04-11 21:04 - 00083968 _____ () C:\Users\Ally\AppData\Local\Temp\ocrC428.tmp\bin\zlib1.dll
2015-04-11 21:04 - 2015-04-11 21:04 - 00026624 _____ () C:\Users\Ally\AppData\Local\Temp\ocrC428.tmp\lib\ruby\1.9.1\i386-mingw32\stringio.so
2015-04-11 21:04 - 2015-04-11 21:04 - 00275968 _____ () C:\Users\Ally\AppData\Local\Temp\ocrC428.tmp\lib\ruby\1.9.1\i386-mingw32\openssl.so
2015-04-11 21:04 - 2015-04-11 21:04 - 00015360 _____ () C:\Users\Ally\AppData\Local\Temp\ocrC428.tmp\lib\ruby\1.9.1\i386-mingw32\digest.so
2015-04-11 21:04 - 2015-04-11 21:04 - 00008192 _____ () C:\Users\Ally\AppData\Local\Temp\ocrC428.tmp\lib\ruby\1.9.1\i386-mingw32\fcntl.so
2015-04-11 21:04 - 2015-04-11 21:04 - 00009216 _____ () C:\Users\Ally\AppData\Local\Temp\ocrC428.tmp\lib\ruby\1.9.1\i386-mingw32\etc.so
2015-04-11 21:04 - 2015-04-11 21:04 - 00023552 _____ () C:\Users\Ally\AppData\Local\Temp\ocrC428.tmp\lib\ruby\1.9.1\i386-mingw32\json\ext\parser.so
2015-04-11 21:04 - 2015-04-11 21:04 - 00008704 _____ () C:\Users\Ally\AppData\Local\Temp\ocrC428.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_16be.so
2015-04-11 21:04 - 2015-04-11 21:04 - 00008704 _____ () C:\Users\Ally\AppData\Local\Temp\ocrC428.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_16le.so
2015-04-11 21:04 - 2015-04-11 21:04 - 00008704 _____ () C:\Users\Ally\AppData\Local\Temp\ocrC428.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_32be.so
2015-04-11 21:04 - 2015-04-11 21:04 - 00008704 _____ () C:\Users\Ally\AppData\Local\Temp\ocrC428.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_32le.so
2015-04-11 21:04 - 2015-04-11 21:04 - 00036352 _____ () C:\Users\Ally\AppData\Local\Temp\ocrC428.tmp\lib\ruby\1.9.1\i386-mingw32\json\ext\generator.so
2015-04-11 21:04 - 2015-04-11 21:04 - 00126976 _____ () C:\Users\Ally\AppData\Local\Temp\ocrC428.tmp\lib\ruby\1.9.1\i386-mingw32\win32ole.so
2015-04-11 21:04 - 2015-04-11 21:04 - 00087552 _____ () C:\Users\Ally\AppData\Local\Temp\ocrC428.tmp\lib\ruby\1.9.1\i386-mingw32\dl.so
2015-04-11 21:04 - 2015-04-11 21:04 - 00016384 _____ () C:\Users\Ally\AppData\Local\Temp\ocrC428.tmp\lib\ruby\1.9.1\i386-mingw32\fiddle.so
2015-04-11 21:04 - 2015-04-11 21:04 - 00127316 _____ () C:\Users\Ally\AppData\Local\Temp\ocrC428.tmp\bin\libffi-6.dll
2015-04-11 21:04 - 2015-04-11 21:04 - 00013312 _____ () C:\Users\Ally\AppData\Local\Temp\ocrC428.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\utf_16_32.so
2015-04-11 21:04 - 2015-04-11 21:04 - 00095744 _____ () C:\Users\Ally\AppData\Local\Temp\ocrC428.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\single_byte.so
2015-04-11 21:04 - 2015-04-11 21:04 - 00026624 _____ () C:\Users\Ally\AppData\Local\Temp\ocrC428.tmp\lib\ruby\gems\1.9.1\gems\win32-api-1.5.0-universal-mingw32\lib\win32\ruby19\win32\api.so
2015-03-12 02:51 - 2015-03-12 02:51 - 00815104 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\khost.dll
2015-03-12 02:51 - 2015-03-12 02:51 - 01198592 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\PocoFoundation.dll
2015-03-12 02:51 - 2015-03-12 02:51 - 00745472 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\CFLite.dll
2015-03-12 02:51 - 2015-03-12 02:51 - 00059904 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\zlib1.dll
2015-03-12 02:51 - 2015-03-12 02:51 - 01234944 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\libxml2.dll
2015-03-12 02:51 - 2015-03-12 02:51 - 00200704 _____ () C:\Program Files\pia_manager\pia_tray\modules\tiapp\1.2.0.RC6d\tiappmodule.dll
2015-03-12 02:51 - 2015-03-12 02:51 - 00290816 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\PocoUtil.dll
2015-03-12 02:51 - 2015-03-12 02:51 - 00511488 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\PocoXML.dll
2015-03-12 02:51 - 2015-03-12 02:51 - 00180224 _____ () C:\Program Files\pia_manager\pia_tray\modules\tifilesystem\1.2.0.RC6d\tifilesystemmodule.dll
2015-03-12 02:51 - 2015-03-12 02:51 - 00344064 _____ () C:\Program Files\pia_manager\pia_tray\modules\tiui\1.2.0.RC6d\tiuimodule.dll
2015-03-12 02:51 - 2015-03-12 02:51 - 00368640 _____ () C:\Program Files\pia_manager\pia_tray\modules\tinetwork\1.2.0.RC6d\tinetworkmodule.dll
2015-03-12 02:51 - 2015-03-12 02:51 - 00642048 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\PocoNet.dll
2015-03-12 02:51 - 2015-03-12 02:51 - 00217088 _____ () C:\Program Files\pia_manager\pia_tray\modules\tiprocess\1.2.0.RC6d\tiprocessmodule.dll
2015-04-11 22:26 - 2015-03-27 10:12 - 00065696 _____ () C:\Program Files (x86)\Elex-tech\YAC\zlib1.dll
2015-04-11 22:26 - 2015-03-11 13:59 - 00176976 _____ () C:\Program Files (x86)\Elex-tech\YAC\tws\unrar.dll
2015-04-11 22:26 - 2015-03-11 13:59 - 00087744 _____ () C:\Program Files (x86)\Elex-tech\YAC\tws\unacev2.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
 
==================== EXE Association (whitelisted) ===============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-52834813-3660881880-2756664971-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Ally\AppData\Local\Temp\\wcwallpaper.bmp
DNS Servers: 194.168.4.100 - 194.168.8.100
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\Services: !SASCORE => 2
MSCONFIG\Services: AESTFilters => 2
MSCONFIG\Services: cphs => 3
MSCONFIG\Services: dcpsysmgrsvc => 2
MSCONFIG\Services: ICCS => 3
MSCONFIG\Services: LMS => 2
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: O2FLASH => 2
MSCONFIG\Services: O2SDIOAssist => 2
MSCONFIG\Services: UNS => 2
MSCONFIG\Services: wltrysvc => 2
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-52834813-3660881880-2756664971-500 - Administrator - Disabled)
Ally (S-1-5-21-52834813-3660881880-2756664971-1000 - Administrator - Enabled) => C:\Users\Ally
Guest (S-1-5-21-52834813-3660881880-2756664971-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-52834813-3660881880-2756664971-1002 - Limited - Enabled)
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (04/11/2015 09:05:28 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (04/11/2015 09:28:50 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (04/11/2015 06:06:41 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (04/11/2015 04:11:07 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (04/11/2015 01:43:32 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: vlc.exe, version: 2.2.0.0, time stamp: 0x00000004
Faulting module name: libqt4_plugin.dll, version: 2.2.0.0, time stamp: 0x00020002
Exception code: 0x40000015
Fault offset: 0x008f20e8
Faulting process id: 0x570
Faulting application start time: 0xvlc.exe0
Faulting application path: vlc.exe1
Faulting module path: vlc.exe2
Report Id: vlc.exe3
 
Error: (04/11/2015 01:42:34 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: vlc.exe, version: 2.2.0.0, time stamp: 0x00000004
Faulting module name: libqt4_plugin.dll, version: 2.2.0.0, time stamp: 0x00020002
Exception code: 0x40000015
Fault offset: 0x008f20e8
Faulting process id: 0x4e0
Faulting application start time: 0xvlc.exe0
Faulting application path: vlc.exe1
Faulting module path: vlc.exe2
Report Id: vlc.exe3
 
Error: (04/11/2015 01:41:09 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: vlc.exe, version: 2.2.0.0, time stamp: 0x00000004
Faulting module name: libqt4_plugin.dll, version: 2.2.0.0, time stamp: 0x00020002
Exception code: 0x40000015
Fault offset: 0x008f20e8
Faulting process id: 0x1344
Faulting application start time: 0xvlc.exe0
Faulting application path: vlc.exe1
Faulting module path: vlc.exe2
Report Id: vlc.exe3
 
Error: (04/10/2015 11:00:38 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (04/10/2015 07:59:44 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (04/10/2015 10:32:54 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 
System errors:
=============
Error: (04/10/2015 10:57:58 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}
 
Error: (04/10/2015 10:10:43 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
 
Error: (04/09/2015 03:43:51 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Dell SupportAssist Agent service failed to start due to the following error: 
%%1053
 
Error: (04/09/2015 03:43:51 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Dell SupportAssist Agent service to connect.
 
Error: (04/08/2015 11:05:58 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Dell SupportAssist Agent service failed to start due to the following error: 
%%1053
 
Error: (04/08/2015 11:05:58 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Dell SupportAssist Agent service to connect.
 
Error: (04/07/2015 06:44:59 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Dell SupportAssist Agent service failed to start due to the following error: 
%%1053
 
Error: (04/07/2015 06:44:59 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Dell SupportAssist Agent service to connect.
 
Error: (04/06/2015 11:45:20 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Dell SupportAssist Agent service failed to start due to the following error: 
%%1053
 
Error: (04/06/2015 11:45:20 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Dell SupportAssist Agent service to connect.
 
 
Microsoft Office Sessions:
=========================
Error: (04/11/2015 09:05:28 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (04/11/2015 09:28:50 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (04/11/2015 06:06:41 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (04/11/2015 04:11:07 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (04/11/2015 01:43:32 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: vlc.exe2.2.0.000000004libqt4_plugin.dll2.2.0.00002000240000015008f20e857001d073f07ddcd2adC:\Program Files (x86)\VideoLAN\VLC\vlc.exeC:\Program Files (x86)\VideoLAN\VLC\plugins\gui\libqt4_plugin.dllc6a4c268-dfe3-11e4-9fdc-90004ef07b08
 
Error: (04/11/2015 01:42:34 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: vlc.exe2.2.0.000000004libqt4_plugin.dll2.2.0.00002000240000015008f20e84e001d073f0487c8f09C:\Program Files (x86)\VideoLAN\VLC\vlc.exeC:\Program Files (x86)\VideoLAN\VLC\plugins\gui\libqt4_plugin.dlla455e88e-dfe3-11e4-9fdc-90004ef07b08
 
Error: (04/11/2015 01:41:09 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: vlc.exe2.2.0.000000004libqt4_plugin.dll2.2.0.00002000240000015008f20e8134401d073f007ca2df6C:\Program Files (x86)\VideoLAN\VLC\vlc.exeC:\Program Files (x86)\VideoLAN\VLC\plugins\gui\libqt4_plugin.dll71659c9d-dfe3-11e4-9fdc-90004ef07b08
 
Error: (04/10/2015 11:00:38 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (04/10/2015 07:59:44 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (04/10/2015 10:32:54 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 
CodeIntegrity Errors:
===================================
  Date: 2015-02-13 18:07:46.091
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-02-13 18:07:45.731
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-02-02 03:54:54.645
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-02-02 03:54:54.551
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-2520M CPU @ 2.50GHz
Percentage of memory in use: 41%
Total physical RAM: 3993.05 MB
Available physical RAM: 2334.9 MB
Total Pagefile: 7984.29 MB
Available Pagefile: 5769.89 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:232.79 GB) (Free:201.5 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 7CCA5245)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=232.8 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================
 

  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there, first could you uninstall yet another cleaner (YAC) please as it is not all it is made out to be https://blog.malware...nother-stealer/

Once done run these two fixes. On completion of the runs could you let me know if the problem is still present

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:
 

CreateRestorePoint:
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
FF user.js: detected! => C:\Users\Ally\AppData\Roaming\Mozilla\Firefox\Profiles\irp808ed.default-1422547318810\user.js [2015-01-29]
CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho [Not Found]
R1 iSafeKrnl; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnl.sys [246296 2015-03-27] (Elex do Brasil Participações Ltda)
S3 iSafeKrnlBoot; C:\Windows\System32\DRIVERS\iSafeKrnlBoot.sys [42520 2015-03-27] (Elex do Brasil Participações Ltda)
R1 iSafeKrnlKit; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlKit.sys [96792 2015-03-27] (Elex do Brasil Participações Ltda)
R1 iSafeKrnlMon; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlMon.sys [39448 2015-03-27] (Elex do Brasil Participações Ltda)
R1 iSafeKrnlR3; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlR3.sys [90648 2015-03-27] (Elex do Brasil Participações Ltda)
R1 iSafeNetFilter; C:\Windows\System32\DRIVERS\iSafeNetFilter.sys [52392 2015-03-11] (Elex do Brasil Participações Ltda)
2015-04-11 22:26 - 2015-04-11 22:26 - 00000000 ____D () C:\Users\Ally\AppData\Roaming\Elex-tech
2015-04-11 22:26 - 2015-04-11 22:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YAC
2015-04-11 22:26 - 2015-04-11 22:26 - 00000000 ____D () C:\Program Files (x86)\Elex-tech
2015-04-11 22:26 - 2015-03-27 10:17 - 00042520 _____ (Elex do Brasil Participações Ltda) C:\Windows\system32\Drivers\iSafeKrnlBoot.sys
2015-04-11 22:26 - 2015-03-11 13:59 - 00052392 _____ (Elex do Brasil Participações Ltda) C:\Windows\system32\Drivers\iSafeNetFilter.sys
2015-04-04 06:29 - 2015-04-04 06:29 - 00003150 _____ () C:\Windows\System32\Tasks\{2D32D84D-06CC-49C5-8DE5-7F41BB08A6C9}
2015-03-31 14:43 - 2015-03-31 14:43 - 00000000 __HDC () C:\ProgramData\{6AACA38B-2810-4B47-BDEC-D7A1F38B1531}
2015-02-08 21:09 - 2015-02-08 21:09 - 0000037 ___SH () C:\Users\Ally\AppData\Roaming\3383130714d37bd0a5e1c67.49796809
2015-01-28 20:35 - 2015-04-04 21:19 - 0099384 _____ () C:\Users\Ally\AppData\Roaming\inst.exe
Task: {F3E426BC-9448-4D03-996D-341808FFAF89} - System32\Tasks\{2D32D84D-06CC-49C5-8DE5-7F41BB08A6C9} => pcalua.exe -a C:\Users\Ally\Downloads\chromeinstall-8u40.exe -d C:\Users\Ally\Downloads
C:\Program Files (x86)\Elex-tech
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
RemoveProxy:
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset c:\resetlog.txt
CMD: ipconfig /release
CMD: ipconfig /renew
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
EmptyTemp:
CMD: bitsadmin /reset /allusers


Save this as fixlist.txt, in the same location as FRST.exe
FRSTfix.JPG
Run FRST and press Fix
On completion a log will be generated please post that

THEN

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S0].txt as well.

  • 0

#3
mrpooh3

mrpooh3

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 281 posts

Hi Essexboy,

I am currently making this post in safe mode with networking as my laptop has went haywire.Earler today my laptop froze and when I rebooted windows wouldn't start so it then gave me the option of running a check to repair broken files which it did,but even though windows started booting up again google chrome etc kept freezing.When I try to bring task manager or another program up it keeps freezing up aswell.I ran sfc /scannow and it said it found some files which it repaired but am still getting problems.

I can't get anything done as it keeps freezing....could my hard drive be failing? as a previous drive failed and this is currently a re-certified hd.

I will try your fix in safe mode.


  • 0

#4
mrpooh3

mrpooh3

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 281 posts

Hi Essexboy,

I ran a diagostics check at boot and got two messages,one that my battery is reaching the end of its life and a hd error :Error code 2000-01 42 Long test unssuccesfull.

I guess my HD is failing.

I don't see any point in trying to remove the malware now as I will need to buy a new HD(not a re-cert this time!)and do a fresh install.

Thanks for trying to help though and sorry for wasting your time.


  • 0

#5
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Not a problem at all, we are here to help :)
  • 0

#6
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP