Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

" Validate copy of WinPc License " Malware


  • This topic is locked This topic is locked
11 replies to this topic

#1 Pestyone

Pestyone

  • Members
  • 315 posts
  • OFFLINE
  •  
  • Local time:06:44 PM

Posted 06 February 2016 - 07:35 PM

Ok getting some wicked malware on my other top that FRST 64 / ADW / MWB and super anti can t find and remove ; the infected

computer is a Dell inspiron 15 3000 with windows 8.1  .

 

 

Guessing this won t be fun but need it fixed so what now; guessing i save reports / logs to a snap drive then post to here .

 

 

" Validate copy of WinPC license - 1 - 800-311-5943 -  trojan Zeus Banker "

 

Thats what i am getting i hope this rings bells and gets me a fast fix - fingers crossed awaiting help .



BC AdBot (Login to Remove)

 


#2 Pestyone

Pestyone
  • Topic Starter

  • Members
  • 315 posts
  • OFFLINE
  •  
  • Local time:06:44 PM

Posted 06 February 2016 - 08:24 PM

Dang it the dell computer is shutting down every 15 minutes because of the above malware wear i am using advanced power power settings and all is set to never shut

down so what now ?



#3 Pestyone

Pestyone
  • Topic Starter

  • Members
  • 315 posts
  • OFFLINE
  •  
  • Local time:06:44 PM

Posted 06 February 2016 - 08:52 PM

Ok hope this helps maybe get me a fix - it log to use ; nothing found using A D W -   so awaiting help its so needed  -  -

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:27-01-2016

Ran by Pestyone (administrator) on LOSTSOUL (06-02-2016 18:16:37)
Running from C:\Users\Pestyone\Desktop
Loaded Profiles: Pestyone & Administrator (Available Profiles: Pestyone & Administrator)
Platform: Windows 8.1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Emsisoft Ltd) C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(DELL Inc.) C:\Program Files (x86)\Wyse\PocketCloud\WyseRemoteAccess.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8497368 2015-08-07] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1393880 2015-08-07] (Realtek Semiconductor)
HKLM-x32\...\Run: [ProductUpdater] => C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe [64512 2015-08-24] ()
HKU\S-1-5-21-3116091646-4023644724-1358722376-1001\...\Run: [DV] => C:\ProgramData\DataFile\DV.exe [283648 2015-09-13] ()
HKU\S-1-5-21-3116091646-4023644724-1358722376-1001\...\RunOnce: [Report] => C:\AdwCleaner\AdwCleaner[C2].txt [733 2016-02-06] ()
HKU\S-1-5-21-3116091646-4023644724-1358722376-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-3116091646-4023644724-1358722376-1001\...\Winlogon: [Shell] C:\WINDOWS\explorer.exe [2501368 2015-01-27] (Microsoft Corporation) <==== ATTENTION
HKU\S-1-5-18\...\Run: [] => 0
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
ShellIconOverlayIdentifiers: [DBARFileBackuped] -> {831cebdd-6baf-4432-be76-9e0989c14aef} => C:\WINDOWS\system32\mscoree.dll [2013-08-22] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [DBARFileNotBackuped] -> {275e4fd7-21ef-45cf-a836-832e5d2cc1b3} => C:\WINDOWS\system32\mscoree.dll [2013-08-22] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2015-06-27] (IvoSoft)
ShellIconOverlayIdentifiers: [SmartFTP Drop] -> {EA5A76F7-8138-4B53-B0F5-ADCC730CAFBD} => C:\Program Files\SmartFTP Client\ShellTools.dll [2015-03-11] (SmartSoft Ltd.)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll [2015-06-27] (IvoSoft)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 10.240.205.161
Tcpip\..\Interfaces\{30ED7B6C-DD1A-4529-BC73-BF10F70C4313}: [DhcpNameServer] 167.206.245.135 167.206.245.136
Tcpip\..\Interfaces\{8F1F049A-A9E3-4A2C-9BB8-59F001EE17A4}: [DhcpNameServer] 10.240.205.161

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/search?q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/search?q={searchTerms}
HKU\S-1-5-21-3116091646-4023644724-1358722376-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yahoo.com/
HKU\S-1-5-21-3116091646-4023644724-1358722376-1001\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://g.msn.com/1me10IE11ENUS/WOL_WCP
HKU\S-1-5-21-3116091646-4023644724-1358722376-500\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yahoo.com/
HKU\S-1-5-21-3116091646-4023644724-1358722376-500\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell13.msn.com/?pc=DCJB
HKU\S-1-5-21-3116091646-4023644724-1358722376-500\Software\Microsoft\Internet Explorer\Main,Old Start Page = hxxp://www.yahoo.com/
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {F69915E7-A958-4034-8B85-CCBAF32BCDFC} URL = hxxp://cn.bing.com/search?q={searchTerms}&form=IE11TR&src=IE11TR&pc=DCJB
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3116091646-4023644724-1358722376-1001 -> {25F4A535-FB3B-4FDD-B54F-51BAA6EEDCCB} URL = hxxps://search.yahoo.com/search?p={searchTerms}&b={startPage?}&fr=ie8
SearchScopes: HKU\S-1-5-21-3116091646-4023644724-1358722376-1001 -> {F69915E7-A958-4034-8B85-CCBAF32BCDFC} URL =
SearchScopes: HKU\S-1-5-21-3116091646-4023644724-1358722376-500 -> {F69915E7-A958-4034-8B85-CCBAF32BCDFC} URL = hxxp://cn.bing.com/search?q={searchTerms}&form=IE11TR&src=IE11TR&pc=DCJB
Toolbar: HKU\S-1-5-21-3116091646-4023644724-1358722376-1001 -> No Name - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} -  No File
Toolbar: HKU\S-1-5-21-3116091646-4023644724-1358722376-500 -> No Name - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} -  No File
DPF: HKLM {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: HKLM-x32 {6C269571-C6D7-4818-BCA4-32A035E8C884} hxxp://files.creative.com/Web/softwareupdate/su/ocx/15102/CTSUEng.cab
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://files.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://files.creative.com/Web/softwareupdate/ocx/150323/CTPID.cab

FireFox:
========
FF ProfilePath: C:\Users\Pestyone\AppData\Roaming\Mozilla\Firefox\Profiles\1527jakz.default
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_18_0_0_232.dll [2015-08-31] ()
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @adobe.com/AuthorwarePlayer -> C:\WINDOWS\system32\Macromed\AUTHORWA\np32asw.dll [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-08-31] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\system32\Adobe\Director\np32dsw_1210150.dll [No File]
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-20] (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-12-10] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-12-10] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-08-31] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-08-31] (Oracle Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll [2012-05-25] (Yahoo! Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-06] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-06] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3116091646-4023644724-1358722376-1001: @citrixonline.com/appdetectorplugin -> C:\Users\Pestyone\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-03-30] (Citrix Online)
FF Extension: Avira Browser Safety - C:\Users\Pestyone\AppData\Roaming\Mozilla\Firefox\Profiles\1527jakz.default\Extensions\abs@avira.com [2015-09-13] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [WSVCU@Wondershare.com] - C:\ProgramData\Wondershare\Video Converter Ultimate\WSVCU@Wondershare.com
FF Extension: Wondershare Video Converter Ultimate - C:\ProgramData\Wondershare\Video Converter Ultimate\WSVCU@Wondershare.com [2015-05-17] [not signed]

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\Pestyone\AppData\Local\Google\Chrome\User Data\Default
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
R2 a2AntiMalware; C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe [7084784 2016-02-06] (Emsisoft Ltd)
S2 AtherosSvc; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [318592 2014-01-08] (Windows ® Win 7 DDK provider) [File not signed]
S2 DellDataVault; C:\Program Files\Dell\DellDataVault\DellDataVault.exe [2573520 2015-05-22] (Dell Inc.)
S2 DellDataVaultWiz; C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe [201936 2015-05-22] (Dell Inc.)
S3 DellProdRegManager; C:\Program Files (x86)\Dell Product Registration\regmgrsvc.exe [278568 2014-10-31] (Aviata, Inc.)
S2 FoxitCloudUpdateService; C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [242880 2015-07-02] (Foxit Software Inc.)
S2 FreemakeVideoCapture; C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe [9216 2015-08-24] (Ellora Assets Corp.) [File not signed]
S2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [25800 2015-09-28] (Hewlett-Packard Company)
S2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [318568 2014-09-30] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel® Corporation)
S2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-12-10] (Intel Corporation)
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2909472 2015-07-30] (IObit)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [294616 2015-07-20] (Realtek Semiconductor)
S2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe [1915920 2014-04-04] (SoftThinks SAS)
S2 SupportAssistAgent; C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [20648 2015-06-11] (Dell Inc.)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5611280 2015-08-07] (TeamViewer GmbH)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-03] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-03] (Microsoft Corporation)
S2 WysePocketCloud; C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudService.exe [16176 2013-08-22] ()
R2 WyseRemoteAccess; C:\Program Files (x86)\Wyse\PocketCloud\WyseRemoteAccess.exe [1785344 2013-08-19] (DELL Inc.) [File not signed]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 anvsnddrv; C:\Windows\system32\drivers\anvsnddrv.sys [33872 2011-11-28] (AnvSoft Inc.)
R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [4221952 2015-08-24] (Qualcomm Atheros Communications, Inc.)
R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2014-01-08] (Qualcomm Atheros)
R3 DDDriver; C:\Windows\system32\drivers\DDDriver64Dcsa.sys [23760 2015-02-26] (Dell Computer Corporation)
R3 DellProf; C:\Windows\system32\drivers\DellProf.sys [24240 2015-05-22] (Dell Computer Corporation)
R3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [10752 2013-01-24] (OSR Open Systems Resources, Inc.)
S3 DigiartyVirtualCDBus; C:\Windows\System32\drivers\DigiartyVirtualCDBus.sys [276256 2015-07-24] (Digiarty Software, Inc.)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R1 epp64; C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\epp64.sys [138504 2016-02-06] (Emsisoft GmbH)
R1 HWiNFO32; C:\WINDOWS\SysWOW64\drivers\HWiNFO64A.SYS [26528 2015-02-21] (REALiX™)
R3 iaLPSS_GPIO; C:\Windows\System32\drivers\iaLPSS_GPIO.sys [35832 2015-06-29] (Intel Corporation)
R3 iaLPSS_I2C; C:\Windows\System32\drivers\iaLPSS_I2C.sys [120312 2015-06-29] (Intel Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [113880 2015-09-13] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-06-18] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\System32\drivers\TeeDriverx64.sys [129312 2015-02-25] (Intel Corporation)
R2 npf; C:\Windows\System32\drivers\npf.sys [35344 2011-02-11] (CACE Technologies, Inc.)
S3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [50320 2015-01-29] (Panda Security, S.L.)
U5 RTSPER; C:\Windows\System32\Drivers\RTSPER.sys [788696 2014-12-23] (Realsil Semiconductor Corporation)
R3 RTSUER; C:\Windows\system32\Drivers\RtsUer.sys [402136 2015-08-05] (Realsil Semiconductor Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [33448 2015-07-13] (Synaptics Incorporated)
R3 SynRMIHID; C:\Windows\system32\DRIVERS\SynRMIHID.sys [41200 2014-01-15] (Synaptics Incorporated)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-04-26] ()
S3 trufos; C:\Windows\System32\drivers\trufos.sys [350160 2015-04-09] (BitDefender S.R.L.)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44024 2015-02-03] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [264000 2015-02-03] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-03] (Microsoft Corporation)
S3 WiseHDInfo; C:\WINDOWS\WiseHDInfo64.dll [11304 2015-04-14] (wisecleaner.com) [File not signed]
S1 BAPIDRV; system32\DRIVERS\BAPIDRV64.sys [X]
S3 CLVirtualBus01; \SystemRoot\System32\drivers\CLVirtualBus01.sys [X]
S3 CtClsFlt; \SystemRoot\system32\DRIVERS\CtClsFlt.sys [X]
S3 PCDSRVC{3B54B31B-D06B6431-06020200}_0; \??\c:\program files\dell\supportassist\pcdsrvc_x64.pkms [X]
S1 ZAM; \??\C:\WINDOWS\System32\drivers\zam64.sys [X]
S1 ZAM_Guard; \??\C:\WINDOWS\System32\drivers\zamguard64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-02-06 18:16 - 2016-02-06 18:17 - 00019092 _____ C:\Users\Pestyone\Desktop\FRST.txt
2016-02-06 18:13 - 2016-02-06 18:13 - 01508352 _____ C:\Users\Pestyone\Desktop\AdwCleaner.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-02-06 18:16 - 2015-09-13 10:55 - 00000000 ____D C:\Program Files (x86)\Emsisoft Anti-Malware
2016-02-06 18:16 - 2015-06-22 07:37 - 00000000 ____D C:\Users\Pestyone\Desktop\FRST-OlderVersion
2016-02-06 18:16 - 2015-06-06 04:06 - 00000000 ____D C:\AdwCleaner
2016-02-06 18:16 - 2015-04-24 13:31 - 00000000 ____D C:\FRST
2016-02-06 18:16 - 2015-04-24 11:34 - 02370560 _____ (Farbar) C:\Users\Pestyone\Desktop\FRST64.exe
2016-02-06 18:14 - 2015-08-03 12:26 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-02-06 18:14 - 2015-04-20 09:43 - 00003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3116091646-4023644724-1358722376-1001
2016-02-06 18:14 - 2014-03-18 04:53 - 00863592 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-02-06 18:14 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\Inf
2016-02-06 18:13 - 2015-09-11 18:12 - 00000000 ____D C:\Users\Pestyone\AppData\Roaming\SlimBrowser
2016-02-06 18:12 - 2014-09-16 07:44 - 00000000 ____D C:\Program Files (x86)\Dell Backup and Recovery
2016-02-06 18:11 - 2015-02-25 15:20 - 00000000 ____D C:\ProgramData\Ultra Adware Killer
2016-02-06 18:10 - 2015-08-24 13:23 - 00002880 _____ C:\WINDOWS\System32\Tasks\Driver Booster SkipUAC (Pestyone)
2016-02-06 18:10 - 2015-08-20 00:39 - 00000920 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-02-06 18:10 - 2015-07-17 13:19 - 00000000 ____D C:\Users\Pestyone\AppData\Local\ClassicShell
2016-02-06 18:08 - 2013-08-22 09:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-02-06 18:07 - 2013-08-22 08:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2016-02-06 18:06 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-02-06 17:59 - 2014-11-28 14:28 - 00000000 ____D C:\Users\Pestyone\AppData\Local\Packages
2016-02-06 17:59 - 2013-08-22 10:36 - 00000000 ___HD C:\Program Files\WindowsApps
2016-02-06 17:45 - 2015-04-21 00:55 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2016-02-06 17:42 - 2015-08-20 00:39 - 00000924 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-02-06 17:38 - 2014-09-16 07:47 - 00000000 ____D C:\Program Files (x86)\Dell
2016-02-06 17:37 - 2015-08-20 00:39 - 00003896 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2016-02-06 17:37 - 2015-08-20 00:39 - 00003660 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2016-02-06 17:34 - 2015-08-24 13:23 - 00002166 _____ C:\Users\Public\Desktop\Driver Booster 2.lnk
2016-02-06 17:30 - 2015-08-24 13:23 - 00000000 ____D C:\ProgramData\ProductData

==================== Files in the root of some directories =======

2015-04-16 11:48 - 2015-08-03 05:03 - 0000629 _____ () C:\Users\Pestyone\AppData\Roaming\burnaware.ini
2015-06-25 04:06 - 2015-06-25 04:06 - 0068890 _____ () C:\Users\Pestyone\AppData\Roaming\ClassicFTP.dmp
2015-03-16 06:38 - 2015-06-22 03:42 - 0099384 _____ () C:\Users\Pestyone\AppData\Roaming\inst.exe
2015-03-16 06:38 - 2015-06-22 03:42 - 0007859 _____ () C:\Users\Pestyone\AppData\Roaming\pcouffin.cat
2015-03-16 06:38 - 2015-06-22 03:42 - 0001167 _____ () C:\Users\Pestyone\AppData\Roaming\pcouffin.inf
2015-04-17 14:07 - 2015-06-22 03:42 - 0000055 _____ () C:\Users\Pestyone\AppData\Roaming\pcouffin.log
2015-03-16 06:38 - 2015-06-22 03:42 - 0082816 _____ (VSO Software) C:\Users\Pestyone\AppData\Roaming\pcouffin.sys
2015-04-14 00:01 - 2015-04-14 01:15 - 0558080 _____ () C:\Users\Pestyone\AppData\Roaming\SharedSettings.ccs
2015-03-16 06:39 - 2015-09-11 22:36 - 0001059 _____ () C:\Users\Pestyone\AppData\Roaming\vso_ts_preview.xml
2015-04-13 17:39 - 2015-04-13 18:05 - 0000600 _____ () C:\Users\Pestyone\AppData\Roaming\winscp.rnd
2015-07-23 19:26 - 2015-07-23 19:28 - 0004608 _____ () C:\Users\Pestyone\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-04-28 08:52 - 2015-05-02 01:44 - 0000046 _____ () C:\Users\Pestyone\AppData\Local\DonationCoder_findrunrobot_InstallInfo.dat
2015-09-13 08:44 - 2015-09-13 08:44 - 0613255 _____ (CMI Limited) C:\Users\Pestyone\AppData\Local\nsy2C3D.tmp
2015-03-08 13:50 - 2015-03-08 13:50 - 0000414 _____ () C:\Users\Pestyone\AppData\Local\Temp-log.txt
2015-03-08 13:50 - 2015-03-08 13:50 - 0000000 _____ () C:\Users\Pestyone\AppData\Local\Temp.dat
2014-09-16 07:10 - 2014-09-16 07:10 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2015-07-23 19:19 - 2015-07-23 19:19 - 0000001 _____ () C:\ProgramData\SRTCTUacSts.txt
2015-03-05 03:34 - 2015-03-05 03:34 - 0000032 _____ () C:\ProgramData\Temp.log
2015-07-23 19:19 - 2015-07-23 19:19 - 1593561 ____N (                                                            ) C:\ProgramData\TR.exe
2014-09-16 07:32 - 2014-09-16 07:32 - 0000121 _____ () C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log
2014-09-16 07:28 - 2014-09-16 07:29 - 0000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log
2014-09-16 07:29 - 2014-09-16 07:30 - 0000111 _____ () C:\ProgramData\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}.log
2014-09-16 07:30 - 2014-09-16 07:32 - 0000108 _____ () C:\ProgramData\{B46BEA36-0B71-4A4E-AE41-87241643FA0A}.log
2014-09-16 07:27 - 2014-09-16 07:28 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log

Files to move or delete:
====================
C:\ProgramData\TR.exe

Some files in TEMP:
====================
C:\Users\Pestyone\AppData\Local\Temp\ads1F47.exe
C:\Users\Pestyone\AppData\Local\Temp\avgnt.exe
C:\Users\Pestyone\AppData\Local\Temp\beecbefhca.exe
C:\Users\Pestyone\AppData\Local\Temp\Uninstall.exe
C:\Users\Pestyone\AppData\Local\Temp\UninstallModule.exe

Some zero byte size files/folders:
==========================
C:\Windows\logo1_.exe
C:\Windows\logo_1.exe
C:\Windows\RUNDL132.EXE
C:\Windows\rundll16.exe
C:\Windows\VDLL.DLL
C:\Windows\SysWOW64\mfc45.dll
C:\Windows\SysWOW64\runouce.exe

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-09-06 05:27

==================== End of FRST.txt ============================

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:27-01-2016
Ran by Pestyone (2016-02-06 18:17:45)
Running from C:\Users\Pestyone\Desktop
Windows 8.1 (X64) (2015-02-22 02:24:59)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-3116091646-4023644724-1358722376-500 - Administrator - Disabled) => C:\Users\Administrator
Guest (S-1-5-21-3116091646-4023644724-1358722376-501 - Limited - Disabled)
Pestyone (S-1-5-21-3116091646-4023644724-1358722376-1001 - Administrator - Enabled) => C:\Users\Pestyone

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 12 ActiveX & Plugin 64-bit (HKLM\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.12) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.12 - Adobe Systems Incorporated)
Adobe Shockwave Player + Authorware Web Player (HKLM-x32\...\Adobe Shockwave Player + Authorware Web Player) (Version: v12.1.0.150 - Adobe Systems, Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Ashampoo Burning Studio 2015 v.1.15.3 (HKLM-x32\...\{91B33C97-21E3-DF34-9630-2EE80DDE1648}_is1) (Version: 1.15.3 - Ashampoo GmbH & Co. KG)
Bandizip (HKLM\...\Bandizip) (Version: 5.06 - Bandisoft.com)
calibre (HKLM-x32\...\{7C1B7566-C44C-4436-B08D-636337C7C665}) (Version: 2.19.0 - Kovid Goyal)
CCleaner (HKLM\...\CCleaner) (Version: 5.02 - Piriform)
Classic Shell (HKLM\...\{7C129CF8-199F-4269-AAEE-60B5D8D716E2}) (Version: 4.2.1 - IvoSoft)
ConvertXtoDVD 4.1.10.348 (HKLM-x32\...\{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1) (Version: 4.1.10.348 - )
Crap Cleaner (HKLM-x32\...\Crap Cleaner_is1) (Version: 2.0 - Evonsoft)
Dell Backup and Recovery - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 1.7.1.2 - Dell Inc.)
Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.7.1.2 - Dell Inc.)
Dell Data Vault (Version: 4.3.4.0 - Dell Inc.) Hidden
Dell Digital Delivery (HKLM-x32\...\{693A23FB-F28B-4F7A-A720-4C1263F97F43}) (Version: 3.1.1002.0 - Dell Products, LP)
Dell Product Registration (HKLM-x32\...\{24F2AD94-CC1B-4294-B184-D4D31A3186A7}) (Version: 2.42.0012 - Aviata Inc.)
Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.1.6664.10 - Dell)
Dell SupportAssistAgent (HKLM-x32\...\{287348C8-8B47-4C36-AF28-441A3B7D8722}) (Version: 1.1.0.47 - Dell)
Dell System Detect (HKU\S-1-5-21-3116091646-4023644724-1358722376-500\...\73f463568823ebbe) (Version: 6.0.0.18 - Dell)
Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 18.0.7.1 - Synaptics Incorporated)
Dell Update (HKLM-x32\...\{9E4750A7-90F6-4181-8A8A-B1ADF4216E93}) (Version: 1.0.1059.0 - Dell Inc.)
Dell WLAN and Bluetooth Client Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Dell Inc.)
Driver Booster 2.4 (HKLM-x32\...\Driver Booster_is1) (Version: 2.4 - IObit)
EasyDuplicateFinder v4.8 (HKLM\...\Easy Duplicate Finder 4_is1) (Version:  - WebMinds, Inc.)
Emsisoft Anti-Malware (HKLM-x32\...\{5502032C-88C1-4303-99FE-B5CBD7684CEA}_is1) (Version: 10.0 - Emsisoft Ltd.)
FileSearchy (HKLM-x32\...\FileSearchy) (Version: 1.4 - Midlinesoft)
FileZilla Client 3.11.0.2 (HKLM-x32\...\FileZilla Client) (Version: 3.11.0.2 - Tim Kosse)
FlashPeak SlimBrowser (HKLM-x32\...\SlimBrowser) (Version: 7.00.124 - FlashPeak Inc.)
Foxit Cloud (HKLM-x32\...\{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1) (Version: 3.6.122.702 - Foxit Software Inc.)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 7.2.0.722 - Foxit Software Inc.)
Freemake Video Converter version 4.1.6 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.1.6 - Ellora Assets Corporation)
Freemake Video Downloader (HKLM-x32\...\Freemake Video Downloader_is1) (Version: 3.7.5 - Ellora Assets Corporation)
Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
HP Support Solutions Framework (HKLM-x32\...\{A772EA32-AE5B-4474-BFC0-4C69C04AFF6A}) (Version: 12.0.30.219 - Hewlett-Packard Company)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.23.1766 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3945 - Intel Corporation)
Itibiti RTC (x32 Version: 0.0.1 - Itibiti Inc) Hidden
Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
Java 8 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218051F0}) (Version: 8.0.510 - Oracle Corporation)
Java 8 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218060F0}) (Version: 8.0.600.27 - Oracle Corporation)
LibreOffice 4.2.5.2 (HKLM-x32\...\{8D8F47B2-0E03-4C50-9803-A01120878F96}) (Version: 4.2.5.2 - The Document Foundation)
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Panda Cloud Cleaner (HKLM-x32\...\{92B2B132-C7F0-43DC-921A-4493C04F78A4}_is1) (Version: 1.1.2 - Panda Security)
PocketCloud (HKLM-x32\...\{D9752C7D-A595-4687-A0D5-362E9C311C55}) (Version: 2.7.14 - Wyse Technology)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.314 - Qualcomm Atheros Communications)
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 11.1.18 - Dell Inc.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.370.71 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7553 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
SmartFTP Client (HKLM\...\{D67A4A07-FF25-4570-8E56-14B596BF6071}) (Version: 6.0.2136.0 - SmartSoft Ltd.)
Speccy (HKLM\...\Speccy) (Version: 1.28 - Piriform)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1186 - SUPERAntiSpyware.com)
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.45862 - TeamViewer)
TeamViewer 8 (HKLM-x32\...\TeamViewer 8) (Version: 8.0.17292 - TeamViewer)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VSO Media Player 1.4.12.503 (HKLM-x32\...\{59F1E8E6-60EC-4CC1-8C72-E0F38E585215}_is1) (Version: 1.4.12.503 - VSO Software)
Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)
Yahoo! Software Update (HKLM-x32\...\Yahoo! Software Update) (Version:  - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3116091646-4023644724-1358722376-1001_Classes\CLSID\{5B69A6B4-393B-459C-8EBB-214237A9E7AC}\InprocServer32 -> C:\Program Files\Bandizip\bdzshl64.dll (Bandisoft.com)
CustomCLSID: HKU\S-1-5-21-3116091646-4023644724-1358722376-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {00E7886E-3CF6-4B6F-BC35-210C2D7FC61F} - System32\Tasks\{6B955214-4325-4252-ADCA-90CDA5DD1B2B} => pcalua.exe -a F:\autorun\installer.exe
Task: {138011FA-7813-4F19-A1C4-6CA49D7E2EF5} - System32\Tasks\Dell\Dell Product Registration Update => /updatecheck /LSRC=autolaunch
Task: {1C3D1F66-5C08-455E-A8E7-834907A2C7AE} - \PocketCloud -> No File <==== ATTENTION
Task: {2A09FA8F-5916-4F85-AE65-9362BF60FEB2} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell\SupportAssist\uaclauncher.exe [2015-05-25] (PC-Doctor, Inc.)
Task: {311BCA98-355D-452B-8456-4867CC7E0419} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {474B2C2E-8E31-464F-8E31-97575EC9B1E2} - System32\Tasks\RtHDVBg_PushButton => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2015-08-07] (Realtek Semiconductor)
Task: {4A87B82D-9A3C-4A11-A5DC-7F756F4C4559} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Dell\SupportAssist\sessionchecker.exe [2015-05-25] (PC-Doctor, Inc.)
Task: {4C200A31-F510-44D1-BC08-FF9C03335AA0} - System32\Tasks\{8FA83659-6752-4F85-B29D-A9F43A11AB55} => pcalua.exe -a "C:\Program Files (x86)\epson\escndv\setup\setup.exe" -c /r
Task: {52EC1006-C2C2-485C-AB31-F31100546F0C} - System32\Tasks\Driver Booster SkipUAC (Pestyone) => C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe [2015-07-06] (IObit)
Task: {57B6690B-1CA5-46E0-8360-2403DE0E6352} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2015-06-24] (Hewlett-Packard)
Task: {5AC61936-26F1-4454-89B2-556A4829114D} - System32\Tasks\FileSearchy_SkipUAC => C:\Program Files (x86)\FileSearchy\FileSearchy.exe [2015-05-14] ()
Task: {5BC891EE-13A1-4062-8EC7-58BC788C1AEB} - System32\Tasks\{7C1582DD-876F-4BB2-ABFF-C478DA16A747} => pcalua.exe -a "C:\Program Files (x86)\Polarity\Uninstall.exe"
Task: {6E7CDC42-235B-43E9-BA58-FAA0EC2E72E7} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-20] (Google Inc.)
Task: {78E27F11-458D-414E-9898-9E5A03209F10} - \PocketCloudVirtualChannel -> No File <==== ATTENTION
Task: {7EE03077-5BF5-49A8-BBCE-2D3CB308FA6F} - \CCleanerSkipUAC -> No File <==== ATTENTION
Task: {80CF96AF-1D6A-45B1-90F4-C23F68DDAF41} - System32\Tasks\WiseCleaner\WRCSkipUAC => C:\Users\Pestyone\AppData\Local\Temp\BNZ.55b50473d252fcb\Wise Registry Cleaner\WiseRegCleaner.exe <==== ATTENTION
Task: {86FD647A-90DF-4726-BF4F-3495845EE8F7} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)
Task: {AFAAAD36-9CC0-4E36-9DD3-057609E5418C} - \{C435504B-6E4E-4435-9713-449BE5CF008C} -> No File <==== ATTENTION
Task: {BA02C09E-B774-42A9-8121-64C5E2A02324} - \PocketCloudUpdater -> No File <==== ATTENTION
Task: {BA48FCCD-F364-42BF-B684-E7B4DCC4D3D1} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= auto
Task: {BE86D0C0-39A6-4916-8BF3-B555880D7B60} - System32\Tasks\Driver Booster Scan => C:\Program Files (x86)\IObit\Driver Booster\Scheduler.exe [2015-07-06] (IObit)
Task: {C3B38D13-B8C0-4A74-B541-152DD7B2B743} - System32\Tasks\Driver Booster Update => C:\Program Files (x86)\IObit\Driver Booster\AutoUpdate.exe [2015-07-06] (IObit)
Task: {C4CDF127-75BC-4E8F-86C8-CD4B2A14DC88} - \Synaptics TouchPad Enhancements -> No File <==== ATTENTION
Task: {DD446C02-BCE4-4A79-9F1D-BA5BA667EFCC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-20] (Google Inc.)
Task: {EA43288E-586C-439F-A0A4-7F08F664A8B6} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-08-31] (Adobe Systems Incorporated)
Task: {EDC055E7-9D40-45D5-B474-1EE9DC3BEC5C} - System32\Tasks\D59B9D36-C4CA-4860-9981-78DF8DA9E2FE => C:\Users\Pestyone\AppData\Local\D59B9D36-C4CA-4860-9981-78DF8DA9E2FE\D59B9D36-C4CA-4860-9981-78DF8DA9E2FE.exe <==== ATTENTION
Task: {F6CCB01F-C216-49C0-9A48-45C6B6FCBF56} - System32\Tasks\Dell\Dell Product Registration => /boot /LSRC=autolaunch
Task: {FD38E186-21BC-4B98-B124-E191DBDFE3E4} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssist.exe [2015-06-11] (Dell Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2014-09-16 07:46 - 2014-03-12 14:22 - 00020256 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIcon.dll
2014-09-16 07:46 - 2014-03-12 14:22 - 00019232 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayNotBackuped.dll
2014-09-16 07:32 - 2013-12-10 10:27 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Click 2 Fix+ => "DisplayName"="Dell"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Click 2 Fix+ => "ErrorControl"="1"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Click 2 Fix+ => "ImagePath"="C:\Program Files\Dell\Click 2 Fix+\srvc.exe"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Click 2 Fix+ => "ObjectName"="LocalSystem"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Click 2 Fix+ => "Start"="2"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Click 2 Fix+ => "Type"="272"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Click 2 Fix+\Parameters => "Application"="C:\Program Files\Dell\Click 2 Fix+\srvc.exe"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Click 2 Fix+\Parameters => "AppParameters"=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\str => ""="service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-3116091646-4023644724-1358722376-1001\...\dell.com -> dell.com
IE trusted site: HKU\S-1-5-21-3116091646-4023644724-1358722376-1001\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-3116091646-4023644724-1358722376-1001\...\webcompanion.com -> hxxp://webcompanion.com
IE restricted site: HKU\S-1-5-21-3116091646-4023644724-1358722376-1001\...\errorhelp.info -> hxxp://www.errorhelp.info
IE restricted site: HKU\S-1-5-21-3116091646-4023644724-1358722376-1001\...\securitytech.help -> hxxp://notice.securitytech.help
IE restricted site: HKU\S-1-5-21-3116091646-4023644724-1358722376-1001\...\show-tips.com -> hxxp://show-tips.com
IE trusted site: HKU\S-1-5-21-3116091646-4023644724-1358722376-500\...\dell.com -> dell.com
IE restricted site: HKU\S-1-5-21-3116091646-4023644724-1358722376-500\...\errorhelp.info -> hxxp://www.errorhelp.info
IE restricted site: HKU\S-1-5-21-3116091646-4023644724-1358722376-500\...\securitytech.help -> hxxp://notice.securitytech.help
IE restricted site: HKU\S-1-5-21-3116091646-4023644724-1358722376-500\...\show-tips.com -> hxxp://show-tips.com

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-04-12 15:54 - 2015-06-17 11:06 - 00000732 ____N C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1       localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3116091646-4023644724-1358722376-1001\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\dell\BlueLava_1112000xx_inspiron_wallpaper58095_16x9_72dpi_RGB.jpg
HKU\S-1-5-21-3116091646-4023644724-1358722376-500\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
DNS Servers: 10.240.205.161
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run: => "QuickSet"
HKLM\...\StartupApproved\Run32: => "CanonQuickMenu"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "DelaypluginInstall"
HKLM\...\StartupApproved\Run32: => "Wondershare Helper Compact.exe"
HKLM\...\StartupApproved\Run32: => "IObit Malware Fighter"
HKLM\...\StartupApproved\Run32: => "ProductUpdater"
HKU\S-1-5-21-3116091646-4023644724-1358722376-1001\...\StartupApproved\Run: => "ALLUpdate"
HKU\S-1-5-21-3116091646-4023644724-1358722376-1001\...\StartupApproved\Run: => "DellSystemDetect"
HKU\S-1-5-21-3116091646-4023644724-1358722376-1001\...\StartupApproved\Run: => "GUDelayStartup"
HKU\S-1-5-21-3116091646-4023644724-1358722376-1001\...\StartupApproved\Run: => "SUPERAntiSpyware"
HKU\S-1-5-21-3116091646-4023644724-1358722376-500\...\StartupApproved\Run: => "ALLUpdate"
HKU\S-1-5-21-3116091646-4023644724-1358722376-500\...\StartupApproved\Run: => "DellSystemDetect"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{CF28D58A-D9B9-486A-A906-528CB67635A6}] => (Allow) C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudDesktopApp.exe
FirewallRules: [{97054E85-4EA3-4CB3-9650-37A810E71A04}] => (Allow) C:\Program Files (x86)\Wyse\PocketCloud\WyseRemoteAccess.exe
FirewallRules: [{04A24F6C-3028-4F3A-A42C-BFB1B7A78E70}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{F799EA34-626C-47E0-AEF9-7F6FD3E23727}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{6AD8E1D9-E99D-4DCE-BE30-246F7CBF44A8}] => (Allow) C:\Program Files\SmartFTP Client\SmartFTP.exe
FirewallRules: [TCP Query User{F253BEBB-4295-45FC-A97D-B0CC5D87EF17}C:\program files (x86)\libreoffice 4\program\soffice.bin] => (Allow) C:\program files (x86)\libreoffice 4\program\soffice.bin
FirewallRules: [UDP Query User{7E5E9CD3-1138-4603-8C56-921C85C48933}C:\program files (x86)\libreoffice 4\program\soffice.bin] => (Allow) C:\program files (x86)\libreoffice 4\program\soffice.bin
FirewallRules: [{2F671EE5-795F-419C-AF2A-39522348CE30}] => (Block) C:\program files (x86)\libreoffice 4\program\soffice.bin
FirewallRules: [{A8C0D860-660E-4860-89B9-EC512F1F538B}] => (Block) C:\program files (x86)\libreoffice 4\program\soffice.bin
FirewallRules: [TCP Query User{148A250A-840F-4C9C-B466-0803703EBFC0}C:\program files\filezilla ftp client\filezilla.exe] => (Allow) C:\program files\filezilla ftp client\filezilla.exe
FirewallRules: [UDP Query User{56A63C1E-9B14-4744-93A2-2FA59A66DC86}C:\program files\filezilla ftp client\filezilla.exe] => (Allow) C:\program files\filezilla ftp client\filezilla.exe
FirewallRules: [{84C87AA0-187C-4EFE-8C03-3D625ACC2A0E}] => (Block) C:\program files\filezilla ftp client\filezilla.exe
FirewallRules: [{F106C25F-C6EB-458B-9FD2-A39418226AAA}] => (Block) C:\program files\filezilla ftp client\filezilla.exe
FirewallRules: [{F2F41182-36B8-4037-A00E-B5268B94CBAF}] => (Block) Freemake video converter
FirewallRules: [{C9F08616-8FC3-4D8A-8659-4E7A03915C34}] => (Allow) C:\Users\Pestyone\AppData\Local\Temp\nsjE7B5.tmp\Installer-75031047.exe
FirewallRules: [{8E43C94F-7E1D-42F9-B56D-EB2900EE9A7F}] => (Allow) C:\Users\Pestyone\AppData\Local\Temp\nsjE7B5.tmp\Installer-75031047.exe
FirewallRules: [{55DD8484-8ABC-427D-900C-75117611709C}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{C42AEF59-F283-4536-B204-29C377A3D77F}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{D41ADFCB-FE73-4205-8307-C457B0B7AFC6}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{725652C2-C63B-41E4-9F19-08814485C824}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{6B4D9167-15A6-4D2F-A317-A4F5ED5D86C2}] => (Allow) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
FirewallRules: [{FEFD9FA4-B8FD-4A83-BC72-7500BDBDA4FB}] => (Allow) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
FirewallRules: [{75C690C0-EC6D-4E2C-919C-07C770F94D57}] => (Allow) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
FirewallRules: [{FC03E6F4-D463-4E61-8A6E-4F9EA0FBB4D2}] => (Allow) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe

==================== Restore Points =========================

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (02/06/2016 05:29:57 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll8

Error: (10/16/2015 11:42:17 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid.
.

Error: (10/16/2015 11:38:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SSUPDATE64.EXE, version: 1.0.0.1080, time stamp: 0x53d80800
Faulting module name: SSUPDATE64.EXE, version: 1.0.0.1080, time stamp: 0x53d80800
Exception code: 0xc0000005
Fault offset: 0x0000000000024c65
Faulting process id: 0xae4
Faulting application start time: 0xSSUPDATE64.EXE0
Faulting application path: SSUPDATE64.EXE1
Faulting module path: SSUPDATE64.EXE2
Report Id: SSUPDATE64.EXE3
Faulting package full name: SSUPDATE64.EXE4
Faulting package-relative application ID: SSUPDATE64.EXE5

Error: (10/16/2015 11:38:05 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid.
.

Error: (10/16/2015 11:37:37 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid.
.

Error: (10/16/2015 11:37:36 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid.
.

Error: (10/16/2015 11:37:35 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid.
.

Error: (10/16/2015 11:37:33 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid.
.

Error: (10/16/2015 11:37:32 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid.
.

Error: (10/16/2015 11:37:32 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid.
.

System errors:
=============
Error: (02/06/2016 06:16:17 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Dell Data Vault Wizard service terminated unexpectedly.  It has done this 1 time(s).

Error: (02/06/2016 06:16:17 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The HP Support Solutions Framework Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (02/06/2016 06:16:17 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel® Dynamic Application Loader Host Interface Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (02/06/2016 06:16:17 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The SoftThinks Agent Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (02/06/2016 06:16:17 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Wyse PocketCloud service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (02/06/2016 06:16:17 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Wyse RemoteAccess service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service.

Error: (02/06/2016 06:16:17 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The WMI Performance Adapter service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.

Error: (02/06/2016 06:16:17 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Dell Data Vault service terminated unexpectedly.  It has done this 1 time(s).

Error: (02/06/2016 06:16:17 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (02/06/2016 06:16:17 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Presentation Foundation Font Cache 3.0.0.0 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.

CodeIntegrity:
===================================
  Date: 2015-09-13 05:46:58.778
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-09-13 05:40:33.419
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-09-13 05:40:12.134
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-09-13 05:40:05.248
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-09-13 05:39:59.084
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-09-13 05:39:58.911
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-09-13 05:38:01.921
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-09-13 05:37:43.430
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-09-13 05:37:21.473
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-09-13 05:37:13.255
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: Intel® Core™ i3-4030U CPU @ 1.90GHz
Percentage of memory in use: 33%
Total physical RAM: 4000.17 MB
Available physical RAM: 2674.29 MB
Total Virtual: 4576.17 MB
Available Virtual: 2754.06 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:456.04 GB) (Free:357.1 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 6BC648E8)

Partition: GPT.

==================== End of Addition.txt ============================



#4 Pestyone

Pestyone
  • Topic Starter

  • Members
  • 315 posts
  • OFFLINE
  •  
  • Local time:06:44 PM

Posted 07 February 2016 - 01:06 AM

Yikes hope i am not the only one getting this Pop up malwear hum; tryed to restore ans reformat but it doestn t work guessing the Pop up malwear is

blocking that so what do i do ?

 

Fingers crossed somebody can help; i so need it .



#5 nasdaq

nasdaq

  • Malware Response Team
  • 40,741 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:44 PM

Posted 07 February 2016 - 02:55 PM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Remove this Droiver Booster via the Control Panel > Programs and Features.
Driver Booster 2.4 (HKLM-x32\...\Driver Booster_is1) (Version: 2.4 - IObit)
===


Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKU\S-1-5-21-3116091646-4023644724-1358722376-1001\...\Run: [DV] => C:\ProgramData\DataFile\DV.exe [283648 2015-09-13] ()
HKU\S-1-5-21-3116091646-4023644724-1358722376-1001\...\Winlogon: [Shell] C:\WINDOWS\explorer.exe [2501368 2015-01-27] (Microsoft Corporation) <==== ATTENTION
HKU\S-1-5-18\...\Run: [] => 0
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
Toolbar: HKU\S-1-5-21-3116091646-4023644724-1358722376-1001 -> No Name - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} -  No File
Toolbar: HKU\S-1-5-21-3116091646-4023644724-1358722376-500 -> No Name - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} -  No File
FF Plugin-x32: @adobe.com/AuthorwarePlayer -> C:\WINDOWS\system32\Macromed\AUTHORWA\np32asw.dll [No File]
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\system32\Adobe\Director\np32dsw_1210150.dll [No File]
S1 BAPIDRV; system32\DRIVERS\BAPIDRV64.sys [X]
S3 CLVirtualBus01; \SystemRoot\System32\drivers\CLVirtualBus01.sys [X]
S3 CtClsFlt; \SystemRoot\system32\DRIVERS\CtClsFlt.sys [X]
S3 PCDSRVC{3B54B31B-D06B6431-06020200}_0; \??\c:\program files\dell\supportassist\pcdsrvc_x64.pkms [X]
S1 ZAM; \??\C:\WINDOWS\System32\drivers\zam64.sys [X]
S1 ZAM_Guard; \??\C:\WINDOWS\System32\drivers\zamguard64.sys [X]
Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)
Task: {1C3D1F66-5C08-455E-A8E7-834907A2C7AE} - \PocketCloud -> No File <==== ATTENTION
Task: {52EC1006-C2C2-485C-AB31-F31100546F0C} - System32\Tasks\Driver Booster SkipUAC (Pestyone) => C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe [2015-07-06] (IObit)
Task: {78E27F11-458D-414E-9898-9E5A03209F10} - \PocketCloudVirtualChannel -> No File <==== ATTENTION
Task: {7EE03077-5BF5-49A8-BBCE-2D3CB308FA6F} - \CCleanerSkipUAC -> No File <==== ATTENTION
Task: {80CF96AF-1D6A-45B1-90F4-C23F68DDAF41} - System32\Tasks\WiseCleaner\WRCSkipUAC => C:\Users\Pestyone\AppData\Local\Temp\BNZ.55b50473d252fcb\Wise Registry Cleaner\WiseRegCleaner.exe <==== ATTENTION
Task: {AFAAAD36-9CC0-4E36-9DD3-057609E5418C} - \{C435504B-6E4E-4435-9713-449BE5CF008C} -> No File <==== ATTENTION
Task: {BA02C09E-B774-42A9-8121-64C5E2A02324} - \PocketCloudUpdater -> No File <==== ATTENTION
Task: {BE86D0C0-39A6-4916-8BF3-B555880D7B60} - System32\Tasks\Driver Booster Scan => C:\Program Files (x86)\IObit\Driver Booster\Scheduler.exe [2015-07-06] (IObit)
Task: {C3B38D13-B8C0-4A74-B541-152DD7B2B743} - System32\Tasks\Driver Booster Update => C:\Program Files (x86)\IObit\Driver Booster\AutoUpdate.exe [2015-07-06] (IObit)
Task: {C4CDF127-75BC-4E8F-86C8-CD4B2A14DC88} - \Synaptics TouchPad Enhancements -> No File <==== ATTENTION
Task: {EDC055E7-9D40-45D5-B474-1EE9DC3BEC5C} - System32\Tasks\D59B9D36-C4CA-4860-9981-78DF8DA9E2FE => C:\Users\Pestyone\AppData\Local\D59B9D36-C4CA-4860-9981-78DF8DA9E2FE\D59B9D36-C4CA-4860-9981-78DF8DA9E2FE.exe <==== ATTENTION
FirewallRules: [{CF28D58A-D9B9-486A-A906-528CB67635A6}] => (Allow) C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudDesktopApp.exe
FirewallRules: [{97054E85-4EA3-4CB3-9650-37A810E71A04}] => (Allow) C:\Program Files (x86)\Wyse\PocketCloud\WyseRemoteAccess.exe
FirewallRules: [{F2F41182-36B8-4037-A00E-B5268B94CBAF}] => (Block) Freemake video converter
FirewallRules: [{C9F08616-8FC3-4D8A-8659-4E7A03915C34}] => (Allow) C:\Users\Pestyone\AppData\Local\Temp\nsjE7B5.tmp\Installer-75031047.exe
FirewallRules: [{8E43C94F-7E1D-42F9-B56D-EB2900EE9A7F}] => (Allow) C:\Users\Pestyone\AppData\Local\Temp\nsjE7B5.tmp\Installer-75031047.exe
C:\Users\Pestyone\AppData\Local\Temp\ads1F47.exe
C:\Users\Pestyone\AppData\Local\Temp\avgnt.exe
C:\Users\Pestyone\AppData\Local\Temp\beecbefhca.exe
C:\Users\Pestyone\AppData\Local\Temp\Uninstall.exe
C:\Users\Pestyone\AppData\Local\Temp\UninstallModule.exe
C:\ProgramData\DataFile\DV.exe
C:\Program Files (x86)\IObit\Driver Booster
C:\Users\Pestyone\AppData\Local\Temp\BNZ.55b50473d252fcb
C:\Windows\logo1_.exe
C:\Windows\logo_1.exe
C:\Windows\RUNDL132.EXE
C:\Windows\rundll16.exe
C:\Windows\VDLL.DLL
C:\Windows\SysWOW64\mfc45.dll
C:\Windows\SysWOW64\runouce.exe

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

CHR dev: Chrome dev build detected! <======= ATTENTION

Your copy of Chrome has been compromised

Re-install Chrome

Unless you did this yourself, malware has changed your Chrome version into the Development Build. Among other things this allows malware to install any extension it wants.

Clear your Chrome cache and cookies
https://support.google.com/chromebook/answer/183083?hl=en

===

Remove Chrome using the the instructions on this page.
https://support.google.com/chrome/answer/95319?hl=en

Before you do Export your Bookmarks
Chrome will export your bookmarks as a HTML file, which you can then import into another browser.

Re-install Chrome and the Bookmarks.

If you want to save all your settings refer to this page.
Follow the instructions before removing Chrome.
http://juan2geek.com/how-to-backup-and-restore-entire-google-chrome-setting/
<<<>>>

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.

You can manually check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

Be careful not to install malware posing as Java update!
Important read this blog.
http://blog.trendmicro.com/trendlabs-security-intelligence/malware-poses-as-an-update-for-java-0-day-fix/

Quoted from the page.
"In light of the recent events surrounding Java, users must seriously consider their use of Java. Do they really need it? If yes, make sure that users follow the steps we recommended and get the security update directly from the official oracle website." at:
http://www.oracle.com/technetwork/java/javase/downloads/index.html

How to disable Java in your browsers
http://www.infoworld.com/t/web-browsers/how-disable-java-in-your-browsers-210882

If present remove the old version(s) of Java via the Controlm Panel > Propgrams and Features applet.
Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
Java 8 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218051F0}) (Version: 8.0.510 - Oracle Corporation)
Java 8 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218060F0}) (Version: 8.0.600.27 - Oracle Corporation)

Please post the logs and let me know what problem persists.

#6 Pestyone

Pestyone
  • Topic Starter

  • Members
  • 315 posts
  • OFFLINE
  •  
  • Local time:06:44 PM

Posted 07 February 2016 - 04:47 PM

Yikes why is it never easy have to get this all onto a snap drive then go from their on my other lap top the Dell since the Dell shuts down after 10 min .

 

Whats wrong with the drive booster and i do need java so why delete it ?   -   Or maybe if speedy enough i can get the fix log from the dell will try that

first then worry over more later hum  .



#7 Pestyone

Pestyone
  • Topic Starter

  • Members
  • 315 posts
  • OFFLINE
  •  
  • Local time:06:44 PM

Posted 07 February 2016 - 04:53 PM

My firewall is always off it slows me down to much so i keep it off and the burners / converters i like and gmail i use; and idea what caused the malware ? 



#8 nasdaq

nasdaq

  • Malware Response Team
  • 40,741 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:44 PM

Posted 08 February 2016 - 09:22 AM

IObit programs are not recommended. Advance System Care and others are known to cause system problems and that had stolen material from other computer security companies to use in their own program.
IOBit Steals Malwarebytes’ Intellectual Property
IOBit’s Denial of Theft Unconvincing
The program has also been seen to cause numerous system problems that tend to go away after uninstalling their software.

Go to Start > Control Panel > Add or Remove Programs from IObit.

Although not recommended the infection was not caused by this program.
Leave it alone for now.
==

If you need the old versions of Java then keep them.

Other wise follow my instructions and get the Latest version.
Do it after the computer is in good working condition.
===

Please run my fix it's the only way we know now how to remove this infection.

#9 Pestyone

Pestyone
  • Topic Starter

  • Members
  • 315 posts
  • OFFLINE
  •  
  • Local time:06:44 PM

Posted 12 February 2016 - 04:37 AM

Ok craziness but here goes the fix it log and I don t use chrome its soooo slow and can t find any outdated java software / logs anywhere I guess it was deleted  

as I updated hum and what else so far no sign of the Malware whooopy  - 

 

 

 

 

Fix result of Farbar Recovery Scan Tool (x64) Version:27-01-2016
Ran by Pestyone (2016-02-12 04:13:19) Run:1
Running from C:\Users\Pestyone\Desktop
Loaded Profiles: Pestyone (Available Profiles: Pestyone & Administrator)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKU\S-1-5-21-3116091646-4023644724-1358722376-1001\...\Run: [DV] => C:\ProgramData\DataFile\DV.exe [283648 2015-09-13] ()
HKU\S-1-5-21-3116091646-4023644724-1358722376-1001\...\Winlogon: [Shell] C:\WINDOWS\explorer.exe [2501368 2015-01-27] (Microsoft Corporation) <==== ATTENTION
HKU\S-1-5-18\...\Run: [] => 0
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
Toolbar: HKU\S-1-5-21-3116091646-4023644724-1358722376-1001 -> No Name - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} -  No File
Toolbar: HKU\S-1-5-21-3116091646-4023644724-1358722376-500 -> No Name - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} -  No File
FF Plugin-x32: @adobe.com/AuthorwarePlayer -> C:\WINDOWS\system32\Macromed\AUTHORWA\np32asw.dll [No File]
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\system32\Adobe\Director\np32dsw_1210150.dll [No File]
S1 BAPIDRV; system32\DRIVERS\BAPIDRV64.sys [X]
S3 CLVirtualBus01; \SystemRoot\System32\drivers\CLVirtualBus01.sys [X]
S3 CtClsFlt; \SystemRoot\system32\DRIVERS\CtClsFlt.sys [X]
S3 PCDSRVC{3B54B31B-D06B6431-06020200}_0; \??\c:\program files\dell\supportassist\pcdsrvc_x64.pkms [X]
S1 ZAM; \??\C:\WINDOWS\System32\drivers\zam64.sys [X]
S1 ZAM_Guard; \??\C:\WINDOWS\System32\drivers\zamguard64.sys [X]
Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)
Task: {1C3D1F66-5C08-455E-A8E7-834907A2C7AE} - \PocketCloud -> No File <==== ATTENTION
Task: {52EC1006-C2C2-485C-AB31-F31100546F0C} - System32\Tasks\Driver Booster SkipUAC (Pestyone) => C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe [2015-07-06] (IObit)
Task: {78E27F11-458D-414E-9898-9E5A03209F10} - \PocketCloudVirtualChannel -> No File <==== ATTENTION
Task: {7EE03077-5BF5-49A8-BBCE-2D3CB308FA6F} - \CCleanerSkipUAC -> No File <==== ATTENTION
Task: {80CF96AF-1D6A-45B1-90F4-C23F68DDAF41} - System32\Tasks\WiseCleaner\WRCSkipUAC => C:\Users\Pestyone\AppData\Local\Temp\BNZ.55b50473d252fcb\Wise Registry Cleaner\WiseRegCleaner.exe <==== ATTENTION
Task: {AFAAAD36-9CC0-4E36-9DD3-057609E5418C} - \{C435504B-6E4E-4435-9713-449BE5CF008C} -> No File <==== ATTENTION
Task: {BA02C09E-B774-42A9-8121-64C5E2A02324} - \PocketCloudUpdater -> No File <==== ATTENTION
Task: {BE86D0C0-39A6-4916-8BF3-B555880D7B60} - System32\Tasks\Driver Booster Scan => C:\Program Files (x86)\IObit\Driver Booster\Scheduler.exe [2015-07-06] (IObit)
Task: {C3B38D13-B8C0-4A74-B541-152DD7B2B743} - System32\Tasks\Driver Booster Update => C:\Program Files (x86)\IObit\Driver Booster\AutoUpdate.exe [2015-07-06] (IObit)
Task: {C4CDF127-75BC-4E8F-86C8-CD4B2A14DC88} - \Synaptics TouchPad Enhancements -> No File <==== ATTENTION
Task: {EDC055E7-9D40-45D5-B474-1EE9DC3BEC5C} - System32\Tasks\D59B9D36-C4CA-4860-9981-78DF8DA9E2FE => C:\Users\Pestyone\AppData\Local\D59B9D36-C4CA-4860-9981-78DF8DA9E2FE\D59B9D36-C4CA-4860-9981-78DF8DA9E2FE.exe <==== ATTENTION
FirewallRules: [{CF28D58A-D9B9-486A-A906-528CB67635A6}] => (Allow) C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudDesktopApp.exe
FirewallRules: [{97054E85-4EA3-4CB3-9650-37A810E71A04}] => (Allow) C:\Program Files (x86)\Wyse\PocketCloud\WyseRemoteAccess.exe
FirewallRules: [{F2F41182-36B8-4037-A00E-B5268B94CBAF}] => (Block) Freemake video converter
FirewallRules: [{C9F08616-8FC3-4D8A-8659-4E7A03915C34}] => (Allow) C:\Users\Pestyone\AppData\Local\Temp\nsjE7B5.tmp\Installer-75031047.exe
FirewallRules: [{8E43C94F-7E1D-42F9-B56D-EB2900EE9A7F}] => (Allow) C:\Users\Pestyone\AppData\Local\Temp\nsjE7B5.tmp\Installer-75031047.exe
C:\Users\Pestyone\AppData\Local\Temp\ads1F47.exe
C:\Users\Pestyone\AppData\Local\Temp\avgnt.exe
C:\Users\Pestyone\AppData\Local\Temp\beecbefhca.exe
C:\Users\Pestyone\AppData\Local\Temp\Uninstall.exe
C:\Users\Pestyone\AppData\Local\Temp\UninstallModule.exe
C:\ProgramData\DataFile\DV.exe
C:\Program Files (x86)\IObit\Driver Booster
C:\Users\Pestyone\AppData\Local\Temp\BNZ.55b50473d252fcb
C:\Windows\logo1_.exe
C:\Windows\logo_1.exe
C:\Windows\RUNDL132.EXE
C:\Windows\rundll16.exe
C:\Windows\VDLL.DLL
C:\Windows\SysWOW64\mfc45.dll
C:\Windows\SysWOW64\runouce.exe

End
*****************

Restore point was successfully created.
Processes closed successfully.
HKU\S-1-5-21-3116091646-4023644724-1358722376-1001\Software\Microsoft\Windows\CurrentVersion\Run\\DV => value removed successfully
HKU\S-1-5-21-3116091646-4023644724-1358722376-1001\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => value removed successfully
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast" => key removed successfully
HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found.
"HKLM\SOFTWARE\Policies\Google" => key removed successfully
HKU\S-1-5-21-3116091646-4023644724-1358722376-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{759D9886-0C6F-4498-BAB6-4A5F47C6C72F} => value removed successfully
HKCR\CLSID\{759D9886-0C6F-4498-BAB6-4A5F47C6C72F} => key not found.
HKU\S-1-5-21-3116091646-4023644724-1358722376-500\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{759D9886-0C6F-4498-BAB6-4A5F47C6C72F} => value not found.
HKCR\CLSID\{759D9886-0C6F-4498-BAB6-4A5F47C6C72F} => key not found.
"HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/AuthorwarePlayer" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/ShockwavePlayer" => key removed successfully
BAPIDRV => service removed successfully
CLVirtualBus01 => service removed successfully
CtClsFlt => service removed successfully
PCDSRVC{3B54B31B-D06B6431-06020200}_0 => service removed successfully
ZAM => service removed successfully
ZAM_Guard => service removed successfully
Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.) => Error: No automatic fix found for this entry.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{1C3D1F66-5C08-455E-A8E7-834907A2C7AE}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1C3D1F66-5C08-455E-A8E7-834907A2C7AE}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PocketCloud" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{52EC1006-C2C2-485C-AB31-F31100546F0C} => key not found.
C:\WINDOWS\System32\Tasks\Driver Booster SkipUAC (Pestyone) => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Driver Booster SkipUAC (Pestyone)" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{78E27F11-458D-414E-9898-9E5A03209F10}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{78E27F11-458D-414E-9898-9E5A03209F10}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PocketCloudVirtualChannel" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7EE03077-5BF5-49A8-BBCE-2D3CB308FA6F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7EE03077-5BF5-49A8-BBCE-2D3CB308FA6F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\CCleanerSkipUAC" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{80CF96AF-1D6A-45B1-90F4-C23F68DDAF41}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{80CF96AF-1D6A-45B1-90F4-C23F68DDAF41}" => key removed successfully
C:\WINDOWS\System32\Tasks\WiseCleaner\WRCSkipUAC => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WiseCleaner\WRCSkipUAC" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AFAAAD36-9CC0-4E36-9DD3-057609E5418C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AFAAAD36-9CC0-4E36-9DD3-057609E5418C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{C435504B-6E4E-4435-9713-449BE5CF008C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BA02C09E-B774-42A9-8121-64C5E2A02324}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BA02C09E-B774-42A9-8121-64C5E2A02324}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PocketCloudUpdater" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BE86D0C0-39A6-4916-8BF3-B555880D7B60} => key not found.
C:\WINDOWS\System32\Tasks\Driver Booster Scan => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Driver Booster Scan" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C3B38D13-B8C0-4A74-B541-152DD7B2B743} => key not found.
C:\WINDOWS\System32\Tasks\Driver Booster Update => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Driver Booster Update" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{C4CDF127-75BC-4E8F-86C8-CD4B2A14DC88}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C4CDF127-75BC-4E8F-86C8-CD4B2A14DC88}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Synaptics TouchPad Enhancements" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{EDC055E7-9D40-45D5-B474-1EE9DC3BEC5C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EDC055E7-9D40-45D5-B474-1EE9DC3BEC5C}" => key removed successfully
C:\WINDOWS\System32\Tasks\D59B9D36-C4CA-4860-9981-78DF8DA9E2FE => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\D59B9D36-C4CA-4860-9981-78DF8DA9E2FE" => key removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{CF28D58A-D9B9-486A-A906-528CB67635A6} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{97054E85-4EA3-4CB3-9650-37A810E71A04} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{F2F41182-36B8-4037-A00E-B5268B94CBAF} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C9F08616-8FC3-4D8A-8659-4E7A03915C34} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{8E43C94F-7E1D-42F9-B56D-EB2900EE9A7F} => value removed successfully
C:\Users\Pestyone\AppData\Local\Temp\ads1F47.exe => moved successfully
C:\Users\Pestyone\AppData\Local\Temp\avgnt.exe => moved successfully
C:\Users\Pestyone\AppData\Local\Temp\beecbefhca.exe => moved successfully
C:\Users\Pestyone\AppData\Local\Temp\Uninstall.exe => moved successfully
C:\Users\Pestyone\AppData\Local\Temp\UninstallModule.exe => moved successfully
C:\ProgramData\DataFile\DV.exe => moved successfully
C:\Program Files (x86)\IObit\Driver Booster => moved successfully
"C:\Users\Pestyone\AppData\Local\Temp\BNZ.55b50473d252fcb" => not found.
C:\Windows\logo1_.exe => moved successfully
C:\Windows\logo_1.exe => moved successfully
C:\Windows\RUNDL132.EXE => moved successfully
C:\Windows\rundll16.exe => moved successfully
C:\Windows\VDLL.DLL => moved successfully
C:\Windows\SysWOW64\mfc45.dll => moved successfully
C:\Windows\SysWOW64\runouce.exe => moved successfully
EmptyTemp: => 123.4 MB temporary data Removed.

The system needed a reboot.

==== End of Fixlog 04:14:27 ====



#10 Pestyone

Pestyone
  • Topic Starter

  • Members
  • 315 posts
  • OFFLINE
  •  
  • Local time:06:44 PM

Posted 12 February 2016 - 04:52 AM

Ok found and deleted java 8-  45 /  51  and  60  and now I noticed that I don t have the i.e.  icon on my taskbar and can t find it in startup so how do I fix that .

 

what the heck was that malware pop up all about ?  ?      later



#11 nasdaq

nasdaq

  • Malware Response Team
  • 40,741 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:44 PM

Posted 12 February 2016 - 09:57 AM

what the heck was that malware pop up all about ? ? later


Something was installed withour your concent.
Possibly when you installed a 3rd party software.

===
 

I noticed that I don t have the i.e. icon on my taskbar


Locate the file iexplore.exe NOT iexploreR.exe (no R) right click the file and create a shortcut to your Desktop or tag it your Taskbar.

===

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===

#12 nasdaq

nasdaq

  • Malware Response Team
  • 40,741 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:44 PM

Posted 18 February 2016 - 09:16 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users