Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Win7 can not open antivirus,malwarebytes


  • This topic is locked This topic is locked
19 replies to this topic

#1 Mondwa

Mondwa

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:14 PM

Posted 27 February 2017 - 07:44 AM

I got a hijack virus that is keeping me from opening programs like my antivirus and highjack this , spybot... It tells me the resources are in use. I was able to run RSIT program here is the log from that. Thanks for the help

 

 

 

 

 

Logfile of random's system information tool 1.10 (written by random/random)
Run by Lutz at 2017-02-27 07:39:30
Microsoft Windows 7 Professional  Service Pack 1
System drive C: has 247 GB (53%) free of 465 GB
Total RAM: 16289 MB (76% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:39:35 AM, on 2/27/2017
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.18538)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\dataup\dataup.exe
C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
C:\Program Files (x86)\Novatel Wireless\LTE Support\VZWMSConfig.exe
C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\svcvmx\svcvmx.exe
C:\Program Files (x86)\svcvmx\vmxclient.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\svcvmx\vmxclient.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
C:\Windows\SysWOW64\ctfmon.exe
C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\qdcomsvc\qdcomsvc.exe
C:\Users\Lutz\AppData\Local\Temp\20170226\ct.exe
C:\Windows\SysWOW64\splsrv.exe
C:\Program Files (x86)\winscr\winscr.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\svcvmx\vmxclient.exe
C:\Program Files (x86)\svcvmx\vmxclient.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Users\Lutz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T90JZ0E4\RSIT.exe
C:\Program Files (x86)\trend micro\Lutz.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://dell13.msn.com/?pc=DCJB
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://dell13.msn.com/?pc=DCJB
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=C:\Windows\SysWOW64\userinit.exe,
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office15\URLREDIR.DLL
O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll
O4 - HKLM\..\Run: [USB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
O4 - HKLM\..\Run: [PSUAMain] "C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe" /LaunchSysTray
O4 - HKLM\..\Run: [IMSS] "C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe" "C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe" 60
O4 - HKLM\..\Run: [Dropbox] "C:\Program Files (x86)\Dropbox\Client\Dropbox.exe" /systemstartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [cpx] "C:\Program Files (x86)\cpx\cpx.exe" -starup
O4 - HKLM\..\Run: [svcvmx] "C:\Program Files (x86)\svcvmx\svcvmx.exe" -starup
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: []  (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: []  (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office15\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~1\Office15\ONBttnIE.dll/105
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Users\Lutz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {98703E7E-E705-4043-8FCE-E828D9C1EEAD} - http://192.168.1.25:88/IPCWebComponents.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{9BFE8818-E83D-41F5-84D4-1174610A9371}: NameServer = 198.224.152.119 198.224.154.135
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
O23 - Service: American Dynamics Intellex Server Component (ADIntellexDriverService) - Unknown owner - e:\ccure\CrossFire\ServerComponents\AD.Intellex.DriverService.exe (file missing)
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Alps HID Monitor Service (ApHidMonitorService) - Alps Electric Co., Ltd. - C:\Program Files\DellTPad\HidMonitorSvc.exe
O23 - Service: Bluetooth Device Monitor - Motorola Solutions, Inc. - C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
O23 - Service: Bluetooth Media Service - Motorola Solutions, Inc. - C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
O23 - Service: Bluetooth OBEX Service - Motorola Solutions, Inc. - C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
O23 - Service: Intel® Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: SoftwareHouse CrossFire apC Driver Service (CrossFireApcDriverService) - Unknown owner - e:\ccure\CrossFire\ServerComponents\SoftwareHouse.NextGen.apCDriverService.exe (file missing)
O23 - Service: SoftwareHouse CrossFire Import Watcher (CrossFireImportWatcher) - Unknown owner - e:\ccure\CrossFire\ServerComponents\SoftwareHouse.CrossFire.ImportWatcherService.exe (file missing)
O23 - Service: SoftwareHouse CrossFire ISC Driver Service (CrossFireISCDriverService) - Unknown owner - e:\ccure\CrossFire\ServerComponents\SoftwareHouse.NextGen.ISC_DriverService.exe (file missing)
O23 - Service: SoftwareHouse CrossFire iStar Driver Service (CrossFireiSTARDriverService) - Unknown owner - e:\ccure\CrossFire\ServerComponents\SoftwareHouse.NextGen.iStar_DriverService.exe (file missing)
O23 - Service: SoftwareHouse CrossFire Report Server (CrossFireReportServer) - Unknown owner - e:\ccure\CrossFire\ServerComponents\SoftwareHouse.CrossFire.ReportServerService.exe (file missing)
O23 - Service: Dataup Service (Dataup) - Unknown owner - C:\Program Files (x86)\dataup\dataup.exe
O23 - Service: Dropbox Update Service (dbupdate) (dbupdate) - Dropbox, Inc. - C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
O23 - Service: Dropbox Update Service (dbupdatem) (dbupdatem) - Dropbox, Inc. - C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
O23 - Service: DbxSvc - Unknown owner - C:\Windows\system32\DbxSvc.exe (file missing)
O23 - Service: Dell Command | Power Manager Notify (dcpm-notify) - Dell Inc. - C:\Program Files\Dell\CommandPowerManager\NotifyService.exe
O23 - Service: Dell Foundation Services - Dell - C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe
O23 - Service: Dell Digital Delivery Service (DellDigitalDelivery) - Dell Products, LP. - C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
O23 - Service: Dell Management Agent Service (DellMgmtAgent) - Dell Inc. - C:\Program Files\Dell\Dell Data Protection\Client Security Framework\Dell.SecurityManager.exe
O23 - Service: Dell Security Framework Loader (DellMgmtLoader) - Unknown owner - C:\Program Files\Dell\Dell Data Protection\Client Security Framework\Dell.SecurityManager.Loader.exe
O23 - Service: DELL Security Framework Local Server (DellMgmtServer) - Dell, Inc. - C:\Program Files\Dell\Dell Data Protection\Client Security Framework\Dell.SecurityManager.MgmtServer.exe
O23 - Service: DHCP Server (DHCPServer) - Unknown owner - E:\_SOFTWARE (Archive)\DHCP Servers\dhcpsrv2.2\dhcpsrv.exe (file missing)
O23 - Service: @C:\Program Files\Dell\Dell Data Protection\Security Tools\Authentication\Bin\DpHostW.exe,-200 (DpHost) - DigitalPersona, Inc. - C:\Program Files\Dell\Dell Data Protection\Security Tools\Authentication\Bin\DpHostW.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (file missing)
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (file missing)
O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: Intel Bluetooth Service (iBtSiva) - Intel Corporation - C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel® HD Graphics Control Panel Service (igfxCUIService1.0.0.0) - Unknown owner - C:\Windows\system32\igfxCUIService.exe (file missing)
O23 - Service: Intel® Capability Licensing Service Interface - Intel® Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel® Capability Licensing Service TCP IP Interface - Intel® Corporation - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
O23 - Service: Intel® PROSet Monitoring Service - Unknown owner - C:\Windows\system32\IProsetMonitor.exe (file missing)
O23 - Service: Invincea FreeSpace Service (InvProtectSvc) - Invincea, Inc. - C:\Program Files (x86)\Invincea\Enterprise\X64\InvProtectSvc64.exe
O23 - Service: Intel® Update Manager (iumsvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe
O23 - Service: Intel® Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
O23 - Service: Panda Protection Service (NanoServiceMain) - Panda Security, S.L. - C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Panda Devices Agent (PandaAgent) - Panda Security, S.L. - C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Panda Product Service (PSUAService) - Panda Security, S.L. - C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe
O23 - Service: Network Driver Service (qdcomsvc) - qdcomsvc Inc. - C:\Program Files (x86)\qdcomsvc\qdcomsvc.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel® Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Riverbed Technology, Inc. - C:\Program Files (x86)\WinPcap\rpcapd.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: Realtek Audio Service (RtkAudioService) - Realtek Semiconductor - C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SboxSvc - Invincea, Inc. - C:\Program Files (x86)\Invincea\Enterprise\Sandbox\SboxSvc.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: Software House AutoUpdate Installer - Unknown owner - e:\ccure\CCURE Client\AutoUpdate\SoftwareHouse.Nextgen.AutoUpdate.Impersonate.exe (file missing)
O23 - Service: Software House AutoUpdate Service - Unknown owner - e:\ccure\CCURE Client\AutoUpdate\SoftwareHouse.Nextgen.AutoUpdate.SWHbitsService.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: stunnel - Unknown owner - e:\ccure\CrossFire\Stunnel\stunnel.exe (file missing)
O23 - Service: TeamViewer 12 (TeamViewer) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
O23 - Service: TycoESS - Unknown owner - e:\ccure\CrossFire\License\x64\lmgrd.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: VZW Config Service (VZWConfigService) - Novatel Wireless Inc. - C:\Program Files (x86)\Novatel Wireless\LTE Support\VZWMSConfig.exe
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: Windows Management Service (windowsmanagementservice) - ct Corp. - C:\Users\Lutz\AppData\Local\Temp\20170226\ct.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Intel® PROSet/Wireless Zero Configuration Service (ZeroConfigService) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe

--
End of file - 18854 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe 
C:\Windows\tasks\DropboxUpdateTaskMachineCore.job - C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe  /c
C:\Windows\tasks\DropboxUpdateTaskMachineUA.job - C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe  /ua /installsource scheduler
C:\Windows\tasks\Online Application v209 Guard.job - C:\Program Files (x86)\Microleaves\Online.io Application\Online-Guardian-v2.0.9.exe  1 61
C:\Windows\tasks\Online Application v209 Guardian.job - C:\Program Files (x86)\Microleaves\Online.io Application\Online-Guardian-v2.0.9.exe  1 62
C:\Windows\tasks\Online Application v209.job - C:\Program Files (x86)\Microleaves\Online.io Application\Online-Guardian-v2.0.9.exe  1 60
C:\Windows\tasks\Traffic Exchange v2 - 1.job - C:\Program Files (x86)\Microleaves\Traffic Exchange\OnlineGuardian-v2.exe  1 36
C:\Windows\tasks\Traffic Exchange v2 - 2.job - C:\Program Files (x86)\Microleaves\Traffic Exchange\OnlineGuardian-v2.exe  1 37
C:\Windows\tasks\Traffic Exchange v2 - 3.job - C:\Program Files (x86)\Microleaves\Traffic Exchange\OnlineGuardian-v2.exe  1 38
C:\Windows\tasks\Traffic Exchange v209 - 1.job - C:\Program Files (x86)\Microleaves\Traffic Exchange\Online-Guardian-v2.0.9.exe  1 60
C:\Windows\tasks\Traffic Exchange v209 - 2.job - C:\Program Files (x86)\Microleaves\Traffic Exchange\Online-Guardian-v2.0.9.exe  1 61
C:\Windows\tasks\Traffic Exchange v209 - 3.job - C:\Program Files (x86)\Microleaves\Traffic Exchange\Online-Guardian-v2.0.9.exe  1 62

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java™ Plug-In SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll [2017-01-24 473152]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17 441592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~2\MICROS~1\Office15\URLREDIR.DLL [2014-01-21 707800]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}]
Microsoft SkyDrive Pro Browser Helper - C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL [2016-11-15 1743664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-01-24 186944]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"USB3MON"=C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [2014-04-10 292848]
"PSUAMain"=C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe [2015-10-22 54520]
"IMSS"=C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe [2014-11-10 136992]
"Dropbox"=C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [2017-02-06 26220296]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2016-12-12 587288]
"cpx"=C:\Program Files (x86)\cpx\cpx.exe -starup []
"svcvmx"=C:\Program Files (x86)\svcvmx\svcvmx.exe [2017-01-13 896512]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=DPPassFilter
scecli

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NanoServiceMain]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSUAService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MBAMService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NanoServiceMain]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PSUAService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"MaxGPOScriptWait"=600

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\SysWOW64\l3codeca.acm
"vidc.cvid"=iccvid.dll
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"msacm.siren"=sirenacm.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2017-02-27 07:39:30 ----D---- C:\rsit
2017-02-27 07:39:30 ----D---- C:\Program Files (x86)\trend micro
2017-02-27 07:10:26 ----SHD---- C:\Config.Msi
2017-02-27 07:01:53 ----A---- C:\Users\Lutz\AppData\Roaming\Installer.dat
2017-02-27 06:31:32 ----D---- C:\Program Files (x86)\PreparedFolder
2017-02-27 06:29:06 ----A---- C:\TDSSKiller.3.1.0.12_27.02.2017_06.29.06_log.txt
2017-02-27 00:16:16 ----A---- C:\Windows\Reimage.ini
2017-02-27 00:15:42 ----D---- C:\Program Files (x86)\regtool
2017-02-26 14:13:21 ----A---- C:\TDSSKiller.3.1.0.12_26.02.2017_14.13.21_log.txt
2017-02-26 14:12:52 ----D---- C:\ProgramData\Malwarebytes
2017-02-26 14:07:54 ----A---- C:\TDSSKiller.3.1.0.12_26.02.2017_14.07.54_log.txt
2017-02-26 11:09:20 ----D---- C:\AdwCleaner
2017-02-26 11:02:56 ----SHD---- C:\$RECYCLE.BIN
2017-02-26 10:54:20 ----A---- C:\Windows\ntbtlog.txt
2017-02-25 22:34:29 ----D---- C:\Program Files (x86)\svcvmx
2017-02-25 22:30:11 ----D---- C:\Program Files (x86)\dataup
2017-02-25 22:30:07 ----D---- C:\Program Files (x86)\winscr
2017-02-25 22:29:58 ----A---- C:\Windows\SysWOW64\splsrv.exe
2017-02-25 22:29:54 ----D---- C:\Program Files (x86)\qdcomsvc
2017-02-25 22:29:40 ----D---- C:\Users\Lutz\AppData\Roaming\c
2017-02-25 22:29:40 ----D---- C:\ProgramData\1488079780

======List of files/folders modified in the last 1 month======

2017-02-27 07:39:31 ----D---- C:\Windows\Temp
2017-02-27 07:39:30 ----RD---- C:\Program Files (x86)
2017-02-27 07:38:52 ----D---- C:\Windows\Prefetch
2017-02-27 07:35:35 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2017-02-27 07:35:35 ----D---- C:\Program Files (x86)\ST Microelectronics
2017-02-27 07:35:28 ----SHD---- C:\System Volume Information
2017-02-27 07:34:33 ----D---- C:\Windows\inf
2017-02-27 07:34:09 ----SHD---- C:\Windows\Installer
2017-02-27 07:33:05 ----D---- C:\Program Files (x86)\Common Files
2017-02-27 07:32:18 ----D---- C:\Windows\SysWOW64
2017-02-27 07:32:18 ----D---- C:\CCTVWARE
2017-02-27 07:27:59 ----D---- C:\Program Files (x86)\Mozilla Firefox
2017-02-27 07:27:29 ----D---- C:\Windows\System32
2017-02-27 07:21:24 ----D---- C:\Windows\winsxs
2017-02-27 07:13:01 ----RD---- C:\Program Files
2017-02-27 07:12:05 ----HD---- C:\ProgramData
2017-02-27 07:11:21 ----RSD---- C:\Windows\assembly
2017-02-27 07:11:05 ----D---- C:\Windows\Microsoft.NET
2017-02-27 07:10:12 ----D---- C:\Program Files (x86)\Microsoft.NET
2017-02-27 07:08:30 ----D---- C:\Program Files (x86)\Microsoft SQL Server
2017-02-27 07:02:57 ----D---- C:\Windows\Minidump
2017-02-27 07:02:50 ----D---- C:\Windows
2017-02-26 11:11:02 ----D---- C:\Windows\Tasks
2017-02-25 22:36:17 ----D---- C:\Program Files (x86)\Google
2017-02-24 23:34:20 ----D---- C:\ProgramData\Microsoft Help
2017-02-22 21:11:10 ----D---- C:\Users\Lutz\AppData\Roaming\TeamViewer
2017-02-22 03:03:11 ----A---- C:\Windows\win.ini
2017-02-16 16:01:55 ----D---- C:\Program Files (x86)\TeamViewer
2017-02-14 05:04:19 ----A---- C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-02-14 05:04:13 ----D---- C:\Windows\SysWOW64\Macromed
2017-02-13 18:46:21 ----D---- C:\Users\Lutz\AppData\Roaming\uTorrent
2017-02-10 12:31:35 ----D---- C:\Users\Lutz\AppData\Roaming\vlc
2017-02-07 21:08:31 ----D---- C:\Program Files (x86)\Dropbox

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 CredFltL;Dell SED PBA Filter; C:\Windows\system32\DRIVERS\CredFltL.sys []
R0 iaStorA;iaStorA; C:\Windows\system32\drivers\iaStorA.sys []
R0 iaStorF;iaStorF; C:\Windows\system32\drivers\iaStorF.sys []
R0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver; C:\Windows\system32\DRIVERS\iusb3hcs.sys []
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys []
R0 SEDFilter;Dell SED PBA Enhancement; C:\Windows\system32\DRIVERS\SEDFilter.sys []
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys []
R1 drmkpro64;drmkpro64; C:\Windows\system32\drivers\drmkpro64.sys []
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys []
R1 NNSALPC;NNSAlpc; C:\Windows\system32\DRIVERS\NNSAlpc.sys []
R1 NNSHTTP;NNSHttp; C:\Windows\system32\DRIVERS\NNSHttp.sys []
R1 NNSHTTPS;NNSHttps; C:\Windows\system32\DRIVERS\NNSHttps.sys []
R1 NNSIDS;NNSids; C:\Windows\system32\DRIVERS\NNSIds.sys []
R1 NNSNAHSL;Network Activity Hook Server LightWeight Filter Driver; C:\Windows\system32\DRIVERS\NNSNAHSL.sys []
R1 NNSPICC;NNSPicc; C:\Windows\system32\DRIVERS\NNSPicc.sys []
R1 NNSPIHSW;NNSPihsw; C:\Windows\system32\DRIVERS\NNSPihsw.sys []
R1 NNSPOP3;NNSPop3; C:\Windows\system32\DRIVERS\NNSPop3.sys []
R1 NNSPROT;NNSProt; C:\Windows\system32\DRIVERS\NNSProt.sys []
R1 NNSPRV;NNSPrv; C:\Windows\system32\DRIVERS\NNSPrv.sys []
R1 NNSSMTP;NNSSmtp; C:\Windows\system32\DRIVERS\NNSSmtp.sys []
R1 NNSSTRM;NNSStrm; C:\Windows\system32\DRIVERS\NNSStrm.sys []
R1 NNSTLSC;NNSTlsc; C:\Windows\system32\DRIVERS\NNSTlsc.sys []
R1 PSINKNC;PSINKNC; C:\Windows\system32\DRIVERS\psinknc.sys []
R2 NPF;NetGroup Packet Filter Driver; C:\Windows\system32\drivers\npf.sys []
R2 PSINAflt;PSINAflt; C:\Windows\system32\DRIVERS\PSINAflt.sys []
R2 PSINFile;PSINFile; C:\Windows\system32\DRIVERS\PSINFile.sys []
R2 PSINProc;PSINProc; C:\Windows\system32\DRIVERS\PSINProc.sys []
R2 PSINProt;PSINProt; C:\Windows\system32\DRIVERS\PSINProt.sys []
R2 PSINReg;PSINReg; C:\Windows\system32\DRIVERS\PSINReg.sys []
R2 Sentinel64;Sentinel64; C:\Windows\System32\Drivers\Sentinel64.sys []
R3 ApfiltrService;Alps Touch Pad Filter Driver for Windows x64; C:\Windows\system32\DRIVERS\Apfiltr.sys []
R3 BthEnum;Bluetooth Enumerator Service; C:\Windows\system32\DRIVERS\BthEnum.sys []
R3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys []
R3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys []
R3 btmaudio;Intel Bluetooth Audio Service; C:\Windows\system32\drivers\btmaud.sys []
R3 btmaux;Intel Bluetooth Auxiliary Service; C:\Windows\system32\DRIVERS\btmaux.sys []
R3 btmhsf;btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys []
R3 CiscoSerial;Cisco Serial; C:\Windows\system32\DRIVERS\CiscoUsbConsoleWindowsDriver64.sys []
R3 CtClsFlt;Creative Camera Class Upper Filter Driver; C:\Windows\system32\DRIVERS\CtClsFlt.sys []
R3 e1dexpress;Intel® PRO/1000 PCI Express Network Connection Driver D; C:\Windows\system32\DRIVERS\e1d62x64.sys []
R3 ibtusb;Intel® Wireless Bluetooth®; C:\Windows\system32\DRIVERS\ibtusb.sys []
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys []
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTDVHD64.sys []
R3 iusb3hub;Intel® USB 3.0 Hub Driver; C:\Windows\system32\DRIVERS\iusb3hub.sys []
R3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver; C:\Windows\system32\DRIVERS\iusb3xhc.sys []
R3 iwdbus;IWD Bus Enumerator; C:\Windows\system32\DRIVERS\iwdbus.sys []
R3 MEIx64;Intel® Management Engine Interface ; C:\Windows\system32\DRIVERS\TeeDriverx64.sys []
R3 NETwNs64;___ Intel® Wireless Adapter Driver for Windows 7 - 64 Bit; C:\Windows\system32\DRIVERS\Netwsw02.sys []
R3 NWADI;NWADI Bus Enumerator; C:\Windows\system32\DRIVERS\NWADIenum.sys []
R3 O2FJ2RDR;O2FJ2RDR; C:\Windows\system32\DRIVERS\O2FJ2w7x64.sys []
R3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys []
R4 stdcfltn;Disk Class Filter Driver for Accelerometer; C:\Windows\system32\DRIVERS\stdcfltn.sys []
S3 AndnetBus;LGE Mobile USB Composite Device; C:\Windows\system32\DRIVERS\lgandnetbus64.sys []
S3 AndNetDiag;LGE AndroidNet USB Serial Port; C:\Windows\system32\DRIVERS\lgandnetdiag64.sys []
S3 ANDNetModem;LGE AndroidNet USB Modem; C:\Windows\system32\DRIVERS\lgandnetmodem64.sys []
S3 Bridge;@%SystemRoot%\system32\bridgeres.dll,-3; C:\Windows\system32\DRIVERS\bridge.sys []
S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys []
S3 BTHPORT;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys []
S3 dbx;dbx; C:\Windows\system32\DRIVERS\dbx.sys []
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.); C:\Windows\system32\DRIVERS\ssudbus.sys []
S3 dmvsc;dmvsc; C:\Windows\system32\drivers\dmvsc.sys []
S3 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys []
S3 intaud_WaveExtensible;Intel WiDi Audio Device; C:\Windows\system32\drivers\intelaud.sys []
S3 IntcDAud;Intel® Display Audio; C:\Windows\system32\DRIVERS\IntcDAud.sys []
S3 InvProtectDrv;InvProtectDrv; \??\C:\Program Files (x86)\Invincea\Enterprise\X64\InvProtectDrv64.sys [2014-07-30 50696]
S3 netvsc;netvsc; C:\Windows\system32\DRIVERS\netvsc60.sys []
S3 NWUSBModem_000;Novatel Wireless USB Modem Driver (vGEN); C:\Windows\system32\DRIVERS\nwusbmdm_000.sys []
S3 NWUSBModem_001;Novatel Wireless Verizon USB Modem Driver; C:\Windows\system32\DRIVERS\nwusbmdm_001.sys []
S3 NWUSBPort_000;Novatel Wireless USB Status Port Driver (vGEN); C:\Windows\system32\DRIVERS\nwusbser_000.sys []
S3 NWUSBPort_001;Novatel Wireless Verizon USB Status Port Driver; C:\Windows\system32\DRIVERS\nwusbser_001.sys []
S3 NWUSBPort2_000;Novatel Wireless USB Status2 Port Driver (vGEN); C:\Windows\system32\DRIVERS\nwusbser2_000.sys []
S3 NWUSBPort2_001;Novatel Wireless Verizon USB Status2 Port Driver; C:\Windows\system32\DRIVERS\nwusbser2_001.sys []
S3 nwvzwmbnet_001;Novatel Wireless Verizon LTE Mobile Broadband Network Adapter Service; C:\Windows\system32\DRIVERS\nwvzwmbnet_001.sys []
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys []
S3 PSKMAD;PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys []
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys []
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys []
S3 s3cap;s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys []
S3 SboxDrv;SboxDrv; \??\C:\Program Files (x86)\Invincea\Enterprise\Sandbox\SboxDrv.sys [2014-07-30 183304]
S3 sdbus;sdbus; C:\Windows\system32\drivers\sdbus.sys []
S3 Ser2pl;Prolific Serial port WDF driver; C:\Windows\system32\DRIVERS\ser2pl64.sys []
S3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.); C:\Windows\system32\DRIVERS\ssudmdm.sys []
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys []
S3 SynthVid;SynthVid; C:\Windows\system32\DRIVERS\VMBusVideoM.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2016-12-19 82640]
R2 ApHidMonitorService;Alps HID Monitor Service; C:\Program Files\DellTPad\HidMonitorSvc.exe [2015-09-25 96000]
R2 Bluetooth Device Monitor;Bluetooth Device Monitor; C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [2016-07-18 1202216]
R2 Bluetooth Media Service;Bluetooth Media Service; C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [2016-07-18 1722408]
R2 Bluetooth OBEX Service;Bluetooth OBEX Service; C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [2016-07-18 1161256]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-13 20992]
R2 Dataup;Dataup Service; C:\Program Files (x86)\dataup\dataup.exe [2017-01-05 77824]
R2 DbxSvc;DbxSvc; C:\Windows\system32\DbxSvc.exe []
R2 Dell Foundation Services;Dell Foundation Services; C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe [2017-01-11 97616]
R2 DellDigitalDelivery;Dell Digital Delivery Service; C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe [2016-05-02 217976]
R2 DellMgmtAgent;Dell Management Agent Service; C:\Program Files\Dell\Dell Data Protection\Client Security Framework\Dell.SecurityManager.exe [2014-09-11 255328]
R2 DellMgmtLoader;Dell Security Framework Loader; C:\Program Files\Dell\Dell Data Protection\Client Security Framework\Dell.SecurityManager.Loader.exe [2014-09-11 26464]
R2 DellMgmtServer;DELL Security Framework Local Server; C:\Program Files\Dell\Dell Data Protection\Client Security Framework\Dell.SecurityManager.MgmtServer.exe [2014-09-11 33632]
R2 DiagTrack;@%SystemRoot%\system32\UtcResources.dll,-3001; C:\Windows\System32\svchost.exe [2009-07-13 20992]
R2 DpHost;@C:\Program Files\Dell\Dell Data Protection\Security Tools\Authentication\Bin\DpHostW.exe,-200; C:\Program Files\Dell\Dell Data Protection\Security Tools\Authentication\Bin\DpHostW.exe [2014-03-19 472912]
R2 EvtEng;Intel® PROSet/Wireless Event Log; C:\Program Files\Intel\WiFi\bin\EvtEng.exe [2016-02-08 640928]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2014-05-28 16232]
R2 iBtSiva;Intel Bluetooth Service; C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe [2016-07-23 172784]
R2 igfxCUIService1.0.0.0;Intel® HD Graphics Control Panel Service; C:\Windows\system32\igfxCUIService.exe []
R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [2013-08-27 747520]
R2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service; C:\Windows\system32\IProsetMonitor.exe []
R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [2014-11-10 158496]
R2 LMS;Intel® Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe [2014-11-10 409376]
R2 qdcomsvc;Network Driver Service; C:\Program Files (x86)\qdcomsvc\qdcomsvc.exe [2017-02-23 755712]
R2 RegSrvc;Intel® PROSet/Wireless Registry Service; C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe [2016-02-08 157088]
R2 RtkAudioService;Realtek Audio Service; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [2014-08-18 291032]
R3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-13 20992]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2016-11-29 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2016-11-29 125112]
S2 dbupdate;Dropbox Update Service (dbupdate); C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-03-26 143144]
S2 DHCPServer;DHCP Server; E:\_SOFTWARE (Archive)\DHCP Servers\dhcpsrv2.2\dhcpsrv.exe []
S2 gupdate;Google Update Service (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /svc []
S2 NanoServiceMain;Panda Protection Service; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe [2015-10-18 142072]
S2 PandaAgent;Panda Devices Agent; C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe [2016-02-22 73176]
S2 PSUAService;Panda Product Service; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe [2015-10-22 38136]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2015-07-09 327296]
S2 Software House AutoUpdate Installer;Software House AutoUpdate Installer; e:\ccure\CCURE Client\AutoUpdate\SoftwareHouse.Nextgen.AutoUpdate.Impersonate.exe []
S2 Software House AutoUpdate Service;Software House AutoUpdate Service; e:\ccure\CCURE Client\AutoUpdate\SoftwareHouse.Nextgen.AutoUpdate.SWHbitsService.exe []
S3 ADIntellexDriverService;American Dynamics Intellex Server Component; e:\ccure\CrossFire\ServerComponents\AD.Intellex.DriverService.exe []
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-02-14 270936]
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2016-11-29 51384]
S3 cphs;Intel® Content Protection HECI Service; C:\Windows\SysWow64\IntelCpHeciSvc.exe [2016-06-09 289256]
S3 CrossFireApcDriverService;SoftwareHouse CrossFire apC Driver Service; e:\ccure\CrossFire\ServerComponents\SoftwareHouse.NextGen.apCDriverService.exe []
S3 CrossFireImportWatcher;SoftwareHouse CrossFire Import Watcher; e:\ccure\CrossFire\ServerComponents\SoftwareHouse.CrossFire.ImportWatcherService.exe []
S3 CrossFireISCDriverService;SoftwareHouse CrossFire ISC Driver Service; e:\ccure\CrossFire\ServerComponents\SoftwareHouse.NextGen.ISC_DriverService.exe []
S3 CrossFireiSTARDriverService;SoftwareHouse CrossFire iStar Driver Service; e:\ccure\CrossFire\ServerComponents\SoftwareHouse.NextGen.iStar_DriverService.exe []
S3 CrossFireReportServer;SoftwareHouse CrossFire Report Server; e:\ccure\CrossFire\ServerComponents\SoftwareHouse.CrossFire.ReportServerService.exe []
S3 dbupdatem;Dropbox Update Service (dbupdatem); C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-03-26 143144]
S3 dcpm-notify;Dell Command | Power Manager Notify; C:\Program Files\Dell\CommandPowerManager\NotifyService.exe [2016-06-02 94136]
S3 Dell.CommandPowerManager.Service;Dell.CommandPowerManager.Service; C:\Windows\system32\dllhost.exe [2009-07-13 7168]
S3 fsssvc;Windows Live Family Safety Service; C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2014-03-31 1512640]
S3 gupdatem;Google Update Service (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /medsvc []
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe /V []
S3 Intel® Capability Licensing Service TCP IP Interface;Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [2013-08-27 828376]
S3 InvProtectSvc;Invincea FreeSpace Service; C:\Program Files (x86)\Invincea\Enterprise\X64\InvProtectSvc64.exe [2014-07-30 2672328]
S3 iumsvc;Intel® Update Manager; C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [2016-08-12 177376]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2016-02-08 268192]
S3 ose64;Office 64 Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2014-01-23 178760]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2014-01-23 5132888]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-13 20992]
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files (x86)\WinPcap\rpcapd.exe [2013-02-28 118520]
S3 SboxSvc;SboxSvc; C:\Program Files (x86)\Invincea\Enterprise\Sandbox\SboxSvc.exe [2014-07-30 173256]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-13 20992]
S3 stunnel;stunnel; e:\ccure\CrossFire\Stunnel\stunnel.exe -service -install []
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2016-11-29 135848]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2016-11-29 135848]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2016-11-29 135848]
S4 NWVZHelper;Novatel Wireless Verizon Device Helper; C:\Program Files (x86)\Novatel Wireless\Verizon\Drivers\NWHelper_001.exe [2010-06-14 270848]
S4 O2FLASH;O2FLASH; C:\Windows\system32\DRIVERS\o2flash.exe []
S4 Origin Client Service;Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2015-02-20 1910128]
S4 SolarWinds TFTP Server;SolarWinds TFTP Server; C:\Program Files (x86)\SolarWinds\TFTPServer\SolarWinds TFTP Server.exe [2010-06-10 54784]
S4 SpiceworksAppServer;Spiceworks App Server; C:\Program Files\Spiceworks\Network Monitor\app\bin\\..\bin\SpiceworksAppServer.exe [2014-03-25 103936]
S4 SpiceworksEventProcessor;Spiceworks Event Processor; C:\Program Files\Spiceworks\Network Monitor\riemann\SpiceworksEventProcessor.exe [2014-05-19 103936]
S4 SpiceworksMonitor;Spiceworks Monitor Service; C:\Program Files\Spiceworks\Network Monitor\collector\MonitorService.exe [2015-07-03 20992]
S4 SpiceworksRedis;Spiceworks Redis Server; C:\Program Files\Spiceworks\Network Monitor\redis\RedisService.exe [2015-07-03 7680]

-----------------EOF-----------------



BC AdBot (Login to Remove)

 


#2 Mondwa

Mondwa
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:14 PM

Posted 27 February 2017 - 07:49 AM

here is log from Runscanner

 

 

Runscanner logfile http://www.runscanner.net

* = signed file
- = file not found

General info
------------
Computer name : 8S5CP12
Creation time : 2/27/2017 7:46:50 AM
Hosts <> 127.0.0.1 : 0
Hosts file location : %SystemRoot%\System32\drivers\etc
IE version : 9.11.9600.18537
OS : Windows 7 Professional
OS Build : 7601
OS SP : Service Pack 1
RunScanner Version : 2.0.0.60
User Language : English (United States)
User rights : Administrator
Windows folder : C:\Windows

Running processes
-----------------
* C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
* C:\Program Files\DellTPad\hidfind.exe (Alps Electric Co., Ltd.)
* C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
* C:\Program Files\DellTPad\ApntEx.exe (Alps Electric Co., Ltd.)
* C:\Program Files\DellTPad\ApMsgFwd.exe (Alps Electric Co., Ltd.)
* C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe (Motorola Solutions, Inc.)
* C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe (Motorola Solutions, Inc.)
* C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe (Motorola Solutions, Inc.)
* C:\Windows\System32\dllhost.exe (Microsoft Corporation)
  C:\Users\Lutz\AppData\Local\Temp\20170226\ct.exe (ct Corp.)
* C:\Windows\SysWOW64\ctfmon.exe (Microsoft Corporation)
  C:\Program Files (x86)\dataup\dataup.exe
* C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe (Dell Products, LP.)
* C:\Program Files\Dell\Dell Data Protection\Client Security Framework\Dell.SecurityManager.exe (Dell Inc.)
* C:\Program Files\Dell\Dell Data Protection\Client Security Framework\Dell.SecurityManager.MgmtServer.exe (Dell, Inc.)
* C:\Program Files\Dell\Dell Data Protection\Client Security Framework\Dell.SecurityManager.SystrayApp.exe
* C:\Program Files\Dell\Dell Data Protection\Client Security Framework\Dell.SecurityManager.Loader.exe
* C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe (Dell)
* C:\Program Files\Dell\Dell Foundation Services\DFS.Common.Agent.exe (Dell)
* C:\Program Files\Dell\Dell Data Protection\Security Tools\Authentication\Bin\DpCardEngine.exe (DigitalPersona, Inc.)
* C:\Program Files\Dell\Dell Data Protection\Security Tools\Authentication\Bin\DpHostW.exe (DigitalPersona, Inc.)
* C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (Dropbox, Inc.)
  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
* C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
* C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
* C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
* C:\Program Files\DellTPad\HidMonitorSvc.exe (Alps Electric Co., Ltd.)
* C:\Windows\System32\svchost.exe (Microsoft Corporation)
* C:\Windows\System32\svchost.exe (Microsoft Corporation)
* C:\Windows\System32\svchost.exe (Microsoft Corporation)
* C:\Windows\System32\svchost.exe (Microsoft Corporation)
* C:\Windows\System32\svchost.exe (Microsoft Corporation)
* C:\Windows\System32\svchost.exe (Microsoft Corporation)
* C:\Windows\System32\svchost.exe (Microsoft Corporation)
* C:\Windows\System32\svchost.exe (Microsoft Corporation)
* C:\Windows\System32\svchost.exe (Microsoft Corporation)
* C:\Windows\System32\svchost.exe (Microsoft Corporation)
* C:\Windows\System32\svchost.exe (Microsoft Corporation)
* C:\Windows\System32\svchost.exe (Microsoft Corporation)
* C:\Windows\System32\svchost.exe (Microsoft Corporation)
* C:\Windows\System32\svchost.exe (Microsoft Corporation)
* C:\Windows\System32\svchost.exe (Microsoft Corporation)
  C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
  C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
  C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel® Corporation)
* C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe (Intel Corporation)
* C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation)
* C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel® Corporation)
* C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel® Corporation)
* C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel® Corporation)
* C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe (Intel Corporation)
* C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe (Intel® Corporation)
* C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
* C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
* C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
* C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
* C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
* C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Oracle Corporation)
* C:\Windows\System32\SearchFilterHost.exe (Microsoft Corporation)
* C:\Windows\System32\SearchIndexer.exe (Microsoft Corporation)
* C:\Windows\System32\SearchProtocolHost.exe (Microsoft Corporation)
* C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
* C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Microsoft Corp.)
* C:\Windows\SysWOW64\notepad.exe (Microsoft Corporation)
* C:\Windows\SysWOW64\notepad.exe (Microsoft Corporation)
* C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
  C:\Program Files (x86)\qdcomsvc\qdcomsvc.exe (qdcomsvc Inc.)
* C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe (Realtek Semiconductor)
* C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
  C:\Windows\SysWOW64\splsrv.exe (splsrv Corp.)
  C:\Program Files (x86)\svcvmx\svcvmx.exe
* C:\Windows\System32\taskeng.exe (Microsoft Corporation)
* C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH)
* C:\Program Files (x86)\Novatel Wireless\LTE Support\VZWMSConfig.exe (Novatel Wireless Inc.)
* C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe (Waves Audio Ltd.)
* C:\Windows\explorer.exe (Microsoft Corporation)
* C:\Windows\System32\rundll32.exe (Microsoft Corporation)
* C:\Program Files\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
* C:\Windows\System32\wininit.exe (Microsoft Corporation)
* C:\Windows\System32\wlanext.exe (Microsoft Corporation)
  C:\Program Files (x86)\winscr\winscr.exe (winscr)
  C:\Program Files (x86)\svcvmx\vmxclient.exe
  C:\Program Files (x86)\svcvmx\vmxclient.exe
  C:\Program Files (x86)\svcvmx\vmxclient.exe
* C:\Windows\System32\wbem\WmiPrvSE.exe (Microsoft Corporation)
* C:\Windows\System32\wbem\WmiPrvSE.exe (Microsoft Corporation)

Unrated items
-------------
002 * C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (Dropbox, Inc.)
002 * C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe (Intel Corporation)
002 * C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe (Panda Security, S.L.)
002 * C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Oracle Corporation)
002   C:\Program Files (x86)\svcvmx\svcvmx.exe
002 * C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
010 * C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (.NET Runtime Optimization Service)
010 * C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe (.NET Runtime Optimization Service)
010 * C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Acrobat Update Service)
010   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe® Flash® Player Update Service 24.0 r0)
010   C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe (Agent Service)
010 * C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe (Application Host Service)
010 * C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe (Bluetooth Device Monitor)
010 * C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe (Bluetooth Media Service)
010 * C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe (Bluetooth OBEX Service)
010   C:\Users\Lutz\AppData\Local\Temp\20170226\ct.exe (ct.exe)
010   C:\Program Files (x86)\dataup\dataup.exe (dataup.exe)
010 * C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe (Dell Digital Delivery Windows Service)
010 * C:\Program Files (x86)\Invincea\Enterprise\X64\InvProtectSvc64.exe (Dell Protected Workspace Service)
010 * C:\Program Files\Dell\Dell Data Protection\Client Security Framework\Dell.SecurityManager.exe (Dell Security Manager)
010 * C:\Program Files\Dell\Dell Data Protection\Client Security Framework\Dell.SecurityManager.MgmtServer.exe (Dell Security Manager Management Server)
010 * C:\Program Files\Dell\Dell Data Protection\Client Security Framework\Dell.SecurityManager.Loader.exe (Dell.SecurityManager.Loader.exe)
010 * C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe (DFS.Agent.WinService)
010 * C:\Program Files\Dell\Dell Data Protection\Security Tools\Authentication\Bin\DpHostW.exe (DigitalPersona Local Host)
010 * C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe (Dropbox Update)
010 * C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe (Dropbox Update)
010 * C:\Program Files\DellTPad\HidMonitorSvc.exe (HidMonitorSvc Application)
010   C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (IAStorDataSvc)
010   C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel® Capability Licensing Service Interface)
010 * C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe (Intel® Capability Licensing Service TCP IP Interface)
010 * C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe (Intel® Dynamic Application Loader Host Interface)
010 * C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel® Local Management Service)
010 * C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel® PROSet/Wireless Event Log Service)
010 * C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel® PROSet/Wireless Registry Service)
010 * C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe (Intel® Wireless Bluetooth® iBtSiva Service)
010 * C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe (Intel® PROSet/Wireless Zero Configure Service)
010 * C:\Windows\SysWow64\IntelCpHeciSvc.exe (IntelCpHeciSvc Executable)
010 * C:\Program Files (x86)\Invincea\Enterprise\Sandbox\SboxSvc.exe (Invincea Sandbox Service)
010 * C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe (iumsvc.exe)
010   C:\Program Files\Dell\CommandPowerManager\NotifyService.exe (NotifyService)
010   C:\Program Files (x86)\qdcomsvc\qdcomsvc.exe (Provides Network Driver Service)
010 * C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe (PSUAService)
010 * C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe (Realtek Audio Service)
010 * C:\Program Files (x86)\WinPcap\rpcapd.exe (Remote Packet Capture Daemon)
010 * C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Updater Service)
010 * C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer 12)
010 * C:\Program Files (x86)\Novatel Wireless\LTE Support\VZWMSConfig.exe (VZW Config Utility Service)
010 * C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe (Wireless PAN DHCP and DNS Server)
011 * C:\Program Files (x86)\Invincea\Enterprise\X64\InvProtectDrv64.sys (Dell Protected Workspace Kernel Driver)
011 * C:\Program Files (x86)\Invincea\Enterprise\Sandbox\SboxDrv.sys (Invincea Sandbox Kernel Mode Driver)
035   C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\Installer\chrmstp.exe (Google Inc.) {8A69D345-D564-463c-AFF1-A69D9E530F96}
042   GUID / CLSID not found {219C3416-8CB2-491a-A3C7-D9FCDDC9D600}
042   GUID / CLSID not found {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}
042   GUID / CLSID not found {2670000A-7350-4f3c-8081-5663EE0C6C49}
052 * C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll (Oracle Corporation) {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
052 * C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll (Oracle Corporation) {DBC80044-A445-435b-BC74-9C25C1C588A9}
060   GUID / CLSID not found {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
062 * C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll (Adobe Systems, Inc.) {F9DB5320-233E-11D1-9F84-707F02C10627}
071 * C:\Windows\system32\DPPassFilter.dll (DigitalPersona, Inc.)
073   Adobe Flash Player Updater.job : C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
073   DropboxUpdateTaskMachineCore.job : C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe (Dropbox, Inc.)
073   DropboxUpdateTaskMachineUA.job : C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe (Dropbox, Inc.)
100   Default_Page_URL HKCU : http://dell13.msn.com/?pc=DCJB
100   Start Page HKCU : http://dell13.msn.com/?pc=DCJB
104   GUID / CLSID not found {98703E7E-E705-4043-8FCE-E828D9C1EEAD}
105   E&xport to Microsoft Excel : res://C:\PROGRA~1\MICROS~1\Office15\EXCEL.EXE/3000
105   Se&nd to OneNote : res://C:\PROGRA~1\MICROS~1\Office15\ONBttnIE.dll/105
120   NameServer {9BFE8818-E83D-41F5-84D4-1174610A9371} : 198.224.152.119 198.224.154.135
172 * C:\Program Files\Dell\Dell Data Protection\Client Security Framework\DellMgmtNP.dll
173   GUID / CLSID not found {A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75}
173   GUID / CLSID not found {B41DB860-64E4-11D2-9906-E49FADC173CA}
173   GUID / CLSID not found {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}
173 * C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll (Dropbox, Inc.) {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}
173 * C:\Program Files\WinRAR\rarext32.dll (Alexander Roshal) {B41DB860-8EE4-11D2-9906-E49FADC173CA}
220   GUID / CLSID not found {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}
221   GUID / CLSID not found {A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75}
221   GUID / CLSID not found {B41DB860-64E4-11D2-9906-E49FADC173CA}
221 * C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll (Dropbox, Inc.) {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}
221 * C:\Program Files\WinRAR\rarext32.dll (Alexander Roshal) {B41DB860-8EE4-11D2-9906-E49FADC173CA}
223   GUID / CLSID not found
223   GUID / CLSID not found {57CE581A-0CB6-4266-9CA0-19364C90A0B3}
225   GUID / CLSID not found {474C98EE-CF3D-41f5-80E3-4AAB0AB04301}
225   GUID / CLSID not found {474C98EE-CF3D-41f5-80E3-4AAB0AB04301}
225   GUID / CLSID not found {57CE581A-0CB6-4266-9CA0-19364C90A0B3}
225   GUID / CLSID not found {57CE581A-0CB6-4266-9CA0-19364C90A0B3}
225   GUID / CLSID not found {A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75}
225   GUID / CLSID not found {A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75}
225   GUID / CLSID not found {B41DB860-64E4-11D2-9906-E49FADC173CA}
225   GUID / CLSID not found {B41DB860-64E4-11D2-9906-E49FADC173CA}
225 * C:\Program Files\WinRAR\rarext32.dll (Alexander Roshal) {B41DB860-8EE4-11D2-9906-E49FADC173CA}
225 * C:\Program Files\WinRAR\rarext32.dll (Alexander Roshal) {B41DB860-8EE4-11D2-9906-E49FADC173CA}
226   GUID / CLSID not found {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}
227   GUID / CLSID not found {474C98EE-CF3D-41f5-80E3-4AAB0AB04301}
227 * C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll (Dropbox, Inc.) {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}
228   GUID / CLSID not found {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}
229   GUID / CLSID not found {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4}
229   GUID / CLSID not found {9B5F5829-A529-4B12-814A-E81BCB8D93FC}
229   GUID / CLSID not found {A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75}
229 * C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll (Dropbox, Inc.) {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}
231 * C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll (Adobe Systems, Inc.) PDF Column Info
241 * C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll (Dropbox, Inc.) {FB314ED9-A251-47B7-93E1-CDD82E34AF8B}
241 * C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll (Dropbox, Inc.) {FB314EDF-A251-47B7-93E1-CDD82E34AF8B}
241 * C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll (Dropbox, Inc.) {FB314EE1-A251-47B7-93E1-CDD82E34AF8B}
241 * C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll (Dropbox, Inc.) {FB314EDB-A251-47B7-93E1-CDD82E34AF8B}
241 * C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll (Dropbox, Inc.) {FB314EDA-A251-47B7-93E1-CDD82E34AF8B}
241 * C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll (Dropbox, Inc.) {FB314EDC-A251-47B7-93E1-CDD82E34AF8B}
241 * C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll (Dropbox, Inc.) {FB314EDD-A251-47B7-93E1-CDD82E34AF8B}
241 * C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll (Dropbox, Inc.) {FB314EE0-A251-47B7-93E1-CDD82E34AF8B}
241 * C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll (Dropbox, Inc.) {FB314EE2-A251-47B7-93E1-CDD82E34AF8B}
241 * C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll (Dropbox, Inc.) {FB314EDE-A251-47B7-93E1-CDD82E34AF8B}
241   GUID / CLSID not found {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}
241   GUID / CLSID not found {BBACC218-34EA-4666-9D7A-C78F2274A524}
241   GUID / CLSID not found {F241C880-6982-4CE5-8CF7-7085BA96DA5A}
253   GUID / CLSID not found {7EFA68C6-086B-43e1-A2D2-55A113531240}
254 * C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll (Dropbox, Inc.) {FBC9D74C-AF55-4309-9FB2-C426E071637F}
001 audiodg.exe
001 C:\Windows\System32\csrss.exe
001 C:\Windows\System32\csrss.exe
001 C:\Windows\System32\conhost.exe
001 C:\Windows\System32\conhost.exe
001 C:\Windows\System32\conhost.exe
001 C:\Windows\System32\dwm.exe
001 C:\Windows\System32\DbxSvc.exe
001 C:\Windows\System32\taskhost.exe
001 C:\Windows\System32\igfxCUIService.exe
001 C:\Windows\System32\igfxEM.exe
001 C:\Windows\System32\igfxHK.exe
001 C:\Windows\System32\IPROSetMonitor.exe
001 C:\Windows\System32\lsass.exe
001 C:\Windows\System32\lsm.exe
001 C:\Windows\System32\msdtc.exe
001 C:\Windows\System32\MsSpellCheckingFacility.exe
001 C:\Windows\System32\services.exe
001 C:\Windows\System32\wbem\unsecapp.exe
001 C:\Windows\System32\wbem\unsecapp.exe
001 C:\Windows\System32\spoolsv.exe
001 C:\Windows\System32\WUDFHost.exe
001 C:\Windows\System32\winlogon.exe
001 C:\Windows\System32\smss.exe

Missing files
-------------
002 C:\Program Files (x86)\cpx\cpx.exe
010 C:\Windows\system32\AxInstSV.dll
010 e:\ccure\CrossFire\ServerComponents\AD.Intellex.DriverService.exe
010 C:\Windows\system32\aelupsvc.dll
010 C:\Windows\system32\appidsvc.dll
010 C:\Windows\system32\appinfo.dll
010 C:\Windows\system32\Alg.exe
010 C:\Windows\system32\qmgr.dll
010 C:\Windows\system32\bfe.dll
010 C:\Windows\system32\bdesvc.dll
010 C:\Windows\System32\bthserv.dll
010 C:\Windows\system32\peerdistsvc.dll
010 C:\Windows\system32\browser.dll
010 C:\Windows\system32\vaultsvc.dll
010 C:\Windows\system32\cscsvc.dll
010 C:\Windows\system32\dwm.exe
010 E:\_SOFTWARE (Archive)\DHCP Servers\dhcpsrv2.2\dhcpsrv.exe
010 C:\Windows\system32\trkwks.dll
010 C:\Windows\system32\DbxSvc.exe
010 C:\Windows\system32\efssvc.dll
010 C:\Windows\system32\wecsvc.dll
010 C:\Windows\system32\wevtsvc.dll
010 C:\Windows\system32\fdPHost.dll
010 C:\Windows\system32\fdrespub.dll
010 C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
010 C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
010 C:\Windows\system32\ieetwcollectorres.dll
010 C:\Windows\system32\igfxCUIService.exe
010 C:\Windows\system32\ikeext.dll
010 C:\Windows\system32\IProsetMonitor.exe
010 C:\Windows\system32\ui0detect.exe
010 C:\Windows\system32\kmsvc.dll
010 C:\Windows\system32\lltdres.dll
010 e:\ccure\CrossFire\License\x64\lmgrd.exe
010 C:\Windows\system32\eapsvc.dll
010 C:\Windows\system32\ipnathlp.dll
010 C:\Windows\System32\certprop.dll
010 C:\Windows\System32\certprop.dll
010 C:\Windows\system32\sppsvc.exe
010 C:\Windows\system32\TabSvc.dll
010 C:\Windows\System32\sensrsvc.dll
010 C:\Windows\system32\UtcResources.dll
010 C:\Windows\system32\defragsvc.dll
010 C:\Windows\system32\wbengine.exe
010 C:\Windows\system32\vssvc.exe
010 C:\Windows\System32\swprv.dll
010 C:\Windows\system32\sdrsvc.dll
010 C:\Program Files (x86)\Windows Defender\MsMpRes.dll
010 C:\Windows\system32\mmcss.dll
010 C:\Windows\system32\mmcss.dll
010 C:\Windows\system32\netman.dll
010 C:\Windows\System32\nlasvc.dll
010 C:\Windows\system32\nsisvc.dll
010 C:\Windows\system32\DRIVERS\o2flash.exe
010 C:\Windows\system32\p2psvc.dll
010 C:\Windows\system32\IPBusEnum.dll
010 C:\Windows\system32\pnrpauto.dll
010 C:\Windows\system32\pnrpsvc.dll
010 C:\Windows\system32\pnrpsvc.dll
010 C:\Windows\system32\wpdbusenum.dll
010 C:\Windows\System32\wercplsupport.dll
010 C:\Windows\system32\profsvc.dll
010 C:\Windows\system32\pcasvc.dll
010 C:\Windows\system32\sstpsvc.dll
010 C:\Windows\system32\qagentrt.dll
010 regsvc.dll
010 C:\Windows\system32\rasauto.dll
010 C:\Windows\system32\rasmans.dll
010 C:\Windows\system32\umrdp.dll
010 C:\Windows\System32\termsrv.dll
010 C:\Windows\system32\RpcEpMap.dll
010 C:\Windows\system32\Locator.exe
010 C:\Windows\system32\samsrv.dll
010 C:\Windows\system32\seclogon.dll
010 C:\Windows\system32\srvsvc.dll
010 C:\Windows\system32\iphlpsvc.dll
010 C:\Windows\System32\SCardSvr.dll
010 C:\Windows\system32\snmptrap.exe
010 e:\ccure\CrossFire\ServerComponents\SoftwareHouse.CrossFire.ImportWatcherService.exe
010 e:\ccure\CrossFire\ServerComponents\SoftwareHouse.CrossFire.ReportServerService.exe
010 e:\ccure\CrossFire\ServerComponents\SoftwareHouse.NextGen.apCDriverService.exe
010 e:\ccure\CCURE Client\AutoUpdate\SoftwareHouse.Nextgen.AutoUpdate.Impersonate.exe
010 e:\ccure\CCURE Client\AutoUpdate\SoftwareHouse.Nextgen.AutoUpdate.SWHbitsService.exe
010 e:\ccure\CrossFire\ServerComponents\SoftwareHouse.NextGen.ISC_DriverService.exe
010 e:\ccure\CrossFire\ServerComponents\SoftwareHouse.NextGen.iStar_DriverService.exe
010 C:\Windows\system32\spoolsv.exe
010 C:\Windows\system32\sppuinotify.dll
010 C:\Windows\system32\ssdpsrv.dll
010 C:\Windows\system32\wiaservc.dll
010 C:\Windows\System32\StorSvc.dll
010 e:\ccure\CrossFire\Stunnel\stunnel.exe
010 C:\Windows\system32\sysmain.dll
010 C:\Windows\system32\schedsvc.dll
010 C:\Windows\system32\tbssvc.dll
010 C:\Windows\system32\lmhsvc.dll
010 C:\Windows\system32\umpnpmgr.dll
010 C:\Windows\system32\umpo.dll
010 C:\Windows\system32\valWBFPolicyService.exe
010 C:\Windows\system32\vds.exe
010 C:\Windows\system32\dps.dll
010 C:\Windows\system32\Wat\WatUX.exe
010 C:\Windows\System32\audiosrv.dll
010 C:\Windows\System32\audiosrv.dll
010 C:\Windows\system32\wbiosrvc.dll
010 C:\Windows\system32\wudfsvc.dll
010 C:\Windows\System32\wersvc.dll
010 C:\Windows\system32\FntCache.dll
010 C:\Windows\System32\ListSvc.dll
010 C:\Windows\System32\wscsvc.dll
010 C:\Windows\System32\themeservice.dll
010 C:\Windows\system32\w32time.dll
010 C:\Windows\system32\wuaueng.dll
010 C:\Windows\System32\wlansvc.dll
010 C:\Windows\system32\dot3svc.dll
010 C:\Windows\system32\wbem\wmisvc.dll
010 C:\Windows\system32\wbem\wmiapsrv.exe
010 C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe
010 C:\Windows\system32\wkssvc.dll
010 C:\Windows\System32\wwansvc.dll
011 c:\windows\system32\drivers\1394ohci.sys
011 c:\windows\system32\drivers\ohci1394.sys
011 c:\windows\system32\drivers\agp440.sys
011 c:\windows\system32\drivers\ACPI.sys
011 c:\windows\system32\drivers\acpipmi.sys
011 c:\windows\system32\drivers\adp94xx.sys
011 c:\windows\system32\drivers\adpahci.sys
011 c:\windows\system32\drivers\adpu320.sys
011 c:\windows\system32\drivers\aliide.sys
011 c:\windows\system32\DRIVERS\Apfiltr.sys
011 c:\windows\system32\drivers\amdide.sys
011 c:\windows\system32\drivers\amdsata.sys
011 c:\windows\system32\drivers\amdsbs.sys
011 c:\windows\system32\drivers\amdxata.sys
011 C:\Windows\system32\drivers\afd.sys
011 C:\Windows\system32\appidsvc.dll
011 c:\windows\system32\DRIVERS\NNSAlpc.sys
011 c:\windows\system32\drivers\arc.sys
011 c:\windows\system32\drivers\arcsas.sys
011 c:\windows\system32\drivers\atapi.sys
011 C:\Windows\system32\drivers\Beep.sys
011 C:\Windows\system32\drivers\fvevol.sys
011 c:\windows\system32\DRIVERS\blbdrive.sys
011 c:\windows\system32\drivers\btmaud.sys
011 c:\windows\system32\DRIVERS\btmaux.sys
011 c:\windows\system32\DRIVERS\BthEnum.sys
011 c:\windows\system32\DRIVERS\bthmodem.sys
011 c:\windows\system32\drivers\hidbth.sys
011 c:\windows\system32\DRIVERS\bthpan.sys
011 c:\windows\system32\DRIVERS\rfcomm.sys
011 c:\windows\system32\DRIVERS\b57nd60a.sys
011 c:\windows\system32\drivers\evbda.sys
011 c:\windows\system32\drivers\bxvbda.sys
011 c:\windows\System32\Drivers\Brserid.sys
011 c:\windows\System32\Drivers\BrSerWdm.sys
011 c:\windows\System32\Drivers\BrUsbMdm.sys
011 c:\windows\System32\Drivers\BrUsbSer.sys
011 System32\Drivers\BTHport.sys
011 System32\Drivers\BTHUSB.sys
011 c:\windows\system32\DRIVERS\btmhsf.sys
011 c:\windows\system32\DRIVERS\cdfs.sys
011 c:\windows\system32\DRIVERS\CiscoUsbConsoleWindowsDriver64.sys
011 c:\windows\system32\drivers\cmdide.sys
011 System32\Drivers\cng.sys
011 C:\Windows\system32\clfs.sys
011 c:\windows\system32\DRIVERS\compbatt.sys
011 C:\Windows\system32\browser.dll
011 c:\windows\system32\drivers\circlass.sys
011 c:\windows\system32\DRIVERS\CmBatt.sys
011 c:\windows\system32\DRIVERS\CredFltL.sys
011 C:\Windows\system32\cscsvc.dll
011 c:\windows\system32\DRIVERS\dtsoftbus01.sys
011 c:\windows\system32\DRIVERS\dbx.sys
011 c:\windows\system32\drivers\usbhub.sys
011 C:\Windows\system32\drivers\dfsc.sys
011 c:\windows\System32\drivers\dxgkrnl.sys
011 c:\windows\system32\drivers\crcdisk.sys
011 c:\windows\system32\DRIVERS\stdcfltn.sys
011 c:\windows\system32\drivers\dmvsc.sys
011 c:\windows\system32\drivers\drmkpro64.sys
011 c:\windows\system32\drivers\usbehci.sys
011 c:\windows\system32\drivers\elxstor.sys
011 c:\windows\system32\drivers\errdev.sys
011 c:\windows\system32\DRIVERS\fssfltr.sys
011 C:\Windows\system32\drivers\fastfat.sys
011 C:\Windows\system32\drivers\fsdepends.sys
011 C:\Windows\system32\drivers\filetrace.sys
011 C:\Windows\system32\drivers\fileinfo.sys
011 c:\windows\system32\DRIVERS\fdc.sys
011 c:\windows\system32\DRIVERS\flpydisk.sys
011 c:\windows\system32\drivers\umpass.sys
011 C:\Windows\system32\drivers\hwpolicy.sys
011 c:\windows\system32\drivers\hcw85cir.sys
011 c:\windows\system32\drivers\HidBatt.sys
011 c:\windows\system32\DRIVERS\kbdhid.sys
011 c:\windows\system32\DRIVERS\mouhid.sys
011 c:\windows\system32\DRIVERS\HDAudBus.sys
011 c:\windows\system32\drivers\HpSAMD.sys
011 c:\windows\system32\DRIVERS\NNSHttp.sys
011 C:\Windows\system32\drivers\http.sys
011 c:\windows\system32\DRIVERS\NNSHttps.sys
011 c:\windows\system32\DRIVERS\i8042prt.sys
011 c:\windows\system32\drivers\iaStorA.sys
011 c:\windows\system32\drivers\iaStorF.sys
011 c:\windows\system32\drivers\iaStorV.sys
011 c:\windows\system32\DRIVERS\igdkmd64.sys
011 c:\windows\system32\drivers\iirsp.sys
011 C:\Windows\system32\drivers\irenum.sys
011 c:\windows\system32\drivers\hidir.sys
011 c:\windows\system32\DRIVERS\IntcDAud.sys
011 c:\windows\system32\DRIVERS\e1d62x64.sys
011 c:\windows\system32\DRIVERS\TeeDriverx64.sys
011 c:\windows\system32\DRIVERS\iusb3xhc.sys
011 c:\windows\system32\DRIVERS\iusb3hcs.sys
011 c:\windows\system32\DRIVERS\iusb3hub.sys
011 c:\windows\system32\DRIVERS\ibtusb.sys
011 c:\windows\system32\drivers\intelaud.sys
011 c:\windows\system32\DRIVERS\iwdbus.sys
011 c:\windows\system32\DRIVERS\Netwsw02.sys
011 c:\windows\system32\drivers\intelide.sys
011 c:\windows\system32\DRIVERS\NNSIds.sys
011 c:\windows\system32\drivers\IPMIDrv.sys
011 System32\drivers\ipnat.sys
011 c:\windows\system32\drivers\isapnp.sys
011 c:\windows\system32\drivers\Wdf01000.sys
011 c:\windows\system32\drivers\ksthunk.sys
011 c:\windows\system32\DRIVERS\kbdclass.sys
011 System32\Drivers\ksecdd.sys
011 System32\Drivers\ksecpkg.sys
011 c:\windows\system32\DRIVERS\lgandnetbus64.sys
011 c:\windows\system32\DRIVERS\lgandnetdiag64.sys
011 c:\windows\system32\DRIVERS\lgandnetmodem64.sys
011 c:\windows\system32\DRIVERS\lltdio.sys
011 c:\windows\system32\DRIVERS\rspndr.sys
011 C:\Windows\system32\drivers\spldr.sys
011 c:\windows\system32\drivers\lsi_fc.sys
011 c:\windows\system32\drivers\lsi_sas.sys
011 c:\windows\system32\drivers\lsi_sas2.sys
011 c:\windows\system32\drivers\lsi_scsi.sys
011 C:\Windows\system32\drivers\luafv.sys
011 c:\windows\system32\DRIVERS\bridge.sys
011 c:\windows\system32\DRIVERS\bridge.sys
011 C:\Windows\system32\drivers\secdrv.sys
011 C:\Windows\system32\drivers\netbt.sys
011 c:\windows\system32\drivers\megasas.sys
011 c:\windows\system32\drivers\MegaSR.sys
011 C:\Windows\system32\drivers\exfat.sys
011 C:\Windows\system32\drivers\fltmgr.sys
011 c:\windows\system32\drivers\msiscsi.sys
011 c:\windows\system32\drivers\MTConfig.sys
011 C:\Windows\system32\drivers\qwavedrv.sys
011 c:\windows\system32\DRIVERS\rdpbus.sys
011 C:\Windows\System32\drivers\scfilter.sys
011 c:\windows\system32\drivers\drmkaud.sys
011 c:\windows\system32\DRIVERS\tunnel.sys
011 c:\windows\system32\drivers\modem.sys
011 c:\windows\system32\DRIVERS\monitor.sys
011 C:\Windows\system32\drivers\mountmgr.sys
011 c:\windows\system32\DRIVERS\mouclass.sys
011 c:\windows\system32\drivers\mpio.sys
011 c:\windows\system32\drivers\uagp35.sys
011 c:\windows\system32\drivers\gagp30kx.sys
011 c:\windows\system32\drivers\MSKSSRV.sys
011 c:\windows\system32\drivers\MSPCLOCK.sys
011 c:\windows\system32\drivers\MSPQM.sys
011 c:\windows\system32\drivers\msahci.sys
011 c:\windows\system32\drivers\msdsm.sys
011 C:\Windows\system32\drivers\Msfs.sys
011 c:\windows\system32\drivers\msisadrv.sys
011 C:\Windows\system32\drivers\MsRPC.sys
011 C:\Windows\system32\drivers\mup.sys
011 c:\windows\system32\DRIVERS\CompositeBus.sys
011 c:\windows\system32\drivers\tdpipe.sys
011 c:\windows\system32\DRIVERS\nwifi.sys
011 C:\Windows\system32\drivers\ndis.sys
011 c:\windows\system32\DRIVERS\ndiscap.sys
011 C:\Windows\system32\drivers\NDProxy.sys
011 c:\windows\system32\DRIVERS\ndisuio.sys
011 c:\windows\system32\DRIVERS\netbios.sys
011 c:\windows\system32\DRIVERS\netvsc60.sys
011 c:\windows\system32\DRIVERS\NNSNAHSL.sys
011 c:\windows\system32\DRIVERS\NNSProt.sys
011 c:\windows\system32\DRIVERS\NNSPrv.sys
011 c:\windows\system32\drivers\nv_agp.sys
011 c:\windows\system32\drivers\nfrd960.sys
011 c:\windows\system32\DRIVERS\nwusbser_000.sys
011 c:\windows\system32\DRIVERS\nwusbser_001.sys
011 c:\windows\system32\DRIVERS\nwusbser2_001.sys
011 c:\windows\system32\DRIVERS\nwusbser2_000.sys
011 c:\windows\system32\DRIVERS\nwusbmdm_001.sys
011 c:\windows\system32\DRIVERS\nwusbmdm_000.sys
011 c:\windows\system32\drivers\npf.sys
011 C:\Windows\system32\drivers\Npfs.sys
011 C:\Windows\system32\drivers\nsiproxy.sys
011 C:\Windows\system32\drivers\Ntfs.sys
011 c:\windows\system32\drivers\pci.sys
011 C:\Windows\system32\drivers\Null.sys
011 c:\windows\system32\drivers\nvraid.sys
011 c:\windows\system32\drivers\nvstor.sys
011 c:\windows\system32\DRIVERS\NWADIenum.sys
011 c:\windows\system32\DRIVERS\O2FJ2w7x64.sys
011 c:\windows\system32\drivers\usbohci.sys
011 c:\windows\system32\DRIVERS\parport.sys
011 C:\Windows\system32\drivers\partmgr.sys
011 C:\Windows\system32\drivers\mshidkmdf.sys
011 c:\windows\system32\drivers\pciide.sys
011 c:\windows\system32\drivers\pcmcia.sys
011 System32\drivers\pcw.sys
011 c:\windows\system32\DRIVERS\swenum.sys
011 c:\windows\system32\drivers\disk.sys
011 c:\windows\system32\DRIVERS\NNSPop3.sys
011 c:\windows\system32\DRIVERS\NNSPicc.sys
011 c:\windows\system32\DRIVERS\NNSPihsw.sys
011 c:\windows\system32\drivers\processr.sys
011 c:\windows\system32\drivers\amdk8.sys
011 c:\windows\system32\DRIVERS\intelppm.sys
011 c:\windows\system32\drivers\amdppm.sys
011 c:\windows\system32\drivers\peauth.sys
011 C:\Windows\system32\sstpsvc.dll
011 c:\windows\system32\DRIVERS\PSINAflt.sys
011 c:\windows\system32\DRIVERS\PSINFile.sys
011 c:\windows\system32\DRIVERS\psinknc.sys
011 c:\windows\system32\DRIVERS\PSINProc.sys
011 c:\windows\system32\DRIVERS\PSINProt.sys
011 c:\windows\system32\DRIVERS\PSINReg.sys
011 System32\DRIVERS\PSKMAD.sys
011 c:\windows\system32\drivers\ql2300.sys
011 c:\windows\system32\drivers\ql40xx.sys
011 C:\Windows\System32\drivers\pacer.sys
011 c:\windows\system32\DRIVERS\AgileVpn.sys
011 System32\DRIVERS\rasacd.sys
011 C:\Windows\system32\drivers\RDPENCDD.sys
011 C:\Windows\system32\DRIVERS\RDPCDD.sys
011 C:\Windows\system32\drivers\RdpRefMp.sys
011 C:\Windows\system32\drivers\RDPWD.sys
011 System32\drivers\rdpdr.sys
011 System32\drivers\rdpvideominiport.sys
011 System32\drivers\rdyboost.sys
011 c:\windows\system32\drivers\RTDVHD64.sys
011 c:\windows\system32\drivers\TsUsbGD.sys
011 c:\windows\system32\DRIVERS\termdd.sys
011 C:\Windows\system32\drivers\tsusbflt.sys
011 c:\windows\system32\DRIVERS\usb8023x.sys
011 c:\windows\system32\DRIVERS\vms3cap.sys
011 c:\windows\system32\DRIVERS\ssudmdm.sys
011 c:\windows\system32\DRIVERS\ssudbus.sys
011 c:\windows\system32\drivers\sbp2port.sys
011 c:\windows\system32\DRIVERS\cdrom.sys
011 c:\windows\system32\drivers\sfloppy.sys
011 c:\windows\system32\drivers\sdbus.sys
011 c:\windows\system32\DRIVERS\SEDFilter.sys
011 c:\windows\System32\Drivers\Sentinel64.sys
011 c:\windows\system32\DRIVERS\serial.sys
011 c:\windows\system32\DRIVERS\sermouse.sys
011 c:\windows\system32\DRIVERS\serenum.sys
011 C:\Windows\system32\srvsvc.dll
011 C:\Windows\system32\srvsvc.dll
011 c:\windows\system32\drivers\SiSRaid2.sys
011 c:\windows\system32\drivers\sisraid4.sys
011 c:\windows\system32\drivers\sffdisk.sys
011 c:\windows\system32\drivers\sffp_mmc.sys
011 c:\windows\system32\drivers\sffp_sd.sys
011 c:\windows\system32\DRIVERS\NNSSmtp.sys
011 System32\DRIVERS\srvnet.sys
011 c:\windows\system32\drivers\stexstor.sys
011 c:\windows\system32\drivers\storvsc.sys
011 c:\windows\system32\DRIVERS\NNSStrm.sys
011 c:\windows\system32\DRIVERS\VMBusVideoM.sys
011 C:\Windows\system32\drivers\discache.sys
011 c:\windows\system32\DRIVERS\mssmbios.sys
011 c:\windows\system32\drivers\tdtcp.sys
011 c:\windows\system32\DRIVERS\tcpip.sys
011 System32\drivers\tcpipreg.sys
011 c:\windows\system32\DRIVERS\NNSTlsc.sys
011 C:\Windows\System32\DRIVERS\tssecsrv.sys
011 c:\windows\system32\DRIVERS\udfs.sys
011 c:\windows\system32\drivers\usbuhci.sys
011 c:\windows\system32\drivers\uliagpkx.sys
011 c:\windows\system32\drivers\usbccgp.sys
011 c:\windows\system32\drivers\usbcir.sys
011 c:\windows\system32\DRIVERS\USBSTOR.SYS
011 c:\windows\system32\DRIVERS\hidusb.sys
011 c:\windows\system32\DRIVERS\usbprint.sys
011 c:\windows\system32\DRIVERS\usbscan.sys
011 c:\windows\system32\DRIVERS\usb3Hub.sys
011 c:\windows\system32\DRIVERS\ser2pl64.sys
011 System32\Drivers\usbvideo.sys
011 c:\windows\system32\DRIVERS\umbus.sys
011 c:\windows\system32\DRIVERS\vgapnp.sys
011 c:\windows\System32\drivers\vga.sys
011 c:\windows\system32\drivers\vhdmp.sys
011 c:\windows\system32\drivers\viaide.sys
011 c:\windows\system32\DRIVERS\CtClsFlt.sys
011 c:\windows\system32\drivers\vdrvroot.sys
011 c:\windows\system32\DRIVERS\vwifibus.sys
011 c:\windows\system32\DRIVERS\vwififlt.sys
011 c:\windows\system32\DRIVERS\vwifimp.sys
011 c:\windows\system32\DRIVERS\VMBusHID.sys
011 c:\windows\system32\drivers\volmgr.sys
011 C:\Windows\system32\drivers\volmgrx.sys
011 c:\windows\system32\drivers\volsnap.sys
011 c:\windows\system32\drivers\vsmraid.sys
011 c:\windows\system32\drivers\wacompen.sys
011 c:\windows\system32\drivers\wd.sys
011 c:\windows\system32\DRIVERS\wdcsam64.sys
011 c:\windows\system32\drivers\MSTEE.sys
011 c:\windows\system32\DRIVERS\WSDPrint.sys
011 c:\windows\system32\DRIVERS\wfplwf.sys
011 c:\windows\system32\DRIVERS\nwvzwmbnet_001.sys
011 c:\windows\system32\drivers\WudfPf.sys
011 c:\windows\system32\DRIVERS\WUDFRd.sys
011 c:\windows\system32\DRIVERS\wmiacpi.sys
011 c:\windows\system32\drivers\BrFiltLo.sys
011 c:\windows\system32\drivers\BrFiltUp.sys
011 c:\windows\system32\DRIVERS\WinUsb.sys
011 C:\Windows\System32\drivers\ws2ifsl.sys
011 C:\Windows\system32\wkssvc.dll
011 C:\Windows\system32\wkssvc.dll
011 C:\Windows\system32\wkssvc.dll
011 C:\Windows\system32\wkssvc.dll
013 C:\Windows\System32\mctadmin.exe
013 C:\Windows\System32\mctadmin.exe
032 rdpclip
042 C:\Users\Lutz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk
069 CNMLMBX.DLL
069 localspl.dll
069 FXSMON.DLL
069 RC4MON64.DLL
069 tcpmon.dll
069 usbmon.dll
069 WSDMon.dll
073 C:\Program Files (x86)\Microleaves\Online.io Application\Online-Guardian-v2.0.9.exe
073 C:\Program Files (x86)\Microleaves\Online.io Application\Online-Guardian-v2.0.9.exe
073 C:\Program Files (x86)\Microleaves\Online.io Application\Online-Guardian-v2.0.9.exe
073 C:\Program Files (x86)\Microleaves\Traffic Exchange\OnlineGuardian-v2.exe
073 C:\Program Files (x86)\Microleaves\Traffic Exchange\OnlineGuardian-v2.exe
073 C:\Program Files (x86)\Microleaves\Traffic Exchange\OnlineGuardian-v2.exe
073 C:\Program Files (x86)\Microleaves\Traffic Exchange\Online-Guardian-v2.0.9.exe
073 C:\Program Files (x86)\Microleaves\Traffic Exchange\Online-Guardian-v2.0.9.exe
073 C:\Program Files (x86)\Microleaves\Traffic Exchange\Online-Guardian-v2.0.9.exe
145 kbdclass.sys
210 C:\Windows\system32\sdclt.exe



#3 nasdaq

nasdaq

  • Malware Response Team
  • 38,925 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:14 PM

Posted 28 February 2017 - 09:43 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

How to attach a file to your reply:
In the Reply section in the bottom of the topic Click the "more reply Options" button.
attachlogs.png

Attach the file.
Select the "Choose a File" navigate to the location of the File.
Click the file you wish to Attach.

Click the Add reply button.
===


Please post the logs.

Wait for further instructions.

#4 Mondwa

Mondwa
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:14 PM

Posted 28 February 2017 - 12:14 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 27-02-2017 01
Ran by Lutz (administrator) on 8S5CP12 (28-02-2017 12:10:42)
Running from C:\Users\Lutz\Favorites\Downloads
Loaded Profiles: Lutz (Available Profiles: Sitkins & Lutz)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(DigitalPersona, Inc.) C:\Program Files\Dell\Dell Data Protection\Security Tools\Authentication\Bin\DpHostW.exe
(DigitalPersona, Inc.) C:\Program Files\Dell\Dell Data Protection\Security Tools\Authentication\Bin\DpCardEngine.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\HidMonitorSvc.exe
() C:\Program Files (x86)\dataup\dataup.exe
() C:\Program Files\Dell\Dell Data Protection\Client Security Framework\Dell.SecurityManager.Loader.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Novatel Wireless Inc.) C:\Program Files (x86)\Novatel Wireless\LTE Support\VZWMSConfig.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Dell Inc.) C:\Program Files\Dell\Dell Data Protection\Client Security Framework\Dell.SecurityManager.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Dell, Inc.) C:\Program Files\Dell\Dell Data Protection\Client Security Framework\Dell.SecurityManager.MgmtServer.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Dell) C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe
(Dell Products, LP.) C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(qdcomsvc Inc.) C:\Program Files (x86)\qdcomsvc\qdcomsvc.exe
(ct Corp.) C:\Users\Lutz\AppData\Local\Temp\20170226\ct.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Dell) C:\Program Files\Dell\Dell Foundation Services\DFS.Common.Agent.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Waves Audio Ltd.) C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
() C:\Program Files\Dell\Dell Data Protection\Client Security Framework\Dell.SecurityManager.SystrayApp.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Program Files (x86)\svcvmx\svcvmx.exe
() C:\Program Files (x86)\svcvmx\vmxclient.exe
() C:\Program Files (x86)\svcvmx\vmxclient.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(splsrv Corp.) C:\Windows\SysWOW64\splsrv.exe
(winscr) C:\Program Files (x86)\winscr\winscr.exe
() C:\Program Files (x86)\svcvmx\vmxclient.exe
() C:\Program Files (x86)\svcvmx\vmxclient.exe
() C:\Program Files (x86)\svcvmx\vmxclient.exe
() C:\Program Files (x86)\svcvmx\vmxclient.exe
() C:\Program Files (x86)\svcvmx\vmxclient.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files (x86)\svcvmx\vmxclient.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [736552 2015-05-29] (Alps Electric Co., Ltd.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8465112 2015-04-13] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1395056 2015-04-13] (Realtek Semiconductor)
HKLM\...\Run: [WavesSvc] => C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe [609200 2015-03-01] (Waves Audio Ltd.)
HKLM\...\Run: [RtHDVBg_PushButton] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1395056 2015-04-13] (Realtek Semiconductor)
HKLM\...\Run: [IgfxTray] => C:\Windows\system32\igfxtray.exe [392168 2016-06-09] ()
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [287592 2014-05-28] (Intel Corporation)
HKLM\...\Run: [IntelPROSet] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [4879264 2016-02-08] (Intel® Corporation)
HKLM\...\Run: [CSFTrayApp] => C:\Program Files\Dell\Dell Data Protection\Client Security Framework\Dell.SecurityManager.SystrayApp.exe [232288 2014-09-11] ()
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [Malwarebytes TrayApp] => C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2014-04-10] (Intel Corporation)
HKLM-x32\...\Run: [PSUAMain] => C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe [54520 2015-10-22] (Panda Security, S.L.)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe [1172256 2014-11-10] (Intel Corporation)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [26781320 2017-02-21] (Dropbox, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle Corporation)
HKLM-x32\...\Run: [cpx] => "C:\Program Files (x86)\cpx\cpx.exe" -starup <===== ATTENTION
HKLM-x32\...\Run: [svcvmx] => C:\Program Files (x86)\svcvmx\svcvmx.exe [896512 2017-01-13] ()
HKLM\...\Winlogon: [Userinit] C:\Windows\SysWOW64\userinit.exe,
Winlogon\Notify\igfxcui: 
HKU\S-1-5-18\...\Run: [] => [X]
Lsa: [Notification Packages] DPPassFilter scecli
ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-21] (Dropbox, Inc.)
GroupPolicy: Restriction <======= ATTENTION
GroupPolicyScripts-x32: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{9BFE8818-E83D-41F5-84D4-1174610A9371}: [NameServer] 198.224.152.119 198.224.154.135
Tcpip\..\Interfaces\{FC7C93CD-86D6-4CF6-8871-7F6D30E81A6B}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKU\S-1-5-21-1143638034-3846331151-41362472-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://dell13.msn.com/?pc=DCJB
HKU\S-1-5-21-1143638034-3846331151-41362472-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell13.msn.com/?pc=DCJB
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\.DEFAULT -> DefaultScope {06D0727A-39BF-4C75-804E-294BB856C4C5} URL = 
SearchScopes: HKU\.DEFAULT -> {06D0727A-39BF-4C75-804E-294BB856C4C5} URL = 
SearchScopes: HKU\S-1-5-21-1143638034-3846331151-41362472-1001 -> DefaultScope {06D0727A-39BF-4C75-804E-294BB856C4C5} URL = hxxp://www.bing.com/search?FORM=SKY2DF&PC=SKY2&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1143638034-3846331151-41362472-1001 -> {06D0727A-39BF-4C75-804E-294BB856C4C5} URL = hxxp://www.bing.com/search?FORM=SKY2DF&PC=SKY2&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1143638034-3846331151-41362472-1001 -> {9FA34E39-BBB4-4904-A25B-B0CC92EA8AAC} URL = hxxps://www.google.com/search?q={searchTerms}
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_121\bin\ssv.dll [2017-01-24] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2016-11-15] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-01-24] (Oracle Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll [2017-01-24] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2014-01-21] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2016-11-15] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-01-24] (Oracle Corporation)
DPF: HKLM-x32 {98703E7E-E705-4043-8FCE-E828D9C1EEAD} hxxp://192.168.1.25:88/IPCWebComponents.exe
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2016-05-17] (Microsoft Corporation)
 
FireFox:
========
FF ProfilePath: C:\Users\Lutz\AppData\Roaming\Mozilla\Firefox\Profiles\zt2lgqcx.default [2017-02-27]
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\zt2lgqcx.default -> Google
FF HKLM-x32\...\Firefox\Extensions: [dpmaxz_ng@jetpack] - C:\Program Files (x86)\Dell\Dell Data Protection\Security Tools Authentication\Bin\BrowserExt\dpchrome
FF Extension: (Dell Data Protection 
 Security Tools) - C:\Program Files (x86)\Dell\Dell Data Protection\Security Tools Authentication\Bin\BrowserExt\dpchrome [2016-06-24] [not signed]
FF Plugin: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-01-24] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-01-24] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-11-10] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.56 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-11-10] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-11-10] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-01-24] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-01-24] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-21] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [No File]
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2016-12-17] (Adobe Systems Inc.)
FF Plugin-x32: digitalpersona.com/ChromeDPAgent -> C:\Program Files (x86)\Dell\Dell Data Protection\Security Tools Authentication\Bin\BrowserExt\components\npChromeDPAgent.dll [2014-03-17] (DigitalPersona, Inc.)
FF Plugin-x32: yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1 -> C:\Program Files (x86)\Yahoo!\Common\npyaxmpb.dll [2006-11-03] (Yahoo! Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2016-12-17] (Adobe Systems Inc.)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://google.com/
CHR StartupUrls: Default -> "hxxp://google.com/"
CHR Profile: C:\Users\Lutz\AppData\Local\Google\Chrome\User Data\Default [2017-02-28]
CHR HKLM-x32\...\Chrome\Extension: [ncffjdbbodifgldkcbhmiiljfcnbgjab] - C:\Program Files (x86)\Dell\Dell Data Protection\Security Tools Authentication\Bin\BrowserExt\dpchrome.crx [2014-03-17]
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 ApHidMonitorService; C:\Program Files\DellTPad\HidMonitorSvc.exe [96000 2015-09-25] (Alps Electric Co., Ltd.)
R2 Dataup; C:\Program Files (x86)\dataup\dataup.exe [77824 2017-01-05] () [File not signed] <==== ATTENTION
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-03-26] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-03-26] (Dropbox, Inc.)
R2 DbxSvc; C:\Windows\system32\DbxSvc.exe [46408 2017-02-09] (Dropbox, Inc.)
S3 dcpm-notify; C:\Program Files\Dell\CommandPowerManager\NotifyService.exe [94136 2016-06-02] (Dell Inc.)
R2 Dell Foundation Services; C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe [97616 2017-01-11] (Dell)
R2 DellMgmtAgent; C:\Program Files\Dell\Dell Data Protection\Client Security Framework\Dell.SecurityManager.exe [255328 2014-09-11] (Dell Inc.)
R2 DellMgmtLoader; C:\Program Files\Dell\Dell Data Protection\Client Security Framework\Dell.SecurityManager.Loader.exe [26464 2014-09-11] ()
R2 DellMgmtServer; C:\Program Files\Dell\Dell Data Protection\Client Security Framework\Dell.SecurityManager.MgmtServer.exe [33632 2014-09-11] (Dell, Inc.)
R2 DpHost; C:\Program Files\Dell\Dell Data Protection\Security Tools\Authentication\Bin\DpHostW.exe [472912 2014-03-19] (DigitalPersona, Inc.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [16232 2014-05-28] (Intel Corporation)
R2 iBtSiva; C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe [172784 2016-07-23] (Intel Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [354280 2016-06-09] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel® Corporation)
S3 InvProtectSvc; C:\Program Files (x86)\Invincea\Enterprise\X64\InvProtectSvc64.exe [2672328 2014-07-30] (Invincea, Inc.)
S3 iumsvc; C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [177376 2016-08-12] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [158496 2014-11-10] (Intel Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268192 2016-02-08] ()
S2 NanoServiceMain; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe [142072 2015-10-18] (Panda Security, S.L.)
S4 NWVZHelper; C:\Program Files (x86)\Novatel Wireless\Verizon\Drivers\NWHelper_001.exe [270848 2010-06-14] (Novatel Wireless Inc.) [File not signed]
S4 O2FLASH; C:\Windows\system32\DRIVERS\o2flash.exe [65536 2014-03-07] (BayHubTech/O2Micro International)
S4 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1910128 2015-02-20] (Electronic Arts)
S2 PandaAgent; C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe [73176 2016-02-22] (Panda Security, S.L.)
S2 PSUAService; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe [38136 2015-10-22] (Panda Security, S.L.)
R2 qdcomsvc; C:\Program Files (x86)\qdcomsvc\qdcomsvc.exe [755712 2017-02-23] (qdcomsvc Inc.) [File not signed] <==== ATTENTION
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-02-28] (Riverbed Technology, Inc.)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [291032 2014-08-18] (Realtek Semiconductor)
S3 SboxSvc; C:\Program Files (x86)\Invincea\Enterprise\Sandbox\SboxSvc.exe [173256 2014-07-30] (Invincea, Inc.)
S4 SolarWinds TFTP Server; C:\Program Files (x86)\SolarWinds\TFTPServer\SolarWinds TFTP Server.exe [54784 2010-06-10] (SolarWinds) [File not signed]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10351856 2016-12-15] (TeamViewer GmbH)
S4 valWBFPolicyService; C:\Windows\system32\valWBFPolicyService.exe [35328 2013-08-29] (Validity Sensors, Inc.) [File not signed]
R2 VZWConfigService; C:\Program Files (x86)\Novatel Wireless\LTE Support\VZWMSConfig.exe [218160 2012-04-16] (Novatel Wireless Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2014-11-24] (Microsoft Corporation)
R2 windowsmanagementservice; C:\Users\Lutz\AppData\Local\Temp\20170226\ct.exe [724480 2017-02-22] (ct Corp.) [File not signed] <==== ATTENTION <==== ATTENTION
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3833248 2016-02-08] (Intel® Corporation)
S3 ADIntellexDriverService; e:\ccure\CrossFire\ServerComponents\AD.Intellex.DriverService.exe [X]
S3 CrossFireApcDriverService; e:\ccure\CrossFire\ServerComponents\SoftwareHouse.NextGen.apCDriverService.exe [X]
S3 CrossFireImportWatcher; e:\ccure\CrossFire\ServerComponents\SoftwareHouse.CrossFire.ImportWatcherService.exe [X]
S3 CrossFireISCDriverService; e:\ccure\CrossFire\ServerComponents\SoftwareHouse.NextGen.ISC_DriverService.exe [X]
S3 CrossFireiSTARDriverService; e:\ccure\CrossFire\ServerComponents\SoftwareHouse.NextGen.iStar_DriverService.exe [X]
S3 CrossFireReportServer; e:\ccure\CrossFire\ServerComponents\SoftwareHouse.CrossFire.ReportServerService.exe [X]
S3 Dell.CommandPowerManager.Service; C:\Windows\system32\dllhost.exe /Processid:{F0353EDA-6DB6-4352-8665-C64F6CD29D92}
S2 DHCPServer; "E:\_SOFTWARE (Archive)\DHCP Servers\dhcpsrv2.2\dhcpsrv.exe" [X]
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
S2 Software House AutoUpdate Installer; "e:\ccure\CCURE Client\AutoUpdate\SoftwareHouse.Nextgen.AutoUpdate.Impersonate.exe" [X]
S2 Software House AutoUpdate Service; "e:\ccure\CCURE Client\AutoUpdate\SoftwareHouse.Nextgen.AutoUpdate.SWHbitsService.exe" [X]
S3 stunnel; e:\ccure\CrossFire\Stunnel\stunnel.exe -service -install [X]
S3 TBS; %SystemRoot%\System32\tbssvc.dll [X]
S2 TycoESS; e:\ccure\CrossFire\License\x64\lmgrd.exe [X]
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 btmaudio; C:\Windows\System32\drivers\btmaud.sys [87528 2015-10-13] (Motorola Solutions, Inc.)
R3 btmaux; C:\Windows\System32\DRIVERS\btmaux.sys [141800 2015-10-13] (Motorola Solutions, Inc.)
R3 btmhsf; C:\Windows\System32\DRIVERS\btmhsf.sys [1545704 2016-04-27] (Motorola Solutions, Inc.)
R3 CiscoSerial; C:\Windows\System32\DRIVERS\CiscoUsbConsoleWindowsDriver64.sys [95232 2009-10-16] (Cisco Systems, Inc.)
R0 CredFltL; C:\Windows\System32\DRIVERS\CredFltL.sys [37120 2014-09-11] ()
R1 drmkpro64; C:\Windows\System32\drivers\drmkpro64.sys [51784 2017-02-22] () [File not signed] <==== ATTENTION
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2015-02-11] (Disc Soft Ltd)
R3 e1dexpress; C:\Windows\System32\DRIVERS\e1d62x64.sys [501216 2015-08-05] (Intel Corporation)
R0 iaStorF; C:\Windows\System32\drivers\iaStorF.sys [28008 2014-05-02] (Intel Corporation)
R3 ibtusb; C:\Windows\System32\DRIVERS\ibtusb.sys [355080 2016-07-31] (Intel Corporation)
R3 IntcAzAudAddService; C:\Windows\System32\drivers\RTDVHD64.sys [2745304 2015-04-15] (Realtek Semiconductor Corp.)
S3 InvProtectDrv; C:\Program Files (x86)\Invincea\Enterprise\X64\InvProtectDrv64.sys [50696 2014-07-30] (Invincea, Inc.)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [129312 2014-11-10] (Intel Corporation)
R3 NETwNs64; C:\Windows\System32\DRIVERS\Netwsw02.sys [3422992 2016-01-29] (Intel Corporation)
R1 NNSALPC; C:\Windows\System32\DRIVERS\NNSAlpc.sys [94456 2015-07-09] (Panda Security, S.L.)
R1 NNSHTTP; C:\Windows\System32\DRIVERS\NNSHttp.sys [201976 2015-07-09] (Panda Security, S.L.)
R1 NNSHTTPS; C:\Windows\System32\DRIVERS\NNSHttps.sys [110840 2015-07-09] (Panda Security, S.L.)
R1 NNSIDS; C:\Windows\System32\DRIVERS\NNSIds.sys [110840 2015-07-09] (Panda Security, S.L.)
R1 NNSNAHSL; C:\Windows\System32\DRIVERS\NNSNAHSL.sys [57648 2015-05-20] (Panda Security, S.L.)
R1 NNSPICC; C:\Windows\System32\DRIVERS\NNSPicc.sys [103160 2015-07-09] (Panda Security, S.L.)
R1 NNSPIHSW; C:\Windows\System32\DRIVERS\NNSPihsw.sys [73464 2015-08-31] (Panda Security, S.L.)
R1 NNSPOP3; C:\Windows\System32\DRIVERS\NNSPop3.sys [124152 2015-07-09] (Panda Security, S.L.)
R1 NNSPROT; C:\Windows\System32\DRIVERS\NNSProt.sys [300280 2015-07-09] (Panda Security, S.L.)
R1 NNSPRV; C:\Windows\System32\DRIVERS\NNSPrv.sys [170232 2015-07-09] (Panda Security, S.L.)
R1 NNSSMTP; C:\Windows\System32\DRIVERS\NNSSmtp.sys [113400 2015-07-09] (Panda Security, S.L.)
R1 NNSSTRM; C:\Windows\System32\DRIVERS\NNSStrm.sys [257784 2015-07-09] (Panda Security, S.L.)
R1 NNSTLSC; C:\Windows\System32\DRIVERS\NNSTlsc.sys [106232 2015-07-09] (Panda Security, S.L.)
R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-02-28] (Riverbed Technology, Inc.)
S3 NWUSBModem_001; C:\Windows\System32\DRIVERS\nwusbmdm_001.sys [217856 2012-05-03] (Novatel Wireless Inc.)
S3 NWUSBPort2_001; C:\Windows\System32\DRIVERS\nwusbser2_001.sys [217856 2012-05-03] (Novatel Wireless Inc.)
S3 NWUSBPort_001; C:\Windows\System32\DRIVERS\nwusbser_001.sys [217856 2012-05-03] (Novatel Wireless Inc.)
S3 nwvzwmbnet_001; C:\Windows\System32\DRIVERS\nwvzwmbnet_001.sys [334848 2012-05-03] (Novatel Wireless Inc.)
R3 O2FJ2RDR; C:\Windows\System32\DRIVERS\O2FJ2w7x64.sys [210592 2014-05-14] (BayHubTech/O2Micro )
R2 PSINAflt; C:\Windows\System32\DRIVERS\PSINAflt.sys [164088 2015-07-19] (Panda Security, S.L.)
R2 PSINFile; C:\Windows\System32\DRIVERS\PSINFile.sys [121592 2015-07-19] (Panda Security, S.L.)
R1 PSINKNC; C:\Windows\System32\DRIVERS\psinknc.sys [197880 2015-07-19] (Panda Security, S.L.)
R2 PSINProc; C:\Windows\System32\DRIVERS\PSINProc.sys [124152 2015-07-19] (Panda Security, S.L.)
R2 PSINProt; C:\Windows\System32\DRIVERS\PSINProt.sys [134392 2015-07-19] (Panda Security, S.L.)
R2 PSINReg; C:\Windows\System32\DRIVERS\PSINReg.sys [107768 2015-07-19] (Panda Security, S.L.)
S3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [61712 2015-05-22] (Panda Security, S.L.)
S3 SboxDrv; C:\Program Files (x86)\Invincea\Enterprise\Sandbox\SboxDrv.sys [183304 2014-07-30] (Invincea, Inc.)
R0 SEDFilter; C:\Windows\System32\DRIVERS\SEDFilter.sys [61184 2014-09-11] (Dell Inc.)
S2 Sentinel64; C:\Windows\System32\Drivers\Sentinel64.sys [145448 2009-09-17] (SafeNet, Inc.)
R3 usb3Hub; C:\Windows\System32\DRIVERS\usb3Hub.sys [204184 2014-03-04] (Windows ® Win 7 DDK provider)
S3 AndnetBus; system32\DRIVERS\lgandnetbus64.sys [X]
S3 AndNetDiag; system32\DRIVERS\lgandnetdiag64.sys [X]
S3 ANDNetModem; system32\DRIVERS\lgandnetmodem64.sys [X]
S3 dbx; system32\DRIVERS\dbx.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-02-28 12:10 - 2017-02-28 12:10 - 00000000 ____D C:\FRST
2017-02-27 18:05 - 2017-02-27 18:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2017-02-27 07:48 - 2017-02-27 07:48 - 00192262 _____ C:\Users\Lutz\Desktop\runscanner.run
2017-02-27 07:45 - 2017-02-27 07:45 - 00000000 ____D C:\Users\Lutz\AppData\Roaming\Runscanner.net
2017-02-27 07:39 - 2017-02-27 07:39 - 00000000 ____D C:\rsit
2017-02-27 07:39 - 2017-02-27 07:39 - 00000000 ____D C:\Program Files (x86)\trend micro
2017-02-27 07:02 - 2017-02-27 07:02 - 00274800 _____ C:\Windows\Minidump\022717-16614-01.dmp
2017-02-27 07:01 - 2017-02-27 07:02 - 00016272 _____ C:\Users\Lutz\AppData\Roaming\InstallationConfiguration.xml
2017-02-27 07:01 - 2017-02-27 07:01 - 00140288 _____ C:\Users\Lutz\AppData\Roaming\Installer.dat
2017-02-27 06:32 - 2017-02-27 06:32 - 00288736 _____ C:\Windows\Minidump\022717-17612-01.dmp
2017-02-27 06:31 - 2017-02-27 06:31 - 00000000 ____D C:\Program Files (x86)\PreparedFolder
2017-02-27 06:29 - 2017-02-27 06:29 - 00017644 _____ C:\TDSSKiller.3.1.0.12_27.02.2017_06.29.06_log.txt
2017-02-27 00:16 - 2017-02-27 07:11 - 00000140 _____ C:\Windows\Reimage.ini
2017-02-27 00:15 - 2017-02-27 00:15 - 00000000 ____D C:\Program Files (x86)\regtool
2017-02-26 14:13 - 2017-02-26 14:14 - 00253682 _____ C:\TDSSKiller.3.1.0.12_26.02.2017_14.13.21_log.txt
2017-02-26 14:12 - 2017-02-27 00:01 - 00002022 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-02-26 14:12 - 2017-02-26 14:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-02-26 14:12 - 2017-02-26 14:12 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-02-26 14:12 - 2017-01-20 07:47 - 00077416 _____ C:\Windows\system32\Drivers\mbae64.sys
2017-02-26 14:09 - 2017-02-26 14:09 - 00000000 ____D C:\Users\Lutz\Desktop\rkill
2017-02-26 14:07 - 2017-02-26 14:09 - 00141064 _____ C:\TDSSKiller.3.1.0.12_26.02.2017_14.07.54_log.txt
2017-02-26 11:38 - 2017-02-26 14:00 - 00000000 ____D C:\Users\Lutz\AppData\Local\ESET
2017-02-26 11:09 - 2017-02-26 23:15 - 00000000 ____D C:\AdwCleaner
2017-02-26 10:54 - 2017-02-27 06:33 - 00496694 _____ C:\Windows\ntbtlog.txt
2017-02-26 10:51 - 2017-02-26 10:51 - 04972544 _____ C:\Users\Lutz\Desktop\twrp-2.2.2.1-blaze.img
2017-02-26 10:27 - 2017-02-26 10:27 - 214585298 _____ C:\Users\Lutz\Desktop\update.zip
2017-02-26 10:20 - 2017-02-26 10:20 - 00000000 ____D C:\Users\Lutz\Desktop\Tekify - Root Kindle Fire HD
2017-02-26 10:01 - 2017-02-26 10:01 - 00000000 ____D C:\Program Files\Malwarebytes
2017-02-25 22:34 - 2017-02-27 08:21 - 00000000 ____D C:\Program Files (x86)\svcvmx
2017-02-25 22:34 - 2017-02-26 09:49 - 00000000 ____D C:\Users\Lutz\AppData\Local\llssoft
2017-02-25 22:31 - 2017-02-27 07:02 - 752710004 _____ C:\Windows\MEMORY.DMP
2017-02-25 22:30 - 2017-02-28 12:11 - 00000324 _____ C:\Windows\Tasks\Traffic Exchange v209 - 3.job
2017-02-25 22:30 - 2017-02-28 12:11 - 00000324 _____ C:\Windows\Tasks\Traffic Exchange v209 - 2.job
2017-02-25 22:30 - 2017-02-28 12:11 - 00000324 _____ C:\Windows\Tasks\Traffic Exchange v209 - 1.job
2017-02-25 22:30 - 2017-02-28 12:11 - 00000314 _____ C:\Windows\Tasks\Traffic Exchange v2 - 3.job
2017-02-25 22:30 - 2017-02-28 12:11 - 00000314 _____ C:\Windows\Tasks\Traffic Exchange v2 - 2.job
2017-02-25 22:30 - 2017-02-28 12:11 - 00000314 _____ C:\Windows\Tasks\Traffic Exchange v2 - 1.job
2017-02-25 22:30 - 2017-02-25 22:30 - 00003150 _____ C:\Windows\System32\Tasks\Traffic Exchange v209 - 3
2017-02-25 22:30 - 2017-02-25 22:30 - 00003150 _____ C:\Windows\System32\Tasks\Traffic Exchange v209 - 2
2017-02-25 22:30 - 2017-02-25 22:30 - 00003150 _____ C:\Windows\System32\Tasks\Traffic Exchange v209 - 1
2017-02-25 22:30 - 2017-02-25 22:30 - 00003140 _____ C:\Windows\System32\Tasks\Traffic Exchange v2 - 3
2017-02-25 22:30 - 2017-02-25 22:30 - 00003140 _____ C:\Windows\System32\Tasks\Traffic Exchange v2 - 2
2017-02-25 22:30 - 2017-02-25 22:30 - 00003140 _____ C:\Windows\System32\Tasks\Traffic Exchange v2 - 1
2017-02-25 22:30 - 2017-02-25 22:30 - 00000000 ____D C:\Program Files (x86)\winscr
2017-02-25 22:30 - 2017-02-25 22:30 - 00000000 ____D C:\Program Files (x86)\dataup
2017-02-25 22:29 - 2017-02-28 12:11 - 00000334 _____ C:\Windows\Tasks\Online Application v209.job
2017-02-25 22:29 - 2017-02-28 12:11 - 00000334 _____ C:\Windows\Tasks\Online Application v209 Guardian.job
2017-02-25 22:29 - 2017-02-28 12:11 - 00000334 _____ C:\Windows\Tasks\Online Application v209 Guard.job
2017-02-25 22:29 - 2017-02-25 22:30 - 01852928 _____ (splsrv Corp.) C:\Windows\SysWOW64\splsrv.exe
2017-02-25 22:29 - 2017-02-25 22:30 - 00000000 ____D C:\Program Files (x86)\qdcomsvc
2017-02-25 22:29 - 2017-02-25 22:29 - 00003160 _____ C:\Windows\System32\Tasks\Online Application v209 Guardian
2017-02-25 22:29 - 2017-02-25 22:29 - 00003160 _____ C:\Windows\System32\Tasks\Online Application v209 Guard
2017-02-25 22:29 - 2017-02-25 22:29 - 00003160 _____ C:\Windows\System32\Tasks\Online Application v209
2017-02-25 22:29 - 2017-02-25 22:29 - 00000000 ____D C:\Users\Lutz\AppData\Roaming\c
2017-02-25 22:29 - 2017-02-25 22:29 - 00000000 ____D C:\ProgramData\1488079780
2017-02-25 22:20 - 2017-02-25 22:21 - 203659026 _____ C:\Users\Lutz\Desktop\update-kindle-6.3_D01E_4019920.zip
2017-02-25 00:31 - 2017-02-25 00:31 - 00000165 ____H C:\Users\Lutz\Documents\~$Family’s love.pptx
2017-02-25 00:16 - 2017-02-25 00:31 - 02245419 _____ C:\Users\Lutz\Documents\Family’s love.pptx
2017-02-24 23:15 - 2015-05-22 03:45 - 00061712 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\PSKMAD.sys
2017-02-22 17:12 - 2017-02-22 17:12 - 00051784 _____ C:\Windows\system32\Drivers\drmkpro64.sys
2017-02-21 13:49 - 2017-02-21 13:49 - 00046184 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-dev.sys
2017-02-21 13:49 - 2017-02-21 13:49 - 00046184 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-canary.sys
2017-02-17 14:26 - 2017-02-17 14:26 - 00000000 ____D C:\Users\Lutz\Desktop\Ryan Hoodie
2017-02-17 14:26 - 2017-02-17 14:26 - 00000000 ____D C:\Users\Lutz\Desktop\JJ hoodie
2017-02-16 17:00 - 2017-02-16 17:00 - 00000044 _____ C:\Users\Lutz\Desktop\jj appointment.txt
2017-02-14 13:58 - 2017-02-22 17:12 - 01329663 _____ C:\Users\Lutz\Desktop\Fort McCoy Device Inventory and IP Addressing (1).xlsx
2017-02-10 17:33 - 2017-02-10 17:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
2017-02-09 03:33 - 2017-02-09 03:33 - 00046408 _____ (Dropbox, Inc.) C:\Windows\system32\DbxSvc.exe
2017-02-09 03:33 - 2017-02-09 03:33 - 00046184 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-stable.sys
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-02-28 12:04 - 2014-11-24 14:06 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2017-02-28 12:00 - 2015-06-02 10:16 - 00000904 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
2017-02-28 11:53 - 2014-11-24 14:16 - 00000000 ____D C:\ProgramData\Package Cache
2017-02-28 11:52 - 2015-08-10 15:09 - 00000000 ____D C:\Program Files\Spiceworks
2017-02-28 11:47 - 2014-12-22 11:10 - 00000000 ____D C:\Users\Lutz\AppData\Local\CrashDumps
2017-02-28 04:07 - 2009-07-13 23:45 - 00021312 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-02-28 04:07 - 2009-07-13 23:45 - 00021312 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-02-27 18:05 - 2015-06-02 10:16 - 00000000 ____D C:\Program Files (x86)\Dropbox
2017-02-27 15:17 - 2009-07-14 00:13 - 00798422 _____ C:\Windows\system32\PerfStringBackup.INI
2017-02-27 15:17 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\inf
2017-02-27 15:14 - 2014-12-24 10:49 - 00000000 ____D C:\Users\Lutz\Documents\Outlook Files
2017-02-27 14:00 - 2015-06-02 10:16 - 00000900 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
2017-02-27 08:20 - 2016-06-23 15:20 - 00000000 __SHD C:\Users\Lutz\IntelGraphicsProfiles
2017-02-27 08:11 - 2016-06-24 13:51 - 00131072 ___SH C:\CredSED.dat
2017-02-27 08:09 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-02-27 07:35 - 2014-11-24 14:11 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2017-02-27 07:35 - 2014-11-24 14:11 - 00000000 ____D C:\Program Files (x86)\ST Microelectronics
2017-02-27 07:32 - 2016-01-01 19:32 - 00000000 ____D C:\CCTVWARE
2017-02-27 07:27 - 2016-04-28 12:47 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-02-27 07:09 - 2016-01-01 17:49 - 00000000 ____D C:\Program Files\Microsoft SQL Server
2017-02-27 07:08 - 2016-01-01 17:50 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server
2017-02-27 07:02 - 2015-02-18 05:21 - 00000000 ____D C:\Windows\Minidump
2017-02-26 14:01 - 2016-09-21 11:31 - 00000000 ____D C:\Users\MSSQL$SQLEXPRESS
2017-02-26 11:15 - 2016-09-21 10:42 - 00000000 ____D C:\Windows\system32\appmgmt
2017-02-26 11:11 - 2014-12-21 22:50 - 00000000 ____D C:\Users\Lutz
2017-02-25 22:36 - 2014-12-21 22:53 - 00000000 ____D C:\Program Files (x86)\Google
2017-02-25 03:34 - 2014-11-24 14:17 - 00000000 ___HD C:\Windows\system32\WLANProfiles
2017-02-23 03:03 - 2014-12-10 10:11 - 00000000 ____D C:\Windows\system32\MRT
2017-02-23 03:00 - 2014-12-10 10:11 - 138020592 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-02-22 21:11 - 2014-12-21 23:05 - 00000000 ____D C:\Users\Lutz\AppData\Roaming\TeamViewer
2017-02-22 03:03 - 2014-12-15 18:14 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2017-02-22 03:03 - 2009-07-13 21:34 - 00000505 _____ C:\Windows\win.ini
2017-02-21 14:43 - 2015-07-30 16:36 - 00019958 _____ C:\Users\Lutz\advanced_ip_scanner_MAC.bin
2017-02-21 14:43 - 2015-07-30 16:36 - 00012374 _____ C:\Users\Lutz\advanced_ip_scanner_Favorites.bin
2017-02-21 09:37 - 2015-02-11 16:19 - 00002248 ____H C:\Users\Lutz\Documents\Default.rdp
2017-02-16 16:01 - 2014-12-21 23:05 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2017-02-14 05:04 - 2014-11-24 14:06 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-02-14 05:04 - 2014-11-24 14:06 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-02-14 05:04 - 2014-11-24 14:06 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-02-14 05:04 - 2014-11-24 14:06 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-02-14 05:04 - 2014-11-24 14:06 - 00000000 ____D C:\Windows\system32\Macromed
2017-02-13 21:37 - 2015-04-18 21:38 - 00000600 _____ C:\Users\Lutz\AppData\Local\PUTTY.RND
2017-02-13 18:46 - 2016-02-12 20:01 - 00000000 ____D C:\Users\Lutz\AppData\Roaming\uTorrent
2017-02-12 15:07 - 2015-01-25 12:16 - 00000000 ____D C:\Users\Lutz\AppData\Local\ElevatedDiagnostics
2017-02-12 15:07 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system32\NDF
2017-02-10 12:31 - 2015-08-20 14:21 - 00000000 ____D C:\Users\Lutz\AppData\Roaming\vlc
2017-02-10 09:39 - 2014-12-22 00:33 - 00000000 ___RD C:\Users\Lutz\Desktop\Lutz
2017-02-09 08:26 - 2016-12-09 19:08 - 00000104 _____ C:\Users\Lutz\Desktop\movies to get.txt
2017-02-06 18:48 - 2014-12-21 22:56 - 00002197 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-02-04 11:24 - 2016-06-23 14:33 - 00000000 ____D C:\Windows\System32\Tasks\Dell
2017-02-04 10:19 - 2014-11-24 14:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
 
==================== Files in the root of some directories =======
 
2016-08-01 19:49 - 2016-08-01 19:49 - 7065600 _____ () C:\Program Files (x86)\GUT341.tmp
2017-02-27 07:01 - 2017-02-27 07:02 - 0016272 _____ () C:\Users\Lutz\AppData\Roaming\InstallationConfiguration.xml
2017-02-27 07:01 - 2017-02-27 07:01 - 0140288 _____ () C:\Users\Lutz\AppData\Roaming\Installer.dat
2015-04-18 21:38 - 2017-02-13 21:37 - 0000600 _____ () C:\Users\Lutz\AppData\Local\PUTTY.RND
2016-11-08 16:21 - 2016-11-08 16:21 - 0000218 _____ () C:\Users\Lutz\AppData\Local\recently-used.xbel
 
Some files in TEMP:
====================
2017-02-27 06:31 - 2017-02-27 06:31 - 0889024 _____ () C:\Users\Lutz\AppData\Local\Temp\AnonymizerGadgetSetup.1.000.1680.exe
2017-02-27 07:02 - 2017-02-27 07:02 - 12517185 _____ (AppTrailers) C:\Users\Lutz\AppData\Local\Temp\AppTrailers.9.1.10amt (1).exe
2017-02-27 06:31 - 2017-02-27 06:31 - 29136048 _____ (AppTrailers) C:\Users\Lutz\AppData\Local\Temp\AppTrailers.9.1.10amt.exe
2017-02-27 07:01 - 2017-02-27 07:01 - 5255168 _____ () C:\Users\Lutz\AppData\Local\Temp\component (1).exe
2017-02-27 06:31 - 2017-02-27 06:31 - 5255168 _____ () C:\Users\Lutz\AppData\Local\Temp\component.exe
2017-02-27 07:02 - 2017-02-27 07:02 - 0098384 _____ (Installer Technology © 2015) C:\Users\Lutz\AppData\Local\Temp\installer (1).exe
2017-02-27 06:31 - 2017-02-27 06:31 - 0098384 _____ (Installer Technology © 2015) C:\Users\Lutz\AppData\Local\Temp\installer.exe
2017-01-24 14:49 - 2017-01-24 14:49 - 0739904 _____ (Oracle Corporation) C:\Users\Lutz\AppData\Local\Temp\jre-8u121-windows-au.exe
2017-02-27 07:01 - 2017-02-27 07:01 - 0983040 _____ () C:\Users\Lutz\AppData\Local\Temp\linker.exe
2017-02-27 07:01 - 2017-02-27 07:01 - 0647680 _____ (Corel   Corporation) C:\Users\Lutz\AppData\Local\Temp\netstream (1).exe
2017-02-27 06:31 - 2017-02-27 06:31 - 0647680 _____ (Corel   Corporation) C:\Users\Lutz\AppData\Local\Temp\netstream.exe
2017-02-27 00:16 - 2017-02-27 00:16 - 13444616 _____ (Reimage) C:\Users\Lutz\AppData\Local\Temp\ReimagePackage.exe
2017-02-27 06:31 - 2017-02-27 06:31 - 3941934 _____ () C:\Users\Lutz\AppData\Local\Temp\setup.exe
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-02-22 03:37
 
==================== End of FRST.txt ============================

Attached Files



#5 nasdaq

nasdaq

  • Malware Response Team
  • 38,925 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:14 PM

Posted 01 March 2017 - 11:24 AM

xlK5Hdb.pngFarbar Recovery Scan Tool (FRST) Recovery Environment

Note: You require access to a USB drive.
Note: Please print off these instructions, or ensure you have access to them using a different device.Enter Recovery Environment (Windows 7)
  • Consult the following instructions (scroll down to "Entry points into WinRE") on how to enter the Recovery Environment in Windows 7.
  • After Reading the instructions click Repair your computer See Figure 3.
  • Continue reading the instructions up to Figure 7.
  • Select Command Prompt.
  • In the command window type notepad and press Enter on your keyboard.
  • Notepad will open. Click File followed by Open.
  • Click Computer, write down your USB drive letter on a piece of paper and close Notepad.
  • Type: x:\frst.exe / x:\frst64.exe in the command window.
    • Note: Replace letter x with the drive letter of your USB drive you wrote down earlier.
  • Press Enter on your keyboard. The tool will start to run.
  • When the tool opens click Yes to the disclaimer.
  • Click Fix.
  • A log (Fixlog.txt) will be saved to your USB drive. Reboot your computer. Copy the contents of Fixlog.txt and paste in your next reply
Let me know what problem persists.

===================================================

Attached Files



#6 Mondwa

Mondwa
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:14 PM

Posted 01 March 2017 - 08:06 PM

How long should this take? I started it 8 hrs ago but it still says fixing

#7 Mondwa

Mondwa
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:14 PM

Posted 02 March 2017 - 06:54 AM

Fix result of Farbar Recovery Scan Tool (x64) Version: 27-02-2017 01
Ran by SYSTEM (01-03-2017 18:13:08) Run:2
Running from g:\
Boot Mode: Recovery
==============================================
 
fixlist content:
*****************
Start
 
CreateRestorePoint:
 
Unlock: C:\Program Files (x86)\dataup
Unlock: C:\Program Files (x86)\dataup\dataup.exe
Unlock: C:\Program Files (x86)\cpx\cpx.exe
Unlock: C:\Program Files (x86)\cpx
Unlock: C:\Users\Lutz\AppData\Local\Temp\20170226\ct.exe
Unlock: C:\Users\Lutz\AppData\Local\Temp\20170226
Unlock: C:\Program Files (x86)\svcvmx\svcvmx.exe
Unlock: C:\Program Files (x86)\svcvmx\vmxclient.exe
Unlock: C:\Program Files (x86)\svcvmx
Unlock: C:\Program Files (x86)\winscr\winscr.exe
Unlock: C:\Program Files (x86)\winscr
Unlock: C:\WINDOWS\System32\drivers\drmkpro64.sys
Unlock: C:\Program Files (x86)\qdcomsvc\qdcomsvc.exe
Unlock: C:\Program Files (x86)\qdcomsvc
 
unlock: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\drmkpro64
reg: reg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\drmkpro64" /f
unlock: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\qdcomsvc
reg: reg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\qdcomsvc" /f
unlock: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\windowsmanagementservice
reg: reg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\windowsmanagementservice" /f
 
HKLM-x32\...\Run: [cpx] => "C:\Program Files (x86)\cpx\cpx.exe" -starup <===== ATTENTION
HKLM-x32\...\Run: [svcvmx] => C:\Program Files (x86)\svcvmx\svcvmx.exe [896512 2017-01-13] ()
 
HKU\S-1-5-18\...\Run: [] => [X]
GroupPolicy: Restriction <======= ATTENTION
GroupPolicyScripts-x32: Restriction <======= ATTENTION
 
R2 windowsmanagementservice; C:\Users\Lutz\AppData\Local\Temp\20170226\ct.exe [724480 2017-02-22] (ct Corp.) [File not signed] <==== ATTENTION <==== ATTENTION
R1 drmkpro64; C:\Windows\System32\drivers\drmkpro64.sys [51784 2017-02-22] () [File not signed] <==== ATTENTION
 
Task: {0E56F37F-3353-49B1-B77A-A3FA303D816C} - System32\Tasks\Traffic Exchange v209 - 1 => C:\Program Files (x86)\Microleaves\Traffic Exchange\Online-Guardian-v2.0.9.exe  <==== ATTENTION
Task: {0FE2C405-2099-4BD6-A027-1AB9081F362D} - System32\Tasks\Traffic Exchange v209 - 3 => C:\Program Files (x86)\Microleaves\Traffic Exchange\Online-Guardian-v2.0.9.exe  <==== ATTENTION
Task: {24FDA165-F57F-4209-BF30-F1B9F5EFE347} - System32\Tasks\{1A1C727A-E66B-45C9-8361-D0F5EF36F7A8} => pcalua.exe -a C:\Users\Lutz\AppData\Local\Temp\jre-8u101-windows-au.exe -d C:\Windows\SysWOW64 -c /installmethod=jau FAMILYUPGRADE=1 <==== ATTENTION
Task: {2D7F647E-3BA4-4768-92AA-791E9504494A} - System32\Tasks\Traffic Exchange v2 - 1 => C:\Program Files (x86)\Microleaves\Traffic Exchange\OnlineGuardian-v2.exe  <==== ATTENTION
Task: {4D4F6AA7-8CA4-4C5A-8D50-E5D6B7857BA2} - System32\Tasks\Online Application v209 Guard => C:\Program Files (x86)\Microleaves\Online.io Application\Online-Guardian-v2.0.9.exe  <==== ATTENTION
Task: {7CECAD18-13B1-43B3-B94B-E80FDFCA3A56} - System32\Tasks\Online Application v209 => C:\Program Files (x86)\Microleaves\Online.io Application\Online-Guardian-v2.0.9.exe  <==== ATTENTION
Task: {8EF560AB-959A-4206-9049-522D3EA30AE0} - System32\Tasks\Online Application v209 Guardian => C:\Program Files (x86)\Microleaves\Online.io Application\Online-Guardian-v2.0.9.exe  <==== ATTENTION
Task: {9338248B-FAB1-457A-9057-113F003D9195} - System32\Tasks\Traffic Exchange v2 - 3 => C:\Program Files (x86)\Microleaves\Traffic Exchange\OnlineGuardian-v2.exe  <==== ATTENTION
Task: {CE69EDC6-C57F-47E3-BB38-19F325DE073D} - System32\Tasks\Traffic Exchange v209 - 2 => C:\Program Files (x86)\Microleaves\Traffic Exchange\Online-Guardian-v2.0.9.exe  <==== ATTENTION
Task: {EDB59B9E-4545-4246-9E4D-EEA7B8B10DFA} - System32\Tasks\Traffic Exchange v2 - 2 => C:\Program Files (x86)\Microleaves\Traffic Exchange\OnlineGuardian-v2.exe  <==== ATTENTION
Task: C:\Windows\Tasks\Online Application v209 Guard.job => C:\Program Files (x86)\Microleaves\Online.io Application\Online-Guardian-v2.0.9.exe <==== ATTENTION
Task: C:\Windows\Tasks\Online Application v209 Guardian.job => C:\Program Files (x86)\Microleaves\Online.io Application\Online-Guardian-v2.0.9.exe <==== ATTENTION
Task: C:\Windows\Tasks\Online Application v209.job => C:\Program Files (x86)\Microleaves\Online.io Application\Online-Guardian-v2.0.9.exe <==== ATTENTION
Task: C:\Windows\Tasks\Traffic Exchange v2 - 1.job => C:\Program Files (x86)\Microleaves\Traffic Exchange\OnlineGuardian-v2.exe <==== ATTENTION
Task: C:\Windows\Tasks\Traffic Exchange v2 - 2.job => C:\Program Files (x86)\Microleaves\Traffic Exchange\OnlineGuardian-v2.exe <==== ATTENTION
Task: C:\Windows\Tasks\Traffic Exchange v2 - 3.job => C:\Program Files (x86)\Microleaves\Traffic Exchange\OnlineGuardian-v2.exe <==== ATTENTION
Task: C:\Windows\Tasks\Traffic Exchange v209 - 1.job => C:\Program Files (x86)\Microleaves\Traffic Exchange\Online-Guardian-v2.0.9.exe <==== ATTENTION
Task: C:\Windows\Tasks\Traffic Exchange v209 - 2.job => C:\Program Files (x86)\Microleaves\Traffic Exchange\Online-Guardian-v2.0.9.exe <==== ATTENTION
Task: C:\Windows\Tasks\Traffic Exchange v209 - 3.job => C:\Program Files (x86)\Microleaves\Traffic Exchange\Online-Guardian-v2.0.9.exe <==== ATTENTION
 
AlternateDataStreams: C:\Windows\SysWOW64\MSIHANDLE:3698 [0]
AlternateDataStreams: C:\Windows\SysWOW64\MSIHANDLE:3749 [0]
AlternateDataStreams: C:\Windows\SysWOW64\MSIHANDLE:3847 [0]
AlternateDataStreams: C:\Users\.DS_Store:AFP_AfpInfo [122]
AlternateDataStreams: C:\Users\Lutz\.DS_Store:AFP_AfpInfo [122]
 
C:\Program Files (x86)\Microleaves
C:\Program Files (x86)\dataup
C:\Program Files (x86)\svcvmx
C:\Program Files (x86)\dataup
C:\Program Files (x86)\qdcomsvc
C:\Users\Lutz\AppData\Local\Temp\20170226
C:\Windows\SysWOW64\splsrv.exe
 
 
EmptyTemp:
Reboot:
 
End
*****************
 
Error: Restore point can only be created in normal mode.
"C:\Program Files (x86)\dataup" => was unlocked
"C:\Program Files (x86)\dataup\dataup.exe" => was unlocked
"C:\Program Files (x86)\cpx\cpx.exe" => not found.
"C:\Program Files (x86)\cpx" => not found.
"C:\Users\Lutz\AppData\Local\Temp\20170226\ct.exe" => was unlocked
"C:\Users\Lutz\AppData\Local\Temp\20170226" => was unlocked
"C:\Program Files (x86)\svcvmx\svcvmx.exe" => was unlocked
"C:\Program Files (x86)\svcvmx\vmxclient.exe" => was unlocked
"C:\Program Files (x86)\svcvmx" => was unlocked
"C:\Program Files (x86)\winscr\winscr.exe" => was unlocked
"C:\Program Files (x86)\winscr" => was unlocked
"C:\WINDOWS\System32\drivers\drmkpro64.sys" => was unlocked
"C:\Program Files (x86)\qdcomsvc\qdcomsvc.exe" => was unlocked
"C:\Program Files (x86)\qdcomsvc" => was unlocked
"HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\drmkpro64" => key could not be unlocked
 
========= reg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\drmkpro64" /f =========
 
ERROR: The system was unable to find the specified registry key or value.
 
 
========= End of Reg: =========
 
"HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\qdcomsvc" => key could not be unlocked
 
========= reg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\qdcomsvc" /f =========
 
ERROR: The system was unable to find the specified registry key or value.
 
 
========= End of Reg: =========
 
"HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\windowsmanagementservice" => key could not be unlocked
 
========= reg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\windowsmanagementservice" /f =========
 
ERROR: The system was unable to find the specified registry key or value.
 
 
========= End of Reg: =========
 
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\cpx => value not found.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\svcvmx => value not found.


#8 nasdaq

nasdaq

  • Malware Response Team
  • 38,925 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:14 PM

Posted 02 March 2017 - 08:42 AM

Please run the Farbar tool normally one more time.

Post fresh FRST and Addition.txt files for my review.

Let me know what problem persists.

#9 Mondwa

Mondwa
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:14 PM

Posted 02 March 2017 - 08:45 AM

run it as a scan from normal windows?



#10 Mondwa

Mondwa
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:14 PM

Posted 02 March 2017 - 08:48 AM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 01-03-2017
Ran by Lutz (administrator) on 8S5CP12 (02-03-2017 08:45:49)
Running from C:\Users\Lutz\Favorites\Downloads
Loaded Profiles: Lutz (Available Profiles: Sitkins & Lutz)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(DigitalPersona, Inc.) C:\Program Files\Dell\Dell Data Protection\Security Tools\Authentication\Bin\DpHostW.exe
(DigitalPersona, Inc.) C:\Program Files\Dell\Dell Data Protection\Security Tools\Authentication\Bin\DpCardEngine.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\HidMonitorSvc.exe
() C:\Program Files (x86)\dataup\dataup.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
() C:\Program Files\Dell\Dell Data Protection\Client Security Framework\Dell.SecurityManager.Loader.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Novatel Wireless Inc.) C:\Program Files (x86)\Novatel Wireless\LTE Support\VZWMSConfig.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Dell Inc.) C:\Program Files\Dell\Dell Data Protection\Client Security Framework\Dell.SecurityManager.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Dell, Inc.) C:\Program Files\Dell\Dell Data Protection\Client Security Framework\Dell.SecurityManager.MgmtServer.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Dell) C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe
(Dell Products, LP.) C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(qdcomsvc Inc.) C:\Program Files (x86)\qdcomsvc\qdcomsvc.exe
(ct Corp.) C:\Users\Lutz\AppData\Local\Temp\20170226\ct.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Waves Audio Ltd.) C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe
(Dell) C:\Program Files\Dell\Dell Foundation Services\DFS.Common.Agent.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
() C:\Program Files\Dell\Dell Data Protection\Client Security Framework\Dell.SecurityManager.SystrayApp.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(splsrv Corp.) C:\Windows\SysWOW64\splsrv.exe
() C:\Program Files (x86)\svcvmx\svcvmx.exe
() C:\Program Files (x86)\svcvmx\vmxclient.exe
() C:\Program Files (x86)\svcvmx\vmxclient.exe
() C:\Program Files (x86)\svcvmx\vmxclient.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files (x86)\svcvmx\vmxclient.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [736552 2015-05-29] (Alps Electric Co., Ltd.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8465112 2015-04-13] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1395056 2015-04-13] (Realtek Semiconductor)
HKLM\...\Run: [WavesSvc] => C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe [609200 2015-03-01] (Waves Audio Ltd.)
HKLM\...\Run: [RtHDVBg_PushButton] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1395056 2015-04-13] (Realtek Semiconductor)
HKLM\...\Run: [IgfxTray] => C:\Windows\system32\igfxtray.exe [392168 2016-06-09] ()
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [287592 2014-05-28] (Intel Corporation)
HKLM\...\Run: [IntelPROSet] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [4879264 2016-02-08] (Intel® Corporation)
HKLM\...\Run: [CSFTrayApp] => C:\Program Files\Dell\Dell Data Protection\Client Security Framework\Dell.SecurityManager.SystrayApp.exe [232288 2014-09-11] ()
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [Malwarebytes TrayApp] => C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2014-04-10] (Intel Corporation)
HKLM-x32\...\Run: [PSUAMain] => C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe [54520 2015-10-22] (Panda Security, S.L.)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe [1172256 2014-11-10] (Intel Corporation)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [26781320 2017-02-21] (Dropbox, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle Corporation)
HKLM\...\Winlogon: [Userinit] C:\Windows\SysWOW64\userinit.exe,
Winlogon\Notify\igfxcui: 
HKU\S-1-5-18\...\Run: [] => [X]
Lsa: [Notification Packages] DPPassFilter scecli
ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-21] (Dropbox, Inc.)
GroupPolicy: Restriction <======= ATTENTION
GroupPolicyScripts-x32: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{9BFE8818-E83D-41F5-84D4-1174610A9371}: [NameServer] 198.224.152.119 198.224.154.135
Tcpip\..\Interfaces\{FC7C93CD-86D6-4CF6-8871-7F6D30E81A6B}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKU\S-1-5-21-1143638034-3846331151-41362472-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://dell13.msn.com/?pc=DCJB
HKU\S-1-5-21-1143638034-3846331151-41362472-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell13.msn.com/?pc=DCJB
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\.DEFAULT -> DefaultScope {06D0727A-39BF-4C75-804E-294BB856C4C5} URL = 
SearchScopes: HKU\.DEFAULT -> {06D0727A-39BF-4C75-804E-294BB856C4C5} URL = 
SearchScopes: HKU\S-1-5-21-1143638034-3846331151-41362472-1001 -> DefaultScope {06D0727A-39BF-4C75-804E-294BB856C4C5} URL = hxxp://www.bing.com/search?FORM=SKY2DF&PC=SKY2&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1143638034-3846331151-41362472-1001 -> {06D0727A-39BF-4C75-804E-294BB856C4C5} URL = hxxp://www.bing.com/search?FORM=SKY2DF&PC=SKY2&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1143638034-3846331151-41362472-1001 -> {9FA34E39-BBB4-4904-A25B-B0CC92EA8AAC} URL = hxxps://www.google.com/search?q={searchTerms}
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_121\bin\ssv.dll [2017-01-24] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2016-11-15] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-01-24] (Oracle Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll [2017-01-24] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2014-01-21] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2016-11-15] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-01-24] (Oracle Corporation)
DPF: HKLM-x32 {98703E7E-E705-4043-8FCE-E828D9C1EEAD} hxxp://192.168.1.25:88/IPCWebComponents.exe
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2016-05-17] (Microsoft Corporation)
 
FireFox:
========
FF ProfilePath: C:\Users\Lutz\AppData\Roaming\Mozilla\Firefox\Profiles\zt2lgqcx.default [2017-02-27]
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\zt2lgqcx.default -> Google
FF HKLM-x32\...\Firefox\Extensions: [dpmaxz_ng@jetpack] - C:\Program Files (x86)\Dell\Dell Data Protection\Security Tools Authentication\Bin\BrowserExt\dpchrome
FF Extension: (Dell Data Protection 
 Security Tools) - C:\Program Files (x86)\Dell\Dell Data Protection\Security Tools Authentication\Bin\BrowserExt\dpchrome [2016-06-24] [not signed]
FF Plugin: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-01-24] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-01-24] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-11-10] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.56 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-11-10] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-11-10] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-01-24] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-01-24] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-21] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [No File]
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2016-12-17] (Adobe Systems Inc.)
FF Plugin-x32: digitalpersona.com/ChromeDPAgent -> C:\Program Files (x86)\Dell\Dell Data Protection\Security Tools Authentication\Bin\BrowserExt\components\npChromeDPAgent.dll [2014-03-17] (DigitalPersona, Inc.)
FF Plugin-x32: yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1 -> C:\Program Files (x86)\Yahoo!\Common\npyaxmpb.dll [2006-11-03] (Yahoo! Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2016-12-17] (Adobe Systems Inc.)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://google.com/
CHR StartupUrls: Default -> "hxxp://google.com/"
CHR Profile: C:\Users\Lutz\AppData\Local\Google\Chrome\User Data\Default [2017-03-02]
CHR HKLM-x32\...\Chrome\Extension: [ncffjdbbodifgldkcbhmiiljfcnbgjab] - C:\Program Files (x86)\Dell\Dell Data Protection\Security Tools Authentication\Bin\BrowserExt\dpchrome.crx [2014-03-17]
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 ApHidMonitorService; C:\Program Files\DellTPad\HidMonitorSvc.exe [96000 2015-09-25] (Alps Electric Co., Ltd.)
R2 Dataup; C:\Program Files (x86)\dataup\dataup.exe [77824 2017-01-05] () [File not signed] <==== ATTENTION
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-03-26] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-03-26] (Dropbox, Inc.)
R2 DbxSvc; C:\Windows\system32\DbxSvc.exe [46408 2017-02-09] (Dropbox, Inc.)
S3 dcpm-notify; C:\Program Files\Dell\CommandPowerManager\NotifyService.exe [94136 2016-06-02] (Dell Inc.)
R2 Dell Foundation Services; C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe [97616 2017-01-11] (Dell)
R2 DellMgmtAgent; C:\Program Files\Dell\Dell Data Protection\Client Security Framework\Dell.SecurityManager.exe [255328 2014-09-11] (Dell Inc.)
R2 DellMgmtLoader; C:\Program Files\Dell\Dell Data Protection\Client Security Framework\Dell.SecurityManager.Loader.exe [26464 2014-09-11] ()
R2 DellMgmtServer; C:\Program Files\Dell\Dell Data Protection\Client Security Framework\Dell.SecurityManager.MgmtServer.exe [33632 2014-09-11] (Dell, Inc.)
R2 DpHost; C:\Program Files\Dell\Dell Data Protection\Security Tools\Authentication\Bin\DpHostW.exe [472912 2014-03-19] (DigitalPersona, Inc.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [16232 2014-05-28] (Intel Corporation)
R2 iBtSiva; C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe [172784 2016-07-23] (Intel Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [354280 2016-06-09] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel® Corporation)
S3 InvProtectSvc; C:\Program Files (x86)\Invincea\Enterprise\X64\InvProtectSvc64.exe [2672328 2014-07-30] (Invincea, Inc.)
S3 iumsvc; C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [177376 2016-08-12] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [158496 2014-11-10] (Intel Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268192 2016-02-08] ()
S2 NanoServiceMain; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe [142072 2015-10-18] (Panda Security, S.L.)
S4 NWVZHelper; C:\Program Files (x86)\Novatel Wireless\Verizon\Drivers\NWHelper_001.exe [270848 2010-06-14] (Novatel Wireless Inc.) [File not signed]
S4 O2FLASH; C:\Windows\system32\DRIVERS\o2flash.exe [65536 2014-03-07] (BayHubTech/O2Micro International)
S4 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1910128 2015-02-20] (Electronic Arts)
S2 PandaAgent; C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe [73176 2016-02-22] (Panda Security, S.L.)
S2 PSUAService; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe [38136 2015-10-22] (Panda Security, S.L.)
R2 qdcomsvc; C:\Program Files (x86)\qdcomsvc\qdcomsvc.exe [755712 2017-02-23] (qdcomsvc Inc.) [File not signed] <==== ATTENTION
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-02-28] (Riverbed Technology, Inc.)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [291032 2014-08-18] (Realtek Semiconductor)
S3 SboxSvc; C:\Program Files (x86)\Invincea\Enterprise\Sandbox\SboxSvc.exe [173256 2014-07-30] (Invincea, Inc.)
S4 SolarWinds TFTP Server; C:\Program Files (x86)\SolarWinds\TFTPServer\SolarWinds TFTP Server.exe [54784 2010-06-10] (SolarWinds) [File not signed]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10351856 2016-12-15] (TeamViewer GmbH)
S4 valWBFPolicyService; C:\Windows\system32\valWBFPolicyService.exe [35328 2013-08-29] (Validity Sensors, Inc.) [File not signed]
R2 VZWConfigService; C:\Program Files (x86)\Novatel Wireless\LTE Support\VZWMSConfig.exe [218160 2012-04-16] (Novatel Wireless Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2014-11-24] (Microsoft Corporation)
R2 windowsmanagementservice; C:\Users\Lutz\AppData\Local\Temp\20170226\ct.exe [724480 2017-02-22] (ct Corp.) [File not signed] <==== ATTENTION <==== ATTENTION
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3833248 2016-02-08] (Intel® Corporation)
S3 ADIntellexDriverService; e:\ccure\CrossFire\ServerComponents\AD.Intellex.DriverService.exe [X]
S3 CrossFireApcDriverService; e:\ccure\CrossFire\ServerComponents\SoftwareHouse.NextGen.apCDriverService.exe [X]
S3 CrossFireImportWatcher; e:\ccure\CrossFire\ServerComponents\SoftwareHouse.CrossFire.ImportWatcherService.exe [X]
S3 CrossFireISCDriverService; e:\ccure\CrossFire\ServerComponents\SoftwareHouse.NextGen.ISC_DriverService.exe [X]
S3 CrossFireiSTARDriverService; e:\ccure\CrossFire\ServerComponents\SoftwareHouse.NextGen.iStar_DriverService.exe [X]
S3 CrossFireReportServer; e:\ccure\CrossFire\ServerComponents\SoftwareHouse.CrossFire.ReportServerService.exe [X]
S3 Dell.CommandPowerManager.Service; C:\Windows\system32\dllhost.exe /Processid:{F0353EDA-6DB6-4352-8665-C64F6CD29D92}
S2 DHCPServer; "E:\_SOFTWARE (Archive)\DHCP Servers\dhcpsrv2.2\dhcpsrv.exe" [X]
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
S2 Software House AutoUpdate Installer; "e:\ccure\CCURE Client\AutoUpdate\SoftwareHouse.Nextgen.AutoUpdate.Impersonate.exe" [X]
S2 Software House AutoUpdate Service; "e:\ccure\CCURE Client\AutoUpdate\SoftwareHouse.Nextgen.AutoUpdate.SWHbitsService.exe" [X]
S3 stunnel; e:\ccure\CrossFire\Stunnel\stunnel.exe -service -install [X]
S3 TBS; %SystemRoot%\System32\tbssvc.dll [X]
S2 TycoESS; e:\ccure\CrossFire\License\x64\lmgrd.exe [X]
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 btmaudio; C:\Windows\System32\drivers\btmaud.sys [87528 2015-10-13] (Motorola Solutions, Inc.)
R3 btmaux; C:\Windows\System32\DRIVERS\btmaux.sys [141800 2015-10-13] (Motorola Solutions, Inc.)
R3 btmhsf; C:\Windows\System32\DRIVERS\btmhsf.sys [1545704 2016-04-27] (Motorola Solutions, Inc.)
R3 CiscoSerial; C:\Windows\System32\DRIVERS\CiscoUsbConsoleWindowsDriver64.sys [95232 2009-10-16] (Cisco Systems, Inc.)
R0 CredFltL; C:\Windows\System32\DRIVERS\CredFltL.sys [37120 2014-09-11] ()
R1 drmkpro64; C:\Windows\System32\drivers\drmkpro64.sys [51784 2017-02-22] () [File not signed] <==== ATTENTION
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2015-02-11] (Disc Soft Ltd)
R3 e1dexpress; C:\Windows\System32\DRIVERS\e1d62x64.sys [501216 2015-08-05] (Intel Corporation)
R0 iaStorF; C:\Windows\System32\drivers\iaStorF.sys [28008 2014-05-02] (Intel Corporation)
R3 ibtusb; C:\Windows\System32\DRIVERS\ibtusb.sys [355080 2016-07-31] (Intel Corporation)
R3 IntcAzAudAddService; C:\Windows\System32\drivers\RTDVHD64.sys [2745304 2015-04-15] (Realtek Semiconductor Corp.)
S3 InvProtectDrv; C:\Program Files (x86)\Invincea\Enterprise\X64\InvProtectDrv64.sys [50696 2014-07-30] (Invincea, Inc.)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [129312 2014-11-10] (Intel Corporation)
R3 NETwNs64; C:\Windows\System32\DRIVERS\Netwsw02.sys [3422992 2016-01-29] (Intel Corporation)
R1 NNSALPC; C:\Windows\System32\DRIVERS\NNSAlpc.sys [94456 2015-07-09] (Panda Security, S.L.)
R1 NNSHTTP; C:\Windows\System32\DRIVERS\NNSHttp.sys [201976 2015-07-09] (Panda Security, S.L.)
R1 NNSHTTPS; C:\Windows\System32\DRIVERS\NNSHttps.sys [110840 2015-07-09] (Panda Security, S.L.)
R1 NNSIDS; C:\Windows\System32\DRIVERS\NNSIds.sys [110840 2015-07-09] (Panda Security, S.L.)
R1 NNSNAHSL; C:\Windows\System32\DRIVERS\NNSNAHSL.sys [57648 2015-05-20] (Panda Security, S.L.)
R1 NNSPICC; C:\Windows\System32\DRIVERS\NNSPicc.sys [103160 2015-07-09] (Panda Security, S.L.)
R1 NNSPIHSW; C:\Windows\System32\DRIVERS\NNSPihsw.sys [73464 2015-08-31] (Panda Security, S.L.)
R1 NNSPOP3; C:\Windows\System32\DRIVERS\NNSPop3.sys [124152 2015-07-09] (Panda Security, S.L.)
R1 NNSPROT; C:\Windows\System32\DRIVERS\NNSProt.sys [300280 2015-07-09] (Panda Security, S.L.)
R1 NNSPRV; C:\Windows\System32\DRIVERS\NNSPrv.sys [170232 2015-07-09] (Panda Security, S.L.)
R1 NNSSMTP; C:\Windows\System32\DRIVERS\NNSSmtp.sys [113400 2015-07-09] (Panda Security, S.L.)
R1 NNSSTRM; C:\Windows\System32\DRIVERS\NNSStrm.sys [257784 2015-07-09] (Panda Security, S.L.)
R1 NNSTLSC; C:\Windows\System32\DRIVERS\NNSTlsc.sys [106232 2015-07-09] (Panda Security, S.L.)
R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-02-28] (Riverbed Technology, Inc.)
S3 NWUSBModem_001; C:\Windows\System32\DRIVERS\nwusbmdm_001.sys [217856 2012-05-03] (Novatel Wireless Inc.)
S3 NWUSBPort2_001; C:\Windows\System32\DRIVERS\nwusbser2_001.sys [217856 2012-05-03] (Novatel Wireless Inc.)
S3 NWUSBPort_001; C:\Windows\System32\DRIVERS\nwusbser_001.sys [217856 2012-05-03] (Novatel Wireless Inc.)
S3 nwvzwmbnet_001; C:\Windows\System32\DRIVERS\nwvzwmbnet_001.sys [334848 2012-05-03] (Novatel Wireless Inc.)
R3 O2FJ2RDR; C:\Windows\System32\DRIVERS\O2FJ2w7x64.sys [210592 2014-05-14] (BayHubTech/O2Micro )
R2 PSINAflt; C:\Windows\System32\DRIVERS\PSINAflt.sys [164088 2015-07-19] (Panda Security, S.L.)
R2 PSINFile; C:\Windows\System32\DRIVERS\PSINFile.sys [121592 2015-07-19] (Panda Security, S.L.)
R1 PSINKNC; C:\Windows\System32\DRIVERS\psinknc.sys [197880 2015-07-19] (Panda Security, S.L.)
R2 PSINProc; C:\Windows\System32\DRIVERS\PSINProc.sys [124152 2015-07-19] (Panda Security, S.L.)
R2 PSINProt; C:\Windows\System32\DRIVERS\PSINProt.sys [134392 2015-07-19] (Panda Security, S.L.)
R2 PSINReg; C:\Windows\System32\DRIVERS\PSINReg.sys [107768 2015-07-19] (Panda Security, S.L.)
S3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [61712 2015-05-22] (Panda Security, S.L.)
S3 SboxDrv; C:\Program Files (x86)\Invincea\Enterprise\Sandbox\SboxDrv.sys [183304 2014-07-30] (Invincea, Inc.)
R0 SEDFilter; C:\Windows\System32\DRIVERS\SEDFilter.sys [61184 2014-09-11] (Dell Inc.)
S2 Sentinel64; C:\Windows\System32\Drivers\Sentinel64.sys [145448 2009-09-17] (SafeNet, Inc.)
R3 usb3Hub; C:\Windows\System32\DRIVERS\usb3Hub.sys [204184 2014-03-04] (Windows ® Win 7 DDK provider)
S3 AndnetBus; system32\DRIVERS\lgandnetbus64.sys [X]
S3 AndNetDiag; system32\DRIVERS\lgandnetdiag64.sys [X]
S3 ANDNetModem; system32\DRIVERS\lgandnetmodem64.sys [X]
S3 dbx; system32\DRIVERS\dbx.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-03-01 12:37 - 2017-03-01 13:00 - 00000000 ____D C:\Users\Lutz\Desktop\USB STick
2017-03-01 12:36 - 2017-03-01 12:36 - 00000000 ____D C:\Users\Lutz\AppData\LocalLow\uTorrent
2017-02-28 12:10 - 2017-03-01 16:17 - 00000000 ____D C:\FRST
2017-02-27 18:05 - 2017-02-27 18:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2017-02-27 07:45 - 2017-02-27 07:45 - 00000000 ____D C:\Users\Lutz\AppData\Roaming\Runscanner.net
2017-02-27 07:39 - 2017-02-27 07:39 - 00000000 ____D C:\rsit
2017-02-27 07:39 - 2017-02-27 07:39 - 00000000 ____D C:\Program Files (x86)\trend micro
2017-02-27 07:02 - 2017-02-27 07:02 - 00274800 _____ C:\Windows\Minidump\022717-16614-01.dmp
2017-02-27 07:01 - 2017-02-27 07:02 - 00016272 _____ C:\Users\Lutz\AppData\Roaming\InstallationConfiguration.xml
2017-02-27 07:01 - 2017-02-27 07:01 - 00140288 _____ C:\Users\Lutz\AppData\Roaming\Installer.dat
2017-02-27 06:32 - 2017-02-27 06:32 - 00288736 _____ C:\Windows\Minidump\022717-17612-01.dmp
2017-02-27 06:31 - 2017-02-27 06:31 - 00000000 ____D C:\Program Files (x86)\PreparedFolder
2017-02-27 06:29 - 2017-02-27 06:29 - 00017644 _____ C:\TDSSKiller.3.1.0.12_27.02.2017_06.29.06_log.txt
2017-02-27 00:16 - 2017-02-27 07:11 - 00000140 _____ C:\Windows\Reimage.ini
2017-02-27 00:15 - 2017-02-27 00:15 - 00000000 ____D C:\Program Files (x86)\regtool
2017-02-26 14:13 - 2017-02-26 14:14 - 00253682 _____ C:\TDSSKiller.3.1.0.12_26.02.2017_14.13.21_log.txt
2017-02-26 14:12 - 2017-02-26 14:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-02-26 14:12 - 2017-02-26 14:12 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-02-26 14:12 - 2017-01-20 07:47 - 00077416 _____ C:\Windows\system32\Drivers\mbae64.sys
2017-02-26 14:07 - 2017-02-26 14:09 - 00141064 _____ C:\TDSSKiller.3.1.0.12_26.02.2017_14.07.54_log.txt
2017-02-26 11:38 - 2017-02-26 14:00 - 00000000 ____D C:\Users\Lutz\AppData\Local\ESET
2017-02-26 11:09 - 2017-02-26 23:15 - 00000000 ____D C:\AdwCleaner
2017-02-26 10:54 - 2017-02-27 06:33 - 00496694 _____ C:\Windows\ntbtlog.txt
2017-02-26 10:51 - 2017-02-26 10:51 - 04972544 _____ C:\Users\Lutz\Desktop\twrp-2.2.2.1-blaze.img
2017-02-26 10:27 - 2017-02-26 10:27 - 214585298 _____ C:\Users\Lutz\Desktop\update.zip
2017-02-26 10:20 - 2017-02-26 10:20 - 00000000 ____D C:\Users\Lutz\Desktop\Tekify - Root Kindle Fire HD
2017-02-26 10:01 - 2017-02-26 10:01 - 00000000 ____D C:\Program Files\Malwarebytes
2017-02-25 22:34 - 2017-03-02 07:47 - 00000000 ____D C:\Program Files (x86)\svcvmx
2017-02-25 22:34 - 2017-02-26 09:49 - 00000000 ____D C:\Users\Lutz\AppData\Local\llssoft
2017-02-25 22:31 - 2017-02-27 07:02 - 752710004 _____ C:\Windows\MEMORY.DMP
2017-02-25 22:30 - 2017-03-02 08:46 - 00000324 _____ C:\Windows\Tasks\Traffic Exchange v209 - 3.job
2017-02-25 22:30 - 2017-03-02 08:46 - 00000324 _____ C:\Windows\Tasks\Traffic Exchange v209 - 2.job
2017-02-25 22:30 - 2017-03-02 08:46 - 00000324 _____ C:\Windows\Tasks\Traffic Exchange v209 - 1.job
2017-02-25 22:30 - 2017-03-02 08:46 - 00000314 _____ C:\Windows\Tasks\Traffic Exchange v2 - 3.job
2017-02-25 22:30 - 2017-03-02 08:46 - 00000314 _____ C:\Windows\Tasks\Traffic Exchange v2 - 2.job
2017-02-25 22:30 - 2017-03-02 08:46 - 00000314 _____ C:\Windows\Tasks\Traffic Exchange v2 - 1.job
2017-02-25 22:30 - 2017-02-25 22:30 - 00003150 _____ C:\Windows\System32\Tasks\Traffic Exchange v209 - 3
2017-02-25 22:30 - 2017-02-25 22:30 - 00003150 _____ C:\Windows\System32\Tasks\Traffic Exchange v209 - 2
2017-02-25 22:30 - 2017-02-25 22:30 - 00003150 _____ C:\Windows\System32\Tasks\Traffic Exchange v209 - 1
2017-02-25 22:30 - 2017-02-25 22:30 - 00003140 _____ C:\Windows\System32\Tasks\Traffic Exchange v2 - 3
2017-02-25 22:30 - 2017-02-25 22:30 - 00003140 _____ C:\Windows\System32\Tasks\Traffic Exchange v2 - 2
2017-02-25 22:30 - 2017-02-25 22:30 - 00003140 _____ C:\Windows\System32\Tasks\Traffic Exchange v2 - 1
2017-02-25 22:30 - 2017-02-25 22:30 - 00000000 ____D C:\Program Files (x86)\winscr
2017-02-25 22:30 - 2017-02-25 22:30 - 00000000 ____D C:\Program Files (x86)\dataup
2017-02-25 22:29 - 2017-03-02 08:46 - 00000334 _____ C:\Windows\Tasks\Online Application v209.job
2017-02-25 22:29 - 2017-03-02 08:46 - 00000334 _____ C:\Windows\Tasks\Online Application v209 Guardian.job
2017-02-25 22:29 - 2017-03-02 08:46 - 00000334 _____ C:\Windows\Tasks\Online Application v209 Guard.job
2017-02-25 22:29 - 2017-02-25 22:30 - 01852928 _____ (splsrv Corp.) C:\Windows\SysWOW64\splsrv.exe
2017-02-25 22:29 - 2017-02-25 22:30 - 00000000 ____D C:\Program Files (x86)\qdcomsvc
2017-02-25 22:29 - 2017-02-25 22:29 - 00003160 _____ C:\Windows\System32\Tasks\Online Application v209 Guardian
2017-02-25 22:29 - 2017-02-25 22:29 - 00003160 _____ C:\Windows\System32\Tasks\Online Application v209 Guard
2017-02-25 22:29 - 2017-02-25 22:29 - 00003160 _____ C:\Windows\System32\Tasks\Online Application v209
2017-02-25 22:29 - 2017-02-25 22:29 - 00000000 ____D C:\Users\Lutz\AppData\Roaming\c
2017-02-25 22:29 - 2017-02-25 22:29 - 00000000 ____D C:\ProgramData\1488079780
2017-02-25 22:20 - 2017-02-25 22:21 - 203659026 _____ C:\Users\Lutz\Desktop\update-kindle-6.3_D01E_4019920.zip
2017-02-25 00:31 - 2017-02-25 00:31 - 00000165 ____H C:\Users\Lutz\Documents\~$Family’s love.pptx
2017-02-25 00:16 - 2017-02-25 00:31 - 02245419 _____ C:\Users\Lutz\Documents\Family’s love.pptx
2017-02-24 23:15 - 2015-05-22 03:45 - 00061712 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\PSKMAD.sys
2017-02-22 17:12 - 2017-02-22 17:12 - 00051784 _____ C:\Windows\system32\Drivers\drmkpro64.sys
2017-02-21 13:49 - 2017-02-21 13:49 - 00046184 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-dev.sys
2017-02-21 13:49 - 2017-02-21 13:49 - 00046184 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-canary.sys
2017-02-17 14:26 - 2017-02-17 14:26 - 00000000 ____D C:\Users\Lutz\Desktop\Ryan Hoodie
2017-02-17 14:26 - 2017-02-17 14:26 - 00000000 ____D C:\Users\Lutz\Desktop\JJ hoodie
2017-02-16 17:00 - 2017-02-16 17:00 - 00000044 _____ C:\Users\Lutz\Desktop\jj appointment.txt
2017-02-14 13:58 - 2017-02-22 17:12 - 01329663 _____ C:\Users\Lutz\Desktop\Fort McCoy Device Inventory and IP Addressing (1).xlsx
2017-02-10 17:33 - 2017-02-10 17:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
2017-02-09 03:33 - 2017-02-09 03:33 - 00046408 _____ (Dropbox, Inc.) C:\Windows\system32\DbxSvc.exe
2017-02-09 03:33 - 2017-02-09 03:33 - 00046184 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-stable.sys
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-03-02 08:43 - 2014-12-22 11:10 - 00000000 ____D C:\Users\Lutz\AppData\Local\CrashDumps
2017-03-02 08:04 - 2014-11-24 14:06 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2017-03-02 08:00 - 2015-06-02 10:16 - 00000904 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
2017-03-02 06:58 - 2009-07-13 23:45 - 00021312 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-03-02 06:58 - 2009-07-13 23:45 - 00021312 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-03-02 06:56 - 2009-07-14 00:13 - 00798422 _____ C:\Windows\system32\PerfStringBackup.INI
2017-03-02 06:56 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\inf
2017-03-02 06:52 - 2016-06-23 15:20 - 00000000 __SHD C:\Users\Lutz\IntelGraphicsProfiles
2017-03-02 06:52 - 2015-06-02 10:16 - 00000900 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
2017-03-02 06:46 - 2016-06-24 13:51 - 00131072 ___SH C:\CredSED.dat
2017-03-02 06:45 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-03-01 13:14 - 2016-02-12 20:01 - 00000000 ____D C:\Users\Lutz\AppData\Roaming\uTorrent
2017-03-01 13:13 - 2016-03-15 14:38 - 00000400 __RSH C:\ProgramData\ntuser.pol
2017-03-01 08:22 - 2014-11-24 14:17 - 00000000 ___HD C:\Windows\system32\WLANProfiles
2017-02-28 11:53 - 2014-11-24 14:16 - 00000000 ____D C:\ProgramData\Package Cache
2017-02-28 11:52 - 2015-08-10 15:09 - 00000000 ____D C:\Program Files\Spiceworks
2017-02-27 18:05 - 2015-06-02 10:16 - 00000000 ____D C:\Program Files (x86)\Dropbox
2017-02-27 15:14 - 2014-12-24 10:49 - 00000000 ____D C:\Users\Lutz\Documents\Outlook Files
2017-02-27 07:35 - 2014-11-24 14:11 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2017-02-27 07:35 - 2014-11-24 14:11 - 00000000 ____D C:\Program Files (x86)\ST Microelectronics
2017-02-27 07:32 - 2016-01-01 19:32 - 00000000 ____D C:\CCTVWARE
2017-02-27 07:27 - 2016-04-28 12:47 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-02-27 07:09 - 2016-01-01 17:49 - 00000000 ____D C:\Program Files\Microsoft SQL Server
2017-02-27 07:08 - 2016-01-01 17:50 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server
2017-02-27 07:02 - 2015-02-18 05:21 - 00000000 ____D C:\Windows\Minidump
2017-02-26 14:01 - 2016-09-21 11:31 - 00000000 ____D C:\Users\MSSQL$SQLEXPRESS
2017-02-26 11:15 - 2016-09-21 10:42 - 00000000 ____D C:\Windows\system32\appmgmt
2017-02-26 11:11 - 2014-12-21 22:50 - 00000000 ____D C:\Users\Lutz
2017-02-25 22:36 - 2014-12-21 22:53 - 00000000 ____D C:\Program Files (x86)\Google
2017-02-23 03:03 - 2014-12-10 10:11 - 00000000 ____D C:\Windows\system32\MRT
2017-02-23 03:00 - 2014-12-10 10:11 - 138020592 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-02-22 21:11 - 2014-12-21 23:05 - 00000000 ____D C:\Users\Lutz\AppData\Roaming\TeamViewer
2017-02-22 03:03 - 2014-12-15 18:14 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2017-02-22 03:03 - 2009-07-13 21:34 - 00000505 _____ C:\Windows\win.ini
2017-02-21 14:43 - 2015-07-30 16:36 - 00019958 _____ C:\Users\Lutz\advanced_ip_scanner_MAC.bin
2017-02-21 14:43 - 2015-07-30 16:36 - 00012374 _____ C:\Users\Lutz\advanced_ip_scanner_Favorites.bin
2017-02-21 09:37 - 2015-02-11 16:19 - 00002248 ____H C:\Users\Lutz\Documents\Default.rdp
2017-02-16 16:01 - 2014-12-21 23:05 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2017-02-14 05:04 - 2014-11-24 14:06 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-02-14 05:04 - 2014-11-24 14:06 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-02-14 05:04 - 2014-11-24 14:06 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-02-14 05:04 - 2014-11-24 14:06 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-02-14 05:04 - 2014-11-24 14:06 - 00000000 ____D C:\Windows\system32\Macromed
2017-02-13 21:37 - 2015-04-18 21:38 - 00000600 _____ C:\Users\Lutz\AppData\Local\PUTTY.RND
2017-02-12 15:07 - 2015-01-25 12:16 - 00000000 ____D C:\Users\Lutz\AppData\Local\ElevatedDiagnostics
2017-02-12 15:07 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system32\NDF
2017-02-10 12:31 - 2015-08-20 14:21 - 00000000 ____D C:\Users\Lutz\AppData\Roaming\vlc
2017-02-10 09:39 - 2014-12-22 00:33 - 00000000 ___RD C:\Users\Lutz\Desktop\Lutz
2017-02-09 08:26 - 2016-12-09 19:08 - 00000104 _____ C:\Users\Lutz\Desktop\movies to get.txt
2017-02-06 18:48 - 2014-12-21 22:56 - 00002197 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-02-04 11:24 - 2016-06-23 14:33 - 00000000 ____D C:\Windows\System32\Tasks\Dell
2017-02-04 10:19 - 2014-11-24 14:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
 
==================== Files in the root of some directories =======
 
2016-08-01 19:49 - 2016-08-01 19:49 - 7065600 _____ () C:\Program Files (x86)\GUT341.tmp
2017-02-27 07:01 - 2017-02-27 07:02 - 0016272 _____ () C:\Users\Lutz\AppData\Roaming\InstallationConfiguration.xml
2017-02-27 07:01 - 2017-02-27 07:01 - 0140288 _____ () C:\Users\Lutz\AppData\Roaming\Installer.dat
2015-04-18 21:38 - 2017-02-13 21:37 - 0000600 _____ () C:\Users\Lutz\AppData\Local\PUTTY.RND
2016-11-08 16:21 - 2016-11-08 16:21 - 0000218 _____ () C:\Users\Lutz\AppData\Local\recently-used.xbel
 
Some files in TEMP:
====================
2017-02-27 06:31 - 2017-02-27 06:31 - 0889024 _____ () C:\Users\Lutz\AppData\Local\Temp\AnonymizerGadgetSetup.1.000.1680.exe
2017-02-27 07:02 - 2017-02-27 07:02 - 12517185 _____ (AppTrailers) C:\Users\Lutz\AppData\Local\Temp\AppTrailers.9.1.10amt (1).exe
2017-02-27 06:31 - 2017-02-27 06:31 - 29136048 _____ (AppTrailers) C:\Users\Lutz\AppData\Local\Temp\AppTrailers.9.1.10amt.exe
2017-02-27 07:01 - 2017-02-27 07:01 - 5255168 _____ () C:\Users\Lutz\AppData\Local\Temp\component (1).exe
2017-02-27 06:31 - 2017-02-27 06:31 - 5255168 _____ () C:\Users\Lutz\AppData\Local\Temp\component.exe
2017-02-27 07:02 - 2017-02-27 07:02 - 0098384 _____ (Installer Technology © 2015) C:\Users\Lutz\AppData\Local\Temp\installer (1).exe
2017-02-27 06:31 - 2017-02-27 06:31 - 0098384 _____ (Installer Technology © 2015) C:\Users\Lutz\AppData\Local\Temp\installer.exe
2017-01-24 14:49 - 2017-01-24 14:49 - 0739904 _____ (Oracle Corporation) C:\Users\Lutz\AppData\Local\Temp\jre-8u121-windows-au.exe
2017-02-27 07:01 - 2017-02-27 07:01 - 0983040 _____ () C:\Users\Lutz\AppData\Local\Temp\linker.exe
2017-02-27 07:01 - 2017-02-27 07:01 - 0647680 _____ (Corel   Corporation) C:\Users\Lutz\AppData\Local\Temp\netstream (1).exe
2017-02-27 06:31 - 2017-02-27 06:31 - 0647680 _____ (Corel   Corporation) C:\Users\Lutz\AppData\Local\Temp\netstream.exe
2017-02-27 00:16 - 2017-02-27 00:16 - 13444616 _____ (Reimage) C:\Users\Lutz\AppData\Local\Temp\ReimagePackage.exe
2017-02-27 06:31 - 2017-02-27 06:31 - 3941934 _____ () C:\Users\Lutz\AppData\Local\Temp\setup.exe
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-02-22 03:37
 
==================== End of FRST.txt ============================

Attached Files



#11 nasdaq

nasdaq

  • Malware Response Team
  • 38,925 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:14 PM

Posted 02 March 2017 - 01:50 PM


Nothing was removed.

Please download Zemana AntiMalware and save it to your Desktop.
- You need to unzip it and start..
- Without changing any options, press Scan to begin.
After the short scan is finished, if threats are detected press Next to remove them.

Note: If restart is required to finish the cleaning process, you should click Reboot. If reboot isn't required, please restart your computer manually.

- Open Zemana AntiMalware again.
- Click on icon and double click the latest report.
- Now click File > Save As and choose your Desktop before pressing Save.
- attach saved report in your next message.

---

Next please repeat the fix suggested in my post No. 5.

Post the logs and let me know what problem persists.

#12 Mondwa

Mondwa
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:14 PM

Posted 02 March 2017 - 04:38 PM

Still the same problem when trying to repeat the steps in post 5

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 27-02-2017 01
Ran by SYSTEM (02-03-2017 16:28:03) Run:5
Running from g:\
Boot Mode: Recovery
==============================================
 
fixlist content:
*****************
Start
 
CreateRestorePoint:
 
Unlock: C:\Program Files (x86)\dataup
Unlock: C:\Program Files (x86)\dataup\dataup.exe
Unlock: C:\Program Files (x86)\cpx\cpx.exe
Unlock: C:\Program Files (x86)\cpx
Unlock: C:\Users\Lutz\AppData\Local\Temp\20170226\ct.exe
Unlock: C:\Users\Lutz\AppData\Local\Temp\20170226
Unlock: C:\Program Files (x86)\svcvmx\svcvmx.exe
Unlock: C:\Program Files (x86)\svcvmx\vmxclient.exe
Unlock: C:\Program Files (x86)\svcvmx
Unlock: C:\Program Files (x86)\winscr\winscr.exe
Unlock: C:\Program Files (x86)\winscr
Unlock: C:\WINDOWS\System32\drivers\drmkpro64.sys
Unlock: C:\Program Files (x86)\qdcomsvc\qdcomsvc.exe
Unlock: C:\Program Files (x86)\qdcomsvc
 
unlock: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\drmkpro64
reg: reg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\drmkpro64" /f
unlock: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\qdcomsvc
reg: reg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\qdcomsvc" /f
unlock: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\windowsmanagementservice
reg: reg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\windowsmanagementservice" /f
 
HKLM-x32\...\Run: [cpx] => "C:\Program Files (x86)\cpx\cpx.exe" -starup <===== ATTENTION
HKLM-x32\...\Run: [svcvmx] => C:\Program Files (x86)\svcvmx\svcvmx.exe [896512 2017-01-13] ()
 
HKU\S-1-5-18\...\Run: [] => [X]
GroupPolicy: Restriction <======= ATTENTION
GroupPolicyScripts-x32: Restriction <======= ATTENTION
 
R2 windowsmanagementservice; C:\Users\Lutz\AppData\Local\Temp\20170226\ct.exe [724480 2017-02-22] (ct Corp.) [File not signed] <==== ATTENTION <==== ATTENTION
R1 drmkpro64; C:\Windows\System32\drivers\drmkpro64.sys [51784 2017-02-22] () [File not signed] <==== ATTENTION
 
Task: {0E56F37F-3353-49B1-B77A-A3FA303D816C} - System32\Tasks\Traffic Exchange v209 - 1 => C:\Program Files (x86)\Microleaves\Traffic Exchange\Online-Guardian-v2.0.9.exe  <==== ATTENTION
Task: {0FE2C405-2099-4BD6-A027-1AB9081F362D} - System32\Tasks\Traffic Exchange v209 - 3 => C:\Program Files (x86)\Microleaves\Traffic Exchange\Online-Guardian-v2.0.9.exe  <==== ATTENTION
Task: {24FDA165-F57F-4209-BF30-F1B9F5EFE347} - System32\Tasks\{1A1C727A-E66B-45C9-8361-D0F5EF36F7A8} => pcalua.exe -a C:\Users\Lutz\AppData\Local\Temp\jre-8u101-windows-au.exe -d C:\Windows\SysWOW64 -c /installmethod=jau FAMILYUPGRADE=1 <==== ATTENTION
Task: {2D7F647E-3BA4-4768-92AA-791E9504494A} - System32\Tasks\Traffic Exchange v2 - 1 => C:\Program Files (x86)\Microleaves\Traffic Exchange\OnlineGuardian-v2.exe  <==== ATTENTION
Task: {4D4F6AA7-8CA4-4C5A-8D50-E5D6B7857BA2} - System32\Tasks\Online Application v209 Guard => C:\Program Files (x86)\Microleaves\Online.io Application\Online-Guardian-v2.0.9.exe  <==== ATTENTION
Task: {7CECAD18-13B1-43B3-B94B-E80FDFCA3A56} - System32\Tasks\Online Application v209 => C:\Program Files (x86)\Microleaves\Online.io Application\Online-Guardian-v2.0.9.exe  <==== ATTENTION
Task: {8EF560AB-959A-4206-9049-522D3EA30AE0} - System32\Tasks\Online Application v209 Guardian => C:\Program Files (x86)\Microleaves\Online.io Application\Online-Guardian-v2.0.9.exe  <==== ATTENTION
Task: {9338248B-FAB1-457A-9057-113F003D9195} - System32\Tasks\Traffic Exchange v2 - 3 => C:\Program Files (x86)\Microleaves\Traffic Exchange\OnlineGuardian-v2.exe  <==== ATTENTION
Task: {CE69EDC6-C57F-47E3-BB38-19F325DE073D} - System32\Tasks\Traffic Exchange v209 - 2 => C:\Program Files (x86)\Microleaves\Traffic Exchange\Online-Guardian-v2.0.9.exe  <==== ATTENTION
Task: {EDB59B9E-4545-4246-9E4D-EEA7B8B10DFA} - System32\Tasks\Traffic Exchange v2 - 2 => C:\Program Files (x86)\Microleaves\Traffic Exchange\OnlineGuardian-v2.exe  <==== ATTENTION
Task: C:\Windows\Tasks\Online Application v209 Guard.job => C:\Program Files (x86)\Microleaves\Online.io Application\Online-Guardian-v2.0.9.exe <==== ATTENTION
Task: C:\Windows\Tasks\Online Application v209 Guardian.job => C:\Program Files (x86)\Microleaves\Online.io Application\Online-Guardian-v2.0.9.exe <==== ATTENTION
Task: C:\Windows\Tasks\Online Application v209.job => C:\Program Files (x86)\Microleaves\Online.io Application\Online-Guardian-v2.0.9.exe <==== ATTENTION
Task: C:\Windows\Tasks\Traffic Exchange v2 - 1.job => C:\Program Files (x86)\Microleaves\Traffic Exchange\OnlineGuardian-v2.exe <==== ATTENTION
Task: C:\Windows\Tasks\Traffic Exchange v2 - 2.job => C:\Program Files (x86)\Microleaves\Traffic Exchange\OnlineGuardian-v2.exe <==== ATTENTION
Task: C:\Windows\Tasks\Traffic Exchange v2 - 3.job => C:\Program Files (x86)\Microleaves\Traffic Exchange\OnlineGuardian-v2.exe <==== ATTENTION
Task: C:\Windows\Tasks\Traffic Exchange v209 - 1.job => C:\Program Files (x86)\Microleaves\Traffic Exchange\Online-Guardian-v2.0.9.exe <==== ATTENTION
Task: C:\Windows\Tasks\Traffic Exchange v209 - 2.job => C:\Program Files (x86)\Microleaves\Traffic Exchange\Online-Guardian-v2.0.9.exe <==== ATTENTION
Task: C:\Windows\Tasks\Traffic Exchange v209 - 3.job => C:\Program Files (x86)\Microleaves\Traffic Exchange\Online-Guardian-v2.0.9.exe <==== ATTENTION
 
AlternateDataStreams: C:\Windows\SysWOW64\MSIHANDLE:3698 [0]
AlternateDataStreams: C:\Windows\SysWOW64\MSIHANDLE:3749 [0]
AlternateDataStreams: C:\Windows\SysWOW64\MSIHANDLE:3847 [0]
AlternateDataStreams: C:\Users\.DS_Store:AFP_AfpInfo [122]
AlternateDataStreams: C:\Users\Lutz\.DS_Store:AFP_AfpInfo [122]
 
C:\Program Files (x86)\Microleaves
C:\Program Files (x86)\dataup
C:\Program Files (x86)\svcvmx
C:\Program Files (x86)\dataup
C:\Program Files (x86)\qdcomsvc
C:\Users\Lutz\AppData\Local\Temp\20170226
C:\Windows\SysWOW64\splsrv.exe
 
 
EmptyTemp:
Reboot:
 
End
*****************
 
Error: Restore point can only be created in normal mode.
"C:\Program Files (x86)\dataup" => not found.
"C:\Program Files (x86)\dataup\dataup.exe" => not found.
"C:\Program Files (x86)\cpx\cpx.exe" => not found.
"C:\Program Files (x86)\cpx" => not found.
"C:\Users\Lutz\AppData\Local\Temp\20170226\ct.exe" => not found.
"C:\Users\Lutz\AppData\Local\Temp\20170226" => not found.
"C:\Program Files (x86)\svcvmx\svcvmx.exe" => not found.
"C:\Program Files (x86)\svcvmx\vmxclient.exe" => not found.
"C:\Program Files (x86)\svcvmx" => not found.
"C:\Program Files (x86)\winscr\winscr.exe" => not found.
"C:\Program Files (x86)\winscr" => not found.
"C:\WINDOWS\System32\drivers\drmkpro64.sys" => not found.
"C:\Program Files (x86)\qdcomsvc\qdcomsvc.exe" => not found.
"C:\Program Files (x86)\qdcomsvc" => not found.
"HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\drmkpro64" => key could not be unlocked
 
========= reg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\drmkpro64" /f =========
 
ERROR: The system was unable to find the specified registry key or value.
 
 
========= End of Reg: =========
 
"HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\qdcomsvc" => key could not be unlocked
 
========= reg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\qdcomsvc" /f =========
 
ERROR: The system was unable to find the specified registry key or value.
 
 
========= End of Reg: =========
 
"HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\windowsmanagementservice" => key could not be unlocked
 
========= reg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\windowsmanagementservice" /f =========
 
ERROR: The system was unable to find the specified registry key or value.
 
 
========= End of Reg: =========
 
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\cpx => value not found.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\svcvmx => value not found.
 

Attached Files



#13 Mondwa

Mondwa
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:14 PM

Posted 02 March 2017 - 04:41 PM

But programs like anti virus and malwarebytes are now able to open



#14 nasdaq

nasdaq

  • Malware Response Team
  • 38,925 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:14 PM

Posted 03 March 2017 - 08:39 AM

Can you please run Malwarebytes and post the log.

Run this tool also.

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the LogFile button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleanerCx.txt (x is a number).
===

Run the Farbar tool and post fresh FRST and Addition.txt logs for my review.

Let me know what problem persists.

#15 Mondwa

Mondwa
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:14 PM

Posted 03 March 2017 - 10:17 AM

Please see attached for all logs

Attached Files






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users