Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Help Removing Malware


  • Please log in to reply

#1
LordOfBones

LordOfBones

    New Member

  • Member
  • Pip
  • 4 posts

Hello everyone,

 

So the other day I was downloading some stuff for Arma 3 and I came accross an infected file that I downloaded and installed. It infected my computer with Malware and now my computer installs optimizers, toolbars and other random programs on my computer. I attempted to follow a couple of guides and tutorials posted on here but they only seemed to supress the malware for a small amount of time. I currently have FRST, JDW, OTL and JRE currently installed. For some reason ComboFix does not work on my PC despite running as admin (I currently run Win8.) it says that my OS isn't supported. So I know the drill, below are my initial FRST Scans and my System Specs. Any and all help is greatly appreciated. I know this is on your own time.

 

OSSpecs.jpg

 

FRST Reports:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:10-09-2015 01
Ran by Brandon (administrator) on VICEOFMORDOR (13-09-2015 23:23:57)
Running from C:\Users\PAM\Documents\FixIts
Loaded Profiles: Brandon & MSSQL$SQLEXPRESS & ReportServer$SQLEXPRESS & MSSQLFDLauncher$SQLEXPRESS (Available Profiles: Brandon & MSSQL$SQLEXPRESS & ReportServer$SQLEXPRESS & MSSQLFDLauncher$SQLEXPRESS)
Platform: Windows 8.1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
() C:\Program Files (x86)\dataup\dataup.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(ClanServers Hosting LLC) C:\Program Files (x86)\GameTracker\GSInGameService.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL12.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSRS12.SQLEXPRESS\Reporting Services\ReportServer\bin\ReportingServicesService.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
() C:\ProgramData\1441770685\s9.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
() C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudService.exe
(DELL Inc.) C:\Program Files (x86)\Wyse\PocketCloud\WyseRemoteAccess.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Valid Applications) C:\ProgramData\lpADmp\QPYYKZHuUjY.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL12.SQLEXPRESS\MSSQL\Binn\fdlauncher.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL12.SQLEXPRESS\MSSQL\Binn\fdhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
() C:\ProgramData\Cienaueo\1.0.5.1\fnenniuu.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe
(Google Inc.) C:\Users\PAM\AppData\Local\Temp\20150909\ct.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
() C:\ProgramData\Cienaueo\1.0.5.1\fnenniuu.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Spotify Ltd) C:\Users\PAM\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(DivX, LLC) C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
() C:\Program Files (x86)\msrtn32\msrtn32.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Components\DBRUpdate\DBRUpd.exe
() C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRCrawler.exe
() C:\Program Files (x86)\cpx\cpx.exe
() C:\Program Files (x86)\cpx\cpx.exe
() C:\Program Files (x86)\cpx\cpx.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\livecomm.exe
() C:\Program Files (x86)\DriverRestore\DriverRestore.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_232.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_232.exe
() C:\Program Files (x86)\msrtn32\cdhtr.exe
() C:\Program Files (x86)\msrtn32\rthdcpd.exe
() C:\Program Files (x86)\cpx\cpx.exe
() C:\Program Files (x86)\cpx\cpx.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7202520 2013-08-19] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-08-07] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_PushButton] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-08-07] (Realtek Semiconductor)
HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [5762408 2013-06-03] (Dell Inc.)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [SpaceSoundPro] => "C:\Program Files\SpaceSoundPro\SpaceSoundPro.exe"
HKLM\...\Run: [prtstart] => C:\Program Files\shopperz080920151129\dr_inst.exe url=aHR0cDovL2Nkcy5zNm01bTlkNy5od2Nkbi5uZXQvYWRkb24vcHIvMDgwOTIwMTUvL3ByYzY0LmV4ZQ== lpath=QzpcUHJvZ3JhbSBGaWxlc1xzaG9wcGVyejA4MDkyMDE1MTEyOVxwcmMuZXh (the data entry has 24 more characters).
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [448520 2015-06-24] (DivX, LLC)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861640 2015-06-26] (DivX, LLC)
HKLM-x32\...\Run: [cpx] => C:\Program Files (x86)\cpx\cpx.exe [1172992 2015-07-03] ()
HKLM-x32\...\Run: [msrtn32] => C:\Program Files (x86)\msrtn32\msrtn32.exe [1221120 2015-08-06] ()
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-56948544-175400317-1807394744-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2899136 2015-08-19] (Valve Corporation)
HKU\S-1-5-21-56948544-175400317-1807394744-1001\...\Run: [Spotify Web Helper] => C:\Users\PAM\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2018360 2015-08-14] (Spotify Ltd)
HKU\S-1-5-21-56948544-175400317-1807394744-1001\...\Run: [BitTorrent] => C:\Users\PAM\AppData\Roaming\BitTorrent\BitTorrent.exe [1698152 2015-08-18] (BitTorrent Inc.)
HKU\S-1-5-21-56948544-175400317-1807394744-1001\...\Run: [Spotify] => C:\Users\PAM\AppData\Roaming\Spotify\Spotify.exe [7675448 2015-08-14] (Spotify Ltd)
HKU\S-1-5-21-56948544-175400317-1807394744-1001\...\Run: [DV] => C:\ProgramData\DataFile\Downloads\DV.exe [277504 2015-09-04] ()
HKU\S-1-5-21-56948544-175400317-1807394744-1001\...\Run: [Itibiti.exe] => C:\Program Files (x86)\Itibiti Soft Phone\Itibiti.exe
ShellIconOverlayIdentifiers: [DBARFileBackuped] -> {831cebdd-6baf-4432-be76-9e0989c14aef} => C:\Windows\system32\mscoree.dll [2013-08-22] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [DBARFileNotBackuped] -> {275e4fd7-21ef-45cf-a836-832e5d2cc1b3} => C:\Windows\system32\mscoree.dll [2013-08-22] (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{58FF73D5-9C8B-4E33-9C83-68FFF2941406}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-56948544-175400317-1807394744-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-56948544-175400317-1807394744-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell13.msn.com/?pc=DCJB
HKU\S-1-5-21-56948544-175400317-1807394744-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxps://www.google.com/?gws_rd=ssl
URLSearchHook: [S-1-5-80-3880006512-4290199581-1648723128-3569869737-3631323133] ATTENTION => Default URLSearchHook is missing
URLSearchHook: [S-1-5-80-425977601-1203083412-1631309457-2457533047-3321749933] ATTENTION => Default URLSearchHook is missing
URLSearchHook: [S-1-5-80-997390408-2153310517-3119169589-2253446180-2226563786] ATTENTION => Default URLSearchHook is missing
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-56948544-175400317-1807394744-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-56948544-175400317-1807394744-1001 -> {2582021E-73A4-4BB1-B89D-025F48C938D1} URL =
SearchScopes: HKU\S-1-5-21-56948544-175400317-1807394744-1001 -> {DF4E90BD-B786-4FF1-9EA9-E74A05ACFC3F} URL = hxxps://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=502468&p={searchTerms}
SearchScopes: HKU\S-1-5-21-56948544-175400317-1807394744-1001 -> {E0A72E9A-7D26-4DF6-AE45-C188B2A9D7E5} URL =
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\PAM\AppData\Roaming\Mozilla\Firefox\Profiles\9r0jzj47.default
FF DefaultSearchEngine.US: Google
FF Homepage: hxxp://www.google.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_232.dll [2015-08-11] ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-08-11] ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll [2015-06-29] (DivX, LLC)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-08-28] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-08-28] (Intel Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Extension: No Name - C:\Users\PAM\AppData\Roaming\Mozilla\Firefox\Profiles\9r0jzj47.default\Extensions\trash [2015-09-08]
FF Extension: Image and Flash Blocker - C:\Users\PAM\AppData\Roaming\Mozilla\Firefox\Profiles\9r0jzj47.default\Extensions\[email protected] [2015-06-06]
FF Extension: AdBlock Lite - C:\Users\PAM\AppData\Roaming\Mozilla\Firefox\Profiles\9r0jzj47.default\Extensions\[email protected] [2015-06-06]
FF Extension: Strict Pop-up Blocker - C:\Users\PAM\AppData\Roaming\Mozilla\Firefox\Profiles\9r0jzj47.default\Extensions\[email protected] [2015-06-06]
FF Extension: AdBlock for YouTube™ - C:\Users\PAM\AppData\Roaming\Mozilla\Firefox\Profiles\9r0jzj47.default\Extensions\[email protected] [2015-06-06]
FF Extension: Bluhell Firewall - C:\Users\PAM\AppData\Roaming\Mozilla\Firefox\Profiles\9r0jzj47.default\Extensions\{6BB5760D-F97E-421B-AF5B-8457A90C3CED}.xpi [2015-06-06]
FF Extension: FirefoxAdKiller - C:\Users\PAM\AppData\Roaming\Mozilla\Firefox\Profiles\9r0jzj47.default\Extensions\{b1df372d-8b32-4c7d-b6b4-9c5b78cf6fb1}.xpi [2015-06-06]
FF HKLM\...\Firefox\Extensions: [{A9BD0126-107A-4CE4-8DAF-23F7D903078A}] - C:\Program Files\shopperz090920150628\Firefox
FF HKLM\...\Firefox\Extensions: [{0C297AD1-F730-4FE3-9753-2E03841998C1}] - C:\Program Files\shopperz080920151129\Firefox
FF HKLM-x32\...\Firefox\Extensions: [{A9BD0126-107A-4CE4-8DAF-23F7D903078A}] - C:\Program Files\shopperz090920150628\Firefox
FF HKLM-x32\...\Firefox\Extensions: [{0C297AD1-F730-4FE3-9753-2E03841998C1}] - C:\Program Files\shopperz080920151129\Firefox

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1125888 2015-09-08] ()
R2 Dataup; C:\Program Files (x86)\dataup\dataup.exe [77824 2015-08-06] () [File not signed] <==== ATTENTION
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel® Corporation)
R2 Intel® Wireless Bluetooth® 4.0 Radio Management; C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [157128 2013-10-15] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-08-28] (Intel Corporation)
R2 MSSQL$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL12.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [370368 2015-06-10] (Microsoft Corporation)
R3 MSSQLFDLauncher$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL12.SQLEXPRESS\MSSQL\Binn\fdlauncher.exe [50880 2014-02-21] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [284912 2013-10-11] ()
R2 QPYYKZHuUjY; C:\ProgramData\lpADmp\QPYYKZHuUjY.exe [2732800 2015-09-10] (Valid Applications)
R2 ReportServer$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSRS12.SQLEXPRESS\Reporting Services\ReportServer\bin\ReportingServicesService.exe [2450112 2014-02-21] (Microsoft Corporation)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [253776 2013-07-29] (CyberLink)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [246488 2013-06-18] (Realtek Semiconductor)
R2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\sftservice.exe [1924328 2014-09-18] (SoftThinks SAS)
S4 SQLAgent$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL12.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [613056 2015-06-10] (Microsoft Corporation)
R2 UdvdPork; C:\ProgramData\1441770685\s9.exe [404480 2015-04-07] () [File not signed]
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
R2 windowsmanagementservice; C:\Users\PAM\AppData\Local\Temp\20150909\ct.exe [850432 2015-07-28] (Google Inc.) [File not signed]
R2 WysePocketCloud; C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudService.exe [16176 2013-08-22] ()
R2 WyseRemoteAccess; C:\Program Files (x86)\Wyse\PocketCloud\WyseRemoteAccess.exe [1785344 2013-08-19] (DELL Inc.) [File not signed]
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3671792 2013-10-11] (Intel® Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [140600 2013-07-22] (Motorola Solutions, Inc.)
R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1390904 2013-09-05] (Motorola Solutions, Inc.)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink)
R3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [10752 2013-01-24] (OSR Open Systems Resources, Inc.)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [119240 2013-10-15] (Intel Corporation)
R3 MEIx64; C:\Windows\System32\drivers\TeeDriverx64.sys [99288 2013-08-28] (Intel Corporation)
R3 NETwNb64; C:\Windows\system32\DRIVERS\NETwbw02.sys [3607520 2013-10-14] (Intel Corporation)
S4 RsFx0300; C:\Windows\System32\DRIVERS\RsFx0300.sys [247488 2014-02-21] (Microsoft Corporation)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [30448 2013-09-06] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [34544 2013-09-06] (Synaptics Incorporated)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
S3 xb1usb; C:\Windows\System32\drivers\xb1usb.sys [34016 2014-05-28] (Microsoft Corporation)
S3 BRDriver64_1_3_3_E02B25FC; \??\C:\ProgramData\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-09-13 23:23 - 2015-09-13 23:23 - 00010240 ___SH C:\Users\PAM\Desktop\Thumbs.db
2015-09-13 23:07 - 2015-09-13 23:07 - 00003728 _____ C:\Windows\System32\Tasks\DriverRestore_ScheduledScan
2015-09-13 23:07 - 2015-09-13 23:07 - 00003584 _____ C:\Windows\System32\Tasks\DriverRestore_DailyScan
2015-09-13 23:07 - 2015-09-13 23:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverRestore
2015-09-13 23:07 - 2015-09-13 23:07 - 00000000 ____D C:\Program Files (x86)\DriverRestore
2015-09-13 23:07 - 2014-11-24 14:09 - 00020872 _____ (Phoenix Technologies) C:\Windows\SysWOW64\Drivers\DrvAgent64.SYS
2015-09-12 23:04 - 2015-09-12 23:04 - 00000000 ____D C:\ProgramData\Radio
2015-09-12 22:28 - 2015-09-12 22:33 - 00000000 ____D C:\Users\PAM\Desktop\deleted files
2015-09-11 22:08 - 2015-09-11 22:08 - 00000000 ____D C:\ProgramData\Browser
2015-09-10 20:48 - 2015-09-10 20:48 - 00000000 ____D C:\ProgramData\12db864551ae4c578eb17db1a9f5d3cf
2015-09-10 20:04 - 2015-09-10 20:04 - 00000000 ____D C:\Users\PAM\Documents\FixIts
2015-09-10 19:46 - 2015-09-10 19:46 - 00000143 _____ C:\junk.txt
2015-09-10 19:36 - 2015-09-13 23:14 - 00000000 ____D C:\Users\PAM\AppData\Local\FinanceAlert
2015-09-10 19:26 - 2015-09-13 23:24 - 00000000 ____D C:\FRST
2015-09-10 19:17 - 2015-09-13 21:38 - 00003442 _____ C:\Windows\System32\Tasks\Cienaueo
2015-09-10 19:17 - 2015-09-10 19:17 - 00000000 ____D C:\ProgramData\Cienaueo
2015-09-10 19:12 - 2015-09-10 19:13 - 00000000 ____D C:\ProgramData\lpADmp
2015-09-10 19:07 - 2015-09-10 19:07 - 00000000 ____D C:\_OTL
2015-09-10 18:52 - 2015-09-10 19:35 - 00000000 ____D C:\AdwCleaner
2015-09-10 18:42 - 2015-09-13 23:25 - 00000488 _____ C:\Windows\Tasks\CIMT_S-1-5-21-56948544-175400317-1807394744-1001.job
2015-09-10 18:42 - 2015-09-10 18:47 - 00000522 _____ C:\Windows\Tasks\CIMT_daily_S-1-5-21-56948544-175400317-1807394744-1001.job
2015-09-10 18:42 - 2015-09-10 18:42 - 00003582 _____ C:\Windows\System32\Tasks\CIMT_daily_S-1-5-21-56948544-175400317-1807394744-1001
2015-09-10 18:42 - 2015-09-10 18:42 - 00003472 _____ C:\Windows\System32\Tasks\CIMT_S-1-5-21-56948544-175400317-1807394744-1001
2015-09-10 18:42 - 2015-09-10 18:42 - 00000000 ____D C:\Program Files (x86)\Setup Support for Consumer Input
2015-09-10 18:38 - 2015-09-10 18:38 - 03378936 _____ C:\Windows\SysWOW64\ins_smk.exe
2015-09-10 18:38 - 2015-09-10 18:38 - 00520704 _____ C:\Windows\SysWOW64\ins_U501EXE.exe
2015-09-10 18:38 - 2015-09-10 18:38 - 00000000 ____D C:\Users\PAM\AppData\Local\CrashRpt
2015-09-09 21:50 - 2015-09-12 22:44 - 00000000 ____D C:\Program Files (x86)\cpx
2015-09-09 21:50 - 2015-09-12 21:58 - 00000000 ____D C:\Users\PAM\AppData\Local\mstrn32
2015-09-09 21:50 - 2015-09-10 19:15 - 00000000 ____D C:\Users\PAM\AppData\Local\cpx
2015-09-09 21:50 - 2015-09-09 21:50 - 00000000 ____D C:\Program Files (x86)\regtool
2015-09-09 21:50 - 2015-09-09 21:50 - 00000000 ____D C:\Program Files (x86)\msrtn32
2015-09-09 21:50 - 2015-09-09 21:50 - 00000000 ____D C:\Program Files (x86)\dataup
2015-09-09 21:38 - 2015-09-09 23:25 - 00000000 ____D C:\Users\PAM\AppData\Roaming\GameTracker
2015-09-09 21:38 - 2015-09-09 21:38 - 00001026 _____ C:\Users\PAM\Desktop\GameTracker Lite.lnk
2015-09-09 21:38 - 2015-09-09 21:38 - 00000000 ____D C:\Users\PAM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GameTracker Lite
2015-09-09 21:38 - 2015-09-09 21:38 - 00000000 ____D C:\Program Files (x86)\GameTracker
2015-09-09 21:35 - 2015-09-09 21:35 - 05782856 _____ C:\Users\PAM\Downloads\GTSetup.exe
2015-09-09 21:21 - 2015-09-09 21:25 - 00000000 ____D C:\Users\PAM\Documents\Arma 3
2015-09-09 20:33 - 2015-09-09 20:33 - 00000000 ____D C:\Users\PAM\Documents\My Received Files
2015-09-09 20:32 - 2015-09-09 20:32 - 00001708 _____ C:\Users\PAM\Desktop\BitTorrent.lnk
2015-09-09 20:09 - 2015-09-09 20:09 - 00000993 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-09-09 20:09 - 2015-09-09 20:09 - 00000981 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-09-09 20:02 - 2015-09-09 20:10 - 00000000 ____D C:\ProgramData\DataFile
2015-09-09 20:02 - 2015-09-09 20:08 - 00004752 _____ C:\Windows\SysWOW64\Oemupfahdh.ini
2015-09-09 20:02 - 2015-09-09 20:08 - 00002472 _____ C:\Windows\SysWOW64\OemupfahdhOff.ini
2015-09-09 20:02 - 2015-09-09 20:08 - 00002472 _____ C:\Windows\system32\OemupfahdhOff.ini
2015-09-09 20:02 - 2015-09-09 20:02 - 00000000 ____D C:\Windows\system32\phbo
2015-09-09 20:02 - 2015-09-08 01:32 - 00353632 _____ C:\Windows\system32\Oemupfahdh64.dll
2015-09-09 20:02 - 2015-09-08 01:32 - 00283488 _____ C:\Windows\SysWOW64\Oemupfahdh.dll
2015-09-09 20:01 - 2015-09-13 23:07 - 00000372 ____H C:\Windows\Tasks\AXCINCXHMDOCGGXC.job
2015-09-09 20:01 - 2015-09-09 20:01 - 00003384 _____ C:\Windows\System32\Tasks\AXCINCXHMDOCGGXC
2015-09-09 20:01 - 2015-09-09 20:01 - 00000000 ____D C:\ProgramData\Service1291
2015-09-09 17:58 - 2015-09-09 17:59 - 00000000 ____D C:\Users\PAM\AppData\Local\Arma 3 Launcher
2015-09-09 17:58 - 2015-09-09 17:58 - 00000000 ____D C:\Users\PAM\AppData\Local\Bohemia_Interactive
2015-09-09 17:57 - 2015-09-09 23:03 - 00001380 _____ C:\Users\PAM\AppData\Roaming\BreakingPoint_Options.ini
2015-09-08 22:18 - 2015-09-09 19:58 - 00000222 _____ C:\Users\PAM\Desktop\Arma 3.url
2015-09-08 20:55 - 2015-08-03 21:03 - 00000854 _____ C:\Windows\system32\Drivers\etc\hp.bak
2015-09-08 20:54 - 2015-09-09 20:03 - 00000000 ____D C:\Users\PAM\AppData\Local\Tempfolder
2015-09-08 20:54 - 2015-09-08 21:08 - 00004792 _____ C:\Windows\SysWOW64\Ufiodnukb.ini
2015-09-08 20:54 - 2015-09-08 21:08 - 00002504 _____ C:\Windows\SysWOW64\UfiodnukbOff.ini
2015-09-08 20:54 - 2015-09-08 21:08 - 00002504 _____ C:\Windows\system32\UfiodnukbOff.ini
2015-09-08 20:54 - 2015-09-08 20:54 - 00000903 _____ C:\Windows\SysWOW64\${LOGFILE}
2015-09-08 20:54 - 2015-09-08 20:54 - 00000000 ____D C:\Windows\system32\tak
2015-09-08 20:54 - 2015-09-08 20:54 - 00000000 ____D C:\Users\PAM\AppData\Roaming\ortmp
2015-09-08 20:54 - 2015-09-08 20:31 - 00353648 _____ C:\Windows\system32\Ufiodnukb64.dll
2015-09-08 20:54 - 2015-09-08 20:31 - 00283504 _____ C:\Windows\SysWOW64\Ufiodnukb.dll
2015-09-08 20:51 - 2015-09-08 20:51 - 00000000 ____D C:\Users\PAM\AppData\Roaming\c
2015-09-08 20:51 - 2015-09-08 20:51 - 00000000 ____D C:\ProgramData\u4c
2015-09-08 20:51 - 2015-09-08 20:51 - 00000000 ____D C:\ProgramData\1441770685
2015-09-08 20:48 - 2015-09-08 20:48 - 00003490 _____ C:\Windows\System32\Tasks\ZIYBY
2015-09-08 20:48 - 2015-09-08 20:48 - 00000000 ____D C:\ProgramData\Service0561
2015-09-08 20:39 - 2015-09-08 20:39 - 00000000 ____D C:\ProgramData\Steam
2015-09-08 17:22 - 2015-09-09 22:52 - 00000000 ____D C:\Breaking Point
2015-09-08 17:22 - 2015-09-08 17:26 - 00001671 _____ C:\Users\Public\Desktop\BreakingPoint.lnk
2015-09-08 17:22 - 2015-09-08 17:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Breaking Point
2015-09-08 16:34 - 2015-09-09 22:52 - 00000301 _____ C:\Users\PAM\AppData\Roaming\BreakingPoint_Login.ini
2015-09-08 16:17 - 2015-09-08 16:17 - 00000000 ____D C:\ProgramData\Caphyon
2015-09-08 16:15 - 2015-09-08 16:15 - 00000000 ____D C:\Users\PAM\AppData\Roaming\The Zombie Infection
2015-09-08 16:14 - 2015-09-08 16:14 - 32333991 _____ (The Zombie Infection) C:\Users\PAM\Downloads\Breaking_Point_Launcher.exe
2015-09-08 13:55 - 2015-08-26 19:48 - 00136904 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-09-08 13:55 - 2015-08-26 11:00 - 00721920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-09-08 13:55 - 2015-08-26 11:00 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-09-08 13:55 - 2015-08-26 11:00 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-09-08 13:55 - 2015-08-26 11:00 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-09-08 13:55 - 2015-08-26 07:46 - 03705344 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-09-08 13:55 - 2015-08-26 07:29 - 02240512 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-09-08 13:55 - 2015-08-26 07:27 - 00891904 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-09-08 13:55 - 2015-08-26 07:27 - 00409088 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2015-09-08 13:55 - 2015-08-26 07:26 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-09-08 13:55 - 2015-08-26 07:26 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-09-08 13:55 - 2015-08-26 07:26 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-09-08 13:54 - 2015-09-02 19:18 - 02531400 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2015-09-08 13:54 - 2015-09-02 19:17 - 01903848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2015-09-08 13:54 - 2015-09-02 11:48 - 02345472 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-09-08 13:54 - 2015-09-02 10:09 - 01556992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-09-08 13:54 - 2015-07-30 10:18 - 00268288 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-09-08 13:54 - 2015-07-30 09:22 - 00230912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2015-09-08 13:54 - 2015-07-22 07:19 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-09-08 13:54 - 2015-07-22 06:52 - 01633792 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-09-08 13:54 - 2015-07-17 07:15 - 00951296 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-09-08 13:54 - 2015-07-17 07:10 - 00749568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2015-09-08 13:54 - 2015-06-27 04:47 - 00118616 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2015-09-08 13:53 - 2015-08-22 11:19 - 25188352 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-09-08 13:53 - 2015-08-22 10:35 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-09-08 13:53 - 2015-08-22 10:34 - 00585216 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-09-08 13:53 - 2015-08-22 10:22 - 19856384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-09-08 13:53 - 2015-08-22 10:21 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-09-08 13:53 - 2015-08-22 10:20 - 05923840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-09-08 13:53 - 2015-08-22 09:55 - 00504832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-09-08 13:53 - 2015-08-22 09:50 - 02279424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-09-08 13:53 - 2015-08-22 09:45 - 00665600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-09-08 13:53 - 2015-08-22 09:44 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-09-08 13:53 - 2015-08-22 09:41 - 14451712 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-09-08 13:53 - 2015-08-22 09:41 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-09-08 13:53 - 2015-08-22 09:41 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-09-08 13:53 - 2015-08-22 09:41 - 00374784 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-09-08 13:53 - 2015-08-22 09:39 - 02126336 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-09-08 13:53 - 2015-08-22 09:28 - 04520448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-09-08 13:53 - 2015-08-22 09:26 - 02427392 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-09-08 13:53 - 2015-08-22 09:22 - 12857344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-09-08 13:53 - 2015-08-22 09:20 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-09-08 13:53 - 2015-08-22 09:18 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-09-08 13:53 - 2015-08-22 09:18 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-09-08 13:53 - 2015-08-22 09:18 - 00327168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-09-08 13:53 - 2015-08-22 09:14 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-09-08 13:53 - 2015-08-22 09:00 - 01951232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-09-08 13:53 - 2015-08-22 08:56 - 01310720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-09-08 13:52 - 2015-08-22 09:50 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-09-08 13:52 - 2015-08-22 09:23 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2015-09-08 13:52 - 2015-08-22 09:01 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-09-08 13:52 - 2015-08-22 08:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-09-08 13:51 - 2015-09-01 19:56 - 04175872 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-09-08 13:51 - 2015-09-01 19:55 - 00358912 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-09-08 13:51 - 2015-09-01 19:50 - 00044032 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-09-08 13:51 - 2015-09-01 19:17 - 00301568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-09-08 13:51 - 2015-09-01 19:13 - 00035840 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-09-08 13:51 - 2015-08-03 14:15 - 00074928 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-09-08 13:51 - 2015-08-03 14:15 - 00065600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2015-09-08 13:51 - 2015-08-01 07:22 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-09-08 13:51 - 2015-07-31 20:47 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\schtasks.exe
2015-09-08 13:51 - 2015-07-31 20:45 - 00182784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schtasks.exe
2015-09-08 13:51 - 2015-07-31 20:38 - 01265152 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2015-09-08 13:51 - 2015-07-31 20:37 - 00468992 _____ (Microsoft Corporation) C:\Windows\system32\taskeng.exe
2015-09-08 13:51 - 2015-07-31 20:37 - 00359936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\taskeng.exe
2015-09-08 13:51 - 2015-07-22 07:34 - 02775552 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-09-08 13:51 - 2015-07-22 07:33 - 01728000 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Immersive.dll
2015-09-08 13:51 - 2015-07-22 07:25 - 02461184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2015-09-08 13:51 - 2015-07-22 07:25 - 01546752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Immersive.dll
2015-09-08 13:51 - 2015-07-18 11:31 - 00194048 _____ (Microsoft Corporation) C:\Windows\system32\shacct.dll
2015-09-08 13:51 - 2015-07-18 11:29 - 00655872 _____ (Microsoft Corporation) C:\Windows\system32\SettingSync.dll
2015-09-08 13:51 - 2015-07-18 11:29 - 00148480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shacct.dll
2015-09-08 13:51 - 2015-07-18 11:27 - 00520192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SettingSync.dll
2015-09-08 13:51 - 2015-07-13 20:27 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\tzsync.exe
2015-09-08 13:51 - 2015-07-13 12:10 - 00411455 _____ C:\Windows\system32\ApnDatabase.xml
2015-09-08 13:51 - 2015-07-10 12:06 - 00118272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bthpan.sys
2015-09-08 13:51 - 2015-07-09 09:14 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-09-08 13:51 - 2015-07-03 14:51 - 01380056 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-09-08 13:51 - 2015-07-03 07:00 - 01097216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-09-08 13:51 - 2015-06-19 10:07 - 02819072 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers.dll
2015-09-08 12:12 - 2015-09-08 12:12 - 00000000 ___SH C:\Users\PAM\AppData\Local\LumaEmu
2015-09-08 12:11 - 2015-09-12 22:59 - 00000000 ____D C:\Users\PAM\AppData\Local\Arma 3
2015-09-08 12:11 - 2015-09-08 12:11 - 00000000 ____D C:\ProgramData\Bohemia Interactive
2015-09-08 11:53 - 2015-09-09 20:18 - 00000000 ____D C:\Games
2015-09-07 12:40 - 2015-09-07 12:40 - 00000000 ____D C:\Users\PAM\AppData\Roaming\Atari
2015-09-07 12:38 - 2015-09-07 12:38 - 00002224 _____ C:\Users\Public\Desktop\RollerCoaster Tycoon 3 Platinum.lnk
2015-09-07 12:33 - 2015-09-07 12:40 - 00000000 ____D C:\Users\PAM\Documents\RCT3
2015-09-07 12:33 - 2015-09-07 12:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Atari
2015-09-07 12:27 - 2015-09-07 12:27 - 00000000 ____D C:\Program Files (x86)\Atari
2015-09-07 12:25 - 2015-09-07 12:26 - 00000000 ____D C:\Users\PAM\Documents\Rollercoaster Tycoon 3 Platinum
2015-08-27 20:30 - 2015-09-08 21:05 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-08-24 14:10 - 2015-08-31 19:02 - 00000000 ____D C:\Users\PAM\Documents\AcaciaParkPayment
2015-08-19 18:23 - 2015-08-19 18:23 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2015-08-14 14:19 - 2015-08-14 14:19 - 00000000 ____D C:\Users\PAM\AppData\Local\CEF

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-09-13 23:13 - 2014-04-05 10:16 - 00003592 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-56948544-175400317-1807394744-1001
2015-09-13 23:02 - 2013-08-22 08:36 - 00000000 ____D C:\Windows\system32\sru
2015-09-13 22:55 - 2014-03-03 16:27 - 01943301 _____ C:\Windows\WindowsUpdate.log
2015-09-13 22:43 - 2015-06-06 20:32 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-09-13 00:11 - 2015-08-06 20:07 - 00000000 ____D C:\Users\PAM\AppData\Roaming\Kodi
2015-09-13 00:01 - 2015-05-14 18:57 - 00000000 ____D C:\Program Files (x86)\Steam
2015-09-12 22:03 - 2014-03-03 16:39 - 00000000 ____D C:\Program Files (x86)\Dell Backup and Recovery
2015-09-12 21:58 - 2015-05-10 20:30 - 00000000 __RDO C:\Users\PAM\SkyDrive
2015-09-12 19:04 - 2013-08-22 08:36 - 00000000 ____D C:\Windows\AppReadiness
2015-09-11 22:26 - 2013-08-22 08:36 - 00000000 ____D C:\Windows\rescache
2015-09-10 20:03 - 2015-07-06 21:16 - 00000000 ____D C:\Users\PAM\Documents\Image-Line
2015-09-10 20:01 - 2014-12-21 12:02 - 00000000 ____D C:\ProgramData\softthinks
2015-09-10 19:49 - 2013-08-22 07:46 - 00026493 _____ C:\Windows\setupact.log
2015-09-10 19:49 - 2013-08-22 07:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-09-10 19:48 - 2013-08-22 06:25 - 00524288 ___SH C:\Windows\system32\config\BBI
2015-09-10 19:32 - 2015-07-06 20:44 - 00000000 ____D C:\Users\PAM\AppData\Roaming\BitTorrent
2015-09-10 19:11 - 2015-06-06 01:51 - 00000000 ____D C:\Users\PAM\AppData\Roaming\Spotify
2015-09-10 19:10 - 2015-06-06 01:52 - 00000000 ____D C:\Users\PAM\AppData\Local\Spotify
2015-09-10 19:07 - 2014-03-03 16:19 - 01019952 _____ C:\Windows\system32\PerfStringBackup.INI
2015-09-10 18:39 - 2014-04-05 10:11 - 00001658 _____ C:\Users\PAM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet-Explorer.lnk
2015-09-09 20:41 - 2014-03-03 16:37 - 00000000 ____D C:\ProgramData\McAfee
2015-09-09 20:41 - 2014-03-03 16:05 - 00060042 _____ C:\Windows\PFRO.log
2015-09-09 20:39 - 2013-08-22 08:36 - 00000000 ___HD C:\Windows\ELAMBKUP
2015-09-09 17:53 - 2014-03-03 16:27 - 00000000 ____D C:\ProgramData\Package Cache
2015-09-08 22:18 - 2015-05-14 19:06 - 00000000 ____D C:\Users\PAM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2015-09-08 21:07 - 2013-08-22 06:25 - 00262144 ___SH C:\Windows\system32\config\ELAM
2015-09-08 21:06 - 2013-08-22 07:44 - 00492664 _____ C:\Windows\system32\FNTCACHE.DAT
2015-09-08 21:05 - 2015-06-06 20:19 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-09-08 21:00 - 2013-08-22 12:12 - 00000000 ____D C:\Program Files\Windows Journal
2015-09-08 21:00 - 2013-08-22 08:36 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-09-08 20:54 - 2015-05-11 12:48 - 00657920 _____ (Microsoft Corporation) C:\Windows\system32\dnsapi.dll
2015-09-08 20:54 - 2015-05-11 12:47 - 00498688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dnsapi.dll
2015-09-08 20:37 - 2014-03-03 16:35 - 00027772 _____ C:\Windows\DirectX.log
2015-09-08 19:53 - 2015-05-08 17:55 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-09-08 19:52 - 2013-08-22 08:20 - 00000000 ____D C:\Windows\CbsTemp
2015-09-08 19:41 - 2015-05-09 11:01 - 00000000 ____D C:\Windows\system32\MRT
2015-09-08 10:50 - 2015-05-11 11:52 - 00000000 ____D C:\Users\PAM\Desktop\School Assignments
2015-09-07 13:30 - 2014-04-05 10:11 - 00000000 ____D C:\Users\PAM\AppData\Local\VirtualStore
2015-09-07 12:27 - 2014-03-03 16:31 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-09-06 19:32 - 2015-08-10 18:30 - 00000000 ____D C:\Users\PAM\Documents\Desktop Backgrounds
2015-08-26 18:37 - 2015-05-09 11:01 - 134753440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-08-23 01:04 - 2015-08-06 22:46 - 00001037 ____H C:\Users\PAM\.swfinfo
2015-08-17 22:12 - 2015-05-25 21:12 - 00000000 ____D C:\Users\MSSQLFDLauncher$SQLEXPRESS
2015-08-17 22:11 - 2015-05-25 21:13 - 00000000 ____D C:\Users\ReportServer$SQLEXPRESS
2015-08-17 22:11 - 2015-05-25 21:12 - 00000000 ____D C:\Users\MSSQL$SQLEXPRESS
2015-08-17 22:11 - 2014-04-05 10:10 - 00000000 ____D C:\Users\PAM
2015-08-14 13:59 - 2013-08-22 08:36 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-08-14 13:59 - 2013-08-22 08:36 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-08-14 13:59 - 2013-08-22 08:36 - 00000000 ____D C:\Program Files\Windows Defender
2015-08-14 13:59 - 2013-08-22 08:36 - 00000000 ____D C:\Program Files (x86)\Windows Defender

==================== Files in the root of some directories =======

2015-09-08 16:34 - 2015-09-09 22:52 - 0000301 _____ () C:\Users\PAM\AppData\Roaming\BreakingPoint_Login.ini
2015-09-09 17:57 - 2015-09-09 23:03 - 0001380 _____ () C:\Users\PAM\AppData\Roaming\BreakingPoint_Options.ini
2015-09-08 12:12 - 2015-09-08 12:12 - 0000000 ___SH () C:\Users\PAM\AppData\Local\LumaEmu
2014-03-03 16:07 - 2014-03-03 16:07 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2014-03-03 16:34 - 2014-03-03 16:35 - 0000121 _____ () C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log
2014-03-03 16:31 - 2014-03-03 16:32 - 0000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log
2014-03-03 16:32 - 2014-03-03 16:33 - 0000111 _____ () C:\ProgramData\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}.log
2014-03-03 16:33 - 2014-03-03 16:34 - 0000108 _____ () C:\ProgramData\{B46BEA36-0B71-4A4E-AE41-87241643FA0A}.log
2014-03-03 16:31 - 2014-03-03 16:31 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log

Some files in TEMP:
====================
C:\Users\PAM\AppData\Local\Temp\130807136398573833.exe
C:\Users\PAM\AppData\Local\Temp\13080713643707854438.exe
C:\Users\PAM\AppData\Local\Temp\1mj6gmhr.dll
C:\Users\PAM\AppData\Local\Temp\2032.exe
C:\Users\PAM\AppData\Local\Temp\8e7remtq.dll
C:\Users\PAM\AppData\Local\Temp\ARMA 3 Steamworks Fix NINO FIX Downloader__15047_i1635984875_il1360443.exe
C:\Users\PAM\AppData\Local\Temp\BRSVC_442028625_hlp.exe
C:\Users\PAM\AppData\Local\Temp\compete.exe
C:\Users\PAM\AppData\Local\Temp\cw.exe
C:\Users\PAM\AppData\Local\Temp\DRHelper_installFinish.exe
C:\Users\PAM\AppData\Local\Temp\DRHelper_installStart.exe
C:\Users\PAM\AppData\Local\Temp\msC509.tmp.exe
C:\Users\PAM\AppData\Local\Temp\MSETUP4.EXE
C:\Users\PAM\AppData\Local\Temp\offer-8C7A8782-6475-4D07-A2C2-EB287CA389D1.exe
C:\Users\PAM\AppData\Local\Temp\oprun12404.exe
C:\Users\PAM\AppData\Local\Temp\oprun14997.exe
C:\Users\PAM\AppData\Local\Temp\oprun22280.exe
C:\Users\PAM\AppData\Local\Temp\oprun26437.exe
C:\Users\PAM\AppData\Local\Temp\proxy_vole5148578707414626857.dll
C:\Users\PAM\AppData\Local\Temp\setup_ospd_us.exe
C:\Users\PAM\AppData\Local\Temp\SpOrder.dll
C:\Users\PAM\AppData\Local\Temp\sqlite3.dll
C:\Users\PAM\AppData\Local\Temp\supoptsetup.exe
C:\Users\PAM\AppData\Local\Temp\uninstall.exe
C:\Users\PAM\AppData\Local\Temp\UninstallModule.exe
C:\Users\PAM\AppData\Local\Temp\Zzoooomit_uninstall.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll
[2015-05-11 12:48] - [2015-09-08 20:54] - 0657920 ____A (Microsoft Corporation) C906F0C2BB37E3F210984B30854089F4

C:\Windows\SysWOW64\dnsapi.dll
[2015-05-11 12:47] - [2015-09-08 20:54] - 0498688 ____A (Microsoft Corporation) 46C697A082C0C27AC9400D1A9D4B97FE

C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-09-10 23:19

==================== End of FRST.txt ============================


Additional scan result of Farbar Recovery Scan Tool (x64) Version:10-09-2015 01
Ran by Brandon (2015-09-13 23:25:25)
Running from C:\Users\PAM\Documents\FixIts
Windows 8.1 (X64) (2014-04-05 17:10:50)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-56948544-175400317-1807394744-500 - Administrator - Disabled)
Brandon (S-1-5-21-56948544-175400317-1807394744-1001 - Administrator - Enabled) => C:\Users\PAM
Guest (S-1-5-21-56948544-175400317-1807394744-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-56948544-175400317-1807394744-1003 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Arma 3 (HKLM-x32\...\Steam App 107410) (Version:  - Bohemia Interactive)
BitTorrent (HKU\S-1-5-21-56948544-175400317-1807394744-1001\...\BitTorrent) (Version: 7.9.4.40912 - BitTorrent Inc.)
Breaking Point (HKLM-x32\...\Breaking Point 5.0.2.9) (Version: 5.0.2.9 - The Zombie Infection)
Breaking Point (x32 Version: 5.0.2.9 - The Zombie Infection) Hidden
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version:  - ‪Canon Inc.‬)
Canon MG3200 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG3200_series) (Version: 1.01 - Canon Inc.)
Consumer Input Update Helper (x32 Version: 1.3.25.309 - Compete Inc.) Hidden <==== ATTENTION
CyberLink Media Suite Essentials (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.7.5.63 - Dell Inc.)
Dell Digital Delivery (HKLM-x32\...\{BC8233D8-59BA-4D40-92B9-4FDE7452AA8B}) (Version: 3.0.3999.0 - Dell Products, LP)
Dell Product Registration (HKLM-x32\...\{2A0F2CC5-3065-492C-8380-B03AA7106B1A}) (Version: 1.16.1 - Dell Inc.)
Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 17.0.13.0 - Synaptics Incorporated)
Dell Update (HKLM-x32\...\{713A4123-9417-4FF7-AC14-F000D6C0C7AD}) (Version: 0.9.1115.0 - Dell Inc.)
DivX Setup (HKLM-x32\...\DivX Setup) (Version: 2.7.0.77 - DivX, LLC)
Driver Restore (HKLM\...\Driver Restore) (Version: 2.3.0.0 - 383 Media, Inc.)
FL Studio 11 (HKLM-x32\...\FL Studio 11) (Version:  - Image-Line)
Football Manager 2015 (HKLM-x32\...\Steam App 295270) (Version:  - Sports Interactive)
GameTracker Lite (HKLM-x32\...\GameTracker Lite) (Version:  - ClanServers Hosting LLC.)
GDR 2269 for SQL Server 2014 (KB3045324) (64-bit) (HKLM\...\KB3045324) (Version: 12.0.2269.0 - Microsoft Corporation)
IL Download Manager (HKLM-x32\...\IL Download Manager) (Version:  - Image-Line)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.14.1724 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3316 - Intel Corporation)
Intel® PROSet/Wireless Software for Bluetooth® Technology(patch version 3.0.1342.1) (HKLM\...\{302600C1-6BDF-4FD1-1309-148929CC1385}) (Version: 3.1.1309.0390 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{6882ac6d-e97d-4e25-b3ea-5f3f21055dfe}) (Version: 16.6.0 - Intel Corporation)
Itibiti RTC (x32 Version: 0.0.1 - Itibiti Inc) Hidden
Kodi (HKU\S-1-5-21-56948544-175400317-1807394744-1001\...\Kodi) (Version:  - XBMC-Foundation)
Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Help Viewer 1.1 (HKLM\...\Microsoft Help Viewer 1.1) (Version: 1.1.40219 - Microsoft Corporation)
Microsoft ODBC Driver 11 for SQL Server (HKLM\...\{A106FA6F-E94C-44C9-8A0F-C34BD82C9FE6}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Report Viewer 2014 Runtime (HKLM-x32\...\{327E9C0D-1687-414F-923E-F5979E549548}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Management Objects (HKLM-x32\...\{83F2B8F4-5CF3-4BE9-9772-9543EAE4AC5F}) (Version: 10.51.2500.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files  (HKLM\...\{6292D514-17A4-403F-98F9-E150F10C043D}) (Version: 10.3.5500.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client  (HKLM\...\{49D665A2-4C2A-476E-9AB8-FCC425F526FC}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2014 (64-bit) (HKLM\...\Microsoft SQL Server SQLServer2014) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2014 Policies  (HKLM-x32\...\{1C30FE7E-8A8C-4492-89D6-10CB20C3B0EB}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Setup (English) (HKLM\...\{37C44B5C-E839-4A9D-9E20-A93E1B2FD35A}) (Version: 12.0.2269.0 - Microsoft Corporation)
Microsoft SQL Server 2014 Transact-SQL Compiler Service  (HKLM\...\{537203CB-708E-43A3-BA16-3D5C14A587BB}) (Version: 12.0.2269.0 - Microsoft Corporation)
Microsoft SQL Server 2014 Transact-SQL ScriptDom  (HKLM\...\{020CDFE0-C127-4047-B571-37C82396B662}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM-x32\...\{C3F6F200-6D7B-4879-B9EE-700C0CE1FCDA}) (Version: 10.51.2500.0 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM\...\{8C06D6DB-A391-4686-B050-99CC522A7843}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft Visio Professional 2010 (HKLM\...\Office14.VISIOR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Runtime - 10.0.40219 (HKLM-x32\...\{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Shell (Isolated) - ENU (HKLM-x32\...\{D64B6984-242F-32BC-B008-752806E5FC44}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft VSS Writer for SQL Server 2014 (HKLM\...\{366CD715-2FF4-40B4-A8B4-A05E5D21A945}) (Version: 12.0.2000.8 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 40.0.3 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 40.0.3 (x86 en-US)) (Version: 40.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 40.0.3.5716 - Mozilla)
Native Instruments Massive (HKLM-x32\...\Native Instruments Massive) (Version:  - Native Instruments)
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version:  - )
PocketCloud (HKLM-x32\...\{D9752C7D-A595-4687-A0D5-362E9C311C55}) (Version: 2.7.14 - Wyse Technology)
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 10.15.021 - Dell Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7023 - Realtek Semiconductor Corp.)
RollerCoaster Tycoon 3 Platinum (HKLM-x32\...\{907B4640-266B-4A21-92FB-CD1A86CD0F63}) (Version: 1.00.000 - Atari)
Secure Download Manager (HKLM-x32\...\{E040B65B-8683-4228-8C33-D44A141E40EA}) (Version: 3.1.60 - Kivuto Solutions Inc.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{91140000-0057-0000-1000-0000000FF1CE}_Office14.VISIOR_{3C578F10-F74F-4655-B2A6-9F88A6C415E8}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version:  - Microsoft) Hidden
Spotify (HKU\S-1-5-21-56948544-175400317-1807394744-1001\...\Spotify) (Version: 1.0.11.134.ga37df67b - Spotify AB)
SQL Server 2014 Client Tools (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server 2014 Common Files (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server 2014 Database Engine Services (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server 2014 Database Engine Shared (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server 2014 Documentation Components (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server 2014 Full text search (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server 2014 Management Studio (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server 2014 Reporting Services (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server Browser for SQL Server 2014 (HKLM-x32\...\{3204DE95-97D2-4261-A286-98A262E171D4}) (Version: 12.0.2000.8 - Microsoft Corporation)
Sql Server Customer Experience Improvement Program (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
The Sims 4 (HKLM-x32\...\{48EBEBBF-B9F8-4520-A3CF-89A730721917}) (Version: 1.0.797.20 - Electronic Arts)
The Sims 4 Luxury Party Stuff DLC (HKLM-x32\...\VGhlU2ltczQ=_is1) (Version: 1 - )
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Visual Studio 2010 Prerequisites - English (HKLM\...\{662014D2-0450-37ED-ABAE-157C88127BEB}) (Version: 10.0.40219 - Microsoft Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

29-08-2015 17:50:31 Scheduled Checkpoint
07-09-2015 12:26:50 Installed RollerCoaster Tycoon 3 Platinum
08-09-2015 16:15:27 Installed Breaking Point
09-09-2015 17:51:25 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030
09-09-2015 17:52:03 Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 06:25 - 2015-09-09 20:40 - 00000826 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {095021C1-E590-473C-AE00-FA9D37E91CE1} - System32\Tasks\PocketCloud => C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudDesktopApp.exe [2013-08-22] ()
Task: {16E8D4F6-6829-446E-8E90-9D5D9F40CF49} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-08-26] (Microsoft Corporation)
Task: {16FF8528-ACED-4ECA-BEA0-008AA7FDE77B} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-09-06] (Synaptics Incorporated)
Task: {232B4B1F-209A-4A92-9DB7-D85E04C5E823} - System32\Tasks\CIMT_daily_S-1-5-21-56948544-175400317-1807394744-1001 => C:\Program Files (x86)\Consumer Input\Monitoring\dca-monitoring.exe <==== ATTENTION
Task: {50C56041-C617-4549-9335-F30686641862} - System32\Tasks\ZIYBY => C:\ProgramData\Service0561\Service0561.exe [2015-09-08] () <==== ATTENTION
Task: {50EEC17B-B283-4377-A325-112C4C095C2B} - System32\Tasks\Cienaueo => C:\ProgramData\Cienaueo\1.0.5.1\fnenniuu.exe [2015-09-10] ()
Task: {5A5E0AC9-E5CE-4B5B-9689-C9BE18882E5A} - System32\Tasks\PocketCloudUpdater => C:\Program
Task: {5D244E9F-DEE5-42A8-B526-173EF21F151F} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2013-03-22] (CyberLink Corp.)
Task: {65CAEA6C-F566-4EE2-A082-D7F58AE02249} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2013-03-04] (CyberLink)
Task: {6AFD5D1A-5465-4DA4-A976-58578A6F49F4} - System32\Tasks\{6EF88B6F-86EC-4364-A649-F593C7987E1B} => pcalua.exe -a "C:\Program Files (x86)\Image-Line\FL Studio 11\uninstall.exe"
Task: {7A6C0134-866F-465A-B209-21098276399A} - System32\Tasks\DriverRestore_DailyScan => C:\Program Files (x86)\DriverRestore\DriverRestore.exe [2014-11-29] ()
Task: {7A8FAAA5-3898-4E9F-B1F0-9ACBD814E4BD} - System32\Tasks\PocketCloudVirtualChannel => C:\Program Files (x86)\Wyse\PocketCloud\WPCRDPVirtualChannelServer.exe [2013-08-22] ()
Task: {7DE00294-E6C5-4A85-B703-A907087CB2D1} - System32\Tasks\DriverRestore_ScheduledScan => C:\Program Files (x86)\DriverRestore\DriverRestore.exe [2014-11-29] ()
Task: {A9107929-3C43-4350-8692-1126F46213F4} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-08-11] (Adobe Systems Incorporated)
Task: {BD585BED-7ED7-4C54-8DCE-751F4DE8DAED} - System32\Tasks\Dell\Dell System Registration => C:\Program Files (x86)\System Registration\prodreg.exe [2012-07-09] (Dell, Inc.)
Task: {C6FB1B92-6CD9-4AB4-9523-90FC8E1BE5D8} - System32\Tasks\AXCINCXHMDOCGGXC => C:\ProgramData\Service1291\Service1291.exe [2015-09-09] () <==== ATTENTION
Task: {D43047BF-53B2-4B49-9377-A240FDC80240} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Rundll32.exe invagent.dll,RunUpdate -noappraiser
Task: {F6D79D7A-4736-4038-8DC0-1EA797DE8912} - System32\Tasks\CIMT_S-1-5-21-56948544-175400317-1807394744-1001 => C:\Program Files (x86)\Consumer Input\Monitoring\dca-monitoring.exe <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\AXCINCXHMDOCGGXC.job => C:\ProgramData\Service1291\Service1291.exe <==== ATTENTION
Task: C:\Windows\Tasks\CIMT_daily_S-1-5-21-56948544-175400317-1807394744-1001.job => C:\Program Files (x86)\Consumer Input\Monitoring\dca-monitoring.exe <==== ATTENTION
Task: C:\Windows\Tasks\CIMT_S-1-5-21-56948544-175400317-1807394744-1001.job => C:\Program Files (x86)\Consumer Input\Monitoring\dca-monitoring.exe <==== ATTENTION

==================== Loaded Modules (Whitelisted) ==============

2015-08-06 12:18 - 2015-08-06 12:18 - 00077824 _____ () C:\Program Files (x86)\dataup\dataup.exe
2015-04-07 07:12 - 2015-04-07 07:12 - 00404480 _____ () C:\ProgramData\1441770685\s9.exe
2013-08-22 12:40 - 2013-08-22 12:40 - 00016176 _____ () C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudService.exe
2013-08-22 12:40 - 2013-08-22 12:40 - 00040240 _____ () C:\Program Files (x86)\Wyse\PocketCloud\AetherServiceLib.dll
2013-08-22 12:40 - 2013-08-22 12:40 - 00046384 _____ () C:\Program Files (x86)\Wyse\PocketCloud\AetherHelperLib.dll
2015-09-10 19:17 - 2015-09-10 19:17 - 00158208 _____ () C:\ProgramData\Cienaueo\1.0.5.1\fnenniuu.exe
2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:23 - 2010-10-20 15:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2015-08-06 16:05 - 2015-08-06 16:05 - 01221120 _____ () C:\Program Files (x86)\msrtn32\msrtn32.exe
2014-09-18 11:37 - 2014-07-02 19:55 - 00487144 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRCrawler.exe
2015-07-03 11:27 - 2015-07-03 11:27 - 01172992 _____ () C:\Program Files (x86)\cpx\cpx.exe
2015-07-02 23:47 - 2015-07-02 23:47 - 00183296 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\ErrorReporting.dll
2014-11-29 03:24 - 2014-11-29 03:24 - 00734840 _____ () C:\Program Files (x86)\DriverRestore\DriverRestore.exe
2015-08-06 16:06 - 2015-08-06 16:06 - 00825856 _____ () C:\Program Files (x86)\msrtn32\cdhtr.exe
2015-08-27 12:30 - 2015-08-27 12:30 - 00399872 _____ () C:\Program Files (x86)\msrtn32\rthdcpd.exe
2014-03-03 16:26 - 2013-08-28 03:02 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2014-10-12 00:26 - 2014-10-12 00:26 - 02299904 _____ () C:\Program Files (x86)\msrtn32\QxOrm.dll
2013-09-24 12:38 - 2013-09-24 12:38 - 00243200 _____ () C:\Program Files (x86)\msrtn32\boost_serialization-vc100-mt-1_54.dll
2014-10-13 19:34 - 2014-10-13 19:34 - 00879104 _____ () C:\Program Files (x86)\msrtn32\platforms\qwindows.dll
2014-10-13 19:31 - 2014-10-13 19:31 - 00635392 _____ () C:\Program Files (x86)\msrtn32\sqldrivers\qsqlite.dll
2014-03-03 16:32 - 2013-03-04 20:40 - 00626240 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2013-03-05 12:41 - 2013-03-05 12:41 - 00015424 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2015-05-14 19:00 - 2015-07-03 09:12 - 00778240 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2015-05-14 19:00 - 2015-07-03 09:12 - 04962816 _____ () C:\Program Files (x86)\Steam\v8.dll
2015-05-14 19:00 - 2015-08-19 13:39 - 02413248 _____ () C:\Program Files (x86)\Steam\video.dll
2015-05-14 19:00 - 2015-07-03 09:12 - 01556992 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2015-05-14 19:00 - 2015-07-03 09:12 - 01187840 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2015-05-14 19:00 - 2014-12-01 14:31 - 02396672 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2015-05-14 19:00 - 2014-12-01 14:31 - 00479744 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2015-05-14 19:00 - 2014-12-01 14:31 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2015-05-14 19:00 - 2014-12-01 14:31 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2015-05-14 19:00 - 2014-12-01 14:31 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2015-05-14 19:00 - 2015-08-19 13:39 - 00704192 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2015-08-10 14:01 - 2015-07-26 18:13 - 00171008 _____ () C:\Program Files (x86)\Steam\bin\openvr_api.dll
2015-05-14 19:00 - 2015-07-03 09:12 - 39553928 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
2015-06-25 21:58 - 2015-06-25 21:58 - 40524800 _____ () C:\Program Files (x86)\cpx\libcef.dll
2015-03-31 17:47 - 2015-03-31 17:47 - 01359360 _____ () C:\Program Files (x86)\cpx\libglesv2.dll
2015-03-31 17:47 - 2015-03-31 17:47 - 00212992 _____ () C:\Program Files (x86)\cpx\libegl.dll
2015-04-19 09:18 - 2015-04-19 09:18 - 16825520 _____ () C:\Program Files (x86)\cpx\plugins\NPSWF32_15_0_0_152.dll
2014-11-29 03:22 - 2014-11-29 03:22 - 00085504 _____ () C:\Program Files (x86)\DriverRestore\DriversScanner.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:45 - 2010-10-20 15:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2014-10-14 00:31 - 2014-10-14 00:31 - 00032256 _____ () C:\Program Files (x86)\msrtn32\imageformats\qdds.dll
2014-10-13 19:32 - 2014-10-13 19:32 - 00021504 _____ () C:\Program Files (x86)\msrtn32\imageformats\qgif.dll
2014-10-14 00:31 - 2014-10-14 00:31 - 00027648 _____ () C:\Program Files (x86)\msrtn32\imageformats\qicns.dll
2014-10-13 19:32 - 2014-10-13 19:32 - 00021504 _____ () C:\Program Files (x86)\msrtn32\imageformats\qico.dll
2014-10-14 00:31 - 2014-10-14 00:31 - 00381952 _____ () C:\Program Files (x86)\msrtn32\imageformats\qjp2.dll
2014-10-13 19:31 - 2014-10-13 19:31 - 00204800 _____ () C:\Program Files (x86)\msrtn32\imageformats\qjpeg.dll
2014-10-14 00:31 - 2014-10-14 00:31 - 00218112 _____ () C:\Program Files (x86)\msrtn32\imageformats\qmng.dll
2014-10-14 00:31 - 2014-10-14 00:31 - 00015360 _____ () C:\Program Files (x86)\msrtn32\imageformats\qtga.dll
2014-10-14 00:32 - 2014-10-14 00:32 - 00307712 _____ () C:\Program Files (x86)\msrtn32\imageformats\qtiff.dll
2014-10-14 00:32 - 2014-10-14 00:32 - 00014848 _____ () C:\Program Files (x86)\msrtn32\imageformats\qwbmp.dll
2014-10-14 00:32 - 2014-10-14 00:32 - 00252928 _____ () C:\Program Files (x86)\msrtn32\imageformats\qwebp.dll
2014-06-28 11:54 - 2014-06-28 11:54 - 14586808 _____ () C:\Program Files (x86)\msrtn32\Plugins\NPSWF32_11_5_502_110.dll
2015-03-31 17:46 - 2015-03-31 17:46 - 00984576 _____ () C:\Program Files (x86)\cpx\ffmpegsumo.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\PAM\SkyDrive:ms-properties
AlternateDataStreams: C:\Users\PAM\SkyDrive (2).old:ms-properties
AlternateDataStreams: C:\Users\PAM\SkyDrive.old:ms-properties

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-56948544-175400317-1807394744-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\PAM\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run: => "BTMTrayAgent"
HKLM\...\StartupApproved\Run: => "prtstart"
HKLM\...\StartupApproved\Run: => "SpaceSoundPro"
HKLM\...\StartupApproved\Run32: => "cpx"
HKU\S-1-5-21-56948544-175400317-1807394744-1001\...\StartupApproved\Run: => "BitTorrent"
HKU\S-1-5-21-56948544-175400317-1807394744-1001\...\StartupApproved\Run: => "DV"
HKU\S-1-5-21-56948544-175400317-1807394744-1001\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-56948544-175400317-1807394744-1001\...\StartupApproved\Run: => "Steam"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{5F22F6F2-4937-495C-9D60-B7C223557EE5}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{33F3F2A7-2AA6-4D7D-874B-1D20E8206B15}] => (Allow) C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudDesktopApp.exe
FirewallRules: [{281FCCF7-855D-4C45-94AA-E8A8D9B18B32}] => (Allow) C:\Program Files (x86)\Wyse\PocketCloud\AetherWindowsService.exe
FirewallRules: [{EF196F89-EA15-4C16-A131-0E3057ED3311}] => (Allow) C:\Program Files (x86)\Wyse\PocketCloud\WyseRemoteAccess.exe
FirewallRules: [{DBEA895E-A940-4C7D-B7F3-0C1156359ECA}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{C1B27DF3-E056-4832-B60F-17D6AA3FB47E}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD Cinema\PowerDVDCinema12.exe
FirewallRules: [{566EF349-2C72-405A-9E02-A0B295E445E8}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{A85067CD-46E1-47A6-A07B-F7941DD7F79E}] => (Allow) LPort=2869
FirewallRules: [{00763C18-02A2-496A-AED4-4FC82E8ACAE9}] => (Allow) LPort=1900
FirewallRules: [{F42BDAFF-C83C-4B5A-A543-637142373D28}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{2F97C8AE-9CD4-478B-AB8E-B78A10D7C8A8}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{75D33CAD-A637-441E-904F-1FE9A3D5E033}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{7B3B7FA0-96F0-4D6B-B4BB-E068E71BC46F}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{ED19AAE9-5443-47A8-933D-EBDFB98C0775}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{134A87F5-46CF-4F8F-9494-95F1FAFD6B3F}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{95EBBCD9-8DD2-49DE-80F5-DEDECD56648E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Football Manager 2015\fm.exe
FirewallRules: [{E9F55CDD-E4FC-4811-872D-DC5F65700D83}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Football Manager 2015\fm.exe
FirewallRules: [{D76B88E9-C037-4C23-86A5-839C4424A356}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{BDFFE906-042C-41B6-A2C7-3E8173B64992}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{79B4813A-6D62-4098-B4F3-0131A2A8A6F3}] => (Allow) C:\Users\PAM\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{88A89A5A-6266-445F-8B9F-9811EBB8D073}] => (Allow) C:\Users\PAM\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{5B9F4E43-4430-453D-A1DF-616E30C3DAB5}] => (Allow) C:\Users\PAM\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{11E08BEC-53CA-453D-9969-2AFF4C5DA91D}] => (Allow) C:\Users\PAM\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{A4AEAAE2-ED40-4F9F-8E93-935891CF5A80}] => (Allow) C:\Users\PAM\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{011033AD-292C-4EDD-A487-D546813BF22C}] => (Allow) C:\Users\PAM\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{6768C145-A81F-4D64-A59C-32428AE86FDB}] => (Allow) 㩃停潲牧浡䘠汩獥⠠㡸⤶獜瑩扥潲敫屲楳整牢歯牥攮數
FirewallRules: [{6DEDF643-C034-4842-BCC5-B10A7BD49C28}] => (Allow) 㩃停潲牧浡䘠汩獥⠠㡸⤶獜瑩扥潲敫屲敲瑳楳整牢歯牥攮數
FirewallRules: [{9CB76E26-4374-43AA-9F8F-CBB21B0426E1}] => (Allow) 㩃停潲牧浡䘠汩獥⠠㡸⤶獜瑩扥潲敫屲楳整牢歯牥⹟硥e
FirewallRules: [{630960C3-3696-464A-AC9D-13A2D2FDB71D}] => (Allow) 㩃停潲牧浡䘠汩獥⠠㡸⤶獜瑩扥潲敫屲敲瑳楳整牢歯牥⹟硥e
FirewallRules: [{D520BA22-9221-465D-8A7E-2212C8484CF6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Arma 3\arma3launcher.exe
FirewallRules: [{4865F576-5262-4EDB-8B15-EAD7D7E5A198}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Arma 3\arma3launcher.exe
FirewallRules: [TCP Query User{5B23AE1C-3393-4F36-968D-2647073B09B0}C:\program files (x86)\kodi\kodi.exe] => (Block) C:\program files (x86)\kodi\kodi.exe
FirewallRules: [UDP Query User{0FECF01B-EC7C-444C-87AA-51D8A03CEE58}C:\program files (x86)\kodi\kodi.exe] => (Block) C:\program files (x86)\kodi\kodi.exe
FirewallRules: [TCP Query User{8CFBFEA7-11E6-400B-B7DE-263BC6AC50F6}C:\program files (x86)\steam\steamapps\common\arma 3\arma3.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\arma 3\arma3.exe
FirewallRules: [UDP Query User{4C34435D-B480-4AEE-BED4-8C879A87203B}C:\program files (x86)\steam\steamapps\common\arma 3\arma3.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\arma 3\arma3.exe
FirewallRules: [{BBDEA156-5F74-4ADC-B174-AFDC5BB6D746}] => (Allow) C:\Program Files (x86)\Itibiti Soft Phone\Itibiti.exe
FirewallRules: [{4F4B680C-8967-463E-ABD0-E29BD867BB7C}] => (Allow) C:\Program Files (x86)\Itibiti Soft Phone\Itibiti.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (09/13/2015 11:06:45 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Networking.RtcDll,language="&#x2a;",processorArchitecture="X86",publicKeyToken="6595b64144ccf1df",type="win32",version="5.2.1002.3"1".
Dependent Assembly Microsoft.Windows.Networking.RtcDll,language="&#x2a;",processorArchitecture="X86",publicKeyToken="6595b64144ccf1df",type="win32",version="5.2.1002.3" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (09/13/2015 11:06:45 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Networking.RtcDll,language="&#x2a;",processorArchitecture="X86",publicKeyToken="6595b64144ccf1df",type="win32",version="5.2.1002.3"1".
Dependent Assembly Microsoft.Windows.Networking.RtcDll,language="&#x2a;",processorArchitecture="X86",publicKeyToken="6595b64144ccf1df",type="win32",version="5.2.1002.3" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (09/13/2015 11:06:43 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Networking.RtcDll,language="&#x2a;",processorArchitecture="X86",publicKeyToken="6595b64144ccf1df",type="win32",version="5.2.1002.3"1".
Dependent Assembly Microsoft.Windows.Networking.RtcDll,language="&#x2a;",processorArchitecture="X86",publicKeyToken="6595b64144ccf1df",type="win32",version="5.2.1002.3" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (09/13/2015 11:06:23 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: TOASTER.EXE, version: 1.0.1.229, time stamp: 0x538dde51
Faulting module name: KERNELBASE.dll, version: 6.3.9600.17415, time stamp: 0x54504ade
Exception code: 0xe0434352
Fault offset: 0x00014598
Faulting process id: 0x1d0c
Faulting application start time: 0xTOASTER.EXE0
Faulting application path: TOASTER.EXE1
Faulting module path: TOASTER.EXE2
Report Id: TOASTER.EXE3
Faulting package full name: TOASTER.EXE4
Faulting package-relative application ID: TOASTER.EXE5

Error: (09/13/2015 11:06:23 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: TOASTER.EXE
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.ArgumentException
Stack:
   at MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
   at System.Windows.Threading.Dispatcher.LegacyInvokeImpl(System.Windows.Threading.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32)
   at MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
   at MS.Win32.UnsafeNativeMethods.DispatchMessage(System.Windows.Interop.MSG ByRef)
   at System.Windows.Threading.Dispatcher.PushFrameImpl(System.Windows.Threading.DispatcherFrame)
   at System.Windows.Threading.Dispatcher.PushFrame(System.Windows.Threading.DispatcherFrame)
   at System.Windows.Threading.Dispatcher.Run()
   at System.Windows.Application.RunDispatcher(System.Object)
   at System.Windows.Application.RunInternal(System.Windows.Window)
   at System.Windows.Application.Run(System.Windows.Window)
   at Toaster.App.Main()

Error: (09/13/2015 11:06:23 PM) (Source: TOASTER.EXE) (EventID: 0) (User: )
Description: An Unhandled Exception occured.
Width and Height must be non-negative.
   at Toaster.Core.AppBarFunctions.ABSetPos(ABEdge edge, Window appbarWindow)
   at Toaster.Core.AppBarFunctions.RegisterInfo.WndProc(IntPtr hwnd, Int32 msg, IntPtr wParam, IntPtr lParam, Boolean& handled)
   at System.Windows.Interop.HwndSource.PublicHooksFilterMessage(IntPtr hwnd, Int32 msg, IntPtr wParam, IntPtr lParam, Boolean& handled)
   at MS.Win32.HwndWrapper.WndProc(IntPtr hwnd, Int32 msg, IntPtr wParam, IntPtr lParam, Boolean& handled)
   at MS.Win32.HwndSubclass.DispatcherCallbackOperation(Object o)
   at System.Windows.Threading.ExceptionWrapper.InternalRealCall(Delegate callback, Object args, Int32 numArgs)
   at MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(Object source, Delegate method, Object args, Int32 numArgs, Delegate catchHandler)

Error: (09/13/2015 10:47:49 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: cpx.exe, version: 1.1.0.1, time stamp: 0x5596010a
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00000000
Faulting process id: 0xe2c
Faulting application start time: 0xcpx.exe0
Faulting application path: cpx.exe1
Faulting module path: cpx.exe2
Report Id: cpx.exe3
Faulting package full name: cpx.exe4
Faulting package-relative application ID: cpx.exe5

Error: (09/13/2015 10:38:50 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: cpx.exe, version: 1.1.0.1, time stamp: 0x5596010a
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00000000
Faulting process id: 0x10bc
Faulting application start time: 0xcpx.exe0
Faulting application path: cpx.exe1
Faulting module path: cpx.exe2
Report Id: cpx.exe3
Faulting package full name: cpx.exe4
Faulting package-relative application ID: cpx.exe5

Error: (09/13/2015 01:04:01 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: cpx.exe, version: 1.1.0.1, time stamp: 0x5596010a
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00000000
Faulting process id: 0x2654
Faulting application start time: 0xcpx.exe0
Faulting application path: cpx.exe1
Faulting module path: cpx.exe2
Report Id: cpx.exe3
Faulting package full name: cpx.exe4
Faulting package-relative application ID: cpx.exe5

Error: (09/13/2015 12:44:12 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: cpx.exe, version: 1.1.0.1, time stamp: 0x5596010a
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00000000
Faulting process id: 0x27ac
Faulting application start time: 0xcpx.exe0
Faulting application path: cpx.exe1
Faulting module path: cpx.exe2
Report Id: cpx.exe3
Faulting package full name: cpx.exe4
Faulting package-relative application ID: cpx.exe5


System errors:
=============
Error: (09/13/2015 10:30:29 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "WORKGROUP      :1d" could not be registered on the interface with IP address 192.168.1.4.
The computer with the IP address 192.168.1.5 did not allow the name to be claimed by
this computer.

Error: (09/13/2015 09:39:03 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "WORKGROUP      :1d" could not be registered on the interface with IP address 192.168.1.4.
The computer with the IP address 192.168.1.5 did not allow the name to be claimed by
this computer.

Error: (09/10/2015 07:48:42 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\Windows\System32\IWMSSvc.dll

Error: (09/10/2015 07:48:42 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\Windows\System32\IWMSSvc.dll

Error: (09/10/2015 07:48:40 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\Windows\System32\IWMSSvc.dll

Error: (09/10/2015 07:35:42 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error:
%%1056

Error: (09/10/2015 07:35:12 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (09/10/2015 07:35:12 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Windows Management Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (09/10/2015 07:35:12 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The SoftThinks Agent Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (09/10/2015 07:35:12 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Cyberlink RichVideo Service(CRVS) service terminated unexpectedly.  It has done this 1 time(s).


Microsoft Office:
=========================
Error: (09/13/2015 11:06:45 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Networking.RtcDll,language="&#x2a;",processorArchitecture="X86",publicKeyToken="6595b64144ccf1df",type="win32",version="5.2.1002.3"C:\Program Files (x86)\Itibiti Soft Phone\Itibiti.exe

Error: (09/13/2015 11:06:45 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Networking.RtcDll,language="&#x2a;",processorArchitecture="X86",publicKeyToken="6595b64144ccf1df",type="win32",version="5.2.1002.3"C:\Program Files (x86)\Itibiti Soft Phone\Itibiti.exe

Error: (09/13/2015 11:06:43 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Networking.RtcDll,language="&#x2a;",processorArchitecture="X86",publicKeyToken="6595b64144ccf1df",type="win32",version="5.2.1002.3"C:\Program Files (x86)\Itibiti Soft Phone\Itibiti.exe

Error: (09/13/2015 11:06:23 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: TOASTER.EXE1.0.1.229538dde51KERNELBASE.dll6.3.9600.1741554504adee0434352000145981d0c01d0ede17fce09c7C:\Program Files (x86)\Dell Backup and Recovery\TOASTER.EXEC:\Windows\SYSTEM32\KERNELBASE.dllb9907323-5aa6-11e5-827c-ac7ba13343a1

Error: (09/13/2015 11:06:23 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: TOASTER.EXE
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.ArgumentException
Stack:
   at MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
   at System.Windows.Threading.Dispatcher.LegacyInvokeImpl(System.Windows.Threading.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32)
   at MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
   at MS.Win32.UnsafeNativeMethods.DispatchMessage(System.Windows.Interop.MSG ByRef)
   at System.Windows.Threading.Dispatcher.PushFrameImpl(System.Windows.Threading.DispatcherFrame)
   at System.Windows.Threading.Dispatcher.PushFrame(System.Windows.Threading.DispatcherFrame)
   at System.Windows.Threading.Dispatcher.Run()
   at System.Windows.Application.RunDispatcher(System.Object)
   at System.Windows.Application.RunInternal(System.Windows.Window)
   at System.Windows.Application.Run(System.Windows.Window)
   at Toaster.App.Main()

Error: (09/13/2015 11:06:23 PM) (Source: TOASTER.EXE) (EventID: 0) (User: )
Description: An Unhandled Exception occured.
Width and Height must be non-negative.
   at Toaster.Core.AppBarFunctions.ABSetPos(ABEdge edge, Window appbarWindow)
   at Toaster.Core.AppBarFunctions.RegisterInfo.WndProc(IntPtr hwnd, Int32 msg, IntPtr wParam, IntPtr lParam, Boolean& handled)
   at System.Windows.Interop.HwndSource.PublicHooksFilterMessage(IntPtr hwnd, Int32 msg, IntPtr wParam, IntPtr lParam, Boolean& handled)
   at MS.Win32.HwndWrapper.WndProc(IntPtr hwnd, Int32 msg, IntPtr wParam, IntPtr lParam, Boolean& handled)
   at MS.Win32.HwndSubclass.DispatcherCallbackOperation(Object o)
   at System.Windows.Threading.ExceptionWrapper.InternalRealCall(Delegate callback, Object args, Int32 numArgs)
   at MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(Object source, Delegate method, Object args, Int32 numArgs, Delegate catchHandler)

Error: (09/13/2015 10:47:49 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: cpx.exe1.1.0.15596010aunknown0.0.0.000000000c000000500000000e2c01d0eeb0bc58b8d7C:\Program Files (x86)\cpx\cpx.exeunknown216da175-5aa4-11e5-827c-ac7ba13343a1

Error: (09/13/2015 10:38:50 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: cpx.exe1.1.0.15596010aunknown0.0.0.000000000c00000050000000010bc01d0eeaf56b57fd2C:\Program Files (x86)\cpx\cpx.exeunknowne03061f8-5aa2-11e5-827c-ac7ba13343a1

Error: (09/13/2015 01:04:01 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: cpx.exe1.1.0.15596010aunknown0.0.0.000000000c000000500000000265401d0edfa9bf90ef4C:\Program Files (x86)\cpx\cpx.exeunknownfd869884-59ed-11e5-827c-ac7ba13343a1

Error: (09/13/2015 12:44:12 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: cpx.exe1.1.0.15596010aunknown0.0.0.000000000c00000050000000027ac01d0edf7d0b86925C:\Program Files (x86)\cpx\cpx.exeunknown391e23ca-59eb-11e5-827c-ac7ba13343a1


CodeIntegrity:
===================================
  Date: 2015-09-10 23:21:28.630
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-05-18 13:08:55.445
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-05-18 13:08:55.317
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-05-18 13:08:55.161
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-05-18 13:08:55.041
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-05-18 13:08:54.917
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-05-18 13:08:54.793
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-05-18 13:08:54.669
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-05-18 13:08:54.541
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-05-18 13:08:54.389
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel® Core™ i5-4200U CPU @ 1.60GHz
Percentage of memory in use: 50%
Total physical RAM: 8072.96 MB
Available physical RAM: 3990.77 MB
Total Virtual: 11155.62 MB
Available Virtual: 6469.25 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:922.48 GB) (Free:730.11 GB) NTFS
Drive e: (ESP) (Fixed) (Total:0.48 GB) (Free:0.46 GB) FAT32
Drive x: (WINRETOOLS) (Fixed) (Total:0.48 GB) (Free:0.2 GB) NTFS
Drive y: (PBR Image) (Fixed) (Total:7.9 GB) (Free:0.74 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: FD8B5488)

Partition: GPT.

==================== End of Addition.txt ============================

 


  • 0

Advertisements


#2
Nevan

Nevan

    Trusted Helper

  • Malware Removal
  • 1,765 posts
Hello, LordOfBones. Welcome to Geeks to Go! My nickname is Nevan and I will be helping you getting your system back on its electronic feet.

Before we get started, please keep these things in mind:
  • Always read every part of my post carefully. If you don't, you may do something wrong and there could be more problems to solve.
  • If your security programs give you any warnings when using tools I asked you to, don't be afraid. Every tool I provide to you is 100% safe.
  • Only run tools that I ask you to. Some of them can be dangerous to your system as they have much power.
  • You should save or print my instructions. It is possible that we will be using Safe mode, which will cut you off from your internet connection and without access to them, you might be stuck.
  • Malware removal is a complicated process that takes multiple steps to be completed. Don't give up, be patient.
  • The tools we are going to use and your software may cause unwanted interactions. Because of that, I recommend you to make backups of any important files from your machine before proceeding as they might be lost.
  • I recommend you to stay with me until I tell you that we are done. It is important because when your system does not show any bad symptoms anymore it does not mean that it is 100% clean.
  • Your time to reply is limited. If you don't reply within 3 days, your topic will be closed and you will have to request it to be reopened by contacting one of Moderator group members with the link to this topic.
  • Every program I ask you to download should be saved to and run from desktop. If you don't know how to choose the direction of where a download is saved, check this site. You can also just copy these programs to your desktop manually and then run them from there.
  • Remember that the fixes I give you are only for your machine. Using it on other systems may (and probably will) cause problems.
  • Finally, if you have any questions or are unsure about something, just ask. I will not blame you for it. It is better to ask rather than regret it later.
Let's get started :)

 
One thing to note before we start.

P2P Warning

I've noticed that you have or have had a P2P (Peer-to-Peer) file sharing program on your machine:
  • BitTorrent
It is important to stay away from them as they are used to share pirated material. The programs themselves can be safe, but majority of the files shared through them is infected.

Some of things to keep in mind when using P2P programs:
  • Your computer is more likely to get infected with malware, which will result in coming back to our or other forums for help.
  • You may have your important data stolen, including passwords, photos or personal information.
  • You help to share pirated material, which may result in arrest, fines, or even jail time for illegal downloads of copyrighted material.
If I still didn't convince you, please read these short reports about how dangerous it can be to use P2P programs:Whether you remove them or not is your decision. Though I strongly recommend you to uninstall your P2P programs as they most likely will cause problems in the future.

If you choose not to remove them, please refrain from using them until we are done on cleaning your computer.

 
Step #1
4rr98tz.png FRST Fix

I've noticed that you ran FRST64.exe from the FixIts folder. Please move it to your Desktop. You can do it by right-clicking FRST64.exe, click Cut, then move to Desktop, right-click any free space and click Paste.
  • Download attached fixlist.txt file to your desktop.
    Attached File  fixlist.txt   9.01KB   102 downloads
    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
  • Right click FRST64.exe on your desktop and click Run as administrator.
  • Press the Fix button just once and wait.
    NOTE: It's important that both FRST64.exe and fixlist.txt are in the same location or the fix will not work.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished, FRST will generate a log on the desktop (Fixlog.txt). Select all (CTRL+A) the content of the log, copy it (CTRL+C) and paste (CTRL+V) it into your next reply.
 
Step #2
Command Prompt

Click Start>type cmd in the Search Box>right-click the cmd program that appears on the list and click Run as Administrator.

In the window that appears, type the following:
sfc /scanfile=C:\Windows\SysWOW64\dnsapi.dll
then click Enter. Let the program finish it's operation.

Make sure that you reboot your computer after the process.

 
Step #3
4lSuPAR.pngUninstalling programs

Go to Start Menu>Control Panel>Programs>Uninstall a program (or Control Panel>Programs and Features if using icon view) and remove the following programs:
  • Consumer Input Update Helper
  • Itibiti RTC
 
EOEdyWG.png Things that should appear in your next post:
  • Fixlog.txt log content
  • Please tell me if you have successfully uninstalled all the programs I've asked you to remove

  • 0

#3
LordOfBones

LordOfBones

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts

On step three I rebooted and Intibiti RTC program was back on the desktop. Also in step four there was no Consumer Input Update Helper in the programs list either.

 

Here its the log you requested:

 

Fix result of Farbar Recovery Scan Tool (x64) Version:10-09-2015 01
Ran by Brandon (2015-09-14 11:57:24) Run:2
Running from C:\Users\PAM\Desktop
Loaded Profiles: Brandon & MSSQL$SQLEXPRESS & ReportServer$SQLEXPRESS & MSSQLFDLauncher$SQLEXPRESS (Available Profiles: Brandon & MSSQL$SQLEXPRESS & ReportServer$SQLEXPRESS & MSSQLFDLauncher$SQLEXPRESS)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CloseProcesses:
CreateRestorePoint:
HKLM-x32\...\Run: [cpx] => C:\Program Files (x86)\cpx\cpx.exe [1172992 2015-07-03] ()
HKLM-x32\...\Run: [msrtn32] => C:\Program Files (x86)\msrtn32\msrtn32.exe [1221120 2015-08-06] ()
HKLM\...\Run: [prtstart] => C:\Program Files\shopperz080920151129\dr_inst.exe url=aHR0cDovL2Nkcy5zNm01bTlkNy5od2Nkbi5uZXQvYWRkb24vcHIvMDgwOTIwMTUvL3ByYzY0LmV4ZQ== lpath=QzpcUHJvZ3JhbSBGaWxlc1xzaG9wcGVyejA4MDkyMDE1MTEyOVxwcmMuZXh (the data entry has 24 more characters).
C:\Program Files\shopperz080920151129
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-56948544-175400317-1807394744-1001\...\Run: [DV] => C:\ProgramData\DataFile\Downloads\DV.exe [277504 2015-09-04] ()
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-56948544-175400317-1807394744-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
URLSearchHook: [S-1-5-80-3880006512-4290199581-1648723128-3569869737-3631323133] ATTENTION => Default URLSearchHook is missing
URLSearchHook: [S-1-5-80-425977601-1203083412-1631309457-2457533047-3321749933] ATTENTION => Default URLSearchHook is missing
URLSearchHook: [S-1-5-80-997390408-2153310517-3119169589-2253446180-2226563786] ATTENTION => Default URLSearchHook is missing
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-56948544-175400317-1807394744-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-56948544-175400317-1807394744-1001 -> {2582021E-73A4-4BB1-B89D-025F48C938D1} URL =
SearchScopes: HKU\S-1-5-21-56948544-175400317-1807394744-1001 -> {DF4E90BD-B786-4FF1-9EA9-E74A05ACFC3F} URL = hxxps://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=502468&p={searchTerms}
SearchScopes: HKU\S-1-5-21-56948544-175400317-1807394744-1001 -> {E0A72E9A-7D26-4DF6-AE45-C188B2A9D7E5} URL =
FF HKLM\...\Firefox\Extensions: [{A9BD0126-107A-4CE4-8DAF-23F7D903078A}] - C:\Program Files\shopperz090920150628\Firefox
FF HKLM\...\Firefox\Extensions: [{0C297AD1-F730-4FE3-9753-2E03841998C1}] - C:\Program Files\shopperz080920151129\Firefox
FF HKLM-x32\...\Firefox\Extensions: [{A9BD0126-107A-4CE4-8DAF-23F7D903078A}] - C:\Program Files\shopperz090920150628\Firefox
FF HKLM-x32\...\Firefox\Extensions: [{0C297AD1-F730-4FE3-9753-2E03841998C1}] - C:\Program Files\shopperz080920151129\Firefox
R2 Dataup; C:\Program Files (x86)\dataup\dataup.exe [77824 2015-08-06] () [File not signed] <==== ATTENTION
R2 QPYYKZHuUjY; C:\ProgramData\lpADmp\QPYYKZHuUjY.exe [2732800 2015-09-10] (Valid Applications)
C:\ProgramData\lpADmp
R2 UdvdPork; C:\ProgramData\1441770685\s9.exe [404480 2015-04-07] () [File not signed]
2015-09-09 21:50 - 2015-09-12 22:44 - 00000000 ____D C:\Program Files (x86)\cpx
2015-09-09 21:50 - 2015-09-12 21:58 - 00000000 ____D C:\Users\PAM\AppData\Local\mstrn32
2015-09-09 21:50 - 2015-09-10 19:15 - 00000000 ____D C:\Users\PAM\AppData\Local\cpx
2015-09-09 21:50 - 2015-09-09 21:50 - 00000000 ____D C:\Program Files (x86)\regtool
2015-09-09 21:50 - 2015-09-09 21:50 - 00000000 ____D C:\Program Files (x86)\msrtn32
2015-09-09 21:50 - 2015-09-09 21:50 - 00000000 ____D C:\Program Files (x86)\dataup
2015-09-09 20:02 - 2015-09-09 20:10 - 00000000 ____D C:\ProgramData\DataFile
2015-09-09 20:02 - 2015-09-09 20:08 - 00004752 _____ C:\Windows\SysWOW64\Oemupfahdh.ini
2015-09-09 20:02 - 2015-09-09 20:08 - 00002472 _____ C:\Windows\SysWOW64\OemupfahdhOff.ini
2015-09-09 20:02 - 2015-09-09 20:08 - 00002472 _____ C:\Windows\system32\OemupfahdhOff.ini
2015-09-09 20:02 - 2015-09-09 20:02 - 00000000 ____D C:\Windows\system32\phbo
2015-09-09 20:02 - 2015-09-08 01:32 - 00353632 _____ C:\Windows\system32\Oemupfahdh64.dll
2015-09-09 20:02 - 2015-09-08 01:32 - 00283488 _____ C:\Windows\SysWOW64\Oemupfahdh.dll
2015-09-09 20:01 - 2015-09-13 23:07 - 00000372 ____H C:\Windows\Tasks\AXCINCXHMDOCGGXC.job
2015-09-09 20:01 - 2015-09-09 20:01 - 00003384 _____ C:\Windows\System32\Tasks\AXCINCXHMDOCGGXC
2015-09-09 20:01 - 2015-09-09 20:01 - 00000000 ____D C:\ProgramData\Service1291
2015-09-08 20:55 - 2015-08-03 21:03 - 00000854 _____ C:\Windows\system32\Drivers\etc\hp.bak
2015-09-08 20:54 - 2015-09-09 20:03 - 00000000 ____D C:\Users\PAM\AppData\Local\Tempfolder
2015-09-08 20:54 - 2015-09-08 21:08 - 00004792 _____ C:\Windows\SysWOW64\Ufiodnukb.ini
2015-09-08 20:54 - 2015-09-08 21:08 - 00002504 _____ C:\Windows\SysWOW64\UfiodnukbOff.ini
2015-09-08 20:54 - 2015-09-08 21:08 - 00002504 _____ C:\Windows\system32\UfiodnukbOff.ini
2015-09-08 20:54 - 2015-09-08 20:54 - 00000903 _____ C:\Windows\SysWOW64\${LOGFILE}
2015-09-08 20:54 - 2015-09-08 20:54 - 00000000 ____D C:\Windows\system32\tak
2015-09-08 20:54 - 2015-09-08 20:54 - 00000000 ____D C:\Users\PAM\AppData\Roaming\ortmp
2015-09-08 20:54 - 2015-09-08 20:31 - 00353648 _____ C:\Windows\system32\Ufiodnukb64.dll
2015-09-08 20:54 - 2015-09-08 20:31 - 00283504 _____ C:\Windows\SysWOW64\Ufiodnukb.dll
2015-09-08 20:51 - 2015-09-08 20:51 - 00000000 ____D C:\Users\PAM\AppData\Roaming\c
2015-09-08 20:51 - 2015-09-08 20:51 - 00000000 ____D C:\ProgramData\u4c
2015-09-08 20:51 - 2015-09-08 20:51 - 00000000 ____D C:\ProgramData\1441770685
2015-09-08 20:48 - 2015-09-08 20:48 - 00003490 _____ C:\Windows\System32\Tasks\ZIYBY
2015-09-08 20:48 - 2015-09-08 20:48 - 00000000 ____D C:\ProgramData\Service0561
2015-09-10 18:42 - 2015-09-13 23:25 - 00000488 _____ C:\Windows\Tasks\CIMT_S-1-5-21-56948544-175400317-1807394744-1001.job
2015-09-10 18:42 - 2015-09-10 18:47 - 00000522 _____ C:\Windows\Tasks\CIMT_daily_S-1-5-21-56948544-175400317-1807394744-1001.job
2015-09-10 18:42 - 2015-09-10 18:42 - 00003582 _____ C:\Windows\System32\Tasks\CIMT_daily_S-1-5-21-56948544-175400317-1807394744-1001
2015-09-10 18:42 - 2015-09-10 18:42 - 00003472 _____ C:\Windows\System32\Tasks\CIMT_S-1-5-21-56948544-175400317-1807394744-1001
2015-09-10 18:42 - 2015-09-10 18:42 - 00000000 ____D C:\Program Files (x86)\Setup Support for Consumer Input
2015-09-10 18:38 - 2015-09-10 18:38 - 03378936 _____ C:\Windows\SysWOW64\ins_smk.exe
2015-09-10 18:38 - 2015-09-10 18:38 - 00520704 _____ C:\Windows\SysWOW64\ins_U501EXE.exe
2015-09-10 18:38 - 2015-09-10 18:38 - 00000000 ____D C:\Users\PAM\AppData\Local\CrashRpt
Task: {232B4B1F-209A-4A92-9DB7-D85E04C5E823} - System32\Tasks\CIMT_daily_S-1-5-21-56948544-175400317-1807394744-1001 => C:\Program Files (x86)\Consumer Input\Monitoring\dca-monitoring.exe <==== ATTENTION
Task: {50C56041-C617-4549-9335-F30686641862} - System32\Tasks\ZIYBY => C:\ProgramData\Service0561\Service0561.exe [2015-09-08] () <==== ATTENTION
Task: {50EEC17B-B283-4377-A325-112C4C095C2B} - System32\Tasks\Cienaueo => C:\ProgramData\Cienaueo\1.0.5.1\fnenniuu.exe [2015-09-10] ()
Task: {C6FB1B92-6CD9-4AB4-9523-90FC8E1BE5D8} - System32\Tasks\AXCINCXHMDOCGGXC => C:\ProgramData\Service1291\Service1291.exe [2015-09-09] () <==== ATTENTION
Task: {F6D79D7A-4736-4038-8DC0-1EA797DE8912} - System32\Tasks\CIMT_S-1-5-21-56948544-175400317-1807394744-1001 => C:\Program Files (x86)\Consumer Input\Monitoring\dca-monitoring.exe <==== ATTENTION
Task: C:\Windows\Tasks\AXCINCXHMDOCGGXC.job => C:\ProgramData\Service1291\Service1291.exe <==== ATTENTION
Task: C:\Windows\Tasks\CIMT_daily_S-1-5-21-56948544-175400317-1807394744-1001.job => C:\Program Files (x86)\Consumer Input\Monitoring\dca-monitoring.exe <==== ATTENTION
Task: C:\Windows\Tasks\CIMT_S-1-5-21-56948544-175400317-1807394744-1001.job => C:\Program Files (x86)\Consumer Input\Monitoring\dca-monitoring.exe <==== ATTENTION
Itibiti RTC (x32 Version: 0.0.1 - Itibiti Inc) Hidden
HKU\S-1-5-21-56948544-175400317-1807394744-1001\...\Run: [Itibiti.exe] => C:\Program Files (x86)\Itibiti Soft Phone\Itibiti.exe
C:\Program Files (x86)\Itibiti Soft Phone
FirewallRules: [{6768C145-A81F-4D64-A59C-32428AE86FDB}] => (Allow) 㩃停潲牧浡䘠汩獥⠠㡸⤶獜瑩扥潲敫屲楳整牢歯牥攮數
FirewallRules: [{6DEDF643-C034-4842-BCC5-B10A7BD49C28}] => (Allow) 㩃停潲牧浡䘠汩獥⠠㡸⤶獜瑩扥潲敫屲敲瑳楳整牢歯牥攮數
FirewallRules: [{9CB76E26-4374-43AA-9F8F-CBB21B0426E1}] => (Allow) 㩃停潲牧浡䘠汩獥⠠㡸⤶獜瑩扥潲敫屲楳整牢歯牥⹟硥e
FirewallRules: [{630960C3-3696-464A-AC9D-13A2D2FDB71D}] => (Allow) 㩃停潲牧浡䘠汩獥⠠㡸⤶獜瑩扥潲敫屲敲瑳楳整牢歯牥⹟硥e
FirewallRules: [{BBDEA156-5F74-4ADC-B174-AFDC5BB6D746}] => (Allow) C:\Program Files (x86)\Itibiti Soft Phone\Itibiti.exe
FirewallRules: [{4F4B680C-8967-463E-ABD0-E29BD867BB7C}] => (Allow) C:\Program Files (x86)\Itibiti Soft Phone\Itibiti.exe
EmptyTemp:
CMD: bitsadmin /reset /allusers
cmd: netsh advfirewall reset
cmd: netsh advfirewall set allprofiles state on/off
Reg: Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartupApproved" /F
Reg: Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartupApproved" /F
Reg: Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F
Reg: Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F
cmd: sfc /scanfile=C:\Windows\system32\dnsapi.dll
*****************

Processes closed successfully.
Restore point was successfully created.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\cpx => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\msrtn32 => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\prtstart => value removed successfully
"C:\Program Files\shopperz080920151129" => File/Folder not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoControlPanel => value removed successfully
HKU\S-1-5-21-56948544-175400317-1807394744-1001\Software\Microsoft\Windows\CurrentVersion\Run\\DV => value removed successfully
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKU\S-1-5-21-56948544-175400317-1807394744-1001\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
Could not restore Default URLSearchHook.
Could not restore Default URLSearchHook.
Could not restore Default URLSearchHook.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
HKU\S-1-5-21-56948544-175400317-1807394744-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
"HKU\S-1-5-21-56948544-175400317-1807394744-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2582021E-73A4-4BB1-B89D-025F48C938D1}" => key removed successfully
HKCR\CLSID\{2582021E-73A4-4BB1-B89D-025F48C938D1} => key not found.
"HKU\S-1-5-21-56948544-175400317-1807394744-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{DF4E90BD-B786-4FF1-9EA9-E74A05ACFC3F}" => key removed successfully
HKCR\CLSID\{DF4E90BD-B786-4FF1-9EA9-E74A05ACFC3F} => key not found.
"HKU\S-1-5-21-56948544-175400317-1807394744-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E0A72E9A-7D26-4DF6-AE45-C188B2A9D7E5}" => key removed successfully
HKCR\CLSID\{E0A72E9A-7D26-4DF6-AE45-C188B2A9D7E5} => key not found.
HKLM\Software\Mozilla\Firefox\Extensions\\{A9BD0126-107A-4CE4-8DAF-23F7D903078A} => value removed successfully
HKLM\Software\Mozilla\Firefox\Extensions\\{0C297AD1-F730-4FE3-9753-2E03841998C1} => value removed successfully
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\{A9BD0126-107A-4CE4-8DAF-23F7D903078A} => value removed successfully
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\{0C297AD1-F730-4FE3-9753-2E03841998C1} => value removed successfully
Dataup => service removed successfully
QPYYKZHuUjY => service removed successfully
C:\ProgramData\lpADmp => moved successfully
UdvdPork => service removed successfully
C:\Program Files (x86)\cpx => moved successfully
C:\Users\PAM\AppData\Local\mstrn32 => moved successfully
C:\Users\PAM\AppData\Local\cpx => moved successfully
C:\Program Files (x86)\regtool => moved successfully
C:\Program Files (x86)\msrtn32 => moved successfully
C:\Program Files (x86)\dataup => moved successfully
C:\ProgramData\DataFile => moved successfully
C:\Windows\SysWOW64\Oemupfahdh.ini => moved successfully
C:\Windows\SysWOW64\OemupfahdhOff.ini => moved successfully
C:\Windows\system32\OemupfahdhOff.ini => moved successfully
C:\Windows\system32\phbo => moved successfully
C:\Windows\system32\Oemupfahdh64.dll => moved successfully
C:\Windows\SysWOW64\Oemupfahdh.dll => moved successfully
C:\Windows\Tasks\AXCINCXHMDOCGGXC.job => moved successfully
C:\Windows\System32\Tasks\AXCINCXHMDOCGGXC => moved successfully
C:\ProgramData\Service1291 => moved successfully
C:\Windows\system32\Drivers\etc\hp.bak => moved successfully
C:\Users\PAM\AppData\Local\Tempfolder => moved successfully
C:\Windows\SysWOW64\Ufiodnukb.ini => moved successfully
C:\Windows\SysWOW64\UfiodnukbOff.ini => moved successfully
C:\Windows\system32\UfiodnukbOff.ini => moved successfully
C:\Windows\SysWOW64\${LOGFILE} => moved successfully
C:\Windows\system32\tak => moved successfully
C:\Users\PAM\AppData\Roaming\ortmp => moved successfully
C:\Windows\system32\Ufiodnukb64.dll => moved successfully
C:\Windows\SysWOW64\Ufiodnukb.dll => moved successfully
C:\Users\PAM\AppData\Roaming\c => moved successfully
C:\ProgramData\u4c => moved successfully
C:\ProgramData\1441770685 => moved successfully
C:\Windows\System32\Tasks\ZIYBY => moved successfully
C:\ProgramData\Service0561 => moved successfully
C:\Windows\Tasks\CIMT_S-1-5-21-56948544-175400317-1807394744-1001.job => moved successfully
C:\Windows\Tasks\CIMT_daily_S-1-5-21-56948544-175400317-1807394744-1001.job => moved successfully
C:\Windows\System32\Tasks\CIMT_daily_S-1-5-21-56948544-175400317-1807394744-1001 => moved successfully
C:\Windows\System32\Tasks\CIMT_S-1-5-21-56948544-175400317-1807394744-1001 => moved successfully
C:\Program Files (x86)\Setup Support for Consumer Input => moved successfully
C:\Windows\SysWOW64\ins_smk.exe => moved successfully
C:\Windows\SysWOW64\ins_U501EXE.exe => moved successfully
C:\Users\PAM\AppData\Local\CrashRpt => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{232B4B1F-209A-4A92-9DB7-D85E04C5E823}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{232B4B1F-209A-4A92-9DB7-D85E04C5E823}" => key removed successfully
C:\Windows\System32\Tasks\CIMT_daily_S-1-5-21-56948544-175400317-1807394744-1001 => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\CIMT_daily_S-1-5-21-56948544-175400317-1807394744-1001" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{50C56041-C617-4549-9335-F30686641862}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{50C56041-C617-4549-9335-F30686641862}" => key removed successfully
C:\Windows\System32\Tasks\ZIYBY => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ZIYBY" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{50EEC17B-B283-4377-A325-112C4C095C2B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{50EEC17B-B283-4377-A325-112C4C095C2B}" => key removed successfully
C:\Windows\System32\Tasks\Cienaueo => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Cienaueo" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{C6FB1B92-6CD9-4AB4-9523-90FC8E1BE5D8}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C6FB1B92-6CD9-4AB4-9523-90FC8E1BE5D8}" => key removed successfully
C:\Windows\System32\Tasks\AXCINCXHMDOCGGXC => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AXCINCXHMDOCGGXC" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F6D79D7A-4736-4038-8DC0-1EA797DE8912}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F6D79D7A-4736-4038-8DC0-1EA797DE8912}" => key removed successfully
C:\Windows\System32\Tasks\CIMT_S-1-5-21-56948544-175400317-1807394744-1001 => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\CIMT_S-1-5-21-56948544-175400317-1807394744-1001" => key removed successfully
C:\Windows\Tasks\AXCINCXHMDOCGGXC.job => not found.
C:\Windows\Tasks\CIMT_daily_S-1-5-21-56948544-175400317-1807394744-1001.job => not found.
C:\Windows\Tasks\CIMT_S-1-5-21-56948544-175400317-1807394744-1001.job => not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{730E03E4-350E-48E5-9D3E-4329903D454D}\\SystemComponent => value removed successfully
HKU\S-1-5-21-56948544-175400317-1807394744-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Itibiti.exe => value removed successfully
C:\Program Files (x86)\Itibiti Soft Phone => moved successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{6768C145-A81F-4D64-A59C-32428AE86FDB} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{6DEDF643-C034-4842-BCC5-B10A7BD49C28} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{9CB76E26-4374-43AA-9F8F-CBB21B0426E1} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{630960C3-3696-464A-AC9D-13A2D2FDB71D} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{BBDEA156-5F74-4ADC-B174-AFDC5BB6D746} => value not found.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{4F4B680C-8967-463E-ABD0-E29BD867BB7C} => value not found.

=========  bitsadmin /reset /allusers =========


BITSADMIN version 3.0 [ 7.7.9600 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

{D5DDE873-AB4E-4955-95EA-B74B3C079CDD} canceled.
1 out of 1 jobs canceled.

========= End of CMD: =========


=========  netsh advfirewall reset =========

Ok.


========= End of CMD: =========


=========  netsh advfirewall set allprofiles state on/off =========


A specified value is not valid.

Usage:  set allprofiles (parameter) (value)

Parameters:

      state             - Configure the firewall state.
              Usage: state on|off|notconfigured

      firewallpolicy    - Configures default inbound and outbound behavior.
      Usage: firewallpolicy (inbound behavior),(outbound behavior)
         Inbound behavior:
            blockinbound        - Block inbound connections that do not
                                  match an inbound rule.
            blockinboundalways  - Block all inbound connections even if
                                  the connection matches a rule.
            allowinbound        - Allow inbound connections that do
                                  not match a rule.
            notconfigured       - Return the value to its unconfigured state.
         Outbound behavior:
            allowoutbound       - Allow outbound connections that do not
                                  match a rule.
            blockoutbound       - Block outbound connections that do not
                                  match a rule.
            notconfigured       - Return the value to its unconfigured state.

      settings          - Configures firewall settings.
      Usage: settings (parameter) enable|disable|notconfigured
      Parameters:
         localfirewallrules         - Merge local firewall rules with Group
                                      Policy rules. Valid when configuring
                                      a Group Policy store.
         localconsecrules           - Merge local connection security rules
                                      with Group Policy rules. Valid when
                                      configuring a Group Policy store.
         inboundusernotification    - Notify user when a program listens
                                      for inbound connections.
         remotemanagement           - Allow remote management of Windows
                                      Firewall.
         unicastresponsetomulticast - Control stateful unicast response to
                                      multicast.

      logging           - Configures logging settings.
      Usage: logging (parameter) (value)
      Parameters:
         allowedconnections  - Log allowed connections.
                               Values: enable|disable|notconfigured
         droppedconnections  - Log dropped connections.
                               Values: enable|disable|notconfigured
         filename            - Name and location of the firewall log.
                               Values: <string>|notconfigured
         maxfilesize         - Maximum log file size in kilobytes.
                               Values: 1 - 32767|notconfigured

Remarks:

      - Configures profile settings for all profiles.
      - The "notconfigured" value is valid only for a Group Policy store.

Examples:

      Turn the firewall off for all profiles:
      netsh advfirewall set allprofiles state off

      Set the default behavior to block inbound and allow outbound
      connections on all profiles:
      netsh advfirewall set allprofiles firewallpolicy
      blockinbound,allowoutbound

      Turn on remote management on all profiles:
      netsh advfirewall set allprofiles settings remotemanagement enable

      Log dropped connections on all profiles:
      netsh advfirewall set allprofiles logging droppedconnections enable


========= End of CMD: =========


========= Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartupApproved" /F =========

ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========


========= Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartupApproved" /F =========

The operation completed successfully.



========= End of Reg: =========


========= Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F =========

ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========


========= Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F =========

The operation completed successfully.



========= End of Reg: =========


=========  sfc /scanfile=C:\Windows\system32\dnsapi.dll =========


 
 
 
 
 W i n d o w s   R e s o u r c e   P r o t e c t i o n   f o u n d   c o r r u p t   f i l e s   a n d   s u c c e s s f u l l y   r e p a i r e d   
 
 
 t h e m .   D e t a i l s   a r e   i n c l u d e d   i n   t h e   C B S . L o g   w i n d i r \ L o g s \ C B S \ C B S . l o g .   F o r   
 
 
 e x a m p l e   C : \ W i n d o w s \ L o g s \ C B S \ C B S . l o g .   N o t e   t h a t   l o g g i n g   i s   c u r r e n t l y   n o t   
 
 
 s u p p o r t e d   i n   o f f l i n e   s e r v i c i n g   s c e n a r i o s .
 
 
 
 
 
 T h e   s y s t e m   f i l e   r e p a i r   c h a n g e s   w i l l   t a k e   e f f e c t   a f t e r   t h e   n e x t   r e b o o t .
 
 
 
========= End of CMD: =========

EmptyTemp: => 5.3 GB temporary data Removed.


The system needed a reboot..

==== End of Fixlog 11:59:51 ====


  • 0

#4
Nevan

Nevan

    Trusted Helper

  • Malware Removal
  • 1,765 posts

On step three I rebooted and Intibiti RTC program was back on the desktop. Also in step four there was no Consumer Input Update Helper in the programs list either.

There were only three steps in my post. What do you mean by step four?

Also, do these problems with malware still happen?

WARNING! You have no antivirus program installed on your machine. It is important to have one (and only one!), as this is your first line of defense. Antivirus program scans the files that you are currently using, downloading or opening. If it finds something suspicious, it prevents the loading of it, not allowing you to run it and protecting you from malicious software.
Personally I can recommend two free Antivirus programs: Avast and Microsoft Security Essentials. Remember to use the official website which you can access by clicking the names of the Antiviruses I've mentioned.

 
EOEdyWG.png Things that should appear in your next post:
  • Answers to my two questions
  • Please tell me if you have successfully installed an Antivirus program

  • 0

#5
LordOfBones

LordOfBones

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts

Apologies, didnt realise that I was ahead a step. I meant after step 2 I rebooted and the Itibiti program came back after log in. This was the only occurence of the malware continuing. After step 2's reboot I went ahead with step 3 and deleted Itibiti and another driver recovery program that was installed from the malware. Since then I have not noticed any issues.  As for the anti-virus I installed Avast. 


Edited by LordOfBones, 14 September 2015 - 03:23 PM.

  • 0

#6
Nevan

Nevan

    Trusted Helper

  • Malware Removal
  • 1,765 posts

This was the only occurence of the malware continuing.

That's good to hear :)

Nevertheless we still have to make sure that we've taken care of anything that's visible. Please perform the following instructions.

Step #1
INQmTSa.png Junkware Removal Tool
  • Download Junkware Removal Tool to your Desktop
  • Close any open windows
  • Disable your Antivirus program (click here if you don't know how to do this)
  • Double click JRT.exe on your desktop to run it
  • Click any button to start the scan
  • Wait for Junkware Removal Tool to finish the scan
  • When the scan is finished, JRT.txt will be saved to your desktop and it will automatically open
  • Select all (CTRL+A) the content of the log, copy it (CTRL+C) and paste (CTRL+V) it into your next reply.
 
Step #2
LHBIenm.pngAdwCleaner
  • Download AdwCleaner to your Desktop.
  • Close any open windows
  • Double click AdwCleaner.exe on your desktop to run it
  • Click the OvD9RYN.png button
  • Wait for AdwCleaner to finish the scan
  • When the scan is finished, there will be "Pending. Please uncheck elements you don't want to remove" message. Leave everything as it is and click 5W2Ci1o.png button.
  • When the cleaning is finished, the program will ask you to reboot the system. Please do so.
  • Once your machine has rebooted, a Notepad window will be opened. If it won't, you can find it in C:\AdwCleaner. The report will be saved as AdwCleaner[C1].txt.
  • Select all (CTRL+A) the content of the log, copy it (CTRL+C) and paste (CTRL+V) it into your next reply.
Remember to enable your Antivirus program once you're done!

 
EOEdyWG.png Things that should appear in your next post:
  • JRT.txt log content
  • AdwCleaner log content

  • 0

#7
LordOfBones

LordOfBones

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts

The logs you requested:

 

ADW:

 

# AdwCleaner v5.007 - Logfile created 14/09/2015 at 15:09:53
# Updated 08/09/2015 by Xplode
# Database : 2015-09-10.1 [Server]
# Operating system : Windows 8.1  (x64)
# Username : Brandon - VICEOFMORDOR
# Running from : C:\Users\PAM\Desktop\AdwCleaner.exe
# Option : Cleaning
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****


***** [ Files ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}
[-] Key Deleted : HKCU\Software\eSupport.com
[-] Key Deleted : HKCU\Software\DriverRestore
[!] Key Not Deleted : [x64] HKCU\Software\eSupport.com
[!] Key Not Deleted : [x64] HKCU\Software\DriverRestore
[-] Key Deleted : [x64] HKLM\SOFTWARE\WebBar

***** [ Web browsers ] *****


*************************

:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C4].txt - [926 bytes] ##########
 

 

 

JRT:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.6.1 (09.08.2015:1)
OS: Windows 8.1 x64
Ran by Brandon on Mon 09/14/2015 at 14:40:35.84
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services

Successfully deleted: [Service] drvagent64 [Reboot required]



~~~ Tasks



~~~ Registry Values



~~~ Registry Keys



~~~ Files

Successfully deleted: [File] C:\Users\PAM\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\knctr.lnk
Successfully disinfected: [Shortcut] C:\Users\PAM\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet-Explorer Browser.lnk
Successfully disinfected: [Shortcut] C:\Users\PAM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet-Explorer.lnk



~~~ Folders

Successfully deleted: [Folder] C:\Program Files (x86)\driverrestore
Successfully deleted: [Folder] C:\ProgramData\browser
Successfully deleted: [Folder] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\driverrestore
Successfully deleted: [Folder] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\knctr
Successfully deleted: [Folder] C:\ProgramData\radio
Successfully deleted: [Folder] C:\Users\PAM\Appdata\Local\financealert
Successfully deleted: [Folder] C:\Users\PAM\Appdata\Local\installer
Successfully deleted: [Folder] C:\Users\PAM\Appdata\LocalLow\company
Successfully deleted: [Folder] C:\Users\PAM\AppData\Roaming\itibiti
Successfully deleted: [Folder] C:\ProgramData\12db864551ae4c578eb17db1a9f5d3cf



~~~ FireFox

Successfully deleted: [File] C:\Users\PAM\AppData\Roaming\mozilla\firefox\profiles\9r0jzj47.default\extensions\[email protected]
Successfully deleted: [Folder] C:\Users\PAM\AppData\Roaming\mozilla\firefox\profiles\9r0jzj47.default\extensions\trash
Emptied folder: C:\Users\PAM\AppData\Roaming\mozilla\firefox\profiles\9r0jzj47.default\minidumps [1 files]





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 09/14/2015 at 14:43:28.50
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 


  • 0

#8
Nevan

Nevan

    Trusted Helper

  • Malware Removal
  • 1,765 posts
So far so good :)

Some more checks to do. Please perform the following instructions.

Step #1
JHlUMFt.png Malwarebytes Anti-Malware
  • Download Malwarebytes Anti-Malware to your Desktop
  • Double click the file to open it. Install the program.
  • Before you click Finish, make sure that:
    • Enable free trial of Malwarebytes Anti-Malware Premium is unchecked
    • Launch Malwarebytes Anti-Malware is checked
  • In Database version section, click Update Now
  • Once the update is done, click Settings>Detection and Protection
  • Make sure that all three boxes under Detection Options are checked
    vG7pLOy.png
  • Go back to Dashboard and click the big, green Scan Now button.
  • Wait for Malwarebytes Anti-Malware to finish the scan
  • If the program will detect anything, click Remove Selected. The program might want to reboot the system. Allow it it wants to.
  • Once the deletion is done (or after reboot), go to History, select Application Logs and click the latest Scan Log.
  • Click Export, then click Copy to Clipboard.
  • Paste (CTRL+V) the log into your next reply.
 
Step #2
jyv2Te8.png ESET Online Scanner
  • Note: This step can only be done using Internet Explorer, Google Chrome or Mozilla Firefox
  • Disable your Antivirus program (click here if you don't know how to do this).
  • Visit ESET site
  • Click RYa1k8g.png
  • When using:
    • Internet Explorer:
      • Accept the Terms of Use and click Start
      • Allow the running of add-on
    • Other browsers:
      • Download esetsmartinstaller_enu.exe that you'll be given link to
      • Double click esetsmartinstaller_enu.exe
      • Allow the Terms of Use and click Start
  • Make sure that the options are set as the example below:
    temh2Om.png
  • Click Start
  • The program will begin to download it's virus database. The speed may vary depending on your Internet connection.
  • When completed, the program will begin to scan. This may take several hours. Please, be patient.
  • Do not do anything on your machine as it may interrupt the scan
  • When the scan is done, click Finish
  • A log.txt file will be created at C:\Program Files (x86)\ESET\ESET Online Scanner. Open it using Notepad.
  • Select all (CTRL+A) the content of the log, copy it (CTRL+C) and paste (CTRL+V) it into your next reply.
Remember to enable your Antivirus program once you're done!

 
Step #3
4rr98tz.pngFRST Scan
  • Right click FRST64.exe on your Desktop and click Run as administrator. When the tool opens click Yes to disclaimer.
  • Make sure that Addition.txt is checked and press the Scan button.
  • It will produce two logs - one called FRST.txt and another one called Addition.txt in the same directory the tool is run from.
  • Select all (CTRL+A) the content of the logs, copy them (CTRL+C) and paste (CTRL+V) them into your next reply.
 
EOEdyWG.png Things that should appear in your next post:
  • Malwarebytes Anti-Malware log content
  • ESET Online Scanner log content
  • FRST.txt log content
  • Addition.txt log content

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP