Author Topic: " Validate copy of winPC license " malwear  (Read 9252 times)

    " Validate copy of winPC license " malwear
    « on: February 06, 2016, 08:40:58 PM »

    Ok getting some wicked malware on my other top that FRST 64 / ADW / MWB and super anti can t find and remove ; the infected

    computer is a Dell inspiron 15 3000 with windows 8.1  .

    Guessing this won t be fun but need it fixed so what now; guessing i save reports / logs to a snap drive then post to here .

    " Validate copy of WinPC license - 1 - 800-311-5943 -  trojan Zeus Banker "

    Thats what i am getting i hope this rings bells and gets me a fast fix - fingers crossed awaiting help .


      Re: " Validate copy of winPC license " malwear
      « Reply #1 on: February 06, 2016, 08:49:55 PM »

      Dang it the dell computer is shutting down every 15 minutes because of the above malware wear i am using advanced power power settings and all is set to never shut

      down so what now ?

      -  -  -  -  -  -  -  -  -  -  -  -  -  -   

      Ok hope this helps maybe get me a fix - it log to use ; nothing found using A D W -   so awaiting help its so needed  -  -   

      Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:27-01-2016

      Ran by Pestyone (administrator) on LOSTSOUL (06-02-2016 18:16:37)
       Running from C:\Users\Pestyone\Desktop
       Loaded Profiles: Pestyone & Administrator (Available Profiles: Pestyone & Administrator)
       Platform: Windows 8.1 (X64) Language: English (United States)
       Internet Explorer Version 11 (Default browser: IE)
       Boot Mode: Normal
       Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

      ==================== Processes (Whitelisted) =================

      (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

      (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
       (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
       (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
       (Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
       (Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
       (Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
       (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
       (Emsisoft Ltd) C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe
       (Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
       (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
       (SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
       (DELL Inc.) C:\Program Files (x86)\Wyse\PocketCloud\WyseRemoteAccess.exe
       (Microsoft Corporation) C:\Windows\System32\dllhost.exe

      ==================== Registry (Whitelisted) ===========================

      (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

      HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8497368 2015-08-07] (Realtek Semiconductor)
       HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1393880 2015-08-07] (Realtek Semiconductor)
       HKLM-x32\...\Run: [ProductUpdater] => C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe [64512 2015-08-24] ()
       HKU\S-1-5-21-3116091646-4023644724-1358722376-1001\...\Run: [DV] => C:\ProgramData\DataFile\DV.exe [283648 2015-09-13] ()
       HKU\S-1-5-21-3116091646-4023644724-1358722376-1001\...\RunOnce: [Report] => C:\AdwCleaner\AdwCleaner[C2].txt [733 2016-02-06] ()
       HKU\S-1-5-21-3116091646-4023644724-1358722376-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
       HKU\S-1-5-21-3116091646-4023644724-1358722376-1001\...\Winlogon: [Shell] C:\WINDOWS\explorer.exe [2501368 2015-01-27] (Microsoft Corporation) <==== ATTENTION
       HKU\S-1-5-18\...\Run: [] => 0
       ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
       ShellIconOverlayIdentifiers: [DBARFileBackuped] -> {831cebdd-6baf-4432-be76-9e0989c14aef} => C:\WINDOWS\system32\mscoree.dll [2013-08-22] (Microsoft Corporation)
       ShellIconOverlayIdentifiers: [DBARFileNotBackuped] -> {275e4fd7-21ef-45cf-a836-832e5d2cc1b3} => C:\WINDOWS\system32\mscoree.dll [2013-08-22] (Microsoft Corporation)
       ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2015-06-27] (IvoSoft)
       ShellIconOverlayIdentifiers: [SmartFTP Drop] -> {EA5A76F7-8138-4B53-B0F5-ADCC730CAFBD} => C:\Program Files\SmartFTP Client\ShellTools.dll [2015-03-11] (SmartSoft Ltd.)
       ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll [2015-06-27] (IvoSoft)
       CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

      ==================== Internet (Whitelisted) ====================

      (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

      Tcpip\Parameters: [DhcpNameServer]
       Tcpip\..\Interfaces\{30ED7B6C-DD1A-4529-BC73-BF10F70C4313}: [DhcpNameServer]
       Tcpip\..\Interfaces\{8F1F049A-A9E3-4A2C-9BB8-59F001EE17A4}: [DhcpNameServer]

      Internet Explorer:
       HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
       HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
       HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
       HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
       HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
       HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
       HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/search?q={searchTerms}
       HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/search?q={searchTerms}
       HKU\S-1-5-21-3116091646-4023644724-1358722376-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yahoo.com/
       HKU\S-1-5-21-3116091646-4023644724-1358722376-1001\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://g.msn.com/1me10IE11ENUS/WOL_WCP
       HKU\S-1-5-21-3116091646-4023644724-1358722376-500\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yahoo.com/
       HKU\S-1-5-21-3116091646-4023644724-1358722376-500\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell13.msn.com/?pc=DCJB
       HKU\S-1-5-21-3116091646-4023644724-1358722376-500\Software\Microsoft\Internet Explorer\Main,Old Start Page = hxxp://www.yahoo.com/
       SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
       SearchScopes: HKLM -> {F69915E7-A958-4034-8B85-CCBAF32BCDFC} URL = hxxp://cn.bing.com/search?q={searchTerms}&form=IE11TR&src=IE11TR&pc=DCJB
       SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
       SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
       SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
       SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
       SearchScopes: HKU\S-1-5-21-3116091646-4023644724-1358722376-1001 -> {25F4A535-FB3B-4FDD-B54F-51BAA6EEDCCB} URL = hxxps://search.yahoo.com/search?p={searchTerms}&b={startPage?}&fr=ie8
       SearchScopes: HKU\S-1-5-21-3116091646-4023644724-1358722376-1001 -> {F69915E7-A958-4034-8B85-CCBAF32BCDFC} URL =
       SearchScopes: HKU\S-1-5-21-3116091646-4023644724-1358722376-500 -> {F69915E7-A958-4034-8B85-CCBAF32BCDFC} URL = hxxp://cn.bing.com/search?q={searchTerms}&form=IE11TR&src=IE11TR&pc=DCJB
       Toolbar: HKU\S-1-5-21-3116091646-4023644724-1358722376-1001 -> No Name - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} -  No File
       Toolbar: HKU\S-1-5-21-3116091646-4023644724-1358722376-500 -> No Name - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} -  No File
       DPF: HKLM {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
       DPF: HKLM-x32 {6C269571-C6D7-4818-BCA4-32A035E8C884} hxxp://files.creative.com/Web/softwareupdate/su/ocx/15102/CTSUEng.cab
       DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://files.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
       DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://files.creative.com/Web/softwareupdate/ocx/150323/CTPID.cab

       FF ProfilePath: C:\Users\Pestyone\AppData\Roaming\Mozilla\Firefox\Profiles\1527jakz.default
       FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_18_0_0_232.dll [2015-08-31] ()
       FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
       FF Plugin-x32: @adobe.com/AuthorwarePlayer -> C:\WINDOWS\system32\Macromed\AUTHORWA\np32asw.dll [No File]
       FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-08-31] ()
       FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\system32\Adobe\Director\np32dsw_1210150.dll [No File]
       FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
       FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
       FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
       FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
       FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-20] (Google)
       FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-12-10] (Intel Corporation)
       FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-12-10] (Intel Corporation)
       FF Plugin-x32: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-08-31] (Oracle Corporation)
       FF Plugin-x32: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-08-31] (Oracle Corporation)
       FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version= -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll [2012-05-25] (Yahoo! Inc.)
       FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
       FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\\npGoogleUpdate3.dll [2016-02-06] (Google Inc.)
       FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\\npGoogleUpdate3.dll [2016-02-06] (Google Inc.)
       FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
       FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
       FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
       FF Plugin HKU\S-1-5-21-3116091646-4023644724-1358722376-1001: @citrixonline.com/appdetectorplugin -> C:\Users\Pestyone\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-03-30] (Citrix Online)
       FF Extension: Avira Browser Safety - C:\Users\Pestyone\AppData\Roaming\Mozilla\Firefox\Profiles\1527jakz.default\Extensions\[email protected] [2015-09-13] [not signed]
       FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\ProgramData\Wondershare\Video Converter Ultimate\[email protected]
       FF Extension: Wondershare Video Converter Ultimate - C:\ProgramData\Wondershare\Video Converter Ultimate\[email protected] [2015-05-17] [not signed]

       CHR dev: Chrome dev build detected! <======= ATTENTION
       CHR Profile: C:\Users\Pestyone\AppData\Local\Google\Chrome\User Data\Default
       CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
       CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx

      ==================== Services (Whitelisted) ========================

      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

      R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
       R2 a2AntiMalware; C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe [7084784 2016-02-06] (Emsisoft Ltd)
       S2 AtherosSvc; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [318592 2014-01-08] (Windows ® Win 7 DDK provider) [File not signed]
       S2 DellDataVault; C:\Program Files\Dell\DellDataVault\DellDataVault.exe [2573520 2015-05-22] (Dell Inc.)
       S2 DellDataVaultWiz; C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe [201936 2015-05-22] (Dell Inc.)
       S3 DellProdRegManager; C:\Program Files (x86)\Dell Product Registration\regmgrsvc.exe [278568 2014-10-31] (Aviata, Inc.)
       S2 FoxitCloudUpdateService; C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [242880 2015-07-02] (Foxit Software Inc.)
       S2 FreemakeVideoCapture; C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe [9216 2015-08-24] (Ellora Assets Corp.) [File not signed]
       S2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [25800 2015-09-28] (Hewlett-Packard Company)
       S2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [318568 2014-09-30] (Intel Corporation)
       R2 Intel® Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel® Corporation) [File not signed]
       S3 Intel® Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel® Corporation)
       S2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-12-10] (Intel Corporation)
       S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2909472 2015-07-30] (IObit)
       S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
       R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [294616 2015-07-20] (Realtek Semiconductor)
       S2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe [1915920 2014-04-04] (SoftThinks SAS)
       S2 SupportAssistAgent; C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [20648 2015-06-11] (Dell Inc.)
       R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5611280 2015-08-07] (TeamViewer GmbH)
       R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-03] (Microsoft Corporation)
       R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-03] (Microsoft Corporation)
       S2 WysePocketCloud; C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudService.exe [16176 2013-08-22] ()
       R2 WyseRemoteAccess; C:\Program Files (x86)\Wyse\PocketCloud\WyseRemoteAccess.exe [1785344 2013-08-19] (DELL Inc.) [File not signed]

      ===================== Drivers (Whitelisted) ==========================

      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

      S3 anvsnddrv; C:\Windows\system32\drivers\anvsnddrv.sys [33872 2011-11-28] (AnvSoft Inc.)
       R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [4221952 2015-08-24] (Qualcomm Atheros Communications, Inc.)
       R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2014-01-08] (Qualcomm Atheros)
       R3 DDDriver; C:\Windows\system32\drivers\DDDriver64Dcsa.sys [23760 2015-02-26] (Dell Computer Corporation)
       R3 DellProf; C:\Windows\system32\drivers\DellProf.sys [24240 2015-05-22] (Dell Computer Corporation)
       R3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [10752 2013-01-24] (OSR Open Systems Resources, Inc.)
       S3 DigiartyVirtualCDBus; C:\Windows\System32\drivers\DigiartyVirtualCDBus.sys [276256 2015-07-24] (Digiarty Software, Inc.)
       S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
       R1 epp64; C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\epp64.sys [138504 2016-02-06] (Emsisoft GmbH)
       R1 HWiNFO32; C:\WINDOWS\SysWOW64\drivers\HWiNFO64A.SYS [26528 2015-02-21] (REALiX™)
       R3 iaLPSS_GPIO; C:\Windows\System32\drivers\iaLPSS_GPIO.sys [35832 2015-06-29] (Intel Corporation)
       R3 iaLPSS_I2C; C:\Windows\System32\drivers\iaLPSS_I2C.sys [120312 2015-06-29] (Intel Corporation)
       R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
       S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [113880 2015-09-13] (Malwarebytes Corporation)
       S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-06-18] (Malwarebytes Corporation)
       R3 MEIx64; C:\Windows\System32\drivers\TeeDriverx64.sys [129312 2015-02-25] (Intel Corporation)
       R2 npf; C:\Windows\System32\drivers\npf.sys [35344 2011-02-11] (CACE Technologies, Inc.)
       S3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [50320 2015-01-29] (Panda Security, S.L.)
       U5 RTSPER; C:\Windows\System32\Drivers\RTSPER.sys [788696 2014-12-23] (Realsil Semiconductor Corporation)
       R3 RTSUER; C:\Windows\system32\Drivers\RtsUer.sys [402136 2015-08-05] (Realsil Semiconductor Corporation)
       R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
       R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
       S3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [33448 2015-07-13] (Synaptics Incorporated)
       R3 SynRMIHID; C:\Windows\system32\DRIVERS\SynRMIHID.sys [41200 2014-01-15] (Synaptics Incorporated)
       U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-04-26] ()
       S3 trufos; C:\Windows\System32\drivers\trufos.sys [350160 2015-04-09] (BitDefender S.R.L.)
       S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44024 2015-02-03] (Microsoft Corporation)
       R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [264000 2015-02-03] (Microsoft Corporation)
       R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-03] (Microsoft Corporation)
       S3 WiseHDInfo; C:\WINDOWS\WiseHDInfo64.dll [11304 2015-04-14] (wisecleaner.com) [File not signed]
       S1 BAPIDRV; system32\DRIVERS\BAPIDRV64.sys [X]
       S3 CLVirtualBus01; \SystemRoot\System32\drivers\CLVirtualBus01.sys [X]
       S3 CtClsFlt; \SystemRoot\system32\DRIVERS\CtClsFlt.sys [X]
       S3 PCDSRVC{3B54B31B-D06B6431-06020200}_0; \??\c:\program files\dell\supportassist\pcdsrvc_x64.pkms [X]
       S1 ZAM; \??\C:\WINDOWS\System32\drivers\zam64.sys [X]
       S1 ZAM_Guard; \??\C:\WINDOWS\System32\drivers\zamguard64.sys [X]

      ==================== NetSvcs (Whitelisted) ===================

      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

      ==================== One Month Created files and folders ========

      (If an entry is included in the fixlist, the file/folder will be moved.)

      2016-02-06 18:16 - 2016-02-06 18:17 - 00019092 _____ C:\Users\Pestyone\Desktop\FRST.txt
       2016-02-06 18:13 - 2016-02-06 18:13 - 01508352 _____ C:\Users\Pestyone\Desktop\AdwCleaner.exe

      ==================== One Month Modified files and folders ========

      (If an entry is included in the fixlist, the file/folder will be moved.)

      2016-02-06 18:16 - 2015-09-13 10:55 - 00000000 ____D C:\Program Files (x86)\Emsisoft Anti-Malware
       2016-02-06 18:16 - 2015-06-22 07:37 - 00000000 ____D C:\Users\Pestyone\Desktop\FRST-OlderVersion
       2016-02-06 18:16 - 2015-06-06 04:06 - 00000000 ____D C:\AdwCleaner
       2016-02-06 18:16 - 2015-04-24 13:31 - 00000000 ____D C:\FRST
       2016-02-06 18:16 - 2015-04-24 11:34 - 02370560 _____ (Farbar) C:\Users\Pestyone\Desktop\FRST64.exe
       2016-02-06 18:14 - 2015-08-03 12:26 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
       2016-02-06 18:14 - 2015-04-20 09:43 - 00003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3116091646-4023644724-1358722376-1001
       2016-02-06 18:14 - 2014-03-18 04:53 - 00863592 _____ C:\WINDOWS\system32\PerfStringBackup.INI
       2016-02-06 18:14 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\Inf
       2016-02-06 18:13 - 2015-09-11 18:12 - 00000000 ____D C:\Users\Pestyone\AppData\Roaming\SlimBrowser
       2016-02-06 18:12 - 2014-09-16 07:44 - 00000000 ____D C:\Program Files (x86)\Dell Backup and Recovery
       2016-02-06 18:11 - 2015-02-25 15:20 - 00000000 ____D C:\ProgramData\Ultra Adware Killer
       2016-02-06 18:10 - 2015-08-24 13:23 - 00002880 _____ C:\WINDOWS\System32\Tasks\Driver Booster SkipUAC (Pestyone)
       2016-02-06 18:10 - 2015-08-20 00:39 - 00000920 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
       2016-02-06 18:10 - 2015-07-17 13:19 - 00000000 ____D C:\Users\Pestyone\AppData\Local\ClassicShell
       2016-02-06 18:08 - 2013-08-22 09:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
       2016-02-06 18:07 - 2013-08-22 08:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
       2016-02-06 18:06 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\AppReadiness
       2016-02-06 17:59 - 2014-11-28 14:28 - 00000000 ____D C:\Users\Pestyone\AppData\Local\Packages
       2016-02-06 17:59 - 2013-08-22 10:36 - 00000000 ___HD C:\Program Files\WindowsApps
       2016-02-06 17:45 - 2015-04-21 00:55 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
       2016-02-06 17:42 - 2015-08-20 00:39 - 00000924 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
       2016-02-06 17:38 - 2014-09-16 07:47 - 00000000 ____D C:\Program Files (x86)\Dell
       2016-02-06 17:37 - 2015-08-20 00:39 - 00003896 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
       2016-02-06 17:37 - 2015-08-20 00:39 - 00003660 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
       2016-02-06 17:34 - 2015-08-24 13:23 - 00002166 _____ C:\Users\Public\Desktop\Driver Booster 2.lnk
       2016-02-06 17:30 - 2015-08-24 13:23 - 00000000 ____D C:\ProgramData\ProductData

      ==================== Files in the root of some directories =======

      2015-04-16 11:48 - 2015-08-03 05:03 - 0000629 _____ () C:\Users\Pestyone\AppData\Roaming\burnaware.ini
       2015-06-25 04:06 - 2015-06-25 04:06 - 0068890 _____ () C:\Users\Pestyone\AppData\Roaming\ClassicFTP.dmp
       2015-03-16 06:38 - 2015-06-22 03:42 - 0099384 _____ () C:\Users\Pestyone\AppData\Roaming\inst.exe
       2015-03-16 06:38 - 2015-06-22 03:42 - 0007859 _____ () C:\Users\Pestyone\AppData\Roaming\pcouffin.cat
       2015-03-16 06:38 - 2015-06-22 03:42 - 0001167 _____ () C:\Users\Pestyone\AppData\Roaming\pcouffin.inf
       2015-04-17 14:07 - 2015-06-22 03:42 - 0000055 _____ () C:\Users\Pestyone\AppData\Roaming\pcouffin.log
       2015-03-16 06:38 - 2015-06-22 03:42 - 0082816 _____ (VSO Software) C:\Users\Pestyone\AppData\Roaming\pcouffin.sys
       2015-04-14 00:01 - 2015-04-14 01:15 - 0558080 _____ () C:\Users\Pestyone\AppData\Roaming\SharedSettings.ccs
       2015-03-16 06:39 - 2015-09-11 22:36 - 0001059 _____ () C:\Users\Pestyone\AppData\Roaming\vso_ts_preview.xml
       2015-04-13 17:39 - 2015-04-13 18:05 - 0000600 _____ () C:\Users\Pestyone\AppData\Roaming\winscp.rnd
       2015-07-23 19:26 - 2015-07-23 19:28 - 0004608 _____ () C:\Users\Pestyone\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
       2015-04-28 08:52 - 2015-05-02 01:44 - 0000046 _____ () C:\Users\Pestyone\AppData\Local\DonationCoder_findrunrobot_InstallInfo.dat
       2015-09-13 08:44 - 2015-09-13 08:44 - 0613255 _____ (CMI Limited) C:\Users\Pestyone\AppData\Local\nsy2C3D.tmp
       2015-03-08 13:50 - 2015-03-08 13:50 - 0000414 _____ () C:\Users\Pestyone\AppData\Local\Temp-log.txt
       2015-03-08 13:50 - 2015-03-08 13:50 - 0000000 _____ () C:\Users\Pestyone\AppData\Local\Temp.dat
       2014-09-16 07:10 - 2014-09-16 07:10 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
       2015-07-23 19:19 - 2015-07-23 19:19 - 0000001 _____ () C:\ProgramData\SRTCTUacSts.txt
       2015-03-05 03:34 - 2015-03-05 03:34 - 0000032 _____ () C:\ProgramData\Temp.log
       2015-07-23 19:19 - 2015-07-23 19:19 - 1593561 ____N (                                                            ) C:\ProgramData\TR.exe
       2014-09-16 07:32 - 2014-09-16 07:32 - 0000121 _____ () C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log
       2014-09-16 07:28 - 2014-09-16 07:29 - 0000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log
       2014-09-16 07:29 - 2014-09-16 07:30 - 0000111 _____ () C:\ProgramData\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}.log
       2014-09-16 07:30 - 2014-09-16 07:32 - 0000108 _____ () C:\ProgramData\{B46BEA36-0B71-4A4E-AE41-87241643FA0A}.log
       2014-09-16 07:27 - 2014-09-16 07:28 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log

      Files to move or delete:

      Some files in TEMP:

      Some zero byte size files/folders:

      ==================== Bamital & volsnap =================

      (There is no automatic fix for files that do not pass verification.)

      C:\WINDOWS\system32\winlogon.exe => File is digitally signed
       C:\WINDOWS\system32\wininit.exe => File is digitally signed
       C:\WINDOWS\explorer.exe => File is digitally signed
       C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
       C:\WINDOWS\system32\svchost.exe => File is digitally signed
       C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
       C:\WINDOWS\system32\services.exe => File is digitally signed
       C:\WINDOWS\system32\User32.dll => File is digitally signed
       C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
       C:\WINDOWS\system32\userinit.exe => File is digitally signed
       C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
       C:\WINDOWS\system32\rpcss.dll => File is digitally signed
       C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
       C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
       C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

      LastRegBack: 2015-09-06 05:27

      ==================== End of FRST.txt ============================




      Additional scan result of Farbar Recovery Scan Tool (x64) Version:27-01-2016
       Ran by Pestyone (2016-02-06 18:17:45)
       Running from C:\Users\Pestyone\Desktop
       Windows 8.1 (X64) (2015-02-22 02:24:59)
       Boot Mode: Normal

      ==================== Accounts: =============================

      Administrator (S-1-5-21-3116091646-4023644724-1358722376-500 - Administrator - Disabled) => C:\Users\Administrator
       Guest (S-1-5-21-3116091646-4023644724-1358722376-501 - Limited - Disabled)
       Pestyone (S-1-5-21-3116091646-4023644724-1358722376-1001 - Administrator - Enabled) => C:\Users\Pestyone

      ==================== Security Center ========================

      (If an entry is included in the fixlist, it will be removed.)

      AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
       AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

      ==================== Installed Programs ======================

      (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

      Adobe Flash Player 12 ActiveX & Plugin 64-bit (HKLM\...\Adobe Flash Player ActiveX) (Version: - Adobe Systems Incorporated)
       Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: - Adobe Systems Incorporated)
       Adobe Reader XI (11.0.12) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.12 - Adobe Systems Incorporated)
       Adobe Shockwave Player + Authorware Web Player (HKLM-x32\...\Adobe Shockwave Player + Authorware Web Player) (Version: v12.1.0.150 - Adobe Systems, Inc.)
       Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: - Apple Inc.)
       Ashampoo Burning Studio 2015 v.1.15.3 (HKLM-x32\...\{91B33C97-21E3-DF34-9630-2EE80DDE1648}_is1) (Version: 1.15.3 - Ashampoo GmbH & Co. KG)
       Bandizip (HKLM\...\Bandizip) (Version: 5.06 - Bandisoft.com)
       calibre (HKLM-x32\...\{7C1B7566-C44C-4436-B08D-636337C7C665}) (Version: 2.19.0 - Kovid Goyal)
       CCleaner (HKLM\...\CCleaner) (Version: 5.02 - Piriform)
       Classic Shell (HKLM\...\{7C129CF8-199F-4269-AAEE-60B5D8D716E2}) (Version: 4.2.1 - IvoSoft)
       ConvertXtoDVD (HKLM-x32\...\{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1) (Version: - )
       Crap Cleaner (HKLM-x32\...\Crap Cleaner_is1) (Version: 2.0 - Evonsoft)
       Dell Backup and Recovery - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: - Dell Inc.)
       Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: - Dell Inc.)
       Dell Data Vault (Version: - Dell Inc.) Hidden
       Dell Digital Delivery (HKLM-x32\...\{693A23FB-F28B-4F7A-A720-4C1263F97F43}) (Version: 3.1.1002.0 - Dell Products, LP)
       Dell Product Registration (HKLM-x32\...\{24F2AD94-CC1B-4294-B184-D4D31A3186A7}) (Version: 2.42.0012 - Aviata Inc.)
       Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.1.6664.10 - Dell)
       Dell SupportAssistAgent (HKLM-x32\...\{287348C8-8B47-4C36-AF28-441A3B7D8722}) (Version: - Dell)
       Dell System Detect (HKU\S-1-5-21-3116091646-4023644724-1358722376-500\...\73f463568823ebbe) (Version: - Dell)
       Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: - Synaptics Incorporated)
       Dell Update (HKLM-x32\...\{9E4750A7-90F6-4181-8A8A-B1ADF4216E93}) (Version: 1.0.1059.0 - Dell Inc.)
       Dell WLAN and Bluetooth Client Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Dell Inc.)
       Driver Booster 2.4 (HKLM-x32\...\Driver Booster_is1) (Version: 2.4 - IObit)
       EasyDuplicateFinder v4.8 (HKLM\...\Easy Duplicate Finder 4_is1) (Version:  - WebMinds, Inc.)
       Emsisoft Anti-Malware (HKLM-x32\...\{5502032C-88C1-4303-99FE-B5CBD7684CEA}_is1) (Version: 10.0 - Emsisoft Ltd.)
       FileSearchy (HKLM-x32\...\FileSearchy) (Version: 1.4 - Midlinesoft)
       FileZilla Client (HKLM-x32\...\FileZilla Client) (Version: - Tim Kosse)
       FlashPeak SlimBrowser (HKLM-x32\...\SlimBrowser) (Version: 7.00.124 - FlashPeak Inc.)
       Foxit Cloud (HKLM-x32\...\{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1) (Version: - Foxit Software Inc.)
       Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: - Foxit Software Inc.)
       Freemake Video Converter version 4.1.6 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.1.6 - Ellora Assets Corporation)
       Freemake Video Downloader (HKLM-x32\...\Freemake Video Downloader_is1) (Version: 3.7.5 - Ellora Assets Corporation)
       Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: - Google)
       Google Update Helper (x32 Version: - Google Inc.) Hidden
       HP Support Solutions Framework (HKLM-x32\...\{A772EA32-AE5B-4474-BFC0-4C69C04AFF6A}) (Version: - Hewlett-Packard Company)
       Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: - Intel Corporation)
       Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: - Intel Corporation)
       Itibiti RTC (x32 Version: 0.0.1 - Itibiti Inc) Hidden
       Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
       Java 8 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218051F0}) (Version: 8.0.510 - Oracle Corporation)
       Java 8 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218060F0}) (Version: 8.0.600.27 - Oracle Corporation)
       LibreOffice (HKLM-x32\...\{8D8F47B2-0E03-4C50-9803-A01120878F96}) (Version: - The Document Foundation)
       Malwarebytes Anti-Malware version (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: - Malwarebytes Corporation)
       Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
       Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
       Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
       Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
       Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
       Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
       Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
       Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
       Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
       Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
       Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
       Panda Cloud Cleaner (HKLM-x32\...\{92B2B132-C7F0-43DC-921A-4493C04F78A4}_is1) (Version: 1.1.2 - Panda Security)
       PocketCloud (HKLM-x32\...\{D9752C7D-A595-4687-A0D5-362E9C311C55}) (Version: 2.7.14 - Wyse Technology)
       Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: - Qualcomm Atheros Communications)
       Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 11.1.18 - Dell Inc.)
       Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.370.71 - Realtek Semiconductor Corp.)
       Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: - Realtek Semiconductor Corp.)
       Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
       SmartFTP Client (HKLM\...\{D67A4A07-FF25-4570-8E56-14B596BF6071}) (Version: 6.0.2136.0 - SmartSoft Ltd.)
       Speccy (HKLM\...\Speccy) (Version: 1.28 - Piriform)
       SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1186 - SUPERAntiSpyware.com)
       TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.45862 - TeamViewer)
       TeamViewer 8 (HKLM-x32\...\TeamViewer 8) (Version: 8.0.17292 - TeamViewer)
       Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: - AVG Technologies)
       Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: - AVG Technologies CZ, s.r.o.)
       VSO Media Player (HKLM-x32\...\{59F1E8E6-60EC-4CC1-8C72-E0F38E585215}_is1) (Version: - VSO Software)
       Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)
       Yahoo! Software Update (HKLM-x32\...\Yahoo! Software Update) (Version:  - )

      ==================== Custom CLSID (Whitelisted): ==========================

      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

      CustomCLSID: HKU\S-1-5-21-3116091646-4023644724-1358722376-1001_Classes\CLSID\{5B69A6B4-393B-459C-8EBB-214237A9E7AC}\InprocServer32 -> C:\Program Files\Bandizip\bdzshl64.dll (Bandisoft.com)
       CustomCLSID: HKU\S-1-5-21-3116091646-4023644724-1358722376-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)

      ==================== Scheduled Tasks (Whitelisted) =============

      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

      Task: {00E7886E-3CF6-4B6F-BC35-210C2D7FC61F} - System32\Tasks\{6B955214-4325-4252-ADCA-90CDA5DD1B2B} => pcalua.exe -a F:\autorun\installer.exe
       Task: {138011FA-7813-4F19-A1C4-6CA49D7E2EF5} - System32\Tasks\Dell\Dell Product Registration Update => /updatecheck /LSRC=autolaunch
       Task: {1C3D1F66-5C08-455E-A8E7-834907A2C7AE} - \PocketCloud -> No File <==== ATTENTION
       Task: {2A09FA8F-5916-4F85-AE65-9362BF60FEB2} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell\SupportAssist\uaclauncher.exe [2015-05-25] (PC-Doctor, Inc.)
       Task: {311BCA98-355D-452B-8456-4867CC7E0419} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
       Task: {474B2C2E-8E31-464F-8E31-97575EC9B1E2} - System32\Tasks\RtHDVBg_PushButton => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2015-08-07] (Realtek Semiconductor)
       Task: {4A87B82D-9A3C-4A11-A5DC-7F756F4C4559} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Dell\SupportAssist\sessionchecker.exe [2015-05-25] (PC-Doctor, Inc.)
       Task: {4C200A31-F510-44D1-BC08-FF9C03335AA0} - System32\Tasks\{8FA83659-6752-4F85-B29D-A9F43A11AB55} => pcalua.exe -a "C:\Program Files (x86)\epson\escndv\setup\setup.exe" -c /r
       Task: {52EC1006-C2C2-485C-AB31-F31100546F0C} - System32\Tasks\Driver Booster SkipUAC (Pestyone) => C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe [2015-07-06] (IObit)
       Task: {57B6690B-1CA5-46E0-8360-2403DE0E6352} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2015-06-24] (Hewlett-Packard)
       Task: {5AC61936-26F1-4454-89B2-556A4829114D} - System32\Tasks\FileSearchy_SkipUAC => C:\Program Files (x86)\FileSearchy\FileSearchy.exe [2015-05-14] ()
       Task: {5BC891EE-13A1-4062-8EC7-58BC788C1AEB} - System32\Tasks\{7C1582DD-876F-4BB2-ABFF-C478DA16A747} => pcalua.exe -a "C:\Program Files (x86)\Polarity\Uninstall.exe"
       Task: {6E7CDC42-235B-43E9-BA58-FAA0EC2E72E7} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-20] (Google Inc.)
       Task: {78E27F11-458D-414E-9898-9E5A03209F10} - \PocketCloudVirtualChannel -> No File <==== ATTENTION
       Task: {7EE03077-5BF5-49A8-BBCE-2D3CB308FA6F} - \CCleanerSkipUAC -> No File <==== ATTENTION
       Task: {80CF96AF-1D6A-45B1-90F4-C23F68DDAF41} - System32\Tasks\WiseCleaner\WRCSkipUAC => C:\Users\Pestyone\AppData\Local\Temp\BNZ.55b50473d252fcb\Wise Registry Cleaner\WiseRegCleaner.exe <==== ATTENTION
       Task: {86FD647A-90DF-4726-BF4F-3495845EE8F7} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)
       Task: {AFAAAD36-9CC0-4E36-9DD3-057609E5418C} - \{C435504B-6E4E-4435-9713-449BE5CF008C} -> No File <==== ATTENTION
       Task: {BA02C09E-B774-42A9-8121-64C5E2A02324} - \PocketCloudUpdater -> No File <==== ATTENTION
       Task: {BA48FCCD-F364-42BF-B684-E7B4DCC4D3D1} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= auto
       Task: {BE86D0C0-39A6-4916-8BF3-B555880D7B60} - System32\Tasks\Driver Booster Scan => C:\Program Files (x86)\IObit\Driver Booster\Scheduler.exe [2015-07-06] (IObit)
       Task: {C3B38D13-B8C0-4A74-B541-152DD7B2B743} - System32\Tasks\Driver Booster Update => C:\Program Files (x86)\IObit\Driver Booster\AutoUpdate.exe [2015-07-06] (IObit)
       Task: {C4CDF127-75BC-4E8F-86C8-CD4B2A14DC88} - \Synaptics TouchPad Enhancements -> No File <==== ATTENTION
       Task: {DD446C02-BCE4-4A79-9F1D-BA5BA667EFCC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-20] (Google Inc.)
       Task: {EA43288E-586C-439F-A0A4-7F08F664A8B6} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-08-31] (Adobe Systems Incorporated)
       Task: {EDC055E7-9D40-45D5-B474-1EE9DC3BEC5C} - System32\Tasks\D59B9D36-C4CA-4860-9981-78DF8DA9E2FE => C:\Users\Pestyone\AppData\Local\D59B9D36-C4CA-4860-9981-78DF8DA9E2FE\D59B9D36-C4CA-4860-9981-78DF8DA9E2FE.exe <==== ATTENTION
       Task: {F6CCB01F-C216-49C0-9A48-45C6B6FCBF56} - System32\Tasks\Dell\Dell Product Registration => /boot /LSRC=autolaunch
       Task: {FD38E186-21BC-4B98-B124-E191DBDFE3E4} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssist.exe [2015-06-11] (Dell Inc.)

      (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

      Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
       Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
       Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

      ==================== Shortcuts =============================

      (The entries could be listed to be restored or removed.)

      ==================== Loaded Modules (Whitelisted) ==============

      2014-09-16 07:46 - 2014-03-12 14:22 - 00020256 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIcon.dll
       2014-09-16 07:46 - 2014-03-12 14:22 - 00019232 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayNotBackuped.dll
       2014-09-16 07:32 - 2013-12-10 10:27 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll

      ==================== Alternate Data Streams (Whitelisted) =========

      (If an entry is included in the fixlist, only the ADS will be removed.)

      ==================== Safe Mode (Whitelisted) ===================

      (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

      HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
       HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Click 2 Fix+ => "DisplayName"="Dell"
       HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Click 2 Fix+ => "ErrorControl"="1"
       HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Click 2 Fix+ => "ImagePath"="C:\Program Files\Dell\Click 2 Fix+\srvc.exe"
       HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Click 2 Fix+ => "ObjectName"="LocalSystem"
       HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Click 2 Fix+ => "Start"="2"
       HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Click 2 Fix+ => "Type"="272"
       HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Click 2 Fix+\Parameters => "Application"="C:\Program Files\Dell\Click 2 Fix+\srvc.exe"
       HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Click 2 Fix+\Parameters => "AppParameters"=""
       HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
       HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\str => ""="service"

      ==================== EXE Association (Whitelisted) ===============

      (If an entry is included in the fixlist, the registry item will be restored to default or removed.)

      ==================== Internet Explorer trusted/restricted ===============

      (If an entry is included in the fixlist, it will be removed from the registry.)

      IE trusted site: HKU\S-1-5-21-3116091646-4023644724-1358722376-1001\...\dell.com -> dell.com
       IE trusted site: HKU\S-1-5-21-3116091646-4023644724-1358722376-1001\...\localhost -> localhost
       IE trusted site: HKU\S-1-5-21-3116091646-4023644724-1358722376-1001\...\webcompanion.com -> hxxp://webcompanion.com
       IE restricted site: HKU\S-1-5-21-3116091646-4023644724-1358722376-1001\...\errorhelp.info -> hxxp://www.errorhelp.info
       IE restricted site: HKU\S-1-5-21-3116091646-4023644724-1358722376-1001\...\securitytech.help -> hxxp://notice.securitytech.help
       IE restricted site: HKU\S-1-5-21-3116091646-4023644724-1358722376-1001\...\show-tips.com -> hxxp://show-tips.com
       IE trusted site: HKU\S-1-5-21-3116091646-4023644724-1358722376-500\...\dell.com -> dell.com
       IE restricted site: HKU\S-1-5-21-3116091646-4023644724-1358722376-500\...\errorhelp.info -> hxxp://www.errorhelp.info
       IE restricted site: HKU\S-1-5-21-3116091646-4023644724-1358722376-500\...\securitytech.help -> hxxp://notice.securitytech.help
       IE restricted site: HKU\S-1-5-21-3116091646-4023644724-1358722376-500\...\show-tips.com -> hxxp://show-tips.com

      ==================== Hosts content: ===============================

      (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

      2015-04-12 15:54 - 2015-06-17 11:06 - 00000732 ____N C:\WINDOWS\system32\Drivers\etc\hosts       localhost

      ==================== Other Areas ============================

      (Currently there is no automatic fix for this section.)

      HKU\S-1-5-21-3116091646-4023644724-1358722376-1001\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\dell\BlueLava_1112000xx_inspiron_wallpaper58095_16x9_72dpi_RGB.jpg
       HKU\S-1-5-21-3116091646-4023644724-1358722376-500\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
       DNS Servers:
       HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
       Windows Firewall is enabled.

      ==================== MSCONFIG/TASK MANAGER disabled items ==

      (Currently there is no automatic fix for this section.)

      HKLM\...\StartupApproved\Run: => "QuickSet"
       HKLM\...\StartupApproved\Run32: => "CanonQuickMenu"
       HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
       HKLM\...\StartupApproved\Run32: => "DelaypluginInstall"
       HKLM\...\StartupApproved\Run32: => "Wondershare Helper Compact.exe"
       HKLM\...\StartupApproved\Run32: => "IObit Malware Fighter"
       HKLM\...\StartupApproved\Run32: => "ProductUpdater"
       HKU\S-1-5-21-3116091646-4023644724-1358722376-1001\...\StartupApproved\Run: => "ALLUpdate"
       HKU\S-1-5-21-3116091646-4023644724-1358722376-1001\...\StartupApproved\Run: => "DellSystemDetect"
       HKU\S-1-5-21-3116091646-4023644724-1358722376-1001\...\StartupApproved\Run: => "GUDelayStartup"
       HKU\S-1-5-21-3116091646-4023644724-1358722376-1001\...\StartupApproved\Run: => "SUPERAntiSpyware"
       HKU\S-1-5-21-3116091646-4023644724-1358722376-500\...\StartupApproved\Run: => "ALLUpdate"
       HKU\S-1-5-21-3116091646-4023644724-1358722376-500\...\StartupApproved\Run: => "DellSystemDetect"

      ==================== FirewallRules (Whitelisted) ===============

      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

      FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
       FirewallRules: [{CF28D58A-D9B9-486A-A906-528CB67635A6}] => (Allow) C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudDesktopApp.exe
       FirewallRules: [{97054E85-4EA3-4CB3-9650-37A810E71A04}] => (Allow) C:\Program Files (x86)\Wyse\PocketCloud\WyseRemoteAccess.exe
       FirewallRules: [{04A24F6C-3028-4F3A-A42C-BFB1B7A78E70}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
       FirewallRules: [{F799EA34-626C-47E0-AEF9-7F6FD3E23727}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
       FirewallRules: [{6AD8E1D9-E99D-4DCE-BE30-246F7CBF44A8}] => (Allow) C:\Program Files\SmartFTP Client\SmartFTP.exe
       FirewallRules: [TCP Query User{F253BEBB-4295-45FC-A97D-B0CC5D87EF17}C:\program files (x86)\libreoffice 4\program\soffice.bin] => (Allow) C:\program files (x86)\libreoffice 4\program\soffice.bin
       FirewallRules: [UDP Query User{7E5E9CD3-1138-4603-8C56-921C85C48933}C:\program files (x86)\libreoffice 4\program\soffice.bin] => (Allow) C:\program files (x86)\libreoffice 4\program\soffice.bin
       FirewallRules: [{2F671EE5-795F-419C-AF2A-39522348CE30}] => (Block) C:\program files (x86)\libreoffice 4\program\soffice.bin
       FirewallRules: [{A8C0D860-660E-4860-89B9-EC512F1F538B}] => (Block) C:\program files (x86)\libreoffice 4\program\soffice.bin
       FirewallRules: [TCP Query User{148A250A-840F-4C9C-B466-0803703EBFC0}C:\program files\filezilla ftp client\filezilla.exe] => (Allow) C:\program files\filezilla ftp client\filezilla.exe
       FirewallRules: [UDP Query User{56A63C1E-9B14-4744-93A2-2FA59A66DC86}C:\program files\filezilla ftp client\filezilla.exe] => (Allow) C:\program files\filezilla ftp client\filezilla.exe
       FirewallRules: [{84C87AA0-187C-4EFE-8C03-3D625ACC2A0E}] => (Block) C:\program files\filezilla ftp client\filezilla.exe
       FirewallRules: [{F106C25F-C6EB-458B-9FD2-A39418226AAA}] => (Block) C:\program files\filezilla ftp client\filezilla.exe
       FirewallRules: [{F2F41182-36B8-4037-A00E-B5268B94CBAF}] => (Block) Freemake video converter
       FirewallRules: [{C9F08616-8FC3-4D8A-8659-4E7A03915C34}] => (Allow) C:\Users\Pestyone\AppData\Local\Temp\nsjE7B5.tmp\Installer-75031047.exe
       FirewallRules: [{8E43C94F-7E1D-42F9-B56D-EB2900EE9A7F}] => (Allow) C:\Users\Pestyone\AppData\Local\Temp\nsjE7B5.tmp\Installer-75031047.exe
       FirewallRules: [{55DD8484-8ABC-427D-900C-75117611709C}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
       FirewallRules: [{C42AEF59-F283-4536-B204-29C377A3D77F}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
       FirewallRules: [{D41ADFCB-FE73-4205-8307-C457B0B7AFC6}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
       FirewallRules: [{725652C2-C63B-41E4-9F19-08814485C824}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
       FirewallRules: [{6B4D9167-15A6-4D2F-A317-A4F5ED5D86C2}] => (Allow) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
       FirewallRules: [{FEFD9FA4-B8FD-4A83-BC72-7500BDBDA4FB}] => (Allow) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
       FirewallRules: [{75C690C0-EC6D-4E2C-919C-07C770F94D57}] => (Allow) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
       FirewallRules: [{FC03E6F4-D463-4E61-8A6E-4F9EA0FBB4D2}] => (Allow) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe

      ==================== Restore Points =========================

      ==================== Faulty Device Manager Devices =============

      ==================== Event log errors: =========================

      Application errors:
       Error: (02/06/2016 05:29:57 PM) (Source: Perflib) (EventID: 1008) (User: )
       Description: BITSC:\Windows\System32\bitsperf.dll8

      Error: (10/16/2015 11:42:17 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
       Description: Failed extract of third-party root list from auto update cab at: <http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid.

      Error: (10/16/2015 11:38:56 PM) (Source: Application Error) (EventID: 1000) (User: )
       Description: Faulting application name: SSUPDATE64.EXE, version:, time stamp: 0x53d80800
       Faulting module name: SSUPDATE64.EXE, version:, time stamp: 0x53d80800
       Exception code: 0xc0000005
       Fault offset: 0x0000000000024c65
       Faulting process id: 0xae4
       Faulting application start time: 0xSSUPDATE64.EXE0
       Faulting application path: SSUPDATE64.EXE1
       Faulting module path: SSUPDATE64.EXE2
       Report Id: SSUPDATE64.EXE3
       Faulting package full name: SSUPDATE64.EXE4
       Faulting package-relative application ID: SSUPDATE64.EXE5

      Error: (10/16/2015 11:38:05 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
       Description: Failed extract of third-party root list from auto update cab at: <http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid.

      Error: (10/16/2015 11:37:37 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
       Description: Failed extract of third-party root list from auto update cab at: <http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid.

      Error: (10/16/2015 11:37:36 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
       Description: Failed extract of third-party root list from auto update cab at: <http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid.

      Error: (10/16/2015 11:37:35 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
       Description: Failed extract of third-party root list from auto update cab at: <http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid.

      Error: (10/16/2015 11:37:33 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
       Description: Failed extract of third-party root list from auto update cab at: <http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid.

      Error: (10/16/2015 11:37:32 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
       Description: Failed extract of third-party root list from auto update cab at: <http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid.

      Error: (10/16/2015 11:37:32 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
       Description: Failed extract of third-party root list from auto update cab at: <http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid.

      System errors:
       Error: (02/06/2016 06:16:17 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
       Description: The Dell Data Vault Wizard service terminated unexpectedly.  It has done this 1 time(s).

      Error: (02/06/2016 06:16:17 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
       Description: The HP Support Solutions Framework Service service terminated unexpectedly.  It has done this 1 time(s).

      Error: (02/06/2016 06:16:17 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
       Description: The Intel® Dynamic Application Loader Host Interface Service service terminated unexpectedly.  It has done this 1 time(s).

      Error: (02/06/2016 06:16:17 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
       Description: The SoftThinks Agent Service service terminated unexpectedly.  It has done this 1 time(s).

      Error: (02/06/2016 06:16:17 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
       Description: The Wyse PocketCloud service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

      Error: (02/06/2016 06:16:17 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
       Description: The Wyse RemoteAccess service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service.

      Error: (02/06/2016 06:16:17 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
       Description: The WMI Performance Adapter service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.

      Error: (02/06/2016 06:16:17 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
       Description: The Dell Data Vault service terminated unexpectedly.  It has done this 1 time(s).

      Error: (02/06/2016 06:16:17 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
       Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

      Error: (02/06/2016 06:16:17 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
       Description: The Windows Presentation Foundation Font Cache service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.

         Date: 2015-09-13 05:46:58.778
         Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.

        Date: 2015-09-13 05:40:33.419
         Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.

        Date: 2015-09-13 05:40:12.134
         Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.

        Date: 2015-09-13 05:40:05.248
         Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.

        Date: 2015-09-13 05:39:59.084
         Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.

        Date: 2015-09-13 05:39:58.911
         Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.

        Date: 2015-09-13 05:38:01.921
         Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.

        Date: 2015-09-13 05:37:43.430
         Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.

        Date: 2015-09-13 05:37:21.473
         Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.

        Date: 2015-09-13 05:37:13.255
         Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.

      ==================== Memory info ===========================

      Processor: Intel® Core™ i3-4030U CPU @ 1.90GHz
       Percentage of memory in use: 33%
       Total physical RAM: 4000.17 MB
       Available physical RAM: 2674.29 MB
       Total Virtual: 4576.17 MB
       Available Virtual: 2754.06 MB

      ==================== Drives ================================

      Drive c: (OS) (Fixed) (Total:456.04 GB) (Free:357.1 GB) NTFS

      ==================== MBR & Partition Table ==================

       Disk: 0 (Size: 465.8 GB) (Disk ID: 6BC648E8)

      Partition: GPT.

      ==================== End of Addition.txt ============================



        Re: " Validate copy of winPC license " malwear
        « Reply #2 on: February 06, 2016, 11:01:04 PM »
        Yikes hope i am not the only one getting this pop up malwear grrrrr i can t reset or reformat the lap top thanks to the malwear so

        still need help dang it fingers crossed .


        Re: " Validate copy of winPC license " malwear
        « Reply #3 on: February 07, 2016, 12:24:42 PM »
        Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer.

        1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
        2. The fixes are specific to your problem and should only be used for this issue on this machine.
        3. If you don't know or understand something, please don't hesitate to ask.
        4. Please DO NOT run any other tools or scans while I am helping you.
        5. It is important that you reply to this thread. Do not start a new topic.
        6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
        7. Absence of symptoms does not mean that everything is clear.

        If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
        Please download AdwCleaner by Xplode onto your Desktop.

        Before starting AdwCleaner, close all open programs and internet browsers, then double-click on the AdwCleaner icon.

        If Windows prompts you as to whether or not you wish to run AdwCleaner, please allow it to run.
        When the AdwCleaner program will open, click on the Scan button as shown below.

        AdwCleaner will now start to search for malicious files that may be installed on your computer.
        To remove the files that were detected in the previous step, please click on the Clean button.

        AdwCleaner will now prompt you to save any open files or data as the program will need to reboot the computer. Please do so and then click on the OK button. AdwCleaner will now delete all detected adware from your computer. When it is done it will display an alert that explains what PUPs (Potentially Unwanted Programs) and Adware are. Please read through this information and then press the OK button. You will now be presented with an alert that states AdwCleaner needs to reboot your computer.
        Please click on the OK button to allow AdwCleaner reboot your computer.A log will be produced. Please copy and paste this log in your next reply.
        Please download Malwarebytes Anti-Malware from here.
        Double Click mbam-setup.exe to install the application.
        • It should update automatically if the computer is connected to the internet.
        • Click on Threat Scan and click on Scan Now.
        • The scan may take some time to finish,so please be patient.
        • When the scan is complete make sure all the infections have "quarantine" selected in the Action box.
        • Click on "Apply actions" You may be asked to Restart your computer to completely remove the infections.
        • When disinfection is completed you can click on "Copy to Clipboard".
        • Paste the log in you next reply (CTRL+ V)
        Please download Junkware Removal Tool to your desktop.

        Warning! Once the scan is complete JRT will shut down your browser with NO warning.

        Shut down your protection software now to avoid potential conflicts.

        •Temporarily disable your Antivirus and any Antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

        •Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click JRT and select Run as Administrator

        •The tool will open and start scanning your system.

        •Please be patient as this can take a while to complete depending on your system's specifications.

        •On completion, a log (JRT.txt) is saved to your desktop and will automatically open.

        •Copy and Paste the JRT.txt log into your next message.
        Download Security Check by screen317 from one of the following links and save it to your desktop.

        Link 1
        Link 2

        * Double-click Security Check.bat
        * Follow the on-screen instructions inside of the black box.
        * A Notepad document should open automatically called checkup.txt
        * Post the contents of that document in your next reply.

        Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.
        Windows 8 and Windows 10 dual boot with two SSD's



          • Experience: Experienced
          • OS: Linux variant
          Re: " Validate copy of winPC license " malwear
          « Reply #4 on: July 04, 2017, 03:22:38 PM »
          I realize SuperDave posted this back in 2016, but I have to give kudos to him for supplying Verylost with an abundance of great info, only to have his post completely ignored! The user who was asking for free help from a community of helpful people did provide a Farbar (AMAZING!), but wasn't happy that no one got back to him that same night after 8:49 PM (message at 11:01 PM). The answer by SuperDave was provided in under 24 hours (~15 hrs. is really good, just afternoon), but Verylost never posted anything after SuperDave offered advice. Was Dave supposed work at 9PM? What could Dave have done better in order for Verylost to realize that his question was important and would be answered in the order it was received? Nothing. Dave did everything he could have done!
          Thanks for wasting this guy Dave’s time, Verylost. My actual issue that I’m following up on was slowed down so that Dave could help you, but you couldn’t bother to check back, thank anyone, or see if valuable info was posted for the next time your dumbass gets another malware attack! And, it will happen, dude, just wait. You won’t know what to do though because you didn’t learn the steps to fix it the 1st time! You just keep reinstalling the OS every time that happens, we’ll sit here and laugh at what can occur as a result of doing that! ;)
          I work in tech support and I wish people would understood and appreciate their technicians more. Here we have Dave spending his time reading people's posts, like: "Help!!!!!! I need Help NOW-yyy Pleazzzz!!!"  ???
          Ok, ok, I guess I am exaggerating a wee bit...

          But seriously, Dave (and techs like me) read people's problems all day and all night. When we go out to have a li’l fun, people we've just met learn that we're in tech support start to describe their tech issues to us expecting  that we want to work right then. We feel obliged to supply free help, but when we need help with something, like a new transmission for our car, no one we've helped is anywhere in sight! Or, the people become silent and just look at us like we're some kind of fire-breathing tech guru who they won't ever be able to understand or have fun with at a party or a bar etc.
          So, if you're not in tech support, and you're asking for help, whether the tech's paid to do it or not, please try to show some common courtesy! We promise to appreciate your courtesy by providing stellar assistance!

          I'd venture to say that the vast majority of techs agree with this. I'm a level III tech, so I'm the last rung of support before the developers or Upper Management, so I hear all types of issues! I've done Tech I & II, and I have to say that Tech I is the most difficult! I really hope that anyone reading this realizes that the tech I reps have no heads-up time to read background info, they have to be personable for customer service and technical, which is not as common (or as easy) as you might think. So, give them a break, they're trying to keep you happy, keep the managers happy...all while searching for a needle in the haystack that is your issue!