Solved Behavior:Win32/Powessere.D MALEWARE

[Boufeez]

I HAVE RUN MULTIPLE SCANS WITH ROGUEKILLER , ESET, KEEPS DETECTING BUT CANNOT REMOVE.

I AM READY FOR INSTRUCTIONS

THANK YOU

 

[Boufeez]

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01
Ran by Administrator (administrator) on OFFICE-1-PC (12-11-2016 13:52:29)
Running from C:\Users\Administrator\Documents\system cleaning tools
Loaded Profiles: Administrator & MSSQLServerOLAPService & ReportServer & MSSQLFDLauncher & SQLSERVERAGENT & MsDtsServer120 & MSSQLSERVER & Classic .NET AppPool & DefaultAppPool & ASP.NET v4.0 Classic (Available Profiles: Administrator & MSSQLServerOLAPService & ReportServer & MSSQLFDLauncher & SQLSERVERAGENT & MsDtsServer120 & MSSQLSERVER & Classic .NET AppPool & DefaultAppPool & ASP.NET v4.0 Classic)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe
(Inventive Labs, LLC) C:\Program Files (x86)\CTI32\cti32svc.exe
(Inventive Labs, Inc.) C:\Program Files (x86)\Inventive Labs\Hmp Elements Server\HmpElementsServer.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel(R) Corporation) C:\Program Files\Intel\BCA\pabeSvc64.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL12.MSSQLSERVER\MSSQL\Binn\sqlservr.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Atheros) C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL12.MSSQLSERVER\MSSQL\Binn\SQLAGENT.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Spotify Ltd) C:\Users\Administrator\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL12.MSSQLSERVER\MSSQL\Binn\fdlauncher.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL12.MSSQLSERVER\MSSQL\Binn\fdhost.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
() C:\SPD Enterprise\SpitFire_BusinessService\Spitfire_BusinessService.exe
() C:\SPD Enterprise\SpitFire_LoginService\Spitfire_LoginService.exe
(McAfee, Inc.) C:\Program Files\TrueKey\McTkSchedulerService.exe
() C:\SPD Enterprise\SpitFire_DialService\Spitfire_DialService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Mail\wlmail.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrobat.exe
(Macrovision Europe Ltd.) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
(Zemana Ltd.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
(Emsisoft Ltd) C:\Program Files\Emsisoft Anti-Malware\a2service.exe
(Emsisoft Ltd) C:\Program Files\Emsisoft Anti-Malware\a2guard.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [286704 2013-04-30] (Intel Corporation)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1340192 2016-01-29] (Microsoft Corporation)
HKLM\...\Run: [ZAM] => C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [13900016 2016-11-09] (Zemana Ltd.)
HKLM\...\Run: [emsisoft anti-malware] => c:\program files\emsisoft anti-malware\a2guard.exe [9234848 2016-01-06] (Emsisoft Ltd)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-04-26] (Intel Corporation)
HKLM\...\Policies\Explorer: [TaskbarNoNotification] 1
HKU\S-1-5-21-3097266444-2333562351-893229259-500\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8455960 2015-08-19] (Piriform Ltd)
HKU\S-1-5-21-3097266444-2333562351-893229259-500\...\Run: [FreeAC] => C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe [3015072 2016-01-19] (Comfort Software Group)
HKU\S-1-5-21-3097266444-2333562351-893229259-500\...\Run: [Spotify Web Helper] => C:\Users\Administrator\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1523312 2016-08-25] (Spotify Ltd)
HKU\S-1-5-21-3097266444-2333562351-893229259-500\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)
HKU\S-1-5-21-3097266444-2333562351-893229259-500\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [11264 2009-07-13] (Microsoft Corporation)
HKU\S-1-5-18\...A8F59079A8D5}\localserver32: <==== ATTENTION
Lsa: [Notification Packages] scecli C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\..\Interfaces\{422811A0-BBB7-4BD5-AAAE-BB743DC9F38E}: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{9D3C4071-F374-4945-9A9C-1599E5144CC0}: [NameServer] 8.8.8.8,8.4.4.4

Internet Explorer:
==================
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.msn.com/spbasic.htm
HKU\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=619797&pc=UE09&ocid=UE09DHP
HKU\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/en-ca/?pc=UE09&ocid=UE09DHP
SearchScopes: HKU\S-1-5-21-3097266444-2333562351-893229259-500 -> DefaultScope {EC9701E3-6157-4220-8002-811A11D70AD3} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKU\S-1-5-21-3097266444-2333562351-893229259-500 -> {EC9701E3-6157-4220-8002-811A11D70AD3} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007-05-10] (Adobe Systems Incorporated)
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab

FireFox:
========
FF ProfilePath: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\sehvjwbc.default-1478932049003
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_22_0_0_192.dll [2016-07-11] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_192.dll [2016-07-11] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-01-24] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-01-24] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-01-24] (Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi [2016-10-20] [not signed]

Chrome:
=======
CHR Profile: C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-01-31]
CHR Extension: (Google Docs) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-01-31]
CHR Extension: (Google Drive) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-01-31]
CHR Extension: (YouTube) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-01-31]
CHR Extension: (Google Search) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-01-31]
CHR Extension: (Google Sheets) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-01-31]
CHR Extension: (Google Docs Offline) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-04-23]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-23]
CHR Extension: (Gmail) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-01-31]
CHR Extension: (Chrome Media Router) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-08-07]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
R2 a2AntiMalware; C:\Program Files\Emsisoft Anti-Malware\a2service.exe [10900888 2016-01-06] (Emsisoft Ltd)
R2 AtherosSvc; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [322176 2014-10-28] (Windows (R) Win 7 DDK provider) [File not signed]
S4 Bonjour Service; C:\Program Files (x86)\Bonjour\mDNSResponder.exe [229376 2006-02-28] (Apple Computer, Inc.) [File not signed]
R2 Cti32svc; C:\Program Files (x86)\CTI32\cti32svc.exe [24576 2015-07-16] (Inventive Labs, LLC) [File not signed]
R3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2015-11-24] (Macrovision Europe Ltd.) [File not signed]
R2 HmpElements; C:\Program Files (x86)\Inventive Labs\Hmp Elements Server\HmpElementsServer.exe [1948104 2015-09-17] (Inventive Labs, Inc.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-04-30] (Intel Corporation)
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [2451456 2012-07-13] (Realsil Microelectronics Inc.) [File not signed]
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [732160 2012-12-10] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129336 2013-01-31] (Intel Corporation)
R2 IntelBCAsvc; C:\Program Files\Intel\BCA\pabeSvc64.exe [3026584 2016-05-06] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [167736 2013-01-31] (Intel Corporation)
S3 MsDtsServer120; C:\Program Files\Microsoft SQL Server\120\DTS\Binn\MsDtsSrvr.exe [216768 2016-06-18] (Microsoft Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2016-01-29] (Microsoft Corporation)
R3 MSSQLFDLauncher; C:\Program Files\Microsoft SQL Server\MSSQL12.MSSQLSERVER\MSSQL\Binn\fdlauncher.exe [50880 2014-02-21] (Microsoft Corporation)
R2 MSSQLSERVER; C:\Program Files\Microsoft SQL Server\MSSQL12.MSSQLSERVER\MSSQL\Binn\sqlservr.exe [372416 2016-06-18] (Microsoft Corporation)
S3 MSSQLServerOLAPService; C:\Program Files\Microsoft SQL Server\MSAS12.MSSQLSERVER\OLAP\bin\msmdsrv.exe [51184320 2016-06-18] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [374344 2016-01-29] (Microsoft Corporation)
S3 ReportServer; C:\Program Files\Microsoft SQL Server\MSRS12.MSSQLSERVER\Reporting Services\ReportServer\bin\ReportingServicesService.exe [2536640 2016-06-18] (Microsoft Corporation)
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-02-28] (Riverbed Technology, Inc.)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [202824 2013-01-18] (Realtek Semiconductor)
R2 Spitfire_BusinessService; C:\SPD Enterprise\SpitFire_BusinessService\Spitfire_BusinessService.exe [7168 2016-06-10] () [File not signed]
R2 Spitfire_DialService; C:\SPD Enterprise\SpitFire_DialService\Spitfire_DialService.exe [6656 2016-07-07] () [File not signed]
R2 Spitfire_LoginService; C:\SPD Enterprise\SpitFire_LoginService\Spitfire_LoginService.exe [7680 2016-01-12] () [File not signed]
S4 Spitfire_RecordingService; C:\SPD Enterprise\SpitFire_RecordingService\Spitfire_RecordingService.exe [6656 2013-12-31] () [File not signed]
S3 SQL Server Distributed Replay Client; C:\Program Files (x86)\Microsoft SQL Server\120\Tools\DReplayClient\DReplayClient.exe [139968 2014-02-21] (Microsoft Corporation)
S3 SQL Server Distributed Replay Controller; C:\Program Files (x86)\Microsoft SQL Server\120\Tools\DReplayController\DReplayController.exe [345280 2014-02-21] (Microsoft Corporation)
R2 SQLSERVERAGENT; C:\Program Files\Microsoft SQL Server\MSSQL12.MSSQLSERVER\MSSQL\Binn\SQLAGENT.EXE [613056 2016-06-18] (Microsoft Corporation)
S4 TrueKey; C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe [908256 2016-07-14] (McAfee, Inc.)
R2 TrueKeyScheduler; C:\Program Files\TrueKey\McTkSchedulerService.exe [15736 2016-07-14] (McAfee, Inc.)
S3 TrueKeyServiceHelper; C:\Program Files\TrueKey\McAfee.TrueKey.ServiceHelper.exe [86864 2016-07-14] (McAfee, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 ZAMSvc; C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [13900016 2016-11-09] (Zemana Ltd.)
R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [81536 2014-05-13] (Atheros) [File not signed]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 BTATH_LWFLT; C:\Windows\System32\DRIVERS\btath_lwflt.sys [77464 2014-10-28] (Qualcomm Atheros)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R1 epp; C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\epp.sys [123992 2015-10-23] (Emsisoft Ltd)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28656 2013-04-30] (Intel Corporation)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [116736 2014-02-19] (Intel Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [289120 2015-11-13] (Microsoft Corporation)
R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133816 2015-11-13] (Microsoft Corporation)
R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-02-28] (Riverbed Technology, Inc.)
S4 RsFx0320; C:\Windows\System32\DRIVERS\RsFx0320.sys [250048 2016-06-18] (Microsoft Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R2 SSPORT; C:\Windows\SysWOW64\Drivers\SSPORT.sys [11576 2009-10-28] (Samsung Electronics)
R3 usbkey; C:\Windows\System32\DRIVERS\USBKey64.sys [40288 2015-08-14] ()
R3 WirelessKeyboardFilter; C:\Windows\System32\DRIVERS\WirelessKeyboardFilter.sys [49384 2016-03-29] (Microsoft Corporation)
R1 ZAM; C:\Windows\System32\drivers\zam64.sys [203680 2016-11-12] (Zemana Ltd.)
R1 ZAM_Guard; C:\Windows\System32\drivers\zamguard64.sys [203680 2016-11-12] (Zemana Ltd.)
S2 DgiVecp; \??\C:\Windows\system32\Drivers\DgiVecp.sys [X]
S3 DrvAgent64; \??\C:\Windows\SysWOW64\Drivers\DrvAgent64.SYS [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-11-12 13:27 - 2016-11-12 13:27 - 00000896 _____ C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
2016-11-12 13:27 - 2016-11-12 13:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware
2016-11-12 13:26 - 2016-11-12 13:52 - 00000000 ____D C:\Program Files\Emsisoft Anti-Malware
2016-11-12 13:23 - 2016-11-12 13:26 - 212514840 _____ (Emsisoft Ltd. ) C:\Users\Administrator\Desktop\EmsisoftAntiMalwareSetup_bc.exe
2016-11-12 13:13 - 2016-11-12 13:50 - 00000000 ____D C:\Users\Administrator\Desktop\mbar
2016-11-12 13:13 - 2016-11-12 13:13 - 00000000 ____D C:\Users\Administrator\Downloads\TMRBLog
2016-11-12 13:00 - 2016-11-12 13:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware
2016-11-12 12:59 - 2016-11-12 13:52 - 00052844 _____ C:\Windows\ZAM.krnl.trace
2016-11-12 12:59 - 2016-11-12 13:52 - 00018218 _____ C:\Windows\ZAM_Guard.krnl.trace
2016-11-12 12:59 - 2016-11-12 13:00 - 00203680 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zamguard64.sys
2016-11-12 12:59 - 2016-11-12 13:00 - 00203680 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zam64.sys
2016-11-12 12:59 - 2016-11-12 13:00 - 00001076 _____ C:\Users\Public\Desktop\Zemana AntiMalware.lnk
2016-11-12 12:59 - 2016-11-12 13:00 - 00000000 ____D C:\Program Files (x86)\Zemana AntiMalware
2016-11-12 12:59 - 2016-11-12 12:59 - 00000000 ____D C:\Users\Administrator\AppData\Local\Zemana
2016-11-12 12:54 - 2016-11-12 12:59 - 05603048 _____ ( ) C:\Users\Administrator\Desktop\Zemana.AntiMalware.Setup.exe
2016-11-12 01:23 - 2016-11-12 01:27 - 00000000 ____D C:\Users\Administrator\Desktop\Old Firefox Data
2016-11-12 01:06 - 2016-11-12 01:06 - 34114800 _____ (Adlice Software ) C:\Users\Administrator\Desktop\setup.exe
2016-11-11 17:39 - 2016-11-11 17:40 - 00064029 _____ C:\Users\Administrator\Desktop\KJJWD21026 File.csv
2016-11-11 12:35 - 2016-11-11 12:35 - 00110560 _____ C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2016-11-11 12:32 - 2016-11-11 12:32 - 02354776 _____ C:\Windows\system32\FNTCACHE.DAT
2016-11-09 18:13 - 2016-11-09 18:14 - 05962913 _____ C:\Users\Administrator\Desktop\plugin.video.seehdER-0.0.4.zip
2016-11-09 18:10 - 2016-11-09 18:10 - 03215934 _____ C:\Users\Administrator\Desktop\plugin.video.ZemTV-shani-5.9.2.zip
2016-11-09 18:08 - 2016-11-09 18:08 - 01765719 _____ C:\Users\Administrator\Desktop\plugin.video.specto-2016.11.1.1.zip
2016-11-09 17:59 - 2016-11-09 17:59 - 03055067 _____ C:\Users\Administrator\Desktop\plugin.video.icefilms-1.99.03.zip
2016-11-01 15:47 - 2016-11-01 15:47 - 00223266 _____ C:\Users\Administrator\Documents\445.xps
2016-10-20 19:47 - 2016-10-21 11:49 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-10-14 20:05 - 2016-10-18 21:01 - 00002238 ____H C:\Users\Administrator\Documents\Default.rdp

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-11-12 13:52 - 2016-03-27 16:46 - 00000000 ____D C:\Users\Administrator\Documents\system cleaning tools
2016-11-12 13:52 - 2015-12-27 16:35 - 00000000 ____D C:\FRST
2016-11-12 13:50 - 2015-11-28 22:21 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2016-11-12 13:14 - 2016-05-27 23:32 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-11-12 13:13 - 2016-05-27 23:31 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-11-12 13:02 - 2015-08-14 10:33 - 00000000 ____D C:\Users\Administrator
2016-11-12 13:00 - 2016-01-31 01:40 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-11-12 12:43 - 2015-12-24 21:16 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2016-11-12 12:02 - 2015-08-26 11:27 - 00028272 _____ C:\Windows\system32\Drivers\TrueSight.sys
2016-11-12 11:56 - 2009-07-13 23:45 - 00021312 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-11-12 11:56 - 2009-07-13 23:45 - 00021312 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-11-12 11:51 - 2009-07-14 00:13 - 01098426 _____ C:\Windows\system32\PerfStringBackup.INI
2016-11-12 11:51 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\inf
2016-11-12 11:47 - 2016-03-31 13:19 - 00000439 _____ C:\Windows\system32\Drivers\etc\hosts.ics
2016-11-12 11:46 - 2016-01-31 01:40 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-11-12 11:45 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-11-12 01:47 - 2015-08-19 20:01 - 00003970 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{457B9D94-DBA1-45CA-8B54-1BFDDB92A0F5}
2016-11-12 01:06 - 2016-05-27 23:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2016-11-12 01:06 - 2016-05-27 23:08 - 00000000 ____D C:\Program Files\RogueKiller
2016-11-12 00:49 - 2015-12-27 17:20 - 00000000 ____D C:\AdwCleaner
2016-11-12 00:46 - 2015-08-19 18:20 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Skype
2016-11-11 19:01 - 2015-12-29 17:39 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Kodi
2016-11-09 13:45 - 2015-08-14 10:34 - 00000000 ____D C:\Users\Administrator\AppData\Local\LogMeIn Rescue Calling Card
2016-11-09 13:35 - 2015-08-14 10:34 - 00000000 ____D C:\Program Files (x86)\LogMeIn Rescue Calling Card
2016-11-09 13:24 - 2015-08-14 10:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpitFire Online Support
2016-11-08 09:04 - 2015-11-12 19:00 - 00000000 ____D C:\Users\MSSQLFDLauncher
2016-11-07 00:17 - 2015-08-19 17:32 - 00000000 ____D C:\Users\Administrator\AppData\Local\CrashDumps
2016-11-01 09:29 - 2016-09-08 10:09 - 00000000 ____D C:\Users\SQLSERVERAGENT
2016-11-01 09:29 - 2015-11-12 19:00 - 00000000 ____D C:\Users\MSSQLSERVER
2016-10-30 10:41 - 2015-12-04 00:32 - 00018944 _____ C:\Users\Administrator\Documents\Kamasutra.xlsx
2016-10-29 15:51 - 2015-08-14 10:50 - 00000000 ____D C:\Program Files (x86)\CTI32
2016-10-28 18:22 - 2015-08-28 20:25 - 11579432 _____ (SurfRight B.V.) C:\Users\Administrator\Downloads\HitmanPro_x64.exe
2016-10-26 16:29 - 2010-11-20 22:27 - 00485032 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2016-10-25 17:06 - 2016-01-31 01:42 - 00002195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-10-22 08:48 - 2015-12-28 01:44 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-10-19 13:17 - 2015-10-06 20:07 - 00000000 ____D C:\Users\Administrator\AppData\Local\Windows Live Writer

==================== Files in the root of some directories =======

2016-08-02 12:47 - 2016-08-02 12:47 - 0000757 _____ () C:\Users\Administrator\AppData\Local\recently-used.xbel

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-11-06 18:58

==================== End of FRST.txt ============================

 

[Boufeez]

Additional scan result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
Ran by Administrator (2016-11-12 13:53:03)
Running from C:\Users\Administrator\Documents\system cleaning tools
Windows 7 Professional Service Pack 1 (X64) (2015-08-13 20:31:49)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3097266444-2333562351-893229259-500 - Administrator - Enabled) => C:\Users\Administrator
Guest (S-1-5-21-3097266444-2333562351-893229259-501 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Emsisoft Anti-Malware (Enabled - Up to date) {15510D9D-6530-DA29-224F-7BA1BDD1CB58}
AV: Microsoft Security Essentials (Enabled - Up to date) {768124D7-F5F7-6D2F-DDC2-94DFA4017C95}
AS: Microsoft Security Essentials (Enabled - Up to date) {CDE0C533-D3CD-62A1-E772-AFADDF863628}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Emsisoft Anti-Malware (Enabled - Up to date) {AE30EC79-430A-D5A7-18FF-40D3C65681E5}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Add or Remove Adobe Creative Suite 3 Master Collection (HKLM-x32\...\Adobe_4dcfd9b7e901b57f81f667144603236) (Version: 1.0 - Adobe Systems Incorporated)
Adobe Flash Player 21 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 21.0.0.242 - Adobe Systems Incorporated)
Adobe Flash Player 22 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 22.0.0.192 - Adobe Systems Incorporated)
AgentApp (HKLM-x32\...\{AF941339-68D2-4F19-9FEA-F085EF20E33E}) (Version: 1.0.0 - OPC Marketing, Inc.)
AHV content for Acrobat and Flash (x32 Version: 1 - Adobe Systems Incorporated) Hidden
AMD Catalyst Install Manager (HKLM\...\{F62CA14F-AB88-4A97-7752-BF36193B4CC3}) (Version: 8.0.903.0 - Advanced Micro Devices, Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.09 - Piriform)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
CTI32 (HKLM-x32\...\{859C79E6-9913-437E-888E-C8891D8D32C5}) (Version: 4.5.0.0 - Inventive Labs, LLC)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Digital Delivery (HKLM-x32\...\{693A23FB-F28B-4F7A-A720-4C1263F97F43}) (Version: 3.1.1002.0 - Dell Products, LP)
Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.2.6793.01 - Dell)
Dell System Detect (HKU\S-1-5-21-3097266444-2333562351-893229259-500\...\58d94f3ce2c27db0) (Version: 7.6.0.4 - Dell)
Dell WLAN and Bluetooth Client Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Dell Inc.)
Emsisoft Anti-Malware (HKLM\...\{5502032C-88C1-4303-99FE-B5CBD7684CEA}_is1) (Version: 11.0 - Emsisoft Ltd.)
FileZilla Client 3.16.1 (HKLM-x32\...\FileZilla Client) (Version: 3.16.1 - Tim Kosse)
Free Alarm Clock (HKLM-x32\...\{8ED5A2F1-338F-4608-8AF7-BCD1ADC1E1F7}_is1) (Version: 4.0.1.0 - Comfort Software Group)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 54.0.2840.71 - Google Inc.)
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
Hmp Elements Server (HKLM-x32\...\{E9DD8AB9-0D79-47A0-9142-A3DC7FB789A1}) (Version: 1.0.0 - Inventive Labs)
Intel Driver Update Utility (HKLM-x32\...\{fe92d390-13ee-4660-a2f8-39a066fdffe0}) (Version: 2.2.0.5 - Intel)
Intel Security True Key (HKLM\...\TrueKey) (Version: 4.4.129.1 - Intel Security)
Intel(R) Driver Update Utility 2.2.0.5 (x32 Version: 2.2.0.1 - Intel) Hidden
Intel(R) Manageability Engine Firmware Recovery Agent (HKLM-x32\...\{A6C48A9F-694A-4234-B3AA-62590B668927}) (Version: 1.0.0.36702 - Intel Corporation)
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.0.1168 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.0.1310 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.6.0.1033 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.5.0.19 - Intel Corporation)
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Kodi (HKU\S-1-5-21-3097266444-2333562351-893229259-500\...\Kodi) (Version: - XBMC-Foundation)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Help Viewer 1.1 (HKLM\...\Microsoft Help Viewer 1.1) (Version: 1.1.40219 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.6.140.0 - Microsoft Corporation)
Microsoft ODBC Driver 11 for SQL Server (HKLM\...\{A22EED3F-6DB6-4987-8023-6C6B7030E554}) (Version: 12.2.5000.0 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Report Viewer 2014 Runtime (HKLM-x32\...\{327E9C0D-1687-414F-923E-F5979E549548}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft Report Viewer Redistributable 2008 SP1 (HKLM-x32\...\Microsoft Report Viewer Redistributable 2008 (KB971119)) (Version: - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.9.218.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Management Objects (HKLM-x32\...\{83F2B8F4-5CF3-4BE9-9772-9543EAE4AC5F}) (Version: 10.51.2500.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files (HKLM\...\{6292D514-17A4-403F-98F9-E150F10C043D}) (Version: 10.3.5500.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client (HKLM\...\{C20DACBE-19F2-47FF-AD22-BBB493499346}) (Version: 11.2.5643.3 - Microsoft Corporation)
Microsoft SQL Server 2014 (64-bit) (HKLM\...\Microsoft SQL Server SQLServer2014) (Version: - Microsoft Corporation)
Microsoft SQL Server 2014 Policies (HKLM-x32\...\{1C30FE7E-8A8C-4492-89D6-10CB20C3B0EB}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 RS Add-in for SharePoint (HKLM\...\{38C1D7A5-BB5D-4673-A8AB-D6D317AF89C1}) (Version: 12.2.5000.0 - Microsoft Corporation)
Microsoft SQL Server 2014 Setup (English) (HKLM\...\{E0AE1947-4991-475D-B972-15C90905915A}) (Version: 12.2.5000.0 - Microsoft Corporation)
Microsoft SQL Server 2014 Transact-SQL Compiler Service (HKLM\...\{BB370367-7163-4E01-9A2E-8BCE17F7706F}) (Version: 12.2.5000.0 - Microsoft Corporation)
Microsoft SQL Server 2014 Transact-SQL ScriptDom (HKLM\...\{E8C99927-8E6E-4B6B-B80C-1B8B23B1767D}) (Version: 12.2.5000.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM-x32\...\{C3F6F200-6D7B-4879-B9EE-700C0CE1FCDA}) (Version: 10.51.2500.0 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (x64) (HKLM\...\{C9F697B9-FAC8-4B76-9D3D-40FA3BFA4F9E}) (Version: 10.51.2500.0 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (x64) (HKLM\...\{65BC038D-2086-4C3B-90C5-A6798F044BD5}) (Version: 12.2.5000.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219 (HKLM-x32\...\{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Shell (Isolated) - ENU (HKLM-x32\...\{D64B6984-242F-32BC-B008-752806E5FC44}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 - ENU (HKLM-x32\...\{4ECF4BDC-8387-329A-ABE9-CF5798F84BB2}) (Version: 9.0.35191 - Microsoft Corporation)
Microsoft VSS Writer for SQL Server 2014 (HKLM\...\{366CD715-2FF4-40B4-A8B4-A05E5D21A945}) (Version: 12.2.5000.0 - Microsoft Corporation)
Mozilla Firefox 49.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 49.0.2 (x86 en-US)) (Version: 49.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 49.0.2.6136 - Mozilla)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.8.1 - Notepad++ Team)
PDF Settings (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Project64 1.6 (HKLM-x32\...\{9559F7CA-5E34-4237-A2D9-D856464AD727}) (Version: 1.6 - Project64)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.334 - Qualcomm Atheros Communications)
Realtek Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 7.67.1226.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6833 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.2.8400.30137 - Realtek Semiconductor Corp.)
RogueKiller version 12.8.0.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.8.0.0 - Adlice Software)
Samsung Scan Assistant (HKLM-x32\...\Samsung Scan Assistant) (Version: 1.04.22.00 - Samsung Electronics Co., Ltd.)
Service Pack 2 for SQL Server 2014 (KB3171021) (64-bit) (HKLM\...\KB3171021) (Version: 12.2.5000.0 - Microsoft Corporation)
Skype™ 7.8 (HKLM-x32\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.8.102 - Skype Technologies S.A.)
Spitfire Enterprise Setup (HKLM-x32\...\{B06EDCA9-BB6F-4129-89BF-619CF7E8C895}) (Version: 1.0.0 - OPC Marketing, Inc.)
SpitFire Online Support (HKLM-x32\...\{7E117A6A-8579-4435-8290-4089C1C5BEFA}) (Version: 5.2.142 - LogMeIn, Inc.)
Spotify (HKU\S-1-5-21-3097266444-2333562351-893229259-500\...\Spotify) (Version: 1.0.36.124.g1cba1920 - Spotify AB)
SQL Server 2014 Analysis Services (Version: 12.2.5000.0 - Microsoft Corporation) Hidden
SQL Server 2014 Client Tools (Version: 12.2.5000.0 - Microsoft Corporation) Hidden
SQL Server 2014 Common Files (Version: 12.2.5000.0 - Microsoft Corporation) Hidden
SQL Server 2014 Data quality client (Version: 12.2.5000.0 - Microsoft Corporation) Hidden
SQL Server 2014 Data quality service (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server 2014 Data quality service (Version: 12.2.5000.0 - Microsoft Corporation) Hidden
SQL Server 2014 Database Engine Services (Version: 12.2.5000.0 - Microsoft Corporation) Hidden
SQL Server 2014 Database Engine Shared (Version: 12.2.5000.0 - Microsoft Corporation) Hidden
SQL Server 2014 Distributed Replay (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server 2014 Distributed Replay (Version: 12.2.5000.0 - Microsoft Corporation) Hidden
SQL Server 2014 Documentation Components (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server 2014 Full text search (Version: 12.2.5000.0 - Microsoft Corporation) Hidden
SQL Server 2014 Integration Services (Version: 12.2.5000.0 - Microsoft Corporation) Hidden
SQL Server 2014 Management Studio (Version: 12.2.5000.0 - Microsoft Corporation) Hidden
SQL Server 2014 Master Data Services (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server 2014 Master Data Services (Version: 12.2.5000.0 - Microsoft Corporation) Hidden
SQL Server 2014 Reporting Services (Version: 12.2.5000.0 - Microsoft Corporation) Hidden
SQL Server 2014 RS_SharePoint_SharedService (Version: 12.2.5000.0 - Microsoft Corporation) Hidden
SQL Server 2014 SQL Data Quality Common (Version: 12.2.5000.0 - Microsoft Corporation) Hidden
SQL Server Browser for SQL Server 2014 (HKLM-x32\...\{3204DE95-97D2-4261-A286-98A262E171D4}) (Version: 12.2.5000.0 - Microsoft Corporation)
Sql Server Customer Experience Improvement Program (Version: 12.2.5000.0 - Microsoft Corporation) Hidden
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1210 - SUPERAntiSpyware.com)
Ultra Defragmenter (HKLM-x32\...\UltraDefrag) (Version: 7.0.1 - UltraDefrag Development Team)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Visual Studio 2010 Prerequisites - English (HKLM\...\{662014D2-0450-37ED-ABAE-157C88127BEB}) (Version: 10.0.40219 - Microsoft Corporation)
Windows Driver Package - KEYLOK (usbkey) USB (06/10/2010 64.0.0.0) (HKLM\...\B048A6D4B0188E5A802ADFF30A7C78FA4AD99BE0) (Version: 06/10/2010 64.0.0.0 - KEYLOK)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
Wireshark 2.0.2 (64-bit) (HKLM-x32\...\Wireshark) (Version: 2.0.2 - The Wireshark developer community, hxxps://www.wireshark.org)
Zemana AntiMalware (HKLM-x32\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.60.1 - Zemana Ltd.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {039C781B-6DBA-480A-BAAE-F4526492FBF2} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2015-09-10] (Microsoft Corporation)
Task: {36399346-416E-4E77-8CB0-875D9FC80F51} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2015-09-10] (Microsoft Corporation)
Task: {382D8390-2F47-4971-8485-67904EE6C098} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2015-09-10] (Microsoft)
Task: {42B33681-5FD0-4544-8B62-327707AD5763} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated)
Task: {54F94D1A-6512-449C-9545-7497ADAE0B77} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2012-06-14] (Intel Corporation)
Task: {59D2A24E-30F4-4538-BDAB-E172A5CC94EF} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-08-19] (Piriform Ltd)
Task: {62D9E923-78B7-42CB-A341-3EFF77F2617C} - System32\Tasks\Microsoft\Windows\Setup\gwx\rundetector => C:\Windows\system32\GWX\GWXDetector.exe [2016-05-20] (Microsoft Corporation)
Task: {63FAFC84-4951-408B-8BFB-BD9D4C2DF50A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-01-31] (Google Inc.)
Task: {8961A1AA-9AC7-4492-865D-D7EDBB884375} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2015-09-10] (Microsoft Corporation)
Task: {9859FAE9-3D90-4E0E-8A25-0DC931D66D53} - System32\Tasks\{9D7F95C5-E93C-4EA5-AD11-3382D9482C7C} => pcalua.exe -a "C:\Program Files (x86)\CTI32\InstallUtil.exe" -d "C:\Program Files (x86)\CTI32"
Task: {C3391B3B-A086-42A6-8875-34E80CB7B0D7} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-07-11] (Adobe Systems Incorporated)
Task: {D9945D77-7510-4A34-93E3-2D0C198EA211} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-01-31] (Google Inc.)
Task: {E19B4111-5B41-4B98-8C1C-E3B5CAFC271C} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2012-06-14] (Intel Corporation)
Task: {FA7C3623-1B87-4403-BF7B-D0DC8AAB7385} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2015-09-10] (Microsoft Corporation)
Task: {FC5C3148-C057-4B34-AA54-76D3BA0A6673} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee Anti-Virus And Anti-Spyware\upgrade.exe [2016-05-18] (McAfee, Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-07-01 08:45 - 2015-07-01 08:45 - 00022528 _____ () C:\Windows\System32\us005lm.dll
2015-08-14 11:12 - 2016-06-10 14:15 - 00007168 _____ () C:\SPD Enterprise\SpitFire_BusinessService\Spitfire_BusinessService.exe
2015-08-14 11:12 - 2016-01-12 14:45 - 00007680 _____ () C:\SPD Enterprise\SpitFire_LoginService\Spitfire_LoginService.exe
2015-08-14 11:12 - 2016-07-07 17:38 - 00006656 _____ () C:\SPD Enterprise\SpitFire_DialService\Spitfire_DialService.exe
2016-11-12 12:59 - 2016-11-12 13:00 - 00152944 _____ () C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll
2015-08-13 15:36 - 2013-01-24 08:57 - 01199576 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2014-03-31 20:35 - 2014-03-31 20:35 - 00270016 _____ () C:\Program Files (x86)\Windows Live\Writer\en\WindowsLive.Writer.Localization.resources.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-3097266444-2333562351-893229259-500\...\dell.com -> dell.com

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2016-05-27 16:13 - 00000042 ____A C:\Windows\system32\Drivers\etc\hosts

::1 localhost
127.0.0.1 localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3097266444-2333562351-893229259-500\Control Panel\Desktop\\Wallpaper -> C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 8.8.8.8 - 8.4.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: !SASCORE => 2
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: DellDigitalDelivery => 2
MSCONFIG\Services: FLEXnet Licensing Service => 3
MSCONFIG\Services: MSSQLFDLauncher => 3
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: Spitfire_RecordingService => 2
MSCONFIG\Services: TrueKey => 2
MSCONFIG\startupfolder: C:^Users^Administrator^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk => C:\Windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
MSCONFIG\startupreg: 3200 Scan2PC => "C:\Windows\twain_32\Samsung\SCX3200\Scan2Pc.exe"
MSCONFIG\startupreg: Acrobat Assistant 8.0 => "C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: GIDDesktop => C:\Program Files (x86)\SFT\GuardedID\gidd.exe /s
MSCONFIG\startupreg: IAStorIcon => "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60
MSCONFIG\startupreg: Logitech Download Assistant => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
MSCONFIG\startupreg: RESTART_STICKY_NOTES => C:\Windows\System32\StikyNot.exe
MSCONFIG\startupreg: RtHDVBg => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /MAXX5REC
MSCONFIG\startupreg: RTHDVCPL => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
MSCONFIG\startupreg: SandboxieControl => "C:\Program Files\Sandboxie\SbieCtrl.exe"
MSCONFIG\startupreg: Spotify => "C:\Users\Administrator\AppData\Roaming\Spotify\Spotify.exe" -autostart -minimized
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\Administrator\AppData\Roaming\Spotify\SpotifyWebHelper.exe"
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: USB3MON => "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [TCP Query User{AE6C5FC8-A0D9-46DD-A1B5-155D97D0F734}C:\users\office-1\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe] => (Allow) C:\users\office-1\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe
FirewallRules: [UDP Query User{60E14D3B-9877-4159-BEC0-8D61D27AEBA4}C:\users\office-1\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe] => (Allow) C:\users\office-1\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe
FirewallRules: [TCP Query User{6585E25D-EB32-4621-9E08-209FDB7A6ED0}C:\program files (x86)\logmein rescue calling card\callingcard.exe] => (Allow) C:\program files (x86)\logmein rescue calling card\callingcard.exe
FirewallRules: [UDP Query User{77636F3D-D090-484A-A6EA-77963587E151}C:\program files (x86)\logmein rescue calling card\callingcard.exe] => (Allow) C:\program files (x86)\logmein rescue calling card\callingcard.exe
FirewallRules: [{189AD50A-7A82-422B-96B2-781DC2AF3253}] => (Allow) C:\Windows\twain_32\Samsung\ScanMgr.exe
FirewallRules: [{6B931C08-4EBE-4FDF-A52C-C2256BD3C1CA}] => (Allow) C:\Windows\twain_32\Samsung\ScanMgr.exe
FirewallRules: [{301F79D9-3FAC-4EBA-8ECD-94C314250F5C}] => (Allow) C:\Windows\twain_32\Samsung\SCX3200\Scan2Pc.exe
FirewallRules: [{7DF48D35-D45C-4C01-836A-C1EB79F4B155}] => (Allow) C:\Windows\twain_32\Samsung\SCX3200\Scan2Pc.exe
FirewallRules: [{72DF3227-99F4-409A-85FE-32991DEDB6DE}] => (Allow) C:\Windows\twain_32\Samsung\SCX3200\Sscan2io.exe
FirewallRules: [{5449BC9F-00BA-44F8-8DFA-31DC80A90943}] => (Allow) C:\Windows\twain_32\Samsung\SCX3200\Sscan2io.exe
FirewallRules: [{F4C00A51-F149-4361-941D-ACA1BB905ECE}] => (Allow) C:\Program Files (x86)\Scan Assistant\USDAgent.exe
FirewallRules: [{6A8E2750-F342-4535-AF17-4C8A38CE6FF6}] => (Allow) C:\Program Files (x86)\Scan Assistant\USDAgent.exe
FirewallRules: [{5EC0075F-8C4F-4223-AB9F-EEEBDD344F81}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{2AD4BD74-DDAD-4DA4-B41D-432263867F9E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{27DB3D31-D527-48C6-923B-EF28F6E615C8}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{CC0D81D8-676B-4CA0-8608-38760AD57BA8}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{2DEDCFE4-2AFC-42E8-BB36-E28D7DBD60DF}] => (Allow) LPort=2869
FirewallRules: [{79D090B2-837A-479B-97FD-92F2436820ED}] => (Allow) LPort=1900
FirewallRules: [{AD07EDFE-D4A8-440A-9E52-A6BFD6A0739D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{273B9CA7-84C8-4917-BEB8-D61DB8C4599C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{09D16C11-E48F-4741-8187-CA2D06B85E0B}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe
FirewallRules: [UDP Query User{637310E8-F08E-430D-BE3E-26E844B68352}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe
FirewallRules: [TCP Query User{45633BFC-442B-43BB-8AB7-94D2DE4D1F85}C:\program files (x86)\logmein rescue calling card\callingcard.exe] => (Allow) C:\program files (x86)\logmein rescue calling card\callingcard.exe
FirewallRules: [UDP Query User{BB0A803D-FD8C-4B9A-9398-C0095E926D7F}C:\program files (x86)\logmein rescue calling card\callingcard.exe] => (Allow) C:\program files (x86)\logmein rescue calling card\callingcard.exe
FirewallRules: [TCP Query User{35673452-6D37-4875-AAA6-2755933285A3}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe
FirewallRules: [UDP Query User{A7CE908A-23D8-49F7-AE1B-DCBE8172A249}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe
FirewallRules: [TCP Query User{C7A9F53E-0623-4627-A73C-BB5968D03513}C:\users\administrator\desktop\new folder\tftpd64.452\tftpd64.exe] => (Allow) C:\users\administrator\desktop\new folder\tftpd64.452\tftpd64.exe
FirewallRules: [UDP Query User{F296876A-E289-4296-BF7A-7A9F57F23E92}C:\users\administrator\desktop\new folder\tftpd64.452\tftpd64.exe] => (Allow) C:\users\administrator\desktop\new folder\tftpd64.452\tftpd64.exe
FirewallRules: [{139C0536-A856-4C88-B78E-67731723486B}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{D4FB6878-DDB2-4C94-8DD7-EA896D575FBB}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{34B318AF-1749-4376-B0AD-61C54A040E0E}] => (Allow) LPort=80
FirewallRules: [{DD7BFEB5-1E20-4B96-97A5-A37002C9B353}] => (Allow) C:\Program Files (x86)\Zoiper\Zoiper.exe
FirewallRules: [{56743572-7A1B-4511-BD4A-5318C384250F}] => (Allow) C:\Program Files (x86)\Zoiper\Zoiper.exe
FirewallRules: [{A8D09558-FCC6-4F85-8DF5-1A462C4D2098}] => (Allow) LPort=5080
FirewallRules: [{753A6B70-8391-4C2B-AB17-D827336B1E17}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

11-11-2016 02:00:14 JRT Pre-Junkware Removal

==================== Faulty Device Manager Devices =============

Name: Dell Wireless 1703 802.11b/g/n (2.4GHz)
Description: Dell Wireless 1703 802.11b/g/n (2.4GHz)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Atheros Communications Inc.
Service: athr
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Bluetooth Device (Personal Area Network)
Description: Bluetooth Device (Personal Area Network)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: BthPan
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Bluetooth Device (RFCOMM Protocol TDI)
Description: Bluetooth Device (RFCOMM Protocol TDI)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: RFCOMM
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (11/12/2016 11:47:02 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/12/2016 12:56:31 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: HmpElementsServer.exe, version: 2.2.9.1, time stamp: 0x554bb0c3
Faulting module name: ntdll.dll, version: 6.1.7601.23418, time stamp: 0x5708a73e
Exception code: 0xc0000005
Fault offset: 0x0002e064
Faulting process id: 0x8c8
Faulting application start time: 0xHmpElementsServer.exe0
Faulting application path: HmpElementsServer.exe1
Faulting module path: HmpElementsServer.exe2
Report Id: HmpElementsServer.exe3

Error: (11/12/2016 12:56:30 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: HmpElementsServer.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.AccessViolationException
at HmpElements.Server.BeepDetectorUmc.FreeBeepDetector(IntPtr)
at HmpElements.Server.BeepDetector.Finalize()

Error: (11/12/2016 12:52:45 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/11/2016 12:33:57 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (11/12/2016 01:51:11 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 20.

Error: (11/12/2016 11:47:04 AM) (Source: ipnathlp) (EventID: 30013) (User: )
Description: 192.168.2.220192.168.137.0255.255.255.0

Error: (11/12/2016 11:47:04 AM) (Source: ipnathlp) (EventID: 1233) (User: )
Description:

Error: (11/12/2016 11:47:01 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Intel(R) Biometric and Context Agent Service service hung on starting.

Error: (11/12/2016 11:45:25 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The DgiVecp service failed to start due to the following error:
%%2

Error: (11/12/2016 11:44:28 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk4\DR4.

Error: (11/12/2016 11:44:28 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk3\DR3.

Error: (11/12/2016 11:44:28 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk2\DR2.

Error: (11/12/2016 11:44:28 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.

Error: (11/12/2016 11:44:20 AM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: The Windows Update service did not shut down properly after receiving a preshutdown control.


CodeIntegrity:
===================================
Date: 2016-06-01 18:26:33.949
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\MaxxVoiceAPO2064.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-06-01 18:26:33.811
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\MaxxVoiceAPO2064.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-06-01 18:26:33.662
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\MaxxVoiceAPO2064.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-06-01 18:26:33.524
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\MaxxVoiceAPO2064.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-06-01 18:26:33.375
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\MaxxVoiceAPO2064.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-06-01 18:26:33.240
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\MaxxVoiceAPO2064.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-06-01 18:26:33.097
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\MaxxVoiceAPO2064.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-06-01 18:26:32.962
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\MaxxVoiceAPO2064.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-06-01 18:26:32.813
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\MaxxVoiceAPO2064.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-06-01 18:26:32.671
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\MaxxVoiceAPO2064.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7-4770 CPU @ 3.40GHz
Percentage of memory in use: 37%
Total physical RAM: 12237.72 MB
Available physical RAM: 7601.93 MB
Total Virtual: 24473.63 MB
Available Virtual: 20126.69 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:931.28 GB) (Free:725.88 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt ============================

 

[Boufeez]

Emsisoft Anti-Malware - Version 11.0.0.6054
Last update: 11/12/2016 1:40:27 PM
Initiated by: OFFICE-1-PC\Administrator

Scan settings:

Scan type:
Objects: Rootkits, Memory, Traces, C:\

Detect PUPs: On
Scan archives: On
ADS Scan: On
File extension filter: On

Advanced caching: On
Direct disk access: On

Scan start: 11/12/2016 2:11:44 PM
C:\Program Files (x86)\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\54.0.2840.71\54.0.2840.71_chrome_installer.exe Gen:Variant.Symmi.31976 (B)
C:\Users\Administrator\AppData\Local\Microsoft\Windows Live Mail\Getuss (George)\Deleted Items\3E53776A-00000191.eml -> [Subject: [Scan] 2016-1111 11:42:25][Date: Fri, 11 Nov 2016 11:42:25 +0530] -> 2016-1111 11-42-25.zip -> CQXIHL192831.wsf Exploit.SpamMalware-ZIP.Gen (B)

Scanned 351143
Found 2

Scan end: 11/12/2016 3:01:31 PM
Scan time: 0:49:47

 

[Boufeez]

Microsoft Security essentials also detected TrojanDownloader: JS/Swabfex.P

It also gave me an error that it could not remove it.

 

[Boufeez]

The following error occurred: Error code 0x80508023. The program could not find the malware and other potentially unwanted software on this computer.




Category: Trojan Downloader



Description: This program is dangerous and downloads other programs.



Recommended action: Remove this software immediately.



Items:

file:C:\Windows\temp\tmp00000a10\tmp00236c1c

 

[Broni]

Unfortunately you abandoned this topic in the past: https://www.techspot.com/community/topics/trojan-detected-win32-beaugrit-gen-c.227262/
Unless I hear valid explanation what happened I won't be able to help you.

 

[Boufeez]

Understood. You have a valid point and I will explain.

 

[Broni]

I just edited your reply removing all your private stuff.
You could have had PMed me since this is rather private.
Good enough for me,
Let's move on...

Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2

• Close all the running programs
• Double click on downloaded setup.exe file to install the program.
• Click on Start Scan button.
• Click on another Start Scan button.
• Wait until the Status box shows Scan Finished
• Click on Delete.
• Wait until the Status box shows Deleting Finished.
• Click on Report and copy/paste the content of the Notepad into your next reply.
• RKreport.txt could also be found on your desktop.
• If more than one log is produced post all logs.

Please download Malwarebytes Anti-Malware to your desktop.

• Double-click mbam-setup-2.0.0.1000.exe and follow the prompts to install the program.
  
• At the end, be sure a checkmark is placed next to the following:
  
• Launch Malwarebytes Anti-Malware
• A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
• Click Finish.
• On the Dashboard, click the 'Update Now >>' link
• After the update completes, click the 'Scan Now >>' button.
  
• Or, on the Dashboard, click the Scan Now >> button.
• If an update is available, click the Update Now button.
  
• A Threat Scan will begin.
• When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
• In most cases, a restart will be required.
• Wait for the prompt to restart the computer to appear, then click on Yes.

Already installed:
2.0 Threat Scan

• On the Dashboard, click the 'Update Now >>' link
• After the update completes, click the 'Scan Now >>' button.
  
• Or, on the Dashboard, click the Scan Now >> button.
• If an update is available, click the Update Now button.
  
• A Threat Scan will begin.
• When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
• In most cases, a restart will be required.
• Wait for the prompt to restart the computer to appear, then click on Yes.

How to get logs:
(Export log to save as txt)

• After the restart once you are back at your desktop, open MBAM once more.
• Click on the History tab > Application Logs.
• Double click on the scan log which shows the Date and time of the scan just performed.
• Click 'Export'.
• Click 'Text file (*.txt)'
• In the Save File dialog box which appears, click on Desktop.
• In the File name: box type a name for your scan log.
• A message box named 'File Saved' should appear stating "Your file has been successfully exported".
• Click Ok
• Attach that saved log to your next reply.

(Copy to clipboard for pasting into forum replies or tickets)

• After the restart once you are back at your desktop, open MBAM once more.
• Click on the History tab > Application Logs.
• Double click on the scan log which shows the Date and time of the scan just performed.
• Click 'Copy to Clipboard'
• Paste the contents of the clipboard into your reply.

Please download AdwCleaner by Xplode and save to your Desktop.

• Double click on AdwCleaner.exe to run the tool.
  Vista/Windows 7/8 users right-click and select [URL='https://www.techspot.com/guides/1718-run-as-administrator-explained/]Run As Administrator[/URL]
• The tool will start to update the database if one is required.
• Click on the Scan button.
• AdwCleaner will begin...be patient as the scan may take some time to complete.
• After the scan has finished, click on the Logfile button.
• A window will open which lists the logs of your scans.
• Click on the Scan tab.
• Double-click the most recent scan which will be at the top of the list....the log will appear.
• Review the results...see note below
• After reviewing the log, click on the Clean button.
• Press OK when asked to close all programs and follow the onscreen prompts.
• Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
• After rebooting, a logfile report (AdwCleaner[CX].txt) will open automatically (where the largest value of X represents the most recent report).
• To open a Cleaning log, launch AdwareClearer, click on the Logfile button, click on the Cleaning tab and double-click the log at the top of the list.
• Copy and paste the contents of AdwCleaner[CX].txt in your next reply.
• A copy of all logfiles are saved to C:\AdwCleaner.

-- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name or entry that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on and uncheck any items you want to keep.

Please download Junkware Removal Tool to your desktop.

• Shut down your protection software now to avoid potential conflicts.
• Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
• The tool will open and start scanning your system.
• Please be patient as this can take a while to complete depending on your system's specifications.
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• Post the contents of JRT.txt into your next message.

 

[Boufeez]

Thank you. I will have the scans posted this evening.
Much appreciated.

 

[Boufeez]

RogueKiller V12.8.0.0 (x64) [Nov 7 2016] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Administrator [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Scan -- Date : 11/14/2016 03:44:45 (Duration : 00:16:53)

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 0 ¤¤¤

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: Intel Raid 1 Volume SCSI Disk Device +++++
--- User ---
[MBR] 0086f36f0b7bc8b257f89fc226376c3d
[BSP] 9e3b3c473b1db0daa516427cdae6e1cc : Windows Vista/7/8 MBR Code
Partition table:
0 - [MAN-MOUNT] EFI system partition | Offset (sectors): 2052 | Size: 99 MB
1 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 205200 | Size: 128 MB
2 - Basic data partition | Offset (sectors): 467856 | Size: 953626 MB
User = LL1 ... OK
Error reading LL2 MBR! ([18] The program issued a command but the command length is incorrect. )

+++++ PhysicalDrive1: CF/MD Card +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive2: SM/xD Card +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive3: SD/mini-MMC/RS Card +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive4: MS/Pro/Duo Card +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

 

[Boufeez]

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 11/14/2016
Scan Time: 3:42 PM
Logfile: qqm.txt
Administrator: Yes

Version: 2.2.1.1043
Malware Database: v2016.11.14.08
Rootkit Database: v2016.10.31.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Administrator

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 653801
Time Elapsed: 26 min, 31 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

 

[Boufeez]

# AdwCleaner v6.030 - Logfile created 14/11/2016 at 16:10:52
# Updated on 19/10/2016 by Malwarebytes
# Database : 2016-11-14.1 [Server]
# Operating System : Windows 7 Professional Service Pack 1 (X64)
# Username : Administrator - OFFICE-1-PC
# Running from : C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ITQDNUWS\AdwCleaner.exe
# Mode: Scan
# Support : https://www.malwarebytes.com/support



***** [ Services ] *****

No malicious services found.


***** [ Folders ] *****

No malicious folders found.


***** [ Files ] *****

No malicious files found.


***** [ DLL ] *****

No malicious DLLs found.


***** [ WMI ] *****

No malicious keys found.


***** [ Shortcuts ] *****

No infected shortcut found.


***** [ Scheduled Tasks ] *****

No malicious task found.


***** [ Registry ] *****

No malicious registry entries found.


***** [ Web browsers ] *****

No malicious Firefox based browser items found.
No malicious Chromium based browser items found.

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [2613 Bytes] - [28/12/2015 19:59:20]
C:\AdwCleaner\AdwCleaner[C2].txt - [2519 Bytes] - [29/12/2015 21:35:28]
C:\AdwCleaner\AdwCleaner[C3].txt - [2630 Bytes] - [04/01/2016 17:38:05]
C:\AdwCleaner\AdwCleaner[C4].txt - [1636 Bytes] - [03/08/2016 21:53:33]
C:\AdwCleaner\AdwCleaner[C5].txt - [2039 Bytes] - [13/09/2016 15:03:06]
C:\AdwCleaner\AdwCleaner[C6].txt - [2196 Bytes] - [28/10/2016 18:01:04]
C:\AdwCleaner\AdwCleaner[C7].txt - [2304 Bytes] - [12/11/2016 00:49:56]
C:\AdwCleaner\AdwCleaner[S10].txt - [2297 Bytes] - [28/10/2016 18:00:47]
C:\AdwCleaner\AdwCleaner[S11].txt - [2435 Bytes] - [12/11/2016 00:49:32]
C:\AdwCleaner\AdwCleaner[S12].txt - [1753 Bytes] - [14/11/2016 16:10:52]
C:\AdwCleaner\AdwCleaner[S1].txt - [2423 Bytes] - [27/12/2015 17:20:58]
C:\AdwCleaner\AdwCleaner[S2].txt - [2257 Bytes] - [28/12/2015 19:57:16]
C:\AdwCleaner\AdwCleaner[S3].txt - [2224 Bytes] - [29/12/2015 21:34:55]
C:\AdwCleaner\AdwCleaner[S4].txt - [2514 Bytes] - [04/01/2016 17:36:25]
C:\AdwCleaner\AdwCleaner[S5].txt - [687 Bytes] - [10/01/2016 19:46:36]
C:\AdwCleaner\AdwCleaner[S6].txt - [2162 Bytes] - [10/01/2016 19:48:39]
C:\AdwCleaner\AdwCleaner[S7].txt - [755 Bytes] - [19/01/2016 20:38:41]
C:\AdwCleaner\AdwCleaner[S8].txt - [2039 Bytes] - [02/09/2016 12:40:11]
C:\AdwCleaner\AdwCleaner[S9].txt - [2278 Bytes] - [13/09/2016 15:02:41]

########## EOF - C:\AdwCleaner\AdwCleaner[S12].txt - [2482 Bytes] ##########

 

[Boufeez]

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.9 (09.30.2016)
Operating System: Windows 7 Professional x64
Ran by Administrator (Administrator) on Mon 11/14/2016 at 16:13:32.37
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 24

Failed to delete: C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ION99EZS (Temporary Internet Files Folder)
Failed to delete: C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ITQDNUWS (Temporary Internet Files Folder)
Failed to delete: C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VFDPR5WM (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\421E11FQ (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D3BC2ZXR (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NCOWI41M (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QFGLREQN (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QOZA06VM (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TTRNC4AW (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UBBVJAKB (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V3YD0ZMG (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W6VCB5AV (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\421E11FQ (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D3BC2ZXR (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ION99EZS (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ITQDNUWS (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NCOWI41M (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QFGLREQN (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QOZA06VM (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TTRNC4AW (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UBBVJAKB (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V3YD0ZMG (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VFDPR5WM (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W6VCB5AV (Temporary Internet Files Folder)



Registry: 0





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 11/14/2016 at 16:16:17.60
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

[Boufeez]

If you see my earlier posts from emsisoft scan & Microsoft security essentials, the machine was loaded with Trojans.. One of the Trojans came in the form of an email attachment that emsisoft picked up,, What's funny is that when it downloaded in my windows live mail client, There were two zip attachments from an unknown sender that I was very suspicious of, so I deleted it , but remained in deleted folder until I finally permanently deleted the email.

C:\Users\Administrator\AppData\Local\Microsoft\Windows Live Mail\Getuss (George)\Deleted Items\3E53776A-00000191.eml -> [Subject: [Scan] 2016-1111 11:42:25][Date: Fri, 11 Nov 2016 11:42:25 +0530] -> 2016-1111 11-42-25.zip -> CQXIHL192831.wsf Exploit.SpamMalware-ZIP.Gen (B)

My question is, How can the virus have been activated since I did not open the attachments , is it possible that it is a "dropper" type virus ?

Thanks,

 

[Boufeez]

UPDATE***

Now , when I run Roguekill while Microsoft security essentials is on, 15 minutes into the scan , Security essentials will terminate Roguekiller before it can finish, and Security essentials says it has stopped and blocked a threat called
Behavior:Win32/Powessere.D

Behavior: Win32/Powessere.D

Also detected as: Dropper/Win32.Necurs (AhnLab), Trojan horse SHeur4.CAAW (AVG), TR/Wemosis.A.1 (Avira), Backdoor.Win32.PMax.atbz (Kaspersky), winpe/Troj_Generic.VGJNN (Norman),



What do you think is going on ? Image attached

 

[Boufeez]

Remember in my earlier posts this year I was mentioning that my screen a few times a week would flash black as if someone was sharing my screen , and then I would also get a yellow exclamation mark in the system tray. Could all of this be related ?

 

[Broni]

I can't say until we're totally done.

Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

• Never rename Combofix unless instructed.
• Close any open browsers.
• Very Important! Temporarily disable your anti-virus and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
• Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
• Close any open browsers.
• WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
• Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
• If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  If the connection is not there use restore point you created prior to running Combofix.
• Double click on combofix.exe & follow the prompts.

• 
  NOTE1. If Combofix asks you to install Recovery Console, please allow it.
  NOTE 2. If Combofix asks you to update the program, always do so.

• When finished, it will produce a report for you.
• Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try the following...

Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

Restart computer in safe mode

• Double-click on the Rkill desktop icon to run the tool.
• If using Windows Vista, 7 or 8 right-click on it and choose Run As Administrator.
• A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
• If not, delete the file, then download and use the one provided in Link 2.
• Do not reboot until instructed.
• If the tool does not run from any of the links provided, please let me know.

When the scan is done Notepad will open with rKill.txt log.
NOTE. rKill.txt log will also be present on your desktop.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.

 

[Boufeez]

ComboFix 16-11-13.01 - Administrator 11/15/2016 2:49.6.8 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.12238.8037 [GMT -5:00]
Running from: c:\users\Administrator\Downloads\ComboFix.exe
AV: Emsisoft Anti-Malware *Disabled/Updated* {701CB209-EBBC-AADC-11E6-DE73E7AF4C9D}
AV: Microsoft Security Essentials *Disabled/Updated* {71A27EC9-3DA6-45FC-60A7-004F623C6189}
SP: Emsisoft Anti-Malware *Disabled/Updated* {CB7D53ED-CD86-A552-2B56-E5019C280620}
SP: Microsoft Security Essentials *Disabled/Updated* {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Administrator\Desktop\Setup.exe
.
.
((((((((((((((((((((((((( Files Created from 2016-10-15 to 2016-11-15 )))))))))))))))))))))))))))))))
.
.
2016-11-15 07:39 . 2016-11-15 07:39 75888 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0427B495-98C3-47C9-A9F3-C580CC114C1D}\offreg.780.dll
2016-11-14 23:48 . 2016-11-14 23:48 -------- d-----w- c:\program files (x86)\Sophos
2016-11-14 22:29 . 2016-10-06 21:42 12033040 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0427B495-98C3-47C9-A9F3-C580CC114C1D}\mpengine.dll
2016-11-14 22:03 . 2016-07-22 14:58 142336 ----a-w- c:\windows\system32\poqexec.exe
2016-11-14 22:03 . 2016-07-22 14:51 123904 ----a-w- c:\windows\SysWow64\poqexec.exe
2016-11-14 22:00 . 2016-11-14 22:00 -------- d-----w- c:\program files\RogueKiller
2016-11-14 11:13 . 2016-11-14 11:14 -------- d-----w- C:\eff27e77341605a1ec87bde2be0c8667
2016-11-14 09:26 . 2016-10-06 21:42 12033040 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2016-11-14 09:03 . 2016-11-15 07:47 -------- d-----w- c:\program files\Emsisoft Anti-Malware
2016-11-12 17:59 . 2016-11-12 18:00 203680 ----a-w- c:\windows\system32\drivers\zam64.sys
2016-11-12 17:59 . 2016-11-12 18:00 203680 ----a-w- c:\windows\system32\drivers\zamguard64.sys
2016-11-12 17:59 . 2016-11-13 17:24 -------- d-----w- c:\program files (x86)\Zemana AntiMalware
2016-11-12 17:59 . 2016-11-12 17:59 -------- d-----w- c:\users\Administrator\AppData\Local\Zemana
2016-11-12 16:51 . 2016-08-12 16:26 464896 ----a-w- c:\windows\system32\drivers\srv.sys
2016-11-12 16:51 . 2016-08-12 16:26 405504 ----a-w- c:\windows\system32\drivers\srv2.sys
2016-11-12 16:51 . 2016-08-12 16:26 168960 ----a-w- c:\windows\system32\drivers\srvnet.sys
2016-11-12 16:51 . 2016-08-16 17:36 1009152 ----a-w- c:\windows\system32\user32.dll
2016-11-12 16:51 . 2016-08-16 02:48 833024 ----a-w- c:\windows\SysWow64\user32.dll
2016-10-31 16:51 . 2016-05-11 18:10 1167568 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8F0738C0-46A9-49EF-B053-EC0D5BAD1D71}\gapaengine.dll
2016-10-27 07:02 . 2016-10-27 07:02 2595472 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\VBA\VBA6\VBE6.DLL
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-11-14 22:00 . 2015-08-26 16:27 28272 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2016-11-14 20:40 . 2016-05-28 04:32 192216 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2016-11-14 11:24 . 2015-08-13 18:38 141011376 -c--a-w- c:\windows\system32\MRT.exe
2016-10-26 21:29 . 2010-11-21 03:27 485032 ------w- c:\windows\system32\MpSigStub.exe
2016-10-07 15:12 . 2016-11-13 17:34 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2016-08-25 15:46 . 2016-08-25 15:46 295000 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2016-08-25 15:46 . 2015-03-05 00:34 135928 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner64.exe" [2015-08-19 8455960]
"FreeAC"="c:\program files (x86)\FreeAlarmClock\FreeAlarmClock.exe" [2016-01-19 3015072]
"Spotify Web Helper"="c:\users\Administrator\AppData\Roaming\Spotify\SpotifyWebHelper.exe" [2016-08-25 1523312]
"RESTART_STICKY_NOTES"="c:\windows\system32\StikyNot.exe" [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2013-04-26 292848]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"DisableCAD"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"TaskbarNoNotification"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli c:\program files\TrueKey\McAfeeTrueKeyPasswordFilter
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 Cti32svc;CTI32 Telephony Engine;c:\program files (x86)\CTI32\cti32svc.exe;c:\program files (x86)\CTI32\cti32svc.exe [x]
R2 HmpElements;HmpElements Server;c:\program files (x86)\Inventive Labs\Hmp Elements Server\HmpElementsServer.exe;c:\program files (x86)\Inventive Labs\Hmp Elements Server\HmpElementsServer.exe [x]
R2 Spitfire_BusinessService;Spitfire_BusinessService;c:\spd enterprise\SpitFire_BusinessService\Spitfire_BusinessService.exe;c:\spd enterprise\SpitFire_BusinessService\Spitfire_BusinessService.exe [x]
R2 Spitfire_DialService;Spitfire_DialService;c:\spd enterprise\SpitFire_DialService\Spitfire_DialService.exe;c:\spd enterprise\SpitFire_DialService\Spitfire_DialService.exe [x]
R2 Spitfire_LoginService;Spitfire_LoginService;c:\spd enterprise\SpitFire_LoginService\Spitfire_LoginService.exe;c:\spd enterprise\SpitFire_LoginService\Spitfire_LoginService.exe [x]
R2 ZAMSvc;ZAM Controller Service;c:\program files (x86)\Zemana AntiMalware\ZAM.exe;c:\program files (x86)\Zemana AntiMalware\ZAM.exe [x]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 DrvAgent64;DrvAgent64;c:\windows\SysWOW64\Drivers\DrvAgent64.SYS;c:\windows\SysWOW64\Drivers\DrvAgent64.SYS [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;c:\program files\Intel\iCLS Client\SocketHeciServer.exe;c:\program files\Intel\iCLS Client\SocketHeciServer.exe [x]
R3 MsDtsServer120;SQL Server Integration Services 12.0;c:\program files\Microsoft SQL Server\120\DTS\Binn\MsDtsSrvr.exe;c:\program files\Microsoft SQL Server\120\DTS\Binn\MsDtsSrvr.exe [x]
R3 MSSQLFDLauncher;SQL Full-text Filter Daemon Launcher (MSSQLSERVER);c:\program files\Microsoft SQL Server\MSSQL12.MSSQLSERVER\MSSQL\Binn\fdlauncher.exe;c:\program files\Microsoft SQL Server\MSSQL12.MSSQLSERVER\MSSQL\Binn\fdlauncher.exe [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 ReportServer;SQL Server Reporting Services (MSSQLSERVER);c:\program files\Microsoft SQL Server\MSRS12.MSSQLSERVER\Reporting Services\ReportServer\bin\ReportingServicesService.exe;c:\program files\Microsoft SQL Server\MSRS12.MSSQLSERVER\Reporting Services\ReportServer\bin\ReportingServicesService.exe [x]
R3 SQL Server Distributed Replay Client;SQL Server Distributed Replay Client;c:\program files (x86)\Microsoft SQL Server\120\Tools\DReplayClient\DReplayClient.exe;c:\program files (x86)\Microsoft SQL Server\120\Tools\DReplayClient\DReplayClient.exe [x]
R3 SQL Server Distributed Replay Controller;SQL Server Distributed Replay Controller;c:\program files (x86)\Microsoft SQL Server\120\Tools\DReplayController\DReplayController.exe;c:\program files (x86)\Microsoft SQL Server\120\Tools\DReplayController\DReplayController.exe [x]
R3 TrueKeyServiceHelper;TrueKeyServiceHelper;c:\program files\TrueKey\McAfee.TrueKey.ServiceHelper.exe;c:\program files\TrueKey\McAfee.TrueKey.ServiceHelper.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x]
R4 DellDigitalDelivery;Dell Digital Delivery Service;c:\program files (x86)\Dell Digital Delivery\DeliveryService.exe;c:\program files (x86)\Dell Digital Delivery\DeliveryService.exe [x]
R4 RsFx0320;RsFx0320 Driver;c:\windows\system32\DRIVERS\RsFx0320.sys;c:\windows\SYSNATIVE\DRIVERS\RsFx0320.sys [x]
R4 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R4 Spitfire_RecordingService;Spitfire_RecordingService;c:\spd enterprise\SpitFire_RecordingService\Spitfire_RecordingService.exe;c:\spd enterprise\SpitFire_RecordingService\Spitfire_RecordingService.exe [x]
R4 TrueKey;Intel Security True Key;c:\program files\TrueKey\McAfee.TrueKey.Service.exe;c:\program files\TrueKey\McAfee.TrueKey.Service.exe [x]
S0 BTATH_BUS;Qualcomm Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys;c:\windows\SYSNATIVE\DRIVERS\btath_bus.sys [x]
S0 iaStorA;iaStorA;c:\windows\system32\DRIVERS\iaStorA.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorA.sys [x]
S0 iaStorF;iaStorF;c:\windows\system32\DRIVERS\iaStorF.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorF.sys [x]
S0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x]
S1 ZAM;ZAM Helper Driver;c:\windows\System32\drivers\zam64.sys;c:\windows\SYSNATIVE\drivers\zam64.sys [x]
S1 ZAM_Guard;ZAM Guard Driver;c:\windows\System32\drivers\zamguard64.sys;c:\windows\SYSNATIVE\drivers\zamguard64.sys [x]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe;c:\program files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe;c:\program files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [x]
S2 Intel(R) ME Service;Intel(R) ME Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [x]
S2 IntelBCAsvc;Intel(R) Biometric and Context Agent Service;c:\program files\Intel\BCA\pabeSvc64.exe;c:\program files\Intel\BCA\pabeSvc64.exe [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys;c:\windows\SYSNATIVE\drivers\npf.sys [x]
S2 RtkAudioService;Realtek Audio Service;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe [x]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys;c:\windows\SYSNATIVE\Drivers\SSPORT.sys [x]
S2 TrueKeyScheduler;Intel Security True Key Scheduler;c:\program files\TrueKey\McTkSchedulerService.exe;c:\program files\TrueKey\McTkSchedulerService.exe [x]
S2 ZAtheros Wlan Agent;ZAtheros Wlan Agent;c:\program files (x86)\Dell Wireless\Ath_WlanAgent.exe;c:\program files (x86)\Dell Wireless\Ath_WlanAgent.exe [x]
S3 AthBTPort;Qualcomm Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_flt.sys [x]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys;c:\windows\SYSNATIVE\drivers\btath_a2dp.sys [x]
S3 btath_avdt;Qualcomm Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys;c:\windows\SYSNATIVE\drivers\btath_avdt.sys [x]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_hcrp.sys [x]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_lwflt.sys [x]
S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_rcp.sys [x]
S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys [x]
S3 iusb3hub;Intel(R) USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
S3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 usbkey;USB Dongle;c:\windows\system32\DRIVERS\USBKey64.sys;c:\windows\SYSNATIVE\DRIVERS\USBKey64.sys [x]
S3 WirelessKeyboardFilter;Wireless Keyboard Filter Device Service;c:\windows\system32\DRIVERS\WirelessKeyboardFilter.sys;c:\windows\SYSNATIVE\DRIVERS\WirelessKeyboardFilter.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MBAMSWISSARMY
*NewlyCreated* - NISDRV
*Deregistered* - TrueSight
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr QWAVE wcncsvc
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2016-11-15 00:02 1364072 ----a-w- c:\program files (x86)\Google\Chrome\Application\54.0.2840.99\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2016-07-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-08-21 21:28]
.
2016-11-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2016-01-31 06:40]
.
2016-11-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2016-01-31 06:40]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" [2013-04-30 36352]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2016-08-30 1354712]
"ZAM"="c:\program files (x86)\Zemana AntiMalware\ZAM.exe" [2016-11-09 13900016]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.ca/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <-loopback>
Trusted Zone: dell.com
TCP: Interfaces\{9D3C4071-F374-4945-9A9C-1599E5144CC0}: NameServer = 8.8.8.8,8.4.4.4
FF - ProfilePath - c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\sehvjwbc.default-1478932049003\
FF - prefs.js: browser.startup.homepage - outlook.com
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
.
.
"ImagePath"="\"c:\program files\Microsoft SQL Server\MSRS12.MSSQLSERVER\Reporting Services\ReportServer\bin\ReportingServicesService.exe\""
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\ReportServerSharePoint:Service]
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,5a,5b,6d,2c,e7,11,d6,4f,a2,3c,34,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,5a,5b,6d,2c,e7,11,d6,4f,a2,3c,34,\
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,5a,5b,6d,2c,e7,11,d6,4f,a2,3c,34,\
.
[HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Internet Explorer\User Preferences - Do not modify. Direct modification is a violation of ISV software requirements.]
@Denied: (2) (Administrator)
"Learn about ISV Software Requirements"="http://go.microsoft.com/fwlink/?LinkId=392206"
"2E1C892BBCB432157F277FDF4D11FD173738EC8D13"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,5a,5b,6d,2c,e7,11,d6,4f,a2,3c,34,\
.
[HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3g2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.3G2"
.
[HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gp\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.3GP"
.
[HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gp2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.3G2"
.
[HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gpp\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.3GP"
.
[HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.AAC\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ADTS"
.
[HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ADT\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ADTS"
.
[HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ADTS\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ADTS"
.
[HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"
.
[HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"
.
[HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"
.
[HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asf\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASF"
.
[HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASX"
.
[HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AU"
.
[HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.avi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AVI"
.
[HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cda\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.CDA"
.
[HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.config\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\notepad++.exe"
.
[HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.crx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="OperaStable"
.
[HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.csv\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Excel.CSV"
.
[HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dll\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\notepad.exe"
.
[HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.indd\UserChoice]
@Denied: (2) (Administrator)
"Progid"="InDesign.Document"
.
[HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\AcroRd32.exe"
.
[HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="jpegfile"
.
[HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.Log\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\notepad.exe"
.
[HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m1v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.M2T\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.M2TS"
.
[HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.M2TS\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.M2TS"
.
[HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.M2V\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.m3u"
.
[HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4a\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.M4A"
.
[HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP4"
.
[HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mdf\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\dreamweaver.exe"
.
[HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mht\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.MHT"
.
[HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mhtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.MHT"
.
[HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"
.
[HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"
.
[HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MOD\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mov\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MOV"
.
[HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP3"
.
[HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP3"
.
[HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP4"
.
[HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP4"
.
[HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpa\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpe\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpeg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpv2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MTS\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.M2TS"
.
[HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nex\UserChoice]
@Denied: (2) (Administrator)
"Progid"="OperaStable"
.
[HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.opdownload\UserChoice]
@Denied: (2) (Administrator)
"Progid"="OperaStable"
.
[HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.partial\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.PARTIAL"
.
[HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pdf\UserChoice]
@Denied: (2) (Administrator)
"Progid"="AcroExch.Document"
.
[HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\UserChoice]
@Denied: (2) (Administrator)
"Progid"="PhotoViewer.FileAssoc.Png"
.
[HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ppt\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\WINWORD.EXE"
.
[HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psd\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Photoshop.Image.16"
.
[HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rar\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\7zFM.exe"
.
[HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rmi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"
.
[HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AU"
.
[HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.svg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.SVG"
.
[HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.TS\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.TTS"
.
[HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.TTS\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.TTS"
.
[HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.txt\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\NOTEPAD.EXE"
.
[HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.url\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.URL"
.
[HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WAV"
.
[HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wax\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WAX"
.
[HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.website\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.WEBSITE"
.
[HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASF"
.
[HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMA"
.
[HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmd\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMD"
.
[HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wms\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMS"
.
[HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmv\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMV"
.
[HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASX"
.
[HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmz\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMZ"
.
[HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wpl\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WPL"
.
[HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wvx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WVX"
.
[HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xlsx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Excel.Sheet.12"
.
[HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\WORDPAD.EXE"
.
[HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xps\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\mspaint.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2016-11-15 03:01:20
ComboFix-quarantined-files.txt 2016-11-15 08:01
ComboFix2.txt 2016-05-29 23:01
ComboFix3.txt 2016-03-11 05:08
ComboFix4.txt 2016-01-20 02:18
ComboFix5.txt 2016-11-15 07:48
.
Pre-Run: 770,506,878,976 bytes free
Post-Run: 770,233,450,496 bytes free
.
- - End Of File - - 1B37B5D91A32524A4F92EE29DF993FBF
A36C5E4F47E84449FF07ED3517B43A31

 

[Boufeez]

It really gave me a run for my money. I was not able to download combo fix for some time, but I guess persistence beats resistance! I would get an error message saying " this file could not be downloaded" on every site I went to so I can DL Combo fix. Then I kept trying to download, some did, but they still wouldn't work at all. Don't ask me, somehow, I got one to run. Voila.

 

[Broni]

Cool

Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.

• Double click to run it.
• Make sure you checkmark Addition.txt box.
• Press Scan button.
• Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.

 

[Boufeez]

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01
Ran by Administrator (administrator) on OFFICE-1-PC (15-11-2016 22:02:25)
Running from C:\Users\Administrator\Desktop
Loaded Profiles: Administrator & MSSQLFDLauncher & SQLSERVERAGENT & MSSQLSERVER (Available Profiles: Administrator & MSSQLServerOLAPService & ReportServer & MSSQLFDLauncher & SQLSERVERAGENT & MsDtsServer120 & MSSQLSERVER & Classic .NET AppPool & DefaultAppPool & ASP.NET v4.0 Classic)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe
(Inventive Labs, LLC) C:\Program Files (x86)\CTI32\cti32svc.exe
(Inventive Labs, Inc.) C:\Program Files (x86)\Inventive Labs\Hmp Elements Server\HmpElementsServer.exe
(Intel(R) Corporation) C:\Program Files\Intel\BCA\pabeSvc64.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL12.MSSQLSERVER\MSSQL\Binn\sqlservr.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Zemana Ltd.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
(Atheros) C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL12.MSSQLSERVER\MSSQL\Binn\SQLAGENT.EXE
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL12.MSSQLSERVER\MSSQL\Binn\fdlauncher.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL12.MSSQLSERVER\MSSQL\Binn\fdhost.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
() C:\SPD Enterprise\SpitFire_BusinessService\Spitfire_BusinessService.exe
() C:\SPD Enterprise\SpitFire_LoginService\Spitfire_LoginService.exe
(McAfee, Inc.) C:\Program Files\TrueKey\McTkSchedulerService.exe
() C:\SPD Enterprise\SpitFire_DialService\Spitfire_DialService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Spotify Ltd) C:\Users\Administrator\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Mail\wlmail.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrobat.exe
(Macrovision Europe Ltd.) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
(XBMC-Foundation) C:\Program Files (x86)\Kodi\Kodi.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [286704 2013-04-30] (Intel Corporation)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1354712 2016-08-30] (Microsoft Corporation)
HKLM\...\Run: [ZAM] => C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [13900016 2016-11-09] (Zemana Ltd.)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-04-26] (Intel Corporation)
HKLM\...\Policies\Explorer: [TaskbarNoNotification] 1
HKU\S-1-5-21-3097266444-2333562351-893229259-500\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8455960 2015-08-19] (Piriform Ltd)
HKU\S-1-5-21-3097266444-2333562351-893229259-500\...\Run: [FreeAC] => C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe [3015072 2016-01-19] (Comfort Software Group)
HKU\S-1-5-21-3097266444-2333562351-893229259-500\...\Run: [Spotify Web Helper] => C:\Users\Administrator\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1523312 2016-08-25] (Spotify Ltd)
HKU\S-1-5-21-3097266444-2333562351-893229259-500\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)
HKU\S-1-5-21-3097266444-2333562351-893229259-500\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [11264 2009-07-13] (Microsoft Corporation)
Lsa: [Notification Packages] scecli C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\..\Interfaces\{422811A0-BBB7-4BD5-AAAE-BB743DC9F38E}: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{9D3C4071-F374-4945-9A9C-1599E5144CC0}: [NameServer] 8.8.8.8,8.4.4.4

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3097266444-2333562351-893229259-500\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.ca/
SearchScopes: HKU\S-1-5-21-3097266444-2333562351-893229259-500 -> DefaultScope {EC9701E3-6157-4220-8002-811A11D70AD3} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-21-3097266444-2333562351-893229259-500 -> {EC9701E3-6157-4220-8002-811A11D70AD3} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007-05-10] (Adobe Systems Incorporated)
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab

FireFox:
========
FF ProfilePath: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\sehvjwbc.default-1478932049003
FF Homepage: outlook.com
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_22_0_0_192.dll [2016-07-11] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_192.dll [2016-07-11] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-01-24] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-01-24] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-01-24] (Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi [2016-10-20] [not signed]

Chrome:
=======
CHR Profile: C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-01-31]
CHR Extension: (Google Docs) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-01-31]
CHR Extension: (Google Drive) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-01-31]
CHR Extension: (YouTube) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-01-31]
CHR Extension: (Google Search) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-01-31]
CHR Extension: (Google Sheets) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-01-31]
CHR Extension: (Google Docs Offline) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-04-23]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-23]
CHR Extension: (Gmail) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-01-31]
CHR Extension: (Chrome Media Router) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-08-07]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
R2 AtherosSvc; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [322176 2014-10-28] (Windows (R) Win 7 DDK provider) [File not signed]
S4 Bonjour Service; C:\Program Files (x86)\Bonjour\mDNSResponder.exe [229376 2006-02-28] (Apple Computer, Inc.) [File not signed]
R2 Cti32svc; C:\Program Files (x86)\CTI32\cti32svc.exe [24576 2015-07-16] (Inventive Labs, LLC) [File not signed]
R3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2015-11-24] (Macrovision Europe Ltd.) [File not signed]
R2 HmpElements; C:\Program Files (x86)\Inventive Labs\Hmp Elements Server\HmpElementsServer.exe [1948104 2015-09-17] (Inventive Labs, Inc.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-04-30] (Intel Corporation)
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [2451456 2012-07-13] (Realsil Microelectronics Inc.) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129336 2013-01-31] (Intel Corporation)
R2 IntelBCAsvc; C:\Program Files\Intel\BCA\pabeSvc64.exe [3026584 2016-05-06] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [167736 2013-01-31] (Intel Corporation)
S3 MsDtsServer120; C:\Program Files\Microsoft SQL Server\120\DTS\Binn\MsDtsSrvr.exe [216768 2016-09-24] (Microsoft Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [120888 2016-08-30] (Microsoft Corporation)
R3 MSSQLFDLauncher; C:\Program Files\Microsoft SQL Server\MSSQL12.MSSQLSERVER\MSSQL\Binn\fdlauncher.exe [50880 2014-02-21] (Microsoft Corporation)
R2 MSSQLSERVER; C:\Program Files\Microsoft SQL Server\MSSQL12.MSSQLSERVER\MSSQL\Binn\sqlservr.exe [372416 2016-09-24] (Microsoft Corporation)
S3 MSSQLServerOLAPService; C:\Program Files\Microsoft SQL Server\MSAS12.MSSQLSERVER\OLAP\bin\msmdsrv.exe [51184320 2016-06-18] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [361816 2016-08-30] (Microsoft Corporation)
S3 ReportServer; C:\Program Files\Microsoft SQL Server\MSRS12.MSSQLSERVER\Reporting Services\ReportServer\bin\ReportingServicesService.exe [2536640 2016-06-18] (Microsoft Corporation)
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-02-28] (Riverbed Technology, Inc.)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [202824 2013-01-18] (Realtek Semiconductor)
R2 Spitfire_BusinessService; C:\SPD Enterprise\SpitFire_BusinessService\Spitfire_BusinessService.exe [7168 2016-06-10] () [File not signed]
R2 Spitfire_DialService; C:\SPD Enterprise\SpitFire_DialService\Spitfire_DialService.exe [6656 2016-07-07] () [File not signed]
R2 Spitfire_LoginService; C:\SPD Enterprise\SpitFire_LoginService\Spitfire_LoginService.exe [7680 2016-01-12] () [File not signed]
S4 Spitfire_RecordingService; C:\SPD Enterprise\SpitFire_RecordingService\Spitfire_RecordingService.exe [6656 2013-12-31] () [File not signed]
S3 SQL Server Distributed Replay Client; C:\Program Files (x86)\Microsoft SQL Server\120\Tools\DReplayClient\DReplayClient.exe [139968 2014-02-21] (Microsoft Corporation)
S3 SQL Server Distributed Replay Controller; C:\Program Files (x86)\Microsoft SQL Server\120\Tools\DReplayController\DReplayController.exe [345280 2014-02-21] (Microsoft Corporation)
R2 SQLSERVERAGENT; C:\Program Files\Microsoft SQL Server\MSSQL12.MSSQLSERVER\MSSQL\Binn\SQLAGENT.EXE [613056 2016-09-24] (Microsoft Corporation)
S4 TrueKey; C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe [908256 2016-07-14] (McAfee, Inc.)
R2 TrueKeyScheduler; C:\Program Files\TrueKey\McTkSchedulerService.exe [15736 2016-07-14] (McAfee, Inc.)
S3 TrueKeyServiceHelper; C:\Program Files\TrueKey\McAfee.TrueKey.ServiceHelper.exe [86864 2016-07-14] (McAfee, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 ZAMSvc; C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [13900016 2016-11-09] (Zemana Ltd.)
R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [81536 2014-05-13] (Atheros) [File not signed]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 BTATH_LWFLT; C:\Windows\System32\DRIVERS\btath_lwflt.sys [77464 2014-10-28] (Qualcomm Atheros)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28656 2013-04-30] (Intel Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-11-14] (Malwarebytes)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [116736 2014-02-19] (Intel Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [295000 2016-08-25] (Microsoft Corporation)
R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [135928 2016-08-25] (Microsoft Corporation)
R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-02-28] (Riverbed Technology, Inc.)
S4 RsFx0320; C:\Windows\System32\DRIVERS\RsFx0320.sys [250048 2016-06-18] (Microsoft Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R2 SSPORT; C:\Windows\SysWOW64\Drivers\SSPORT.sys [11576 2009-10-28] (Samsung Electronics)
R3 usbkey; C:\Windows\System32\DRIVERS\USBKey64.sys [40288 2015-08-14] ()
R3 WirelessKeyboardFilter; C:\Windows\System32\DRIVERS\WirelessKeyboardFilter.sys [49384 2016-03-29] (Microsoft Corporation)
R1 ZAM; C:\Windows\System32\drivers\zam64.sys [203680 2016-11-12] (Zemana Ltd.)
R1 ZAM_Guard; C:\Windows\System32\drivers\zamguard64.sys [203680 2016-11-12] (Zemana Ltd.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S2 DgiVecp; \??\C:\Windows\system32\Drivers\DgiVecp.sys [X]
S3 DrvAgent64; \??\C:\Windows\SysWOW64\Drivers\DrvAgent64.SYS [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-11-15 22:02 - 2016-11-15 22:02 - 00018919 _____ C:\Users\Administrator\Desktop\FRST.txt
2016-11-15 14:14 - 2016-11-15 14:24 - 00126641 _____ C:\Users\Administrator\Desktop\IDTA1114.CSV
2016-11-15 14:14 - 2016-11-15 14:19 - 00126615 _____ C:\Users\Administrator\Desktop\IDTB1114.CSV
2016-11-15 03:32 - 2016-11-15 03:32 - 00037055 _____ C:\ComboFix.txt
2016-11-15 03:26 - 2016-11-15 03:26 - 05659276 ____R (Swearware) C:\Users\Administrator\Downloads\ComboFix.exe
2016-11-14 18:48 - 2016-11-14 18:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
2016-11-14 18:48 - 2016-11-14 18:48 - 00000000 ____D C:\Program Files (x86)\Sophos
2016-11-14 18:42 - 2016-11-14 18:46 - 155344304 _____ (Sophos Limited) C:\Users\Administrator\Downloads\Sophos Virus Removal Tool(1).exe
2016-11-14 17:03 - 2016-07-22 09:58 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2016-11-14 17:03 - 2016-07-22 09:51 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2016-11-14 17:00 - 2016-11-14 17:00 - 00000858 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2016-11-14 17:00 - 2016-11-14 17:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2016-11-14 17:00 - 2016-11-14 17:00 - 00000000 ____D C:\Program Files\RogueKiller
2016-11-14 16:59 - 2016-11-14 16:59 - 34176608 _____ (Adlice Software ) C:\Users\Administrator\Downloads\setup(3).exe
2016-11-14 16:31 - 2016-11-14 16:31 - 00056182 _____ C:\Users\Administrator\Downloads\setup_exe
2016-11-14 16:25 - 2016-11-14 16:26 - 25537096 _____ C:\Users\Administrator\Downloads\RogueKillerX64_exe
2016-11-14 14:16 - 2016-11-14 14:16 - 00047807 _____ C:\Users\Administrator\Desktop\500_Contingency_09-13-16.xlsx
2016-11-14 14:16 - 2016-11-14 14:16 - 00032342 _____ C:\Users\Administrator\Desktop\500_Contingency_09-13-16.csv
2016-11-14 06:13 - 2016-11-14 06:14 - 00000000 ____D C:\eff27e77341605a1ec87bde2be0c8667
2016-11-14 04:03 - 2016-11-15 12:59 - 00000000 ____D C:\Program Files\Emsisoft Anti-Malware
2016-11-13 12:34 - 2016-11-02 10:36 - 00382696 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2016-11-13 12:34 - 2016-11-02 10:32 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2016-11-13 12:34 - 2016-11-02 10:32 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2016-11-13 12:34 - 2016-11-02 10:32 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2016-11-13 12:34 - 2016-11-02 10:32 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2016-11-13 12:34 - 2016-11-02 10:22 - 00308456 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2016-11-13 12:34 - 2016-11-02 10:16 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2016-11-13 12:34 - 2016-11-02 10:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2016-11-13 12:34 - 2016-11-02 10:16 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2016-11-13 12:34 - 2016-11-02 09:53 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2016-11-13 12:34 - 2016-10-27 22:59 - 00394440 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-11-13 12:34 - 2016-10-27 22:14 - 00346320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-11-13 12:34 - 2016-10-27 14:13 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-11-13 12:34 - 2016-10-27 14:13 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-11-13 12:34 - 2016-10-27 13:55 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-11-13 12:34 - 2016-10-27 13:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-11-13 12:34 - 2016-10-27 13:54 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-11-13 12:34 - 2016-10-27 13:53 - 00576000 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-11-13 12:34 - 2016-10-27 13:53 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-11-13 12:34 - 2016-10-27 13:51 - 02896384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-11-13 12:34 - 2016-10-27 13:44 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-11-13 12:34 - 2016-10-27 13:43 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-11-13 12:34 - 2016-10-27 13:38 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-11-13 12:34 - 2016-10-27 13:37 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-11-13 12:34 - 2016-10-27 13:37 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-11-13 12:34 - 2016-10-27 13:37 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-11-13 12:34 - 2016-10-27 13:37 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-11-13 12:34 - 2016-10-27 13:28 - 25763328 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-11-13 12:34 - 2016-10-27 13:28 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-11-13 12:34 - 2016-10-27 13:24 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-11-13 12:34 - 2016-10-27 13:19 - 06047744 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-11-13 12:34 - 2016-10-27 13:15 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-11-13 12:34 - 2016-10-27 13:13 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-11-13 12:34 - 2016-10-27 13:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-11-13 12:34 - 2016-10-27 13:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-11-13 12:34 - 2016-10-27 13:05 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-11-13 12:34 - 2016-10-27 13:02 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-11-13 12:34 - 2016-10-27 12:49 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-11-13 12:34 - 2016-10-27 12:46 - 00806912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-11-13 12:34 - 2016-10-27 12:46 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-11-13 12:34 - 2016-10-27 12:44 - 02131456 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-11-13 12:34 - 2016-10-27 12:44 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-11-13 12:34 - 2016-10-27 12:17 - 15257088 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-11-13 12:34 - 2016-10-27 12:16 - 02920448 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-11-13 12:34 - 2016-10-27 12:03 - 01543680 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-11-13 12:34 - 2016-10-27 11:54 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-11-13 12:34 - 2016-10-27 10:05 - 20304896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-11-13 12:34 - 2016-10-25 10:02 - 03219456 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-11-13 12:34 - 2016-10-22 12:54 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-11-13 12:34 - 2016-10-22 12:36 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-11-13 12:34 - 2016-10-22 12:36 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-11-13 12:34 - 2016-10-22 12:35 - 00498688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-11-13 12:34 - 2016-10-22 12:35 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-11-13 12:34 - 2016-10-22 12:34 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-11-13 12:34 - 2016-10-22 12:27 - 02287616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-11-13 12:34 - 2016-10-22 12:27 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-11-13 12:34 - 2016-10-22 12:26 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-11-13 12:34 - 2016-10-22 12:22 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-11-13 12:34 - 2016-10-22 12:21 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-11-13 12:34 - 2016-10-22 12:21 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-11-13 12:34 - 2016-10-22 12:20 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-11-13 12:34 - 2016-10-22 12:09 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-11-13 12:34 - 2016-10-22 12:04 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-11-13 12:34 - 2016-10-22 12:03 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2016-11-13 12:34 - 2016-10-22 11:59 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-11-13 12:34 - 2016-10-22 11:58 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-11-13 12:34 - 2016-10-22 11:56 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-11-13 12:34 - 2016-10-22 11:54 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-11-13 12:34 - 2016-10-22 11:46 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-11-13 12:34 - 2016-10-22 11:45 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-11-13 12:34 - 2016-10-22 11:44 - 04608000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-11-13 12:34 - 2016-10-22 11:43 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-11-13 12:34 - 2016-10-22 11:43 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-11-13 12:34 - 2016-10-22 11:30 - 13654016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-11-13 12:34 - 2016-10-22 11:12 - 02444800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-11-13 12:34 - 2016-10-22 11:09 - 01312256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-11-13 12:34 - 2016-10-22 11:09 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-11-13 12:34 - 2016-10-15 10:31 - 00976896 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2016-11-13 12:34 - 2016-10-15 10:31 - 00084480 _____ (Microsoft Corporation) C:\Windows\system32\INETRES.dll
2016-11-13 12:34 - 2016-10-15 10:13 - 00741888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2016-11-13 12:34 - 2016-10-15 10:13 - 00084480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\INETRES.dll
2016-11-13 12:34 - 2016-10-11 10:37 - 00370920 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2016-11-13 12:34 - 2016-10-11 10:31 - 01148416 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10.IME
2016-11-13 12:34 - 2016-10-11 10:31 - 01068544 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2016-11-13 12:34 - 2016-10-11 10:31 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2016-11-13 12:34 - 2016-10-11 10:31 - 00457216 _____ (Microsoft Corporation) C:\Windows\system32\imkr80.ime
2016-11-13 12:34 - 2016-10-11 10:31 - 00246784 _____ (Microsoft Corporation) C:\Windows\system32\input.dll
2016-11-13 12:34 - 2016-10-11 10:31 - 00176128 _____ (Microsoft Corporation) C:\Windows\system32\tintlgnt.ime
2016-11-13 12:34 - 2016-10-11 10:31 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\quick.ime
2016-11-13 12:34 - 2016-10-11 10:31 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\qintlgnt.ime
2016-11-13 12:34 - 2016-10-11 10:31 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\phon.ime
2016-11-13 12:34 - 2016-10-11 10:31 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\cintlgnt.ime
2016-11-13 12:34 - 2016-10-11 10:31 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\chajei.ime
2016-11-13 12:34 - 2016-10-11 10:31 - 00132608 _____ (Microsoft Corporation) C:\Windows\system32\pintlgnt.ime
2016-11-13 12:34 - 2016-10-11 10:18 - 01027584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10.IME
2016-11-13 12:34 - 2016-10-11 10:18 - 00829952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2016-11-13 12:34 - 2016-10-11 10:18 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2016-11-13 12:34 - 2016-10-11 10:18 - 00430080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imkr80.ime
2016-11-13 12:34 - 2016-10-11 10:18 - 00202240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\input.dll
2016-11-13 12:34 - 2016-10-11 10:18 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tintlgnt.ime
2016-11-13 12:34 - 2016-10-11 10:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quick.ime
2016-11-13 12:34 - 2016-10-11 10:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qintlgnt.ime
2016-11-13 12:34 - 2016-10-11 10:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\phon.ime
2016-11-13 12:34 - 2016-10-11 10:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cintlgnt.ime
2016-11-13 12:34 - 2016-10-11 10:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\chajei.ime
2016-11-13 12:34 - 2016-10-11 10:18 - 00090112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pintlgnt.ime
2016-11-13 12:34 - 2016-10-11 08:33 - 00187392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll
2016-11-13 12:34 - 2016-10-11 08:06 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\UIAnimation.dll
2016-11-13 12:34 - 2016-10-10 10:38 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-11-13 12:34 - 2016-10-10 10:38 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-11-13 12:34 - 2016-10-10 10:34 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-11-13 12:34 - 2016-10-10 10:34 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-11-13 12:34 - 2016-10-10 10:34 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-11-13 12:34 - 2016-10-10 10:34 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-11-13 12:34 - 2016-10-10 10:33 - 01462272 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-11-13 12:34 - 2016-10-10 10:33 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-11-13 12:34 - 2016-10-10 10:33 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-11-13 12:34 - 2016-10-10 10:33 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-11-13 12:34 - 2016-10-10 10:33 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-11-13 12:34 - 2016-10-10 10:33 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-11-13 12:34 - 2016-10-10 10:33 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-11-13 12:34 - 2016-10-10 10:33 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-11-13 12:34 - 2016-10-10 10:33 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2016-11-13 12:34 - 2016-10-10 10:33 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-11-13 12:34 - 2016-10-10 10:33 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-11-13 12:34 - 2016-10-10 10:33 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-11-13 12:34 - 2016-10-10 10:33 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-11-13 12:34 - 2016-10-10 10:33 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-11-13 12:34 - 2016-10-10 10:16 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-11-13 12:34 - 2016-10-10 10:16 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-11-13 12:34 - 2016-10-10 10:16 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-11-13 12:34 - 2016-10-10 10:16 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-11-13 12:34 - 2016-10-10 10:16 - 00261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-11-13 12:34 - 2016-10-10 10:16 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-11-13 12:34 - 2016-10-10 10:16 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-11-13 12:34 - 2016-10-10 10:16 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-11-13 12:34 - 2016-10-10 10:16 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-11-13 12:34 - 2016-10-10 10:16 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2016-11-13 12:34 - 2016-10-10 10:16 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-11-13 12:34 - 2016-10-10 10:16 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-11-13 12:34 - 2016-10-10 10:16 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-11-13 12:34 - 2016-10-10 10:16 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-11-13 12:34 - 2016-10-10 10:16 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-11-13 12:34 - 2016-10-10 10:02 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-11-13 12:34 - 2016-10-10 09:56 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-11-13 12:34 - 2016-10-10 09:55 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-11-13 12:34 - 2016-10-10 09:55 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-11-13 12:34 - 2016-10-10 09:55 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-11-13 12:34 - 2016-10-10 09:54 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-11-13 12:34 - 2016-10-10 09:50 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-11-13 12:34 - 2016-10-07 10:40 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2016-11-13 12:34 - 2016-10-07 10:37 - 05547752 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-11-13 12:34 - 2016-10-07 10:37 - 00706792 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2016-11-13 12:34 - 2016-10-07 10:35 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-11-13 12:34 - 2016-10-07 10:32 - 03649536 _____ (Microsoft Corporation) C:\Windows\system32\MSVidCtl.dll
2016-11-13 12:34 - 2016-10-07 10:32 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-11-13 12:34 - 2016-10-07 10:32 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-11-13 12:34 - 2016-10-07 10:32 - 00877056 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2016-11-13 12:34 - 2016-10-07 10:32 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-11-13 12:34 - 2016-10-07 10:32 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-11-13 12:34 - 2016-10-07 10:32 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2016-11-13 12:34 - 2016-10-07 10:32 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2016-11-13 12:34 - 2016-10-07 10:32 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-11-13 12:34 - 2016-10-07 10:32 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\asycfilt.dll
2016-11-13 12:34 - 2016-10-07 10:32 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2016-11-13 12:34 - 2016-10-07 10:32 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2016-11-13 12:34 - 2016-10-07 10:32 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-11-13 12:34 - 2016-10-07 10:32 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-11-13 12:34 - 2016-10-07 10:32 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2016-11-13 12:34 - 2016-10-07 10:32 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2016-11-13 12:34 - 2016-10-07 10:32 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2016-11-13 12:34 - 2016-10-07 10:32 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-11-13 12:34 - 2016-10-07 10:32 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-11-13 12:34 - 2016-10-07 10:32 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-11-13 12:34 - 2016-10-07 10:32 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-11-13 12:34 - 2016-10-07 10:32 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-11-13 12:34 - 2016-10-07 10:32 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-11-13 12:34 - 2016-10-07 10:32 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-11-13 12:34 - 2016-10-07 10:32 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-11-13 12:34 - 2016-10-07 10:32 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-11-13 12:34 - 2016-10-07 10:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-11-13 12:34 - 2016-10-07 10:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-11-13 12:34 - 2016-10-07 10:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-11-13 12:34 - 2016-10-07 10:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-11-13 12:34 - 2016-10-07 10:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-11-13 12:34 - 2016-10-07 10:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll

 

[Boufeez]

2016-11-13 12:34 - 2016-10-07 10:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-11-13 12:34 - 2016-10-07 10:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-11-13 12:34 - 2016-10-07 10:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-11-13 12:34 - 2016-10-07 10:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-11-13 12:34 - 2016-10-07 10:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-11-13 12:34 - 2016-10-07 10:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-11-13 12:34 - 2016-10-07 10:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-11-13 12:34 - 2016-10-07 10:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-11-13 12:34 - 2016-10-07 10:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-11-13 12:34 - 2016-10-07 10:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-11-13 12:34 - 2016-10-07 10:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-11-13 12:34 - 2016-10-07 10:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-11-13 12:34 - 2016-10-07 10:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-11-13 12:34 - 2016-10-07 10:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-11-13 12:34 - 2016-10-07 10:18 - 04000488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2016-11-13 12:34 - 2016-10-07 10:18 - 03944680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2016-11-13 12:34 - 2016-10-07 10:15 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-11-13 12:34 - 2016-10-07 10:12 - 02291712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSVidCtl.dll
2016-11-13 12:34 - 2016-10-07 10:12 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2016-11-13 12:34 - 2016-10-07 10:12 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-11-13 12:34 - 2016-10-07 10:12 - 00581632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2016-11-13 12:34 - 2016-10-07 10:12 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-11-13 12:34 - 2016-10-07 10:12 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\asycfilt.dll
2016-11-13 12:34 - 2016-10-07 10:12 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2016-11-13 12:34 - 2016-10-07 10:12 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2016-11-13 12:34 - 2016-10-07 10:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2016-11-13 12:34 - 2016-10-07 10:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-11-13 12:34 - 2016-10-07 10:12 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2016-11-13 12:34 - 2016-10-07 10:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-11-13 12:34 - 2016-10-07 10:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-11-13 12:34 - 2016-10-07 10:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-11-13 12:34 - 2016-10-07 10:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-11-13 12:34 - 2016-10-07 10:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-11-13 12:34 - 2016-10-07 10:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-11-13 12:34 - 2016-10-07 10:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-11-13 12:34 - 2016-10-07 10:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-11-13 12:34 - 2016-10-07 10:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-11-13 12:34 - 2016-10-07 10:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-11-13 12:34 - 2016-10-07 10:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-11-13 12:34 - 2016-10-07 10:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-11-13 12:34 - 2016-10-07 10:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-11-13 12:34 - 2016-10-07 10:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-11-13 12:34 - 2016-10-07 10:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-11-13 12:34 - 2016-10-07 10:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-11-13 12:34 - 2016-10-07 10:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-11-13 12:34 - 2016-10-07 10:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-11-13 12:34 - 2016-10-07 10:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-11-13 12:34 - 2016-10-07 10:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-11-13 12:34 - 2016-10-07 10:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-11-13 12:34 - 2016-10-07 10:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-11-13 12:34 - 2016-10-07 10:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-11-13 12:34 - 2016-10-07 10:04 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2016-11-13 12:34 - 2016-10-07 10:04 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2016-11-13 12:34 - 2016-10-07 10:04 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2016-11-13 12:34 - 2016-10-07 10:01 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-11-13 12:34 - 2016-10-07 10:00 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-11-13 12:34 - 2016-10-07 09:56 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-11-13 12:34 - 2016-10-07 09:50 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2016-11-13 12:34 - 2016-10-07 09:50 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2016-11-13 12:34 - 2016-10-07 09:50 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2016-11-13 12:34 - 2016-10-07 09:50 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2016-11-13 12:34 - 2016-10-07 09:49 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-11-13 12:34 - 2016-10-07 09:49 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-11-13 12:34 - 2016-10-07 09:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-11-13 12:34 - 2016-10-07 09:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-11-13 12:34 - 2016-10-05 09:54 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bowser.sys
2016-11-13 12:34 - 2016-09-15 09:56 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2016-11-13 12:34 - 2016-09-13 10:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2016-11-13 12:34 - 2016-09-13 10:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2016-11-13 12:34 - 2016-09-12 16:08 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\adsmsext.dll
2016-11-13 12:34 - 2016-09-12 15:49 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adsmsext.dll
2016-11-13 12:34 - 2016-09-12 14:08 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2016-11-13 12:34 - 2016-09-12 13:43 - 01648128 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2016-11-13 12:34 - 2016-09-12 13:43 - 01180160 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2016-11-13 12:34 - 2016-09-09 13:20 - 00756736 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2016-11-13 12:34 - 2016-09-09 13:00 - 00497152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2016-11-13 12:34 - 2016-09-08 15:34 - 00263680 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2016-11-13 12:34 - 2016-09-08 15:34 - 00208896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2016-11-13 12:34 - 2016-09-08 15:34 - 00108544 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2016-11-13 12:34 - 2016-09-08 15:34 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2016-11-13 12:34 - 2016-09-08 09:55 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2016-11-13 12:34 - 2016-09-08 09:55 - 00106496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys
2016-11-13 12:34 - 2016-08-22 11:19 - 01386496 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2016-11-13 12:34 - 2016-08-12 12:02 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2016-11-13 12:34 - 2016-08-12 12:02 - 12574720 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2016-11-13 12:34 - 2016-08-12 12:02 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2016-11-13 12:34 - 2016-08-12 12:02 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2016-11-13 12:34 - 2016-08-12 12:02 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2016-11-13 12:34 - 2016-08-12 11:47 - 12574208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2016-11-13 12:34 - 2016-08-12 11:47 - 11410432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2016-11-13 12:34 - 2016-08-12 11:31 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2016-11-13 12:34 - 2016-08-12 11:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2016-11-13 12:34 - 2016-08-12 11:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2016-11-13 12:34 - 2016-08-12 11:26 - 00461312 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll
2016-11-13 12:34 - 2016-08-06 10:31 - 02023424 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2016-11-13 12:34 - 2016-08-06 10:31 - 00347136 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2016-11-13 12:34 - 2016-08-06 10:31 - 00310784 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2016-11-13 12:34 - 2016-08-06 10:31 - 00182272 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2016-11-13 12:34 - 2016-08-06 10:31 - 00054272 _____ (Microsoft Corporation) C:\Windows\system32\WsmRes.dll
2016-11-13 12:34 - 2016-08-06 10:31 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\wsmplpxy.dll
2016-11-13 12:34 - 2016-08-06 10:15 - 01178112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2016-11-13 12:34 - 2016-08-06 10:15 - 00249344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll
2016-11-13 12:34 - 2016-08-06 10:15 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
2016-11-13 12:34 - 2016-08-06 10:15 - 00146944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll
2016-11-13 12:34 - 2016-08-06 10:15 - 00054272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmRes.dll
2016-11-13 12:34 - 2016-08-06 10:01 - 00266752 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2016-11-13 12:34 - 2016-08-06 10:01 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\wsmprovhost.exe
2016-11-13 12:34 - 2016-08-06 09:53 - 00199168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe
2016-11-13 12:34 - 2016-08-06 09:53 - 00012288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wsmprovhost.exe
2016-11-13 12:34 - 2016-08-06 09:53 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wsmplpxy.dll
2016-11-13 12:34 - 2016-06-14 12:21 - 00094440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2016-11-13 12:34 - 2016-06-14 12:16 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2016-11-13 12:34 - 2016-06-14 12:16 - 01573888 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2016-11-13 12:34 - 2016-06-14 12:16 - 01483264 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2016-11-13 12:34 - 2016-06-14 12:16 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2016-11-13 12:34 - 2016-06-14 12:16 - 01068544 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2016-11-13 12:34 - 2016-06-14 12:16 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2016-11-13 12:34 - 2016-06-14 12:16 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2016-11-13 12:34 - 2016-06-14 12:16 - 00680448 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2016-11-13 12:34 - 2016-06-14 12:16 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2016-11-13 12:34 - 2016-06-14 12:16 - 00632320 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2016-11-13 12:34 - 2016-06-14 12:16 - 00499712 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2016-11-13 12:34 - 2016-06-14 12:16 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2016-11-13 12:34 - 2016-06-14 12:16 - 00440320 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2016-11-13 12:34 - 2016-06-14 12:16 - 00433152 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2016-11-13 12:34 - 2016-06-14 12:16 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2016-11-13 12:34 - 2016-06-14 12:16 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2016-11-13 12:34 - 2016-06-14 12:16 - 00295936 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2016-11-13 12:34 - 2016-06-14 12:16 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2016-11-13 12:34 - 2016-06-14 12:16 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2016-11-13 12:34 - 2016-06-14 12:16 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2016-11-13 12:34 - 2016-06-14 12:16 - 00190976 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2016-11-13 12:34 - 2016-06-14 12:16 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2016-11-13 12:34 - 2016-06-14 12:16 - 00141824 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2016-11-13 12:34 - 2016-06-14 12:16 - 00081920 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2016-11-13 12:34 - 2016-06-14 12:16 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
2016-11-13 12:34 - 2016-06-14 12:16 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2016-11-13 12:34 - 2016-06-14 12:16 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
2016-11-13 12:34 - 2016-06-14 12:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2016-11-13 12:34 - 2016-06-14 12:11 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2016-11-13 12:34 - 2016-06-14 10:21 - 03209216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2016-11-13 12:34 - 2016-06-14 10:21 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2016-11-13 12:34 - 2016-06-14 10:21 - 01176064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2016-11-13 12:34 - 2016-06-14 10:21 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2016-11-13 12:34 - 2016-06-14 10:21 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2016-11-13 12:34 - 2016-06-14 10:21 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2016-11-13 12:34 - 2016-06-14 10:21 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2016-11-13 12:34 - 2016-06-14 10:21 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2016-11-13 12:34 - 2016-06-14 10:21 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2016-11-13 12:34 - 2016-06-14 10:21 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2016-11-13 12:34 - 2016-06-14 10:21 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2016-11-13 12:34 - 2016-06-14 10:21 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2016-11-13 12:34 - 2016-06-14 10:21 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2016-11-13 12:34 - 2016-06-14 10:21 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2016-11-13 12:34 - 2016-06-14 10:21 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2016-11-13 12:34 - 2016-06-14 10:21 - 00195072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2016-11-13 12:34 - 2016-06-14 10:21 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2016-11-13 12:34 - 2016-06-14 10:21 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2016-11-13 12:34 - 2016-06-14 10:21 - 00106496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2016-11-13 12:34 - 2016-06-14 10:21 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2016-11-13 12:34 - 2016-06-14 10:21 - 00080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2016-11-13 12:34 - 2016-06-14 10:21 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2016-11-13 12:34 - 2016-06-14 10:15 - 00125952 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2016-11-13 12:34 - 2016-06-14 10:15 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2016-11-13 12:34 - 2016-06-14 10:15 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2016-11-13 12:34 - 2016-06-14 10:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2016-11-13 12:34 - 2016-06-14 10:05 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2016-11-13 12:34 - 2016-06-14 10:00 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe
2016-11-13 12:34 - 2016-06-14 10:00 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
2016-11-12 13:13 - 2016-11-12 13:50 - 00000000 ____D C:\Users\Administrator\Desktop\mbar
2016-11-12 13:13 - 2016-11-12 13:13 - 00000000 ____D C:\Users\Administrator\Downloads\TMRBLog
2016-11-12 13:00 - 2016-11-12 13:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware
2016-11-12 12:59 - 2016-11-15 22:02 - 00091001 _____ C:\Windows\ZAM.krnl.trace
2016-11-12 12:59 - 2016-11-15 22:02 - 00060526 _____ C:\Windows\ZAM_Guard.krnl.trace
2016-11-12 12:59 - 2016-11-13 12:24 - 00000000 ____D C:\Program Files (x86)\Zemana AntiMalware
2016-11-12 12:59 - 2016-11-12 13:00 - 00203680 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zamguard64.sys
2016-11-12 12:59 - 2016-11-12 13:00 - 00203680 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zam64.sys
2016-11-12 12:59 - 2016-11-12 13:00 - 00001076 _____ C:\Users\Public\Desktop\Zemana AntiMalware.lnk
2016-11-12 12:59 - 2016-11-12 12:59 - 00000000 ____D C:\Users\Administrator\AppData\Local\Zemana
2016-11-12 12:54 - 2016-11-12 12:59 - 05603048 _____ ( ) C:\Users\Administrator\Desktop\Zemana.AntiMalware.Setup.exe
2016-11-12 11:51 - 2016-08-16 12:36 - 01009152 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2016-11-12 11:51 - 2016-08-15 21:48 - 00833024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2016-11-12 11:51 - 2016-08-12 11:26 - 00464896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2016-11-12 11:51 - 2016-08-12 11:26 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2016-11-12 11:51 - 2016-08-12 11:26 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2016-11-12 01:23 - 2016-11-12 01:27 - 00000000 ____D C:\Users\Administrator\Desktop\Old Firefox Data
2016-11-11 17:39 - 2016-11-11 17:40 - 00064029 _____ C:\Users\Administrator\Desktop\KJJWD21026 File.csv
2016-11-11 12:35 - 2016-11-11 12:35 - 00110560 _____ C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2016-11-11 12:32 - 2016-11-14 13:08 - 02354776 _____ C:\Windows\system32\FNTCACHE.DAT
2016-11-09 18:13 - 2016-11-09 18:14 - 05962913 _____ C:\Users\Administrator\Desktop\plugin.video.seehdER-0.0.4.zip
2016-11-09 18:10 - 2016-11-09 18:10 - 03215934 _____ C:\Users\Administrator\Desktop\plugin.video.ZemTV-shani-5.9.2.zip
2016-11-09 18:08 - 2016-11-09 18:08 - 01765719 _____ C:\Users\Administrator\Desktop\plugin.video.specto-2016.11.1.1.zip
2016-11-09 17:59 - 2016-11-09 17:59 - 03055067 _____ C:\Users\Administrator\Desktop\plugin.video.icefilms-1.99.03.zip
2016-11-01 15:47 - 2016-11-01 15:47 - 00223266 _____ C:\Users\Administrator\Documents\445.xps
2016-10-20 19:47 - 2016-10-21 11:49 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-11-15 22:02 - 2016-03-27 16:46 - 00000000 ____D C:\Users\Administrator\Documents\system cleaning tools
2016-11-15 22:02 - 2015-12-27 16:35 - 00000000 ____D C:\FRST
2016-11-15 22:00 - 2016-01-31 01:40 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-11-15 20:02 - 2015-08-19 20:01 - 00003970 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{457B9D94-DBA1-45CA-8B54-1BFDDB92A0F5}
2016-11-15 20:00 - 2016-01-31 01:40 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-11-15 17:43 - 2015-12-29 17:39 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Kodi
2016-11-15 13:21 - 2009-07-13 23:45 - 00021312 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-11-15 13:21 - 2009-07-13 23:45 - 00021312 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-11-15 13:18 - 2009-07-14 00:13 - 01098426 _____ C:\Windows\system32\PerfStringBackup.INI
2016-11-15 13:18 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\inf
2016-11-15 13:13 - 2016-03-31 13:19 - 00000440 _____ C:\Windows\system32\Drivers\etc\hosts.ics
2016-11-15 13:11 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-11-15 03:32 - 2015-12-27 17:51 - 00000000 ____D C:\Qoobox
2016-11-15 03:31 - 2009-07-13 21:34 - 00000215 _____ C:\Windows\system.ini
2016-11-15 02:39 - 2016-09-08 10:09 - 00000000 ____D C:\Users\SQLSERVERAGENT
2016-11-15 02:39 - 2015-11-12 19:00 - 00000000 ____D C:\Users\MSSQLSERVER
2016-11-15 02:39 - 2015-11-12 19:00 - 00000000 ____D C:\Users\MSSQLFDLauncher
2016-11-14 20:18 - 2016-01-31 01:42 - 00002195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-11-14 18:47 - 2015-12-27 03:22 - 00000000 ____D C:\ProgramData\Sophos
2016-11-14 17:35 - 2015-08-13 12:44 - 01090548 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2016-11-14 17:00 - 2015-08-26 11:27 - 00028272 _____ C:\Windows\system32\Drivers\TrueSight.sys
2016-11-14 16:10 - 2015-12-27 17:20 - 00000000 ____D C:\AdwCleaner
2016-11-14 15:40 - 2016-05-27 23:32 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-11-14 15:38 - 2016-05-27 23:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-11-14 15:38 - 2016-05-27 23:31 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-11-14 15:05 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache
2016-11-14 13:35 - 2015-12-04 00:32 - 00018944 _____ C:\Users\Administrator\Documents\Kamasutra.xlsx
2016-11-14 13:19 - 2009-07-14 00:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2016-11-14 13:19 - 2009-07-13 23:57 - 00001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2016-11-14 13:05 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\Dism
2016-11-14 13:05 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system32\Dism
2016-11-14 06:27 - 2015-08-13 13:38 - 00000000 ____D C:\Windows\system32\MRT
2016-11-14 06:24 - 2015-08-13 13:38 - 141011376 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-11-14 06:19 - 2015-08-14 10:56 - 00000000 ____D C:\Program Files\Microsoft SQL Server
2016-11-14 06:19 - 2015-08-14 10:56 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server
2016-11-14 06:14 - 2015-12-28 18:35 - 00002117 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2016-11-14 06:14 - 2015-12-28 18:35 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2016-11-14 06:14 - 2015-12-28 18:34 - 00000000 ____D C:\Program Files\Microsoft Security Client
2016-11-14 06:14 - 2015-08-13 16:08 - 00001945 _____ C:\Windows\epplauncher.mif
2016-11-14 04:03 - 2015-08-19 17:32 - 00000000 ____D C:\Users\Administrator\AppData\Local\CrashDumps
2016-11-13 12:25 - 2015-12-22 18:38 - 00000000 ____D C:\ProgramData\Emsisoft
2016-11-12 18:51 - 2015-08-14 10:50 - 00000000 ____D C:\Program Files (x86)\CTI32
2016-11-12 13:50 - 2015-11-28 22:21 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2016-11-12 13:02 - 2015-08-14 10:33 - 00000000 ____D C:\Users\Administrator
2016-11-12 12:43 - 2015-12-24 21:16 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2016-11-12 00:46 - 2015-08-19 18:20 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Skype
2016-11-09 13:45 - 2015-08-14 10:34 - 00000000 ____D C:\Users\Administrator\AppData\Local\LogMeIn Rescue Calling Card
2016-11-09 13:35 - 2015-08-14 10:34 - 00000000 ____D C:\Program Files (x86)\LogMeIn Rescue Calling Card
2016-11-09 13:24 - 2015-08-14 10:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpitFire Online Support
2016-10-28 18:22 - 2015-08-28 20:25 - 11579432 _____ (SurfRight B.V.) C:\Users\Administrator\Downloads\HitmanPro_x64.exe
2016-10-26 16:29 - 2010-11-20 22:27 - 00485032 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2016-10-22 08:48 - 2015-12-28 01:44 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-10-19 13:17 - 2015-10-06 20:07 - 00000000 ____D C:\Users\Administrator\AppData\Local\Windows Live Writer
2016-10-18 21:01 - 2016-10-14 20:05 - 00002238 ____H C:\Users\Administrator\Documents\Default.rdp

==================== Files in the root of some directories =======

2016-08-02 12:47 - 2016-08-02 12:47 - 0000757 _____ () C:\Users\Administrator\AppData\Local\recently-used.xbel

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-11-14 14:58

==================== End of FRST.txt ============================

 

[Boufeez]

Additional scan result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
Ran by Administrator (2016-11-15 22:03:02)
Running from C:\Users\Administrator\Desktop
Windows 7 Professional Service Pack 1 (X64) (2015-08-13 20:31:49)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3097266444-2333562351-893229259-500 - Administrator - Enabled) => C:\Users\Administrator
Guest (S-1-5-21-3097266444-2333562351-893229259-501 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {71A27EC9-3DA6-45FC-60A7-004F623C6189}
AS: Microsoft Security Essentials (Enabled - Up to date) {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Add or Remove Adobe Creative Suite 3 Master Collection (HKLM-x32\...\Adobe_4dcfd9b7e901b57f81f667144603236) (Version: 1.0 - Adobe Systems Incorporated)
Adobe Flash Player 21 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 21.0.0.242 - Adobe Systems Incorporated)
Adobe Flash Player 22 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 22.0.0.192 - Adobe Systems Incorporated)
AgentApp (HKLM-x32\...\{AF941339-68D2-4F19-9FEA-F085EF20E33E}) (Version: 1.0.0 - OPC Marketing, Inc.)
AHV content for Acrobat and Flash (x32 Version: 1 - Adobe Systems Incorporated) Hidden
AMD Catalyst Install Manager (HKLM\...\{F62CA14F-AB88-4A97-7752-BF36193B4CC3}) (Version: 8.0.903.0 - Advanced Micro Devices, Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.09 - Piriform)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
CTI32 (HKLM-x32\...\{859C79E6-9913-437E-888E-C8891D8D32C5}) (Version: 4.5.0.0 - Inventive Labs, LLC)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Digital Delivery (HKLM-x32\...\{693A23FB-F28B-4F7A-A720-4C1263F97F43}) (Version: 3.1.1002.0 - Dell Products, LP)
Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.2.6793.01 - Dell)
Dell System Detect (HKU\S-1-5-21-3097266444-2333562351-893229259-500\...\58d94f3ce2c27db0) (Version: 7.6.0.4 - Dell)
Dell WLAN and Bluetooth Client Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Dell Inc.)
FileZilla Client 3.16.1 (HKLM-x32\...\FileZilla Client) (Version: 3.16.1 - Tim Kosse)
Free Alarm Clock (HKLM-x32\...\{8ED5A2F1-338F-4608-8AF7-BCD1ADC1E1F7}_is1) (Version: 4.0.1.0 - Comfort Software Group)
GDR 5203 for SQL Server 2014 (KB3194714) (64-bit) (HKLM\...\KB3194714) (Version: 12.2.5203.0 - Microsoft Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 54.0.2840.99 - Google Inc.)
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
Hmp Elements Server (HKLM-x32\...\{E9DD8AB9-0D79-47A0-9142-A3DC7FB789A1}) (Version: 1.0.0 - Inventive Labs)
Intel Driver Update Utility (HKLM-x32\...\{fe92d390-13ee-4660-a2f8-39a066fdffe0}) (Version: 2.2.0.5 - Intel)
Intel Security True Key (HKLM\...\TrueKey) (Version: 4.4.129.1 - Intel Security)
Intel(R) Driver Update Utility 2.2.0.5 (x32 Version: 2.2.0.1 - Intel) Hidden
Intel(R) Manageability Engine Firmware Recovery Agent (HKLM-x32\...\{A6C48A9F-694A-4234-B3AA-62590B668927}) (Version: 1.0.0.36702 - Intel Corporation)
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.0.1168 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.0.1310 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.6.0.1033 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.5.0.19 - Intel Corporation)
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Kodi (HKU\S-1-5-21-3097266444-2333562351-893229259-500\...\Kodi) (Version: - XBMC-Foundation)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Help Viewer 1.1 (HKLM\...\Microsoft Help Viewer 1.1) (Version: 1.1.40219 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.6.140.0 - Microsoft Corporation)
Microsoft ODBC Driver 11 for SQL Server (HKLM\...\{A22EED3F-6DB6-4987-8023-6C6B7030E554}) (Version: 12.2.5000.0 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Report Viewer 2014 Runtime (HKLM-x32\...\{327E9C0D-1687-414F-923E-F5979E549548}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft Report Viewer Redistributable 2008 SP1 (HKLM-x32\...\Microsoft Report Viewer Redistributable 2008 (KB971119)) (Version: - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.10.205.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Management Objects (HKLM-x32\...\{83F2B8F4-5CF3-4BE9-9772-9543EAE4AC5F}) (Version: 10.51.2500.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files (HKLM\...\{6292D514-17A4-403F-98F9-E150F10C043D}) (Version: 10.3.5500.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client (HKLM\...\{C20DACBE-19F2-47FF-AD22-BBB493499346}) (Version: 11.2.5643.3 - Microsoft Corporation)
Microsoft SQL Server 2014 (64-bit) (HKLM\...\Microsoft SQL Server SQLServer2014) (Version: - Microsoft Corporation)
Microsoft SQL Server 2014 Policies (HKLM-x32\...\{1C30FE7E-8A8C-4492-89D6-10CB20C3B0EB}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 RS Add-in for SharePoint (HKLM\...\{38C1D7A5-BB5D-4673-A8AB-D6D317AF89C1}) (Version: 12.2.5000.0 - Microsoft Corporation)
Microsoft SQL Server 2014 Setup (English) (HKLM\...\{3D912FFD-453C-48BE-A064-E85A7D6998A3}) (Version: 12.2.5203.0 - Microsoft Corporation)
Microsoft SQL Server 2014 Transact-SQL Compiler Service (HKLM\...\{26ADFE6A-7992-46F3-B667-541FFD642C9B}) (Version: 12.2.5203.0 - Microsoft Corporation)
Microsoft SQL Server 2014 Transact-SQL ScriptDom (HKLM\...\{E8C99927-8E6E-4B6B-B80C-1B8B23B1767D}) (Version: 12.2.5000.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM-x32\...\{C3F6F200-6D7B-4879-B9EE-700C0CE1FCDA}) (Version: 10.51.2500.0 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (x64) (HKLM\...\{C9F697B9-FAC8-4B76-9D3D-40FA3BFA4F9E}) (Version: 10.51.2500.0 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (x64) (HKLM\...\{65BC038D-2086-4C3B-90C5-A6798F044BD5}) (Version: 12.2.5000.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219 (HKLM-x32\...\{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Shell (Isolated) - ENU (HKLM-x32\...\{D64B6984-242F-32BC-B008-752806E5FC44}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 - ENU (HKLM-x32\...\{4ECF4BDC-8387-329A-ABE9-CF5798F84BB2}) (Version: 9.0.35191 - Microsoft Corporation)
Microsoft VSS Writer for SQL Server 2014 (HKLM\...\{366CD715-2FF4-40B4-A8B4-A05E5D21A945}) (Version: 12.2.5000.0 - Microsoft Corporation)
Mozilla Firefox 49.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 49.0.2 (x86 en-US)) (Version: 49.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 49.0.2.6136 - Mozilla)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.8.1 - Notepad++ Team)
PDF Settings (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Project64 1.6 (HKLM-x32\...\{9559F7CA-5E34-4237-A2D9-D856464AD727}) (Version: 1.6 - Project64)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.334 - Qualcomm Atheros Communications)
Realtek Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 7.67.1226.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6833 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.2.8400.30137 - Realtek Semiconductor Corp.)
RogueKiller version 12.8.1.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.8.1.0 - Adlice Software)
Samsung Scan Assistant (HKLM-x32\...\Samsung Scan Assistant) (Version: 1.04.22.00 - Samsung Electronics Co., Ltd.)
Service Pack 2 for SQL Server 2014 (KB3171021) (64-bit) (HKLM\...\KB3171021) (Version: 12.2.5000.0 - Microsoft Corporation)
Skype™ 7.8 (HKLM-x32\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.8.102 - Skype Technologies S.A.)
Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.5.6 - Sophos Limited)
Spitfire Enterprise Setup (HKLM-x32\...\{B06EDCA9-BB6F-4129-89BF-619CF7E8C895}) (Version: 1.0.0 - OPC Marketing, Inc.)
SpitFire Online Support (HKLM-x32\...\{7E117A6A-8579-4435-8290-4089C1C5BEFA}) (Version: 5.2.142 - LogMeIn, Inc.)
Spotify (HKU\S-1-5-21-3097266444-2333562351-893229259-500\...\Spotify) (Version: 1.0.36.124.g1cba1920 - Spotify AB)
SQL Server 2014 Analysis Services (Version: 12.2.5000.0 - Microsoft Corporation) Hidden
SQL Server 2014 Client Tools (Version: 12.2.5000.0 - Microsoft Corporation) Hidden
SQL Server 2014 Common Files (Version: 12.2.5000.0 - Microsoft Corporation) Hidden
SQL Server 2014 Data quality client (Version: 12.2.5000.0 - Microsoft Corporation) Hidden
SQL Server 2014 Data quality service (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server 2014 Data quality service (Version: 12.2.5000.0 - Microsoft Corporation) Hidden
SQL Server 2014 Database Engine Services (Version: 12.2.5000.0 - Microsoft Corporation) Hidden
SQL Server 2014 Database Engine Shared (Version: 12.2.5000.0 - Microsoft Corporation) Hidden
SQL Server 2014 Distributed Replay (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server 2014 Distributed Replay (Version: 12.2.5000.0 - Microsoft Corporation) Hidden
SQL Server 2014 Documentation Components (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server 2014 Full text search (Version: 12.2.5000.0 - Microsoft Corporation) Hidden
SQL Server 2014 Integration Services (Version: 12.2.5000.0 - Microsoft Corporation) Hidden
SQL Server 2014 Management Studio (Version: 12.2.5000.0 - Microsoft Corporation) Hidden
SQL Server 2014 Master Data Services (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server 2014 Master Data Services (Version: 12.2.5000.0 - Microsoft Corporation) Hidden
SQL Server 2014 Reporting Services (Version: 12.2.5000.0 - Microsoft Corporation) Hidden
SQL Server 2014 RS_SharePoint_SharedService (Version: 12.2.5000.0 - Microsoft Corporation) Hidden
SQL Server 2014 SQL Data Quality Common (Version: 12.2.5000.0 - Microsoft Corporation) Hidden
SQL Server Browser for SQL Server 2014 (HKLM-x32\...\{3204DE95-97D2-4261-A286-98A262E171D4}) (Version: 12.2.5000.0 - Microsoft Corporation)
Sql Server Customer Experience Improvement Program (Version: 12.2.5000.0 - Microsoft Corporation) Hidden
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1210 - SUPERAntiSpyware.com)
Ultra Defragmenter (HKLM-x32\...\UltraDefrag) (Version: 7.0.1 - UltraDefrag Development Team)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Visual Studio 2010 Prerequisites - English (HKLM\...\{662014D2-0450-37ED-ABAE-157C88127BEB}) (Version: 10.0.40219 - Microsoft Corporation)
Windows Driver Package - KEYLOK (usbkey) USB (06/10/2010 64.0.0.0) (HKLM\...\B048A6D4B0188E5A802ADFF30A7C78FA4AD99BE0) (Version: 06/10/2010 64.0.0.0 - KEYLOK)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
Wireshark 2.0.2 (64-bit) (HKLM-x32\...\Wireshark) (Version: 2.0.2 - The Wireshark developer community, hxxps://www.wireshark.org)
Zemana AntiMalware (HKLM-x32\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.60.1 - Zemana Ltd.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {039C781B-6DBA-480A-BAAE-F4526492FBF2} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2015-09-10] (Microsoft Corporation)
Task: {2FD87616-6ABC-42E5-B8D9-60C201945448} - System32\Tasks\Microsoft\Microsoft Antimalware\MpIdleTask => c:\Program Files\Microsoft Security Client\\MpCmdRun.exe [2016-08-30] (Microsoft Corporation)
Task: {36399346-416E-4E77-8CB0-875D9FC80F51} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2015-09-10] (Microsoft Corporation)
Task: {382D8390-2F47-4971-8485-67904EE6C098} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2015-09-10] (Microsoft)
Task: {42B33681-5FD0-4544-8B62-327707AD5763} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated)
Task: {54F94D1A-6512-449C-9545-7497ADAE0B77} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2012-06-14] (Intel Corporation)
Task: {59D2A24E-30F4-4538-BDAB-E172A5CC94EF} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-08-19] (Piriform Ltd)
Task: {63FAFC84-4951-408B-8BFB-BD9D4C2DF50A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-01-31] (Google Inc.)
Task: {8961A1AA-9AC7-4492-865D-D7EDBB884375} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2015-09-10] (Microsoft Corporation)
Task: {9859FAE9-3D90-4E0E-8A25-0DC931D66D53} - System32\Tasks\{9D7F95C5-E93C-4EA5-AD11-3382D9482C7C} => pcalua.exe -a "C:\Program Files (x86)\CTI32\InstallUtil.exe" -d "C:\Program Files (x86)\CTI32"
Task: {C3391B3B-A086-42A6-8875-34E80CB7B0D7} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-07-11] (Adobe Systems Incorporated)
Task: {D0BB2EFB-BBDC-487B-90AA-D952444E08E8} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\\MpCmdRun.exe [2016-08-30] (Microsoft Corporation)
Task: {D9945D77-7510-4A34-93E3-2D0C198EA211} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-01-31] (Google Inc.)
Task: {E19B4111-5B41-4B98-8C1C-E3B5CAFC271C} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2012-06-14] (Intel Corporation)
Task: {FA7C3623-1B87-4403-BF7B-D0DC8AAB7385} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2015-09-10] (Microsoft Corporation)
Task: {FC5C3148-C057-4B34-AA54-76D3BA0A6673} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee Anti-Virus And Anti-Spyware\upgrade.exe [2016-05-18] (McAfee, Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-07-01 08:45 - 2015-07-01 08:45 - 00022528 _____ () C:\Windows\System32\us005lm.dll
2015-08-14 11:12 - 2016-06-10 14:15 - 00007168 _____ () C:\SPD Enterprise\SpitFire_BusinessService\Spitfire_BusinessService.exe
2015-08-14 11:12 - 2016-01-12 14:45 - 00007680 _____ () C:\SPD Enterprise\SpitFire_LoginService\Spitfire_LoginService.exe
2015-08-14 11:12 - 2016-07-07 17:38 - 00006656 _____ () C:\SPD Enterprise\SpitFire_DialService\Spitfire_DialService.exe
2016-03-16 05:17 - 2016-03-16 05:17 - 00052912 _____ () C:\Program Files\FileZilla FTP Client\fzshellext_64.dll
2015-08-19 12:43 - 2014-12-05 15:32 - 00420352 _____ () C:\Windows\system32\SaMinDrv.dll
2015-08-13 15:36 - 2013-01-24 08:57 - 01199576 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2014-03-31 20:35 - 2014-03-31 20:35 - 00270016 _____ () C:\Program Files (x86)\Windows Live\Writer\en\WindowsLive.Writer.Localization.resources.dll
2016-03-16 05:17 - 2016-03-16 05:17 - 00048816 _____ () C:\Program Files\FileZilla FTP Client\fzshellext.dll
2011-12-20 05:25 - 2011-12-20 05:25 - 00743157 _____ () C:\Program Files (x86)\Kodi\libcdio-13.dll
2011-06-19 14:52 - 2011-06-19 14:52 - 00987136 _____ () C:\Program Files (x86)\Kodi\libxml2.dll
2010-10-02 06:21 - 2010-10-02 06:21 - 00077824 _____ () C:\Program Files (x86)\Kodi\zlib1.dll
2013-08-03 02:07 - 2013-08-03 02:07 - 00723998 _____ () C:\Program Files (x86)\Kodi\system\players\dvdplayer\libgmp-10.dll
2013-08-03 02:49 - 2013-08-03 02:49 - 01600107 _____ () C:\Program Files (x86)\Kodi\system\players\dvdplayer\libgnutls-28.dll
2013-08-03 02:07 - 2013-08-03 02:07 - 04372384 _____ () C:\Program Files (x86)\Kodi\system\players\dvdplayer\libhogweed-2-5.dll
2013-08-03 02:07 - 2013-08-03 02:07 - 03397336 _____ () C:\Program Files (x86)\Kodi\system\players\dvdplayer\libnettle-4-7.dll
2013-08-03 02:07 - 2013-08-03 02:07 - 00512332 _____ () C:\Program Files (x86)\Kodi\system\players\dvdplayer\libp11-kit-0.dll
2014-08-19 09:04 - 2014-08-19 09:04 - 00708608 _____ () C:\Program Files (x86)\Kodi\system\sqlite3.dll
2015-10-19 01:57 - 2015-10-19 01:57 - 00066048 _____ () C:\Program Files (x86)\Kodi\system\cpluff.dll
2009-01-31 17:42 - 2009-01-31 17:42 - 00143096 _____ () C:\Program Files (x86)\Kodi\system\libexpat.dll
2014-06-30 11:03 - 2014-06-30 11:03 - 00046080 _____ () C:\Program Files (x86)\Kodi\system\python\DLLs\_socket.pyd
2014-06-30 11:04 - 2014-06-30 11:04 - 01160704 _____ () C:\Program Files (x86)\Kodi\system\python\DLLs\_ssl.pyd
2014-06-30 11:04 - 2014-06-30 11:04 - 00715264 _____ () C:\Program Files (x86)\Kodi\system\python\DLLs\_hashlib.pyd
2014-06-30 11:04 - 2014-06-30 11:04 - 00686080 _____ () C:\Program Files (x86)\Kodi\system\python\DLLs\unicodedata.pyd
2014-06-30 11:04 - 2014-06-30 11:04 - 00010240 _____ () C:\Program Files (x86)\Kodi\system\python\DLLs\select.pyd
2014-06-30 11:04 - 2014-06-30 11:04 - 00087552 _____ () C:\Program Files (x86)\Kodi\system\python\DLLs\_ctypes.pyd
2014-06-30 11:04 - 2014-06-30 11:04 - 00048128 _____ () C:\Program Files (x86)\Kodi\system\python\DLLs\_sqlite3.pyd
2014-06-30 11:04 - 2014-06-30 11:04 - 00127488 _____ () C:\Program Files (x86)\Kodi\system\python\DLLs\pyexpat.pyd

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-3097266444-2333562351-893229259-500\...\dell.com -> dell.com

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2016-11-15 02:55 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3097266444-2333562351-893229259-500\Control Panel\Desktop\\Wallpaper -> C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 8.8.8.8 - 8.4.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: !SASCORE => 2
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: DellDigitalDelivery => 2
MSCONFIG\Services: FLEXnet Licensing Service => 3
MSCONFIG\Services: MSSQLFDLauncher => 3
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: Spitfire_RecordingService => 2
MSCONFIG\Services: TrueKey => 2
MSCONFIG\startupfolder: C:^Users^Administrator^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk => C:\Windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
MSCONFIG\startupreg: 3200 Scan2PC => "C:\Windows\twain_32\Samsung\SCX3200\Scan2Pc.exe"
MSCONFIG\startupreg: Acrobat Assistant 8.0 => "C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: GIDDesktop => C:\Program Files (x86)\SFT\GuardedID\gidd.exe /s
MSCONFIG\startupreg: IAStorIcon => "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60
MSCONFIG\startupreg: Logitech Download Assistant => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
MSCONFIG\startupreg: RESTART_STICKY_NOTES => C:\Windows\System32\StikyNot.exe
MSCONFIG\startupreg: RtHDVBg => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /MAXX5REC
MSCONFIG\startupreg: RTHDVCPL => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
MSCONFIG\startupreg: SandboxieControl => "C:\Program Files\Sandboxie\SbieCtrl.exe"
MSCONFIG\startupreg: Spotify => "C:\Users\Administrator\AppData\Roaming\Spotify\Spotify.exe" -autostart -minimized
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\Administrator\AppData\Roaming\Spotify\SpotifyWebHelper.exe"
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: USB3MON => "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [TCP Query User{AE6C5FC8-A0D9-46DD-A1B5-155D97D0F734}C:\users\office-1\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe] => (Allow) C:\users\office-1\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe
FirewallRules: [UDP Query User{60E14D3B-9877-4159-BEC0-8D61D27AEBA4}C:\users\office-1\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe] => (Allow) C:\users\office-1\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe
FirewallRules: [TCP Query User{6585E25D-EB32-4621-9E08-209FDB7A6ED0}C:\program files (x86)\logmein rescue calling card\callingcard.exe] => (Allow) C:\program files (x86)\logmein rescue calling card\callingcard.exe
FirewallRules: [UDP Query User{77636F3D-D090-484A-A6EA-77963587E151}C:\program files (x86)\logmein rescue calling card\callingcard.exe] => (Allow) C:\program files (x86)\logmein rescue calling card\callingcard.exe
FirewallRules: [{189AD50A-7A82-422B-96B2-781DC2AF3253}] => (Allow) C:\Windows\twain_32\Samsung\ScanMgr.exe
FirewallRules: [{6B931C08-4EBE-4FDF-A52C-C2256BD3C1CA}] => (Allow) C:\Windows\twain_32\Samsung\ScanMgr.exe
FirewallRules: [{301F79D9-3FAC-4EBA-8ECD-94C314250F5C}] => (Allow) C:\Windows\twain_32\Samsung\SCX3200\Scan2Pc.exe
FirewallRules: [{7DF48D35-D45C-4C01-836A-C1EB79F4B155}] => (Allow) C:\Windows\twain_32\Samsung\SCX3200\Scan2Pc.exe
FirewallRules: [{72DF3227-99F4-409A-85FE-32991DEDB6DE}] => (Allow) C:\Windows\twain_32\Samsung\SCX3200\Sscan2io.exe
FirewallRules: [{5449BC9F-00BA-44F8-8DFA-31DC80A90943}] => (Allow) C:\Windows\twain_32\Samsung\SCX3200\Sscan2io.exe
FirewallRules: [{F4C00A51-F149-4361-941D-ACA1BB905ECE}] => (Allow) C:\Program Files (x86)\Scan Assistant\USDAgent.exe
FirewallRules: [{6A8E2750-F342-4535-AF17-4C8A38CE6FF6}] => (Allow) C:\Program Files (x86)\Scan Assistant\USDAgent.exe
FirewallRules: [{5EC0075F-8C4F-4223-AB9F-EEEBDD344F81}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{2AD4BD74-DDAD-4DA4-B41D-432263867F9E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{27DB3D31-D527-48C6-923B-EF28F6E615C8}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{CC0D81D8-676B-4CA0-8608-38760AD57BA8}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{2DEDCFE4-2AFC-42E8-BB36-E28D7DBD60DF}] => (Allow) LPort=2869
FirewallRules: [{79D090B2-837A-479B-97FD-92F2436820ED}] => (Allow) LPort=1900
FirewallRules: [{AD07EDFE-D4A8-440A-9E52-A6BFD6A0739D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{273B9CA7-84C8-4917-BEB8-D61DB8C4599C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{09D16C11-E48F-4741-8187-CA2D06B85E0B}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe
FirewallRules: [UDP Query User{637310E8-F08E-430D-BE3E-26E844B68352}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe
FirewallRules: [TCP Query User{45633BFC-442B-43BB-8AB7-94D2DE4D1F85}C:\program files (x86)\logmein rescue calling card\callingcard.exe] => (Allow) C:\program files (x86)\logmein rescue calling card\callingcard.exe
FirewallRules: [UDP Query User{BB0A803D-FD8C-4B9A-9398-C0095E926D7F}C:\program files (x86)\logmein rescue calling card\callingcard.exe] => (Allow) C:\program files (x86)\logmein rescue calling card\callingcard.exe
FirewallRules: [TCP Query User{35673452-6D37-4875-AAA6-2755933285A3}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe
FirewallRules: [UDP Query User{A7CE908A-23D8-49F7-AE1B-DCBE8172A249}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe
FirewallRules: [TCP Query User{C7A9F53E-0623-4627-A73C-BB5968D03513}C:\users\administrator\desktop\new folder\tftpd64.452\tftpd64.exe] => (Allow) C:\users\administrator\desktop\new folder\tftpd64.452\tftpd64.exe
FirewallRules: [UDP Query User{F296876A-E289-4296-BF7A-7A9F57F23E92}C:\users\administrator\desktop\new folder\tftpd64.452\tftpd64.exe] => (Allow) C:\users\administrator\desktop\new folder\tftpd64.452\tftpd64.exe
FirewallRules: [{139C0536-A856-4C88-B78E-67731723486B}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{D4FB6878-DDB2-4C94-8DD7-EA896D575FBB}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{34B318AF-1749-4376-B0AD-61C54A040E0E}] => (Allow) LPort=80
FirewallRules: [{DD7BFEB5-1E20-4B96-97A5-A37002C9B353}] => (Allow) C:\Program Files (x86)\Zoiper\Zoiper.exe
FirewallRules: [{56743572-7A1B-4511-BD4A-5318C384250F}] => (Allow) C:\Program Files (x86)\Zoiper\Zoiper.exe
FirewallRules: [{A8D09558-FCC6-4F85-8DF5-1A462C4D2098}] => (Allow) LPort=5080
FirewallRules: [{511F2D1C-26F4-45D6-9E2F-DB31D3FC3548}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

14-11-2016 16:13:32 JRT Pre-Junkware Removal
14-11-2016 17:03:56 Windows Update
14-11-2016 17:28:26 Windows Update
14-11-2016 18:40:25 Installed Sophos Virus Removal Tool.
14-11-2016 18:46:54 Removed Sophos Virus Removal Tool.
14-11-2016 18:48:10 Installed Sophos Virus Removal Tool.

==================== Faulty Device Manager Devices =============

Name: Dell Wireless 1703 802.11b/g/n (2.4GHz)
Description: Dell Wireless 1703 802.11b/g/n (2.4GHz)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Atheros Communications Inc.
Service: athr
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Bluetooth Device (Personal Area Network)
Description: Bluetooth Device (Personal Area Network)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: BthPan
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Bluetooth Device (RFCOMM Protocol TDI)
Description: Bluetooth Device (RFCOMM Protocol TDI)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: RFCOMM
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (11/15/2016 01:13:28 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/15/2016 01:01:01 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/15/2016 02:34:26 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: HmpElementsServer.exe, version: 2.2.9.1, time stamp: 0x554bb0c3
Faulting module name: HmpElementsUmc.dll, version: 2.2.9.1, time stamp: 0x554bb0ec
Exception code: 0xc0000005
Fault offset: 0x00a2bd28
Faulting process id: 0xa30
Faulting application start time: 0xHmpElementsServer.exe0
Faulting application path: HmpElementsServer.exe1
Faulting module path: HmpElementsServer.exe2
Report Id: HmpElementsServer.exe3

Error: (11/15/2016 02:34:24 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: HmpElementsServer.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.AccessViolationException
at HmpElements.Server.BeepDetectorUmc.FreeBeepDetector(IntPtr)
at HmpElements.Server.BeepDetector.Finalize()

Error: (11/14/2016 05:48:54 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.18523 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 6c8

Start Time: 01d23ec0b826aafe

Termination Time: 183

Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Report Id:

Error: (11/14/2016 01:09:15 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/14/2016 06:17:53 AM) (Source: MsiInstaller) (EventID: 1024) (User: OFFICE-1-PC)
Description: Product: SQL Server 2014 Reporting Services - Update '{9B3B5AB9-36B4-4D6A-9617-37DA9B4EA1D8}' could not be installed. Error code 1642. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127

Error: (11/14/2016 06:17:52 AM) (Source: MsiInstaller) (EventID: 1024) (User: OFFICE-1-PC)
Description: Product: SQL Server 2014 Data quality service - Update '{F8F055E6-4C09-4E33-861A-60BB35FBDB46}' could not be installed. Error code 1642. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127

Error: (11/14/2016 06:17:51 AM) (Source: MsiInstaller) (EventID: 1024) (User: OFFICE-1-PC)
Description: Product: SQL Server 2014 Database Engine Services - Update '{F2981D6F-464D-49BE-AE95-7CC2E39C908E}' could not be installed. Error code 1642. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127

Error: (11/14/2016 04:03:35 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: EmsiClean.exe, version: 11.10.1.6763, time stamp: 0x57ed91e9
Faulting module name: EmsiClean.exe, version: 11.10.1.6763, time stamp: 0x57ed91e9
Exception code: 0xc0000005
Fault offset: 0x000000000000b8b9
Faulting process id: 0x1a70
Faulting application start time: 0xEmsiClean.exe0
Faulting application path: EmsiClean.exe1
Faulting module path: EmsiClean.exe2
Report Id: EmsiClean.exe3


System errors:
=============
Error: (11/15/2016 02:07:56 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 40.

Error: (11/15/2016 01:19:00 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070002: Update for Windows 7 for x64-based Systems (KB3184143).

Error: (11/15/2016 01:19:00 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070002: Update for Windows 7 for x64-based Systems (KB3181988).

Error: (11/15/2016 01:16:44 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070002: Update for Windows 7 for x64-based Systems (KB3179573).

Error: (11/15/2016 01:16:44 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070002: Update for Windows 7 for x64-based Systems (KB3161102).

Error: (11/15/2016 01:16:44 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070002: Update for Windows 7 for x64-based Systems (KB3172605).

Error: (11/15/2016 01:16:44 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070002: Update for Windows 7 for x64-based Systems (KB2952664).

Error: (11/15/2016 01:16:44 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070002: Update for Windows 7 for x64-based Systems (KB3170735).

Error: (11/15/2016 01:13:44 PM) (Source: ipnathlp) (EventID: 30013) (User: )
Description: 192.168.2.220192.168.137.0255.255.255.0

Error: (11/15/2016 01:13:44 PM) (Source: ipnathlp) (EventID: 1233) (User: )
Description:


CodeIntegrity:
===================================
Date: 2016-11-15 02:53:33.917
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-11-15 02:53:33.886
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-06-01 18:26:33.949
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\MaxxVoiceAPO2064.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-06-01 18:26:33.811
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\MaxxVoiceAPO2064.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-06-01 18:26:33.662
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\MaxxVoiceAPO2064.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-06-01 18:26:33.524
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\MaxxVoiceAPO2064.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-06-01 18:26:33.375
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\MaxxVoiceAPO2064.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-06-01 18:26:33.240
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\MaxxVoiceAPO2064.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-06-01 18:26:33.097
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\MaxxVoiceAPO2064.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-06-01 18:26:32.962
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\MaxxVoiceAPO2064.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7-4770 CPU @ 3.40GHz
Percentage of memory in use: 39%
Total physical RAM: 12237.72 MB
Available physical RAM: 7452.97 MB
Total Virtual: 24473.63 MB
Available Virtual: 19112.93 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:931.28 GB) (Free:714.25 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt ============================

 

[Broni]

Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.