Solved Maleware Detected

[Boufeez]

Operating system: windows 7

I have ran Roguekiller and finds multiple PUMS, IEAT HOOKS ECT....
Ran Rkill followed by Malwarebytes anti root kit, Malwarebytes antivirus scan,
combofix ,Junkware removal tool ,adware cleaner at an attempt to disinfect the machine. No luck , the malware is persistent and removed a few but not all. My last resort will be to change the hard drives but before I do that this is my last attempt and asking for some direction please.
I'm also worried that the malware will spread to other PC's on the network . Ready to follow some direction.

Thanks,

RogueKiller V11.0.4.0 (x64) [Dec 20 2015] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/software/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Administrator [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Scan -- Date : 12/27/2015 02:25:11

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 2 ¤¤¤
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\MFE_RR (\??\C:\Users\ADMINI~1\AppData\Local\Temp\mfe_rr.sys) -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MFE_RR (\??\C:\Users\ADMINI~1\AppData\Local\Temp\mfe_rr.sys) -> Found

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 1 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 localhost

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: Intel Raid 1 Volume SCSI Disk Device +++++
--- User ---
[MBR] 0086f36f0b7bc8b257f89fc226376c3d
[BSP] 9e3b3c473b1db0daa516427cdae6e1cc : Windows Vista/7/8 MBR Code
Partition table:
0 - [MAN-MOUNT] EFI system partition | Offset (sectors): 2052 | Size: 99 MB
1 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 205200 | Size: 128 MB
2 - Basic data partition | Offset (sectors): 467856 | Size: 953626 MB
User = LL1 ... OK
Error reading LL2 MBR! ([18] The program issued a command but the command length is incorrect. )

+++++ PhysicalDrive1: CF/MD Card +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive2: SM/xD Card +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive3: SD/mini-MMC/RS Card +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive4: MS/Pro/Duo Card +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

 

[Broni]

Welcome aboard

Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

Please, observe following rules:

• Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
• If you're stuck, or you're not sure about certain step, always ask before doing anything else.
• Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
• Never run more than one scan at a time.
• Keep updating me regarding your computer behavior, good, or bad.
• The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
• If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
• I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

 

[Boufeez]

Thanks for Helping !

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:27-12-2015
Ran by Administrator (administrator) on OFFICE-1-PC (27-12-2015 16:36:15)
Running from C:\Users\Administrator\Desktop
Loaded Profiles: Administrator & ReportServer & MSSQLFDLauncher & MsDtsServer120 & MSSQLSERVER (Available Profiles: Administrator & MSSQLServerOLAPService & ReportServer & MSSQLFDLauncher & MsDtsServer120 & MSSQLSERVER & Classic .NET AppPool & DefaultAppPool & ASP.NET v4.0 Classic)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Emsisoft Ltd) C:\Program Files\Emsisoft Anti-Malware\a2service.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe
(Apple Computer, Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
(Inventive Labs, LLC) C:\Program Files (x86)\CTI32\cti32svc.exe
(Inventive Labs, Inc.) C:\Program Files (x86)\Inventive Labs\Hmp Elements Server\HmpElementsServer.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\120\DTS\Binn\MsDtsSrvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL12.MSSQLSERVER\MSSQL\Binn\sqlservr.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSRS12.MSSQLSERVER\Reporting Services\ReportServer\bin\ReportingServicesService.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Atheros) C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL12.MSSQLSERVER\MSSQL\Binn\fdlauncher.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL12.MSSQLSERVER\MSSQL\Binn\fdhost.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
() C:\SPD Enterprise\SpitFire_BusinessService\Spitfire_BusinessService.exe
(StrikeForce Technologies Inc.) C:\Program Files (x86)\SFT\GuardedID\GIDD.exe
(StrikeForce Technologies Inc.) C:\Program Files (x86)\SFT\GuardedID\x64\GIDD.exe
() C:\SPD Enterprise\SpitFire_LoginService\Spitfire_LoginService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
() C:\SPD Enterprise\SpitFire_DialService\Spitfire_DialService.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Mail\wlmail.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [286704 2013-04-30] (Intel Corporation)
HKLM-x32\...\Run: [GIDDesktop] => C:\Program Files (x86)\SFT\GuardedID\gidd.exe [383632 2015-12-08] (StrikeForce Technologies Inc.)
HKLM\...\Policies\Explorer: [TaskbarNoNotification] 1
HKU\S-1-5-18\...\Run: [KSS] => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe [919296 2015-06-03] (Kaspersky Lab ZAO)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\..\Interfaces\{6A39E489-BA19-4673-8B03-06A016DA7062}: [NameServer] 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3097266444-2333562351-893229259-500\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\S-1-5-21-3097266444-2333562351-893229259-500 -> DefaultScope {2C8E46FD-E217-4113-9F3D-2BCB7EB4F6C0} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKU\S-1-5-21-3097266444-2333562351-893229259-500 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3097266444-2333562351-893229259-500 -> {2C8E46FD-E217-4113-9F3D-2BCB7EB4F6C0} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22] (Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\ssv.dll [2015-11-25] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007-05-10] (Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\jp2ssv.dll [2015-11-25] (Oracle Corporation)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007-05-10] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - GuardedID - {983EB3A5-F9EE-4fe2-B3C3-E64A32F6305D} - C:\Program Files (x86)\SFT\GuardedID\gidtb.dll [2015-12-08] (StrikeForce Technologies Inc)
Toolbar: HKU\S-1-5-21-3097266444-2333562351-893229259-500 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab

FireFox:
========
FF ProfilePath: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\dim0fd18.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_19_0_0_185.dll [2015-09-28] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_185.dll [2015-09-28] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-01-24] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-01-24] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-01-24] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2015-11-25] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2015-11-25] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Extension: GuardedID Toolbar - C:\Program Files (x86)\Mozilla Firefox\extensions\guardedid@sftnj.com [2015-12-23] [not signed]
FF Extension: GuardedID Toolbar - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\guardedid@sftnj.com [2015-12-23] [not signed]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
R2 a2AntiMalware; C:\Program Files\Emsisoft Anti-Malware\a2service.exe [10768560 2015-11-21] (Emsisoft Ltd)
R2 AtherosSvc; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [322176 2014-10-28] (Windows (R) Win 7 DDK provider) [File not signed]
R2 Bonjour Service; C:\Program Files (x86)\Bonjour\mDNSResponder.exe [229376 2006-02-28] (Apple Computer, Inc.) [File not signed]
R2 Cti32svc; C:\Program Files (x86)\CTI32\cti32svc.exe [24576 2015-02-23] (Inventive Labs, LLC) [File not signed]
S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2015-11-24] (Macrovision Europe Ltd.) [File not signed]
R2 HmpElements; C:\Program Files (x86)\Inventive Labs\Hmp Elements Server\HmpElementsServer.exe [1946088 2015-02-26] (Inventive Labs, Inc.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-04-30] (Intel Corporation)
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [2451456 2012-07-13] (Realsil Microelectronics Inc.) [File not signed]
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [732160 2012-12-10] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129336 2013-01-31] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [167736 2013-01-31] (Intel Corporation)
R2 kss; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe [919296 2015-06-03] (Kaspersky Lab ZAO)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 MsDtsServer120; C:\Program Files\Microsoft SQL Server\120\DTS\Binn\MsDtsSrvr.exe [216768 2015-04-20] (Microsoft Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
R3 MSSQLFDLauncher; C:\Program Files\Microsoft SQL Server\MSSQL12.MSSQLSERVER\MSSQL\Binn\fdlauncher.exe [50880 2014-02-21] (Microsoft Corporation)
R2 MSSQLSERVER; C:\Program Files\Microsoft SQL Server\MSSQL12.MSSQLSERVER\MSSQL\Binn\sqlservr.exe [372416 2015-04-20] (Microsoft Corporation)
S3 MSSQLServerOLAPService; C:\Program Files\Microsoft SQL Server\MSAS12.MSSQLSERVER\OLAP\bin\msmdsrv.exe [51156160 2015-04-20] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
R2 ReportServer; C:\Program Files\Microsoft SQL Server\MSRS12.MSSQLSERVER\Reporting Services\ReportServer\bin\ReportingServicesService.exe [2467008 2015-04-20] (Microsoft Corporation)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [202824 2013-01-18] (Realtek Semiconductor)
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [175752 2015-06-23] (Sandboxie Holdings, LLC)
R2 Spitfire_BusinessService; C:\SPD Enterprise\SpitFire_BusinessService\Spitfire_BusinessService.exe [7168 2015-07-23] () [File not signed]
R2 Spitfire_DialService; C:\SPD Enterprise\SpitFire_DialService\Spitfire_DialService.exe [6656 2015-07-29] () [File not signed]
R2 Spitfire_LoginService; C:\SPD Enterprise\SpitFire_LoginService\Spitfire_LoginService.exe [7680 2015-09-14] () [File not signed]
S4 Spitfire_RecordingService; C:\SPD Enterprise\SpitFire_RecordingService\Spitfire_RecordingService.exe [6656 2013-12-31] () [File not signed]
S3 SQL Server Distributed Replay Client; C:\Program Files (x86)\Microsoft SQL Server\120\Tools\DReplayClient\DReplayClient.exe [139968 2014-02-21] (Microsoft Corporation)
S3 SQL Server Distributed Replay Controller; C:\Program Files (x86)\Microsoft SQL Server\120\Tools\DReplayController\DReplayController.exe [345280 2014-02-21] (Microsoft Corporation)
S3 SQLSERVERAGENT; C:\Program Files\Microsoft SQL Server\MSSQL12.MSSQLSERVER\MSSQL\Binn\SQLAGENT.EXE [613056 2015-04-20] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [81536 2014-05-13] (Atheros) [File not signed]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 BTATH_LWFLT; C:\Windows\System32\DRIVERS\btath_lwflt.sys [77464 2014-10-28] (Qualcomm Atheros)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R1 epp; C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\epp.sys [123992 2015-10-23] (Emsisoft Ltd)
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2015-12-24] ()
R1 GIDv2; C:\Windows\System32\Drivers\GIDv2.sys [28648 2015-12-08] (StrikeForce Technologies, Inc.)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28656 2013-04-30] (Intel Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2015-12-27] (Malwarebytes)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [116736 2014-02-19] (Intel Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
S4 RsFx0310; C:\Windows\System32\DRIVERS\RsFx0310.sys [249024 2015-04-20] (Microsoft Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [190088 2015-06-23] (Sandboxie Holdings, LLC)
R2 SSPORT; C:\Windows\SysWOW64\Drivers\SSPORT.sys [11576 2009-10-28] (Samsung Electronics)
R3 usbkey; C:\Windows\System32\DRIVERS\USBKey64.sys [40288 2015-08-14] ()
S3 btmaux; system32\DRIVERS\btmaux.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S2 DgiVecp; \??\C:\Windows\system32\Drivers\DgiVecp.sys [X]
S3 MFE_RR; \??\C:\Users\ADMINI~1\AppData\Local\Temp\mfe_rr.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-12-27 16:36 - 2015-12-27 16:36 - 00017889 _____ C:\Users\Administrator\Desktop\FRST.txt
2015-12-27 16:35 - 2015-12-27 16:36 - 00000000 ____D C:\FRST
2015-12-27 16:35 - 2015-12-27 16:35 - 02370560 _____ (Farbar) C:\Users\Administrator\Desktop\FRST64.exe
2015-12-27 03:22 - 2015-12-27 03:22 - 00002759 _____ C:\Users\Public\Desktop\Sophos Virus Removal Tool.lnk
2015-12-27 03:22 - 2015-12-27 03:22 - 00000000 ____D C:\ProgramData\Sophos
2015-12-27 03:22 - 2015-12-27 03:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
2015-12-27 03:22 - 2015-12-27 03:22 - 00000000 ____D C:\Program Files (x86)\Sophos
2015-12-27 02:25 - 2015-12-27 02:25 - 00004816 _____ C:\Users\Administrator\Desktop\rgkill.txt
2015-12-27 02:13 - 2015-12-27 02:15 - 00000000 ____D C:\Users\Administrator\Desktop\mbar
2015-12-27 02:12 - 2015-12-27 02:13 - 00002122 _____ C:\Users\Administrator\Desktop\Rkill.txt
2015-12-27 02:12 - 2015-12-27 02:12 - 02032072 _____ (Bleeping Computer, LLC) C:\Users\Administrator\Downloads\rkill.exe
2015-12-26 03:38 - 2015-12-26 03:38 - 00002210 _____ C:\DelFix.txt
2015-12-25 20:25 - 2015-12-25 20:57 - 00000000 ____D C:\Windows\erdnt
2015-12-25 17:58 - 2015-12-25 17:58 - 00380416 _____ C:\Users\Administrator\Downloads\explore.exe
2015-12-25 17:57 - 2015-12-25 17:57 - 00380416 _____ C:\Users\Administrator\Downloads\iexplorer.exe
2015-12-25 17:56 - 2015-12-25 17:58 - 00079434 _____ C:\Windows\ntbtlog.txt
2015-12-24 22:54 - 2015-12-24 22:54 - 00001135 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk.1451015906.old
2015-12-24 22:54 - 2015-12-24 22:54 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Opera Software
2015-12-24 22:54 - 2015-12-24 22:54 - 00000000 ____D C:\Users\Administrator\AppData\Local\Opera Software
2015-12-24 22:53 - 2015-12-24 22:58 - 00000000 ____D C:\Program Files (x86)\Opera
2015-12-24 22:45 - 2015-12-24 22:45 - 00022704 _____ C:\Windows\system32\Drivers\EsgScanner.sys
2015-12-24 22:22 - 2015-12-27 16:30 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-12-24 22:22 - 2015-12-27 02:13 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-12-24 22:22 - 2015-12-24 22:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-12-24 22:22 - 2015-12-24 22:22 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-12-24 22:22 - 2015-10-05 09:50 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-12-24 22:22 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2015-12-24 21:19 - 2015-12-27 05:19 - 00000526 _____ C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task d567e468-fa7b-49dc-920a-806d5cb4ced0.job
2015-12-24 21:19 - 2015-12-26 02:00 - 00000526 _____ C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 27a79555-d756-4328-ac77-c26a65a70f3c.job
2015-12-24 21:19 - 2015-12-24 21:19 - 00003626 _____ C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task 27a79555-d756-4328-ac77-c26a65a70f3c
2015-12-24 21:19 - 2015-12-24 21:19 - 00003552 _____ C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task d567e468-fa7b-49dc-920a-806d5cb4ced0
2015-12-24 21:17 - 2015-12-24 21:36 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2015-12-24 21:17 - 2015-12-24 21:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Security Scan
2015-12-24 21:17 - 2015-12-24 21:17 - 00000000 ____D C:\Program Files (x86)\Kaspersky Lab
2015-12-24 21:16 - 2015-12-24 21:19 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2015-12-24 21:16 - 2015-12-24 21:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2015-12-24 01:12 - 2015-12-24 01:12 - 00000000 _____ C:\autoexec.bat
2015-12-24 00:44 - 2015-12-26 00:10 - 00000000 ____D C:\Users\Administrator\Downloads\TMRBLog
2015-12-23 21:58 - 2015-12-23 21:58 - 00784152 _____ (McAfee, Inc.) C:\Users\Administrator\Downloads\rootkitremover.exe
2015-12-23 21:24 - 2015-12-24 18:03 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-12-23 13:16 - 2015-12-23 13:16 - 00110560 _____ C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2015-12-23 13:11 - 2015-12-23 13:11 - 02354776 _____ C:\Windows\system32\FNTCACHE.DAT
2015-12-22 21:55 - 2015-12-22 21:55 - 05167224 _____ C:\Users\Administrator\Desktop\George Boufidis .pdf
2015-12-22 21:16 - 2015-12-22 21:16 - 00000000 ____D C:\Users\Administrator\Desktop\Dr Jonas Laforge
2015-12-22 21:14 - 2015-12-22 21:14 - 00277464 _____ C:\Users\Administrator\Desktop\Dr Jonas Laforge.zip
2015-12-22 18:38 - 2015-12-22 18:38 - 00000000 ____D C:\ProgramData\Emsisoft
2015-12-22 18:34 - 2015-12-22 18:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware
2015-12-22 18:33 - 2015-12-27 16:29 - 00000000 ____D C:\Program Files\Emsisoft Anti-Malware
2015-12-22 18:33 - 2015-12-22 18:33 - 08656400 _____ (Trend Micro Inc.) C:\Users\Administrator\Downloads\RootkitBuster_v5_1061.exe
2015-12-22 18:32 - 2015-12-22 18:32 - 00102912 _____ (bartblaze) C:\Users\Administrator\Downloads\Rem-VBSworm.exe
2015-12-22 18:29 - 2015-12-23 20:25 - 00000000 ____D C:\ProgramData\Malwarebytes Anti-Exploit
2015-12-22 18:28 - 2015-12-22 18:33 - 205471992 _____ (Emsisoft Ltd. ) C:\Users\Administrator\Downloads\EmsisoftAntiMalwareSetup.exe.exe
2015-12-22 18:25 - 2015-12-22 18:25 - 01847144 _____ (Malwarebytes ) C:\Users\Administrator\Downloads\mbae-setup-1.08.1.1044.exe
2015-12-22 18:14 - 2015-12-22 21:15 - 00277310 _____ C:\Users\Administrator\Desktop\Patient -George Boufidis.pdf
2015-12-21 15:59 - 2015-12-27 02:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2015-12-21 15:59 - 2015-12-27 02:19 - 00000000 ____D C:\Program Files\RogueKiller
2015-12-21 15:51 - 2015-12-08 10:51 - 00028648 _____ (StrikeForce Technologies, Inc.) C:\Windows\system32\Drivers\gidv2.sys
2015-12-21 15:15 - 2015-12-21 15:40 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\log
2015-12-15 16:46 - 2015-12-15 16:46 - 00204756 _____ C:\Users\Administrator\Desktop\clean phones 17063.csv
2015-12-08 10:58 - 2015-12-08 10:58 - 00396440 _____ (StrikeForce Technologies Inc.) C:\Windows\system32\GIDHOOK64.DLL
2015-12-08 10:58 - 2015-12-08 10:58 - 00380576 ____N (StrikeForce Technologies Inc.) C:\Windows\system32\GIDHookLogon64.dll
2015-12-08 10:58 - 2015-12-08 10:58 - 00334992 _____ (StrikeForce Technologies Inc.) C:\Windows\SysWOW64\GIDHook.dll
2015-12-08 10:58 - 2015-12-08 10:58 - 00283800 _____ (easyhook.codeplex.com) C:\Windows\system32\EasyHook64.dll
2015-12-08 10:58 - 2015-12-08 10:58 - 00187024 ____N (StrikeForce Technologies Inc.) C:\Windows\system32\GIDBIN3.DLL
2015-12-08 10:58 - 2015-12-08 10:58 - 00187024 _____ (StrikeForce Technologies Inc.) C:\Windows\SysWOW64\GIDBIN3.dll
2015-12-08 10:58 - 2015-12-08 10:58 - 00104608 ____N (StrikeForce Technologies Inc.) C:\Windows\system32\GIDLogonCP64.dll
2015-12-08 10:58 - 2015-12-08 10:58 - 00098448 _____ (StrikeForce Technologies Inc.) C:\Windows\system32\GIDBIN1.DLL
2015-12-08 10:58 - 2015-12-08 10:58 - 00090784 _____ (StrikeForce Technologies Inc) C:\Windows\SysWOW64\SysEventMenu.dll
2015-12-08 10:58 - 2015-12-08 10:58 - 00086672 _____ (StrikeForce Technologies Inc.) C:\Windows\SysWOW64\GIDBIN1.dll
2015-12-08 10:51 - 2015-12-08 10:51 - 00148464 ____N (StrikeForce Technologies Inc.) C:\Windows\system32\GidSc64.dll
2015-12-08 10:51 - 2015-12-08 10:51 - 00130424 _____ (StrikeForce Technologies Inc.) C:\Windows\SysWOW64\gidSc32.dll
2015-12-04 15:24 - 2015-12-04 15:24 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Wireshark
2015-12-04 00:32 - 2015-12-15 20:32 - 00017408 _____ C:\Users\Administrator\Documents\Kamasutra.xlsx
2015-11-29 01:01 - 2014-02-21 05:20 - 00052416 _____ (Microsoft Corporation) C:\Windows\system32\perf-ReportServer-rsctr12.1.4100.1.dll
2015-11-29 01:01 - 2014-02-21 05:20 - 00045760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\perf-ReportServer-rsctr12.1.4100.1.dll
2015-11-29 00:41 - 2015-11-29 00:41 - 00000000 ____D C:\Intel
2015-11-29 00:21 - 2015-11-29 00:21 - 00000000 ____D C:\Users\Administrator\AppData\Local\Intel
2015-11-29 00:20 - 2015-11-29 00:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel Driver Update Utility
2015-11-29 00:20 - 2015-11-29 00:20 - 00000000 ____D C:\Program Files (x86)\Intel Driver Update Utility
2015-11-29 00:06 - 2015-11-29 00:06 - 00000000 ____D C:\Users\Administrator\Intel
2015-11-28 23:54 - 2015-11-28 23:54 - 00001436 _____ C:\Users\Administrator\Desktop\SpitFireControlCenter - Shortcut.lnk
2015-11-28 23:22 - 2015-11-28 23:22 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\SUPERAntiSpyware.com
2015-11-28 23:22 - 2015-11-28 23:22 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2015-11-28 22:56 - 2015-11-28 22:57 - 24041864 _____ (SUPERAntiSpyware) C:\Users\Administrator\Downloads\SUPERAntiSpyware.exe
2015-11-28 22:21 - 2015-12-27 02:15 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-11-28 22:21 - 2015-12-21 15:27 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-11-28 22:20 - 2015-11-28 22:20 - 16563352 _____ (Malwarebytes Corp.) C:\Users\Administrator\Downloads\mbar-1.09.3.1001.exe
2015-11-28 21:40 - 2015-11-28 21:40 - 00000000 ____D C:\Users\Administrator\Documents\Version Cue
2015-11-27 23:59 - 2015-11-27 23:59 - 00000000 ____D C:\Windows\pss

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-12-27 16:35 - 2009-07-13 22:20 - 00000000 ____D C:\Windows
2015-12-27 16:34 - 2009-07-14 00:13 - 01094326 _____ C:\Windows\system32\PerfStringBackup.INI
2015-12-27 16:34 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\inf
2015-12-27 16:27 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-12-27 02:19 - 2015-08-26 11:27 - 00036608 _____ C:\Windows\system32\Drivers\TrueSight.sys
2015-12-27 02:12 - 2009-07-13 23:45 - 00021312 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-12-27 02:12 - 2009-07-13 23:45 - 00021312 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-12-27 02:10 - 2015-08-19 20:01 - 00003970 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{457B9D94-DBA1-45CA-8B54-1BFDDB92A0F5}
2015-12-26 04:09 - 2015-08-19 17:32 - 00000000 ____D C:\Users\Administrator\AppData\Local\CrashDumps
2015-12-25 21:55 - 2009-07-14 00:32 - 00000000 ____D C:\Windows\Downloaded Program Files
2015-12-25 20:47 - 2009-07-13 21:34 - 00000215 _____ C:\Windows\system.ini
2015-12-25 04:03 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\Branding
2015-12-24 22:58 - 2015-09-05 21:14 - 00001413 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-12-24 20:09 - 2015-10-22 14:10 - 00000000 ____D C:\Users\Administrator\Desktop\Scripts
2015-12-24 01:54 - 2015-11-12 19:00 - 00000000 ____D C:\Users\MSSQLFDLauncher
2015-12-23 21:51 - 2015-10-16 17:43 - 00000224 _____ C:\Users\Administrator\Desktop\Dialer.url
2015-12-23 20:20 - 2009-07-14 00:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-12-23 14:34 - 2015-08-14 10:34 - 00000000 ____D C:\Users\Administrator\AppData\Local\LogMeIn Rescue Calling Card
2015-12-23 14:33 - 2015-08-14 10:34 - 00000000 ____D C:\Program Files (x86)\LogMeIn Rescue Calling Card
2015-12-23 14:13 - 2015-08-14 10:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpitFire Online Support
2015-12-23 14:11 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\ModemLogs
2015-12-22 18:19 - 2015-08-28 20:25 - 11323704 _____ (SurfRight B.V.) C:\Users\Administrator\Downloads\HitmanPro_x64.exe
2015-12-21 15:51 - 2015-09-08 18:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GuardedID
2015-12-21 15:51 - 2015-09-08 17:35 - 00000000 ____D C:\Users\Administrator\AppData\Local\Downloaded Installations
2015-12-21 15:40 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\IME
2015-12-19 19:49 - 2015-08-28 20:30 - 00002284 _____ C:\Windows\Sandboxie.ini
2015-12-18 16:48 - 2015-08-14 11:06 - 00000000 ____D C:\Users\Administrator\Documents\SQL Server Management Studio
2015-12-18 16:42 - 2015-08-14 11:18 - 00000000 ____D C:\AgentApp
2015-12-18 16:28 - 2015-08-14 10:50 - 00000000 ____D C:\Program Files (x86)\CTI32
2015-12-13 12:14 - 2015-11-12 19:00 - 00000000 ____D C:\Users\MSSQLServerOLAPService
2015-12-13 12:14 - 2015-11-12 19:00 - 00000000 ____D C:\Users\MSSQLSERVER
2015-12-13 12:14 - 2015-11-12 19:00 - 00000000 ____D C:\Users\MsDtsServer120
2015-12-11 20:53 - 2015-10-06 20:06 - 00001458 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
2015-12-08 22:39 - 2010-11-20 22:27 - 00301728 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-12-04 00:19 - 2015-08-14 11:06 - 00000000 ____D C:\Users\Administrator\Documents\Visual Studio 2008
2015-12-01 20:50 - 2015-08-19 18:20 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Skype
2015-11-29 16:07 - 2015-09-08 18:21 - 00000000 ____D C:\ProgramData\GID
2015-11-29 01:01 - 2015-11-12 19:00 - 00000000 ____D C:\Users\ReportServer
2015-11-29 01:01 - 2015-11-12 18:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft SQL Server 2014
2015-11-29 01:01 - 2010-11-21 02:16 - 00000000 ___RD C:\Users\Public\Recorded TV
2015-11-29 00:56 - 2015-08-14 10:56 - 00000000 ____D C:\Program Files\Microsoft SQL Server
2015-11-29 00:56 - 2015-08-14 10:56 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server
2015-11-29 00:48 - 2015-08-13 15:36 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2015-11-29 00:48 - 2015-08-13 15:36 - 00000000 ____D C:\Program Files\Intel
2015-11-29 00:41 - 2015-08-13 15:36 - 00000000 ____D C:\Program Files (x86)\Intel
2015-11-29 00:41 - 2015-08-13 15:35 - 00000000 ____D C:\Program Files (x86)\InstallShield Installation Information
2015-11-29 00:20 - 2015-08-13 14:23 - 00000000 ____D C:\ProgramData\Package Cache
2015-11-29 00:06 - 2015-08-14 10:33 - 00000000 ____D C:\Users\Administrator
2015-11-29 00:04 - 2015-08-14 10:57 - 00000000 ____D C:\Windows\SysWOW64\1033
2015-11-29 00:04 - 2015-08-14 10:57 - 00000000 ____D C:\Windows\system32\1033
2015-11-28 23:30 - 2015-08-14 11:05 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-11-28 21:42 - 2015-08-18 10:50 - 00000000 ____D C:\Users\Administrator\AppData\Local\Adobe
2015-11-28 21:40 - 2015-08-14 10:33 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Adobe
2015-11-28 00:58 - 2015-09-12 20:23 - 00002814 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2015-11-28 00:58 - 2015-08-19 13:11 - 00003888 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task

==================== Files in the root of some directories =======

2015-08-26 20:49 - 2015-08-26 20:49 - 0004096 _____ () C:\Users\Administrator\AppData\Local\keyfile3.drm

Some files in TEMP:
====================
C:\Users\Administrator\AppData\Local\Temp\dllnt_dump.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-12-20 01:13

==================== End of FRST.txt ============================

 

[Boufeez]

Additional scan result of Farbar Recovery Scan Tool (x64) Version:27-12-2015
Ran by Administrator (2015-12-27 16:36:33)
Running from C:\Users\Administrator\Desktop
Windows 7 Professional Service Pack 1 (X64) (2015-08-13 20:31:49)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3097266444-2333562351-893229259-500 - Administrator - Enabled) => C:\Users\Administrator
Guest (S-1-5-21-3097266444-2333562351-893229259-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Disabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AV: Emsisoft Anti-Malware (Disabled - Up to date) {2F44E1F9-850B-1C7A-0E56-EB2E0A3E20C9}
AS: Microsoft Security Essentials (Disabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Emsisoft Anti-Malware (Disabled - Up to date) {9425001D-A331-13F4-34E6-D05C71B96A74}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Add or Remove Adobe Creative Suite 3 Master Collection (HKLM-x32\...\Adobe_4dcfd9b7e901b57f81f667144603236) (Version: 1.0 - Adobe Systems Incorporated)
Adobe Flash Player 18 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.185 - Adobe Systems Incorporated)
Adobe Flash Player 9 ActiveX (HKLM-x32\...\{BC4F8E84-5E29-49EC-B4E7-E6F9CB50986C}) (Version: 9.0.45.0 - Adobe Systems, Inc.)
Adobe Flash Player 9 Plugin (HKLM-x32\...\{88D422DB-E9C7-4E16-9D80-2999F4FD6AD9}) (Version: 9.0.45.0 - Adobe Systems, Inc.)
AgentApp (HKLM-x32\...\{AF941339-68D2-4F19-9FEA-F085EF20E33E}) (Version: 1.0.0 - OPC Marketing, Inc.)
AHV content for Acrobat and Flash (x32 Version: 1 - Adobe Systems Incorporated) Hidden
AMD Catalyst Install Manager (HKLM\...\{F62CA14F-AB88-4A97-7752-BF36193B4CC3}) (Version: 8.0.903.0 - Advanced Micro Devices, Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.09 - Piriform)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
CTI32 (HKLM-x32\...\{859C79E6-9913-437E-888E-C8891D8D32C5}) (Version: 4.5.0.0 - Inventive Labs, LLC)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell WLAN and Bluetooth Client Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Dell Inc.)
Emsisoft Anti-Malware (HKLM\...\{5502032C-88C1-4303-99FE-B5CBD7684CEA}_is1) (Version: 11.0 - Emsisoft Ltd.)
GuardedID (HKLM-x32\...\{ECD3D782-D51B-424D-A87F-5F5A8D531BDF}) (Version: 4.00.0038 - StrikeForce Technologies, Inc)
Hmp Elements Server (HKLM-x32\...\{E9DD8AB9-0D79-47A0-9142-A3DC7FB789A1}) (Version: 1.0.0 - Inventive Labs)
Intel Driver Update Utility (HKLM-x32\...\{fe92d390-13ee-4660-a2f8-39a066fdffe0}) (Version: 2.2.0.5 - Intel)
Intel(R) Driver Update Utility 2.2.0.5 (x32 Version: 2.2.0.1 - Intel) Hidden
Intel(R) Manageability Engine Firmware Recovery Agent (HKLM-x32\...\{A6C48A9F-694A-4234-B3AA-62590B668927}) (Version: 1.0.0.36702 - Intel Corporation)
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.0.1168 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.0.1310 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.6.0.1033 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.5.0.19 - Intel Corporation)
Itibiti RTC (x32 Version: 0.0.1 - Itibiti Inc) Hidden
Java 8 Update 66 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218066F0}) (Version: 8.0.660.18 - Oracle Corporation)
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Kaspersky Security Scan (HKLM-x32\...\InstallWIX_{D1282694-0693-41A8-ABC1-6D1FFC1F65C5}) (Version: 15.0.0.740 - Kaspersky Lab)
Kaspersky Security Scan (x32 Version: 15.0.0.740 - Kaspersky Lab) Hidden
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Help Viewer 1.1 (HKLM\...\Microsoft Help Viewer 1.1) (Version: 1.1.40219 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.6.140.0 - Microsoft Corporation)
Microsoft ODBC Driver 11 for SQL Server (HKLM\...\{BF5ABBDB-D3AA-4BCB-8D10-FCD4A4BB7F93}) (Version: 12.1.4100.1 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Report Viewer 2014 Runtime (HKLM-x32\...\{327E9C0D-1687-414F-923E-F5979E549548}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft Report Viewer Redistributable 2008 SP1 (HKLM-x32\...\Microsoft Report Viewer Redistributable 2008 (KB971119)) (Version: - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files (HKLM\...\{6292D514-17A4-403F-98F9-E150F10C043D}) (Version: 10.3.5500.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client (HKLM\...\{49D665A2-4C2A-476E-9AB8-FCC425F526FC}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2014 (64-bit) (HKLM\...\Microsoft SQL Server SQLServer2014) (Version: - Microsoft Corporation)
Microsoft SQL Server 2014 Policies (HKLM-x32\...\{1C30FE7E-8A8C-4492-89D6-10CB20C3B0EB}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 RS Add-in for SharePoint (HKLM\...\{E4B2839D-5C17-4A21-AB5A-2540AAD6F776}) (Version: 12.1.4100.1 - Microsoft Corporation)
Microsoft SQL Server 2014 Setup (English) (HKLM\...\{C7E2483C-10A4-41E3-A2F6-240186FE3E41}) (Version: 12.1.4100.1 - Microsoft Corporation)
Microsoft SQL Server 2014 Transact-SQL Compiler Service (HKLM\...\{1A73AF5D-69EE-4AE0-917C-2429CE593A86}) (Version: 12.1.4100.1 - Microsoft Corporation)
Microsoft SQL Server 2014 Transact-SQL ScriptDom (HKLM\...\{FF7DDA05-6EA7-4C01-B44A-3E57F8B9B97B}) (Version: 12.1.4100.1 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM-x32\...\{C3F6F200-6D7B-4879-B9EE-700C0CE1FCDA}) (Version: 10.51.2500.0 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (x64) (HKLM\...\{C9F697B9-FAC8-4B76-9D3D-40FA3BFA4F9E}) (Version: 10.51.2500.0 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM\...\{E3F613C1-105F-4717-BFE7-007729A95D67}) (Version: 12.1.4100.1 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219 (HKLM-x32\...\{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Shell (Isolated) - ENU (HKLM-x32\...\{D64B6984-242F-32BC-B008-752806E5FC44}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 - ENU (HKLM-x32\...\{4ECF4BDC-8387-329A-ABE9-CF5798F84BB2}) (Version: 9.0.35191 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications x64 Runtime 3.0 (HKLM\...\{F14401A9-F0A0-33CC-8444-F60823A60DEB}) (Version: 10.0.40220 - Microsoft Corporation)
Microsoft VSS Writer for SQL Server 2014 (HKLM\...\{366CD715-2FF4-40B4-A8B4-A05E5D21A945}) (Version: 12.1.4100.1 - Microsoft Corporation)
Mozilla Firefox 43.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 43.0.2 (x86 en-US)) (Version: 43.0.2 - Mozilla)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.8.1 - Notepad++ Team)
PDF Settings (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.334 - Qualcomm Atheros Communications)
Realtek Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 7.67.1226.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6833 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.2.8400.30137 - Realtek Semiconductor Corp.)
RogueKiller version 11 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 11 - Adlice Software)
Samsung Scan Assistant (HKLM-x32\...\Samsung Scan Assistant) (Version: 1.04.22.00 - Samsung Electronics Co., Ltd.)
Sandboxie 4.20 (64-bit) (HKLM\...\Sandboxie) (Version: 4.20 - Sandboxie Holdings, LLC)
Service Pack 1 for SQL Server 2014 (KB3058865) (64-bit) (HKLM\...\KB3058865) (Version: 12.1.4100.1 - Microsoft Corporation)
Skype™ 7.8 (HKLM-x32\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.8.102 - Skype Technologies S.A.)
Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.5.5 - Sophos Limited)
Spitfire Enterprise Setup (HKLM-x32\...\{B06EDCA9-BB6F-4129-89BF-619CF7E8C895}) (Version: 1.0.0 - OPC Marketing, Inc.)
SpitFire Online Support (HKLM-x32\...\{7E117A6A-8579-4435-8290-4089C1C5BEFA}) (Version: 5.2.142 - LogMeIn, Inc.)
SQL Server 2014 Analysis Services (Version: 12.1.4100.1 - Microsoft Corporation) Hidden
SQL Server 2014 Client Tools (Version: 12.1.4100.1 - Microsoft Corporation) Hidden
SQL Server 2014 Common Files (Version: 12.1.4100.1 - Microsoft Corporation) Hidden
SQL Server 2014 Data quality client (Version: 12.1.4100.1 - Microsoft Corporation) Hidden
SQL Server 2014 Data quality service (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server 2014 Data quality service (Version: 12.1.4100.1 - Microsoft Corporation) Hidden
SQL Server 2014 Database Engine Services (Version: 12.1.4100.1 - Microsoft Corporation) Hidden
SQL Server 2014 Database Engine Shared (Version: 12.1.4100.1 - Microsoft Corporation) Hidden
SQL Server 2014 Distributed Replay (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server 2014 Distributed Replay (Version: 12.1.4100.1 - Microsoft Corporation) Hidden
SQL Server 2014 Documentation Components (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server 2014 Full text search (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server 2014 Integration Services (Version: 12.1.4100.1 - Microsoft Corporation) Hidden
SQL Server 2014 Management Studio (Version: 12.1.4100.1 - Microsoft Corporation) Hidden
SQL Server 2014 Master Data Services (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server 2014 Master Data Services (Version: 12.1.4100.1 - Microsoft Corporation) Hidden
SQL Server 2014 Reporting Services (Version: 12.1.4100.1 - Microsoft Corporation) Hidden
SQL Server 2014 RS_SharePoint_SharedService (Version: 12.1.4100.1 - Microsoft Corporation) Hidden
SQL Server 2014 SQL Data Quality Common (Version: 12.1.4100.1 - Microsoft Corporation) Hidden
SQL Server Browser for SQL Server 2014 (HKLM-x32\...\{3204DE95-97D2-4261-A286-98A262E171D4}) (Version: 12.1.4100.1 - Microsoft Corporation)
Sql Server Customer Experience Improvement Program (Version: 12.1.4100.1 - Microsoft Corporation) Hidden
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1210 - SUPERAntiSpyware.com)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Visual Studio 2010 Prerequisites - English (HKLM\...\{662014D2-0450-37ED-ABAE-157C88127BEB}) (Version: 10.0.40219 - Microsoft Corporation)
Windows Driver Package - KEYLOK (usbkey) USB (06/10/2010 64.0.0.0) (HKLM\...\B048A6D4B0188E5A802ADFF30A7C78FA4AD99BE0) (Version: 06/10/2010 64.0.0.0 - KEYLOK)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Wireshark 1.12.4 (64-bit) (HKLM-x32\...\Wireshark) (Version: 1.12.4 - The Wireshark developer community, hxxp://www.wireshark.org)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3097266444-2333562351-893229259-500_Classes\CLSID\{8A791F0C-C63C-4EC5-B97F-FBCE74EDBC54}\InprocServer32 -> C:\Program Files\TextPad 7\System\ShellExt64.dll => No File

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {039C781B-6DBA-480A-BAAE-F4526492FBF2} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2015-09-10] (Microsoft Corporation)
Task: {35426E9E-2325-4447-A034-3D53CA43A05E} - System32\Tasks\SUPERAntiSpyware Scheduled Task 27a79555-d756-4328-ac77-c26a65a70f3c => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-07] (SUPERAdBlocker.com)
Task: {36399346-416E-4E77-8CB0-875D9FC80F51} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2015-09-10] (Microsoft Corporation)
Task: {382D8390-2F47-4971-8485-67904EE6C098} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2015-09-10] (Microsoft)
Task: {42B33681-5FD0-4544-8B62-327707AD5763} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated)
Task: {54F94D1A-6512-449C-9545-7497ADAE0B77} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2012-06-14] (Intel Corporation)
Task: {59D2A24E-30F4-4538-BDAB-E172A5CC94EF} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-08-19] (Piriform Ltd)
Task: {8961A1AA-9AC7-4492-865D-D7EDBB884375} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2015-09-10] (Microsoft Corporation)
Task: {99BB52DA-9C66-4AD6-AEE4-05DFE207C3ED} - System32\Tasks\SUPERAntiSpyware Scheduled Task d567e468-fa7b-49dc-920a-806d5cb4ced0 => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-07] (SUPERAdBlocker.com)
Task: {E19B4111-5B41-4B98-8C1C-E3B5CAFC271C} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2012-06-14] (Intel Corporation)
Task: {FA7C3623-1B87-4403-BF7B-D0DC8AAB7385} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2015-09-10] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 27a79555-d756-4328-ac77-c26a65a70f3c.job => C:\Program Files\SUPERAntiSpyware\SASTask.exedC:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
Task: C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task d567e468-fa7b-49dc-920a-806d5cb4ced0.job => C:\Program Files\SUPERAntiSpyware\SASTask.exedC:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-07-01 08:45 - 2015-07-01 08:45 - 00022528 _____ () C:\Windows\System32\us005lm.dll
2015-08-14 11:12 - 2015-07-23 17:14 - 00007168 _____ () C:\SPD Enterprise\SpitFire_BusinessService\Spitfire_BusinessService.exe
2015-08-14 11:12 - 2015-09-14 11:23 - 00007680 _____ () C:\SPD Enterprise\SpitFire_LoginService\Spitfire_LoginService.exe
2015-08-14 11:12 - 2015-07-29 16:10 - 00006656 _____ () C:\SPD Enterprise\SpitFire_DialService\Spitfire_DialService.exe
2015-06-03 13:44 - 2015-06-03 13:44 - 00315648 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\dblite.dll
2015-08-13 15:36 - 2013-01-24 08:57 - 01199576 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2014-03-31 20:35 - 2014-03-31 20:35 - 00270016 _____ () C:\Program Files (x86)\Windows Live\Writer\en\WindowsLive.Writer.Localization.resources.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-3097266444-2333562351-893229259-500\...\dell.com -> dell.com

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2015-12-25 20:47 - 00000027 ____N C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3097266444-2333562351-893229259-500\Control Panel\Desktop\\Wallpaper -> C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: FLEXnet Licensing Service => 3
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: Spitfire_RecordingService => 2
MSCONFIG\startupfolder: C:^Users^Administrator^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk => C:\Windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
MSCONFIG\startupreg: 3200 Scan2PC => "C:\Windows\twain_32\Samsung\SCX3200\Scan2Pc.exe"
MSCONFIG\startupreg: Acrobat Assistant 8.0 => "C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: GIDDesktop => C:\Program Files (x86)\SFT\GuardedID\gidd.exe /s
MSCONFIG\startupreg: IAStorIcon => "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60
MSCONFIG\startupreg: Logitech Download Assistant => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
MSCONFIG\startupreg: MSC => "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
MSCONFIG\startupreg: RESTART_STICKY_NOTES => C:\Windows\System32\StikyNot.exe
MSCONFIG\startupreg: RtHDVBg => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /MAXX5REC
MSCONFIG\startupreg: RTHDVCPL => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
MSCONFIG\startupreg: SandboxieControl => "C:\Program Files\Sandboxie\SbieCtrl.exe"
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: USB3MON => "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [TCP Query User{AE6C5FC8-A0D9-46DD-A1B5-155D97D0F734}C:\users\office-1\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe] => (Allow) C:\users\office-1\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe
FirewallRules: [UDP Query User{60E14D3B-9877-4159-BEC0-8D61D27AEBA4}C:\users\office-1\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe] => (Allow) C:\users\office-1\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe
FirewallRules: [TCP Query User{6585E25D-EB32-4621-9E08-209FDB7A6ED0}C:\program files (x86)\logmein rescue calling card\callingcard.exe] => (Allow) C:\program files (x86)\logmein rescue calling card\callingcard.exe
FirewallRules: [UDP Query User{77636F3D-D090-484A-A6EA-77963587E151}C:\program files (x86)\logmein rescue calling card\callingcard.exe] => (Allow) C:\program files (x86)\logmein rescue calling card\callingcard.exe
FirewallRules: [{BCF523DE-F86A-4691-8B46-A11BCCC018F3}] => (Allow) LPort=5080
FirewallRules: [{41E75145-6C45-495B-932D-C4C34FFF0711}] => (Allow) C:\Users\Administrator\AppData\Local\Temp\Ins73AE\Setup\bin\MainInst.exe
FirewallRules: [{14AEC39A-A671-473D-B8C8-BC8172493BB3}] => (Allow) C:\Users\Administrator\AppData\Local\Temp\Ins73AE\Setup\bin\MainInst.exe
FirewallRules: [{189AD50A-7A82-422B-96B2-781DC2AF3253}] => (Allow) C:\Windows\twain_32\Samsung\ScanMgr.exe
FirewallRules: [{6B931C08-4EBE-4FDF-A52C-C2256BD3C1CA}] => (Allow) C:\Windows\twain_32\Samsung\ScanMgr.exe
FirewallRules: [{301F79D9-3FAC-4EBA-8ECD-94C314250F5C}] => (Allow) C:\Windows\twain_32\Samsung\SCX3200\Scan2Pc.exe
FirewallRules: [{7DF48D35-D45C-4C01-836A-C1EB79F4B155}] => (Allow) C:\Windows\twain_32\Samsung\SCX3200\Scan2Pc.exe
FirewallRules: [{72DF3227-99F4-409A-85FE-32991DEDB6DE}] => (Allow) C:\Windows\twain_32\Samsung\SCX3200\Sscan2io.exe
FirewallRules: [{5449BC9F-00BA-44F8-8DFA-31DC80A90943}] => (Allow) C:\Windows\twain_32\Samsung\SCX3200\Sscan2io.exe
FirewallRules: [{F4C00A51-F149-4361-941D-ACA1BB905ECE}] => (Allow) C:\Program Files (x86)\Scan Assistant\USDAgent.exe
FirewallRules: [{6A8E2750-F342-4535-AF17-4C8A38CE6FF6}] => (Allow) C:\Program Files (x86)\Scan Assistant\USDAgent.exe
FirewallRules: [{5EC0075F-8C4F-4223-AB9F-EEEBDD344F81}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{2AD4BD74-DDAD-4DA4-B41D-432263867F9E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{27DB3D31-D527-48C6-923B-EF28F6E615C8}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{006240AB-FB49-4709-B2CD-75F08D8CAB27}C:\program files (x86)\ringcentral for windows\softphone.exe] => (Allow) C:\program files (x86)\ringcentral for windows\softphone.exe
FirewallRules: [UDP Query User{38D14734-4070-432B-AEF6-C69337B504A5}C:\program files (x86)\ringcentral for windows\softphone.exe] => (Allow) C:\program files (x86)\ringcentral for windows\softphone.exe
FirewallRules: [{CC0D81D8-676B-4CA0-8608-38760AD57BA8}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{2DEDCFE4-2AFC-42E8-BB36-E28D7DBD60DF}] => (Allow) LPort=2869
FirewallRules: [{79D090B2-837A-479B-97FD-92F2436820ED}] => (Allow) LPort=1900
FirewallRules: [{AD07EDFE-D4A8-440A-9E52-A6BFD6A0739D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{273B9CA7-84C8-4917-BEB8-D61DB8C4599C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Restore Points =========================

22-12-2015 22:38:54 JRT Pre-Junkware Removal
22-12-2015 22:41:56 JRT Pre-Junkware Removal
23-12-2015 13:23:49 Windows Update
24-12-2015 00:49:58 JRT Pre-Junkware Removal
24-12-2015 22:28:12 Removed 7-Zip 9.20 (x64 edition)
25-12-2015 21:24:23 JRT Pre-Junkware Removal
27-12-2015 02:23:07 Windows Update
27-12-2015 03:21:57 Installed Sophos Virus Removal Tool.

==================== Faulty Device Manager Devices =============

Name: Generic Bluetooth Adapter
Description: Generic Bluetooth Adapter
Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Manufacturer: GenericAdapter
Service: BTHUSB
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Dell Wireless 1703 802.11b/g/n (2.4GHz)
Description: Dell Wireless 1703 802.11b/g/n (2.4GHz)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Atheros Communications Inc.
Service: athr
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (12/27/2015 04:29:26 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/27/2015 04:28:45 PM) (Source: Report Server Windows Service (MSSQLSERVER)) (EventID: 107) (User: )
Description: Report Server Windows Service (MSSQLSERVER) cannot connect to the report server database.

Error: (12/27/2015 03:22:37 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: HmpElementsServer.exe, version: 2.2.9.1, time stamp: 0x54efa03c
Faulting module name: HmpElementsUmc.dll, version: 2.2.9.1, time stamp: 0x54e80171
Exception code: 0xc0000005
Fault offset: 0x00a2bd28
Faulting process id: 0xa04
Faulting application start time: 0xHmpElementsServer.exe0
Faulting application path: HmpElementsServer.exe1
Faulting module path: HmpElementsServer.exe2
Report Id: HmpElementsServer.exe3

Error: (12/27/2015 03:22:36 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: HmpElementsServer.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.AccessViolationException
Stack:
at HmpElements.Server.BeepDetectorUmc.FreeBeepDetector(IntPtr)
at HmpElements.Server.BeepDetector.Finalize()

Error: (12/27/2015 02:05:08 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/27/2015 02:04:41 AM) (Source: Report Server Windows Service (MSSQLSERVER)) (EventID: 107) (User: )
Description: Report Server Windows Service (MSSQLSERVER) cannot connect to the report server database.

Error: (12/27/2015 02:04:37 AM) (Source: PerfNet) (EventID: 2005) (User: )
Description:

Error: (12/26/2015 04:09:19 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.18098, time stamp: 0x5633e44a
Faulting module name: ONLINE~1.OCX_unloaded, version: 0.0.0.0, time stamp: 0x55546935
Exception code: 0xc0000005
Fault offset: 0x5d4808e0
Faulting process id: 0x175c
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3

Error: (12/26/2015 01:11:30 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/26/2015 01:11:11 AM) (Source: Report Server Windows Service (MSSQLSERVER)) (EventID: 107) (User: )
Description: Report Server Windows Service (MSSQLSERVER) cannot connect to the report server database.


System errors:
=============
Error: (12/27/2015 04:28:04 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The DgiVecp service failed to start due to the following error:
%%2

Error: (12/27/2015 05:31:00 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk4\DR4.

Error: (12/27/2015 05:31:00 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk3\DR3.

Error: (12/27/2015 05:31:00 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.

Error: (12/27/2015 05:31:00 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk2\DR2.

Error: (12/27/2015 03:22:30 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The CTI32 Telephony Engine service terminated unexpectedly. It has done this 1 time(s).

Error: (12/27/2015 02:04:15 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The DgiVecp service failed to start due to the following error:
%%2

Error: (12/26/2015 04:09:56 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk4\DR4.

Error: (12/26/2015 04:09:56 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk3\DR3.

Error: (12/26/2015 04:09:56 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk2\DR2.


CodeIntegrity:
===================================
Date: 2015-12-25 21:39:25.560
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Emsisoft Anti-Malware\a2hooks64.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-12-25 20:59:02.982
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Emsisoft Anti-Malware\a2hooks64.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-12-25 20:44:44.221
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-12-25 20:44:44.208
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-11-29 00:33:03.932
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\ADMINI~1\AppData\Local\Temp\PCIUtil.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-11-29 00:33:03.918
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\ADMINI~1\AppData\Local\Temp\PCIUtil.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-11-29 00:24:14.144
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\Administrator\Desktop\PCIUtil.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-11-29 00:24:14.128
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\Administrator\Desktop\PCIUtil.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-11-29 00:24:13.270
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\ADMINI~1\AppData\Local\Temp\PCIUtil.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-11-29 00:24:13.254
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\ADMINI~1\AppData\Local\Temp\PCIUtil.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7-4770 CPU @ 3.40GHz
Percentage of memory in use: 31%
Total physical RAM: 12237.72 MB
Available physical RAM: 8393.58 MB
Total Virtual: 24473.65 MB
Available Virtual: 19790.53 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:931.28 GB) (Free:760.41 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt ============================

 

[Boufeez]

Is the MBR (master boot record) corrupted ? Seen a few of your posts, Your really good at what you do! Much appreciated.

 

[Broni]

Thank you
MBR seems to be OK.

Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2

• Close all the running programs
• Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
• Otherwise just double-click on RogueKiller.exe
• Pre-scan will start. Let it finish.
• Click on SCAN button.
• Wait until the Status box shows Scan Finished
• Click on Delete.
• Wait until the Status box shows Deleting Finished.
• Click on Report and copy/paste the content of the Notepad into your next reply.
• RKreport.txt could also be found on your desktop.
• If more than one log is produced post all logs.
• If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

Please download Malwarebytes Anti-Malware (MBAM) to your desktop.
NOTE. If you already have MBAM 2.0 installed scroll down.

• Double-click mbam-setup-2.0.0.1000.exe and follow the prompts to install the program.
  
• At the end, be sure a checkmark is placed next to the following:
  
• Launch Malwarebytes Anti-Malware
• A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  
• Click Finish.
• On the Dashboard, click the 'Update Now >>' link
• After the update completes, click the 'Scan Now >>' button.
  
• Or, on the Dashboard, click the Scan Now >> button.
• If an update is available, click the Update Now button.
  
• A Threat Scan will begin.
• When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
• In most cases, a restart will be required.
• Wait for the prompt to restart the computer to appear, then click on Yes.

If you already have MBAM 2.0 installed:

• On the Dashboard, click the 'Update Now >>' link
• After the update completes, click the 'Scan Now >>' button.
  
• Or, on the Dashboard, click the Scan Now >> button.
• If an update is available, click the Update Now button.
  
• A Threat Scan will begin.
• When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
• In most cases, a restart will be required.
• Wait for the prompt to restart the computer to appear, then click on Yes.

How to get logs:
(Export log to save as txt)

• After the restart once you are back at your desktop, open MBAM once more.
• Click on the History tab > Application Logs.
• Double click on the Scan Log which shows the Date and time of the scan just performed.
• Click 'Export'.
• Click 'Text file (*.txt)'
• In the Save File dialog box which appears, click on Desktop.
• In the File name: box type a name for your scan log.
• A message box named 'File Saved' should appear stating "Your file has been successfully exported".
• Click Ok
• Attach that saved log to your next reply.

(Copy to clipboard for pasting into forum replies or tickets)

• After the restart once you are back at your desktop, open MBAM once more.
• Click on the History tab > Application Logs.
• Double click on the Scan Log which shows the Date and time of the scan just performed.
• Click 'Copy to Clipboard'
• Paste the contents of the clipboard into your reply.

Please download AdwCleaner by Xplode onto your desktop.

• Close all open programs and internet browsers.
• Double click on adwcleaner.exe to run the tool.
• Click on Scan button.
• When the scan has finished click on Clean button.
• Your computer will be rebooted automatically. A text file will open after the restart.
• Please post the contents of that logfile with your next reply.
• You can find the logfile at C:\AdwCleaner[S1].txt as well.

Please download Junkware Removal Tool to your desktop.

• Shut down your protection software now to avoid potential conflicts.
• Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
• The tool will open and start scanning your system.
• Please be patient as this can take a while to complete depending on your system's specifications.
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• Post the contents of JRT.txt into your next message.

 

[Boufeez]

RogueKiller V11.0.4.0 [Dec 20 2015] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/software/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Administrator [Administrator]
Started from : C:\Users\Administrator\Desktop\RogueKiller.exe
Mode : Scan -- Date : 12/27/2015 17:09:08

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 3 ¤¤¤
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\MFE_RR (\??\C:\Users\ADMINI~1\AppData\Local\Temp\mfe_rr.sys) -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MFE_RR (\??\C:\Users\ADMINI~1\AppData\Local\Temp\mfe_rr.sys) -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\MFE_RR (\??\C:\Users\ADMINI~1\AppData\Local\Temp\mfe_rr.sys) -> Found

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 1 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 localhost

¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: Intel Raid 1 Volume SCSI Disk Device +++++
--- User ---
[MBR] 0086f36f0b7bc8b257f89fc226376c3d
[BSP] 9e3b3c473b1db0daa516427cdae6e1cc : Windows Vista/7/8 MBR Code
Partition table:
0 - [MAN-MOUNT] EFI system partition | Offset (sectors): 2052 | Size: 99 MB
1 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 205200 | Size: 128 MB
2 - Basic data partition | Offset (sectors): 467856 | Size: 953626 MB
User = LL1 ... OK
Error reading LL2 MBR! ([18] The program issued a command but the command length is incorrect. )

+++++ PhysicalDrive1: CF/MD Card +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive2: SM/xD Card +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive3: SD/mini-MMC/RS Card +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive4: MS/Pro/Duo Card +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 12/27/2015
Scan Time: 5:10 PM
Logfile: malewarebytes.txt
Administrator: Yes

Version: 2.2.0.1024
Malware Database: v2015.12.27.05
Rootkit Database: v2015.12.26.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Administrator

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 698278
Time Elapsed: 8 min, 3 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

 

[Boufeez]

# AdwCleaner v5.026 - Logfile created 27/12/2015 at 17:20:58
# Updated 21/12/2015 by Xplode
# Database : 2015-12-23.1 [Server]
# Operating system : Windows 7 Professional Service Pack 1 (x64)
# Username : Administrator - OFFICE-1-PC
# Running from : C:\Users\Administrator\Desktop\adwcleaner_5.026.exe
# Option : Scan
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****


***** [ Files ] *****


***** [ DLL ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****


***** [ Web browsers ] *****


########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [607 bytes] ##########

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.1 (11.24.2015)
Operating System: Windows 7 Professional x64
Ran by Administrator (Administrator) on Sun 12/27/2015 at 17:24:02.84
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 0




Registry: 1

Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} (Registry Key)




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 12/27/2015 at 17:25:09.47
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

[Broni]

Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

• Never rename Combofix unless instructed.
• Close any open browsers.
• Very Important! Temporarily disable your anti-virus and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
• Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
• Close any open browsers.
• WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
• Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
• If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  If the connection is not there use restore point you created prior to running Combofix.
• Double click on combofix.exe & follow the prompts.

• 
  NOTE1. If Combofix asks you to install Recovery Console, please allow it.
  NOTE 2. If Combofix asks you to update the program, always do so.

• When finished, it will produce a report for you.
• Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try the following...

Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

Restart computer in safe mode

• Double-click on the Rkill desktop icon to run the tool.
• If using Windows Vista, 7 or 8 right-click on it and choose Run As Administrator.
• A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
• If not, delete the file, then download and use the one provided in Link 2.
• Do not reboot until instructed.
• If the tool does not run from any of the links provided, please let me know.

When the scan is done Notepad will open with rKill.txt log.
NOTE. rKill.txt log will also be present on your desktop.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.

 

[Boufeez]

ComboFix 15-12-24.01 - Administrator 12/27/2015 17:52:53.1.8 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.12238.9099 [GMT -5:00]
Running from: c:\users\Administrator\Desktop\ComboFix.exe
AV: Emsisoft Anti-Malware *Disabled/Updated* {2F44E1F9-850B-1C7A-0E56-EB2E0A3E20C9}
AV: Microsoft Security Essentials *Disabled/Updated* {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
SP: Emsisoft Anti-Malware *Disabled/Updated* {9425001D-A331-13F4-34E6-D05C71B96A74}
SP: Microsoft Security Essentials *Disabled/Updated* {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2015-11-27 to 2015-12-27 )))))))))))))))))))))))))))))))
.
.
2015-12-27 22:56 . 2015-12-27 22:56 -------- d-----w- c:\users\ReportServer\AppData\Local\temp
2015-12-27 22:56 . 2015-12-27 22:56 -------- d-----w- c:\users\OFFICE-1\AppData\Local\temp
2015-12-27 22:56 . 2015-12-27 22:56 -------- d-----w- c:\users\MSSQLServerOLAPService\AppData\Local\temp
2015-12-27 22:56 . 2015-12-27 22:56 -------- d-----w- c:\users\MSSQLSERVER\AppData\Local\temp
2015-12-27 22:56 . 2015-12-27 22:56 -------- d-----w- c:\users\MSSQLFDLauncher\AppData\Local\temp
2015-12-27 22:56 . 2015-12-27 22:56 -------- d-----w- c:\users\MsDtsServer120\AppData\Local\temp
2015-12-27 22:20 . 2015-12-27 22:20 -------- d-----w- C:\AdwCleaner
2015-12-27 21:50 . 2015-11-25 11:02 11154520 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{33AC9B7B-6233-4E54-9E50-42C26A42ADEE}\mpengine.dll
2015-12-27 21:35 . 2015-12-27 21:36 -------- d-----w- C:\FRST
2015-12-27 08:22 . 2015-12-27 08:22 -------- d-----w- c:\programdata\Sophos
2015-12-27 08:22 . 2015-12-27 08:22 -------- d-----w- c:\program files (x86)\Sophos
2015-12-26 08:08 . 2015-11-25 11:02 11154520 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2015-12-25 03:54 . 2015-12-25 03:54 -------- d-----w- c:\users\Administrator\AppData\Roaming\Opera Software
2015-12-25 03:54 . 2015-12-25 03:54 -------- d-----w- c:\users\Administrator\AppData\Local\Opera Software
2015-12-25 03:53 . 2015-12-25 03:58 -------- d-----w- c:\program files (x86)\Opera
2015-12-25 03:45 . 2015-12-25 03:45 22704 ----a-w- c:\windows\system32\drivers\EsgScanner.sys
2015-12-25 03:22 . 2015-12-27 22:10 192216 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-12-25 03:22 . 2015-12-27 07:13 109272 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-12-25 03:22 . 2015-12-25 03:22 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2015-12-25 03:22 . 2015-10-05 14:50 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-12-25 03:22 . 2015-10-05 14:50 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-12-25 02:17 . 2015-12-25 02:36 -------- d-----w- c:\programdata\Kaspersky Lab
2015-12-25 02:17 . 2015-12-25 02:17 -------- d-----w- c:\program files (x86)\Kaspersky Lab
2015-12-25 02:16 . 2015-12-25 02:19 -------- d-----w- c:\program files\SUPERAntiSpyware
2015-12-22 23:38 . 2015-12-22 23:38 -------- d-----w- c:\programdata\Emsisoft
2015-12-22 23:33 . 2015-12-27 22:29 -------- d-----w- c:\program files\Emsisoft Anti-Malware
2015-12-22 23:29 . 2015-12-24 01:25 -------- d-----w- c:\programdata\Malwarebytes Anti-Exploit
2015-12-21 20:59 . 2015-12-27 07:19 -------- d-----w- c:\program files\RogueKiller
2015-12-21 20:51 . 2015-12-08 15:51 28648 ----a-w- c:\windows\system32\drivers\gidv2.sys
2015-12-21 20:27 . 2015-12-21 20:27 -------- d-----w- c:\users\Administrator\AppData\Local\Programs
2015-12-21 20:15 . 2015-12-21 20:40 -------- d-----w- c:\users\Administrator\AppData\Roaming\log
2015-12-10 21:11 . 2015-08-13 21:25 1190000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8C30B0C6-AF75-4539-B200-A498AA6BEBAB}\gapaengine.dll
2015-12-08 15:58 . 2015-12-08 15:58 104608 ------w- c:\windows\system32\GIDLogonCP64.dll
2015-12-08 15:58 . 2015-12-08 15:58 90784 ----a-w- c:\windows\SysWow64\SysEventMenu.dll
2015-12-08 15:58 . 2015-12-08 15:58 396440 ----a-w- c:\windows\system32\GIDHOOK64.DLL
2015-12-08 15:58 . 2015-12-08 15:58 380576 ------w- c:\windows\system32\GIDHookLogon64.dll
2015-12-08 15:58 . 2015-12-08 15:58 334992 ----a-w- c:\windows\SysWow64\GIDHook.dll
2015-12-08 15:58 . 2015-12-08 15:58 98448 ----a-w- c:\windows\system32\GIDBIN1.DLL
2015-12-08 15:58 . 2015-12-08 15:58 187024 ----a-w- c:\windows\SysWow64\GIDBIN3.dll
2015-12-08 15:58 . 2015-12-08 15:58 187024 ------w- c:\windows\system32\GIDBIN3.DLL
2015-12-08 15:58 . 2015-12-08 15:58 86672 ----a-w- c:\windows\SysWow64\GIDBIN1.dll
2015-12-08 15:58 . 2015-12-08 15:58 283800 ----a-w- c:\windows\system32\EasyHook64.dll
2015-12-08 15:51 . 2015-12-08 15:51 148464 ------w- c:\windows\system32\GidSc64.dll
2015-12-08 15:51 . 2015-12-08 15:51 130424 ----a-w- c:\windows\SysWow64\gidSc32.dll
2015-12-04 20:24 . 2015-12-04 20:24 -------- d-----w- c:\users\Administrator\AppData\Roaming\Wireshark
2015-11-29 06:01 . 2014-02-21 10:20 45760 ----a-w- c:\windows\SysWow64\perf-ReportServer-rsctr12.1.4100.1.dll
2015-11-29 06:01 . 2014-02-21 10:20 52416 ----a-w- c:\windows\system32\perf-ReportServer-rsctr12.1.4100.1.dll
2015-11-29 05:41 . 2015-11-29 05:41 -------- d-----w- C:\Intel
2015-11-29 05:21 . 2015-11-29 05:21 -------- d-----w- c:\users\Administrator\AppData\Local\Intel
2015-11-29 05:20 . 2015-11-29 05:20 -------- d-----w- c:\program files (x86)\Intel Driver Update Utility
2015-11-29 05:06 . 2015-11-29 05:06 -------- d-----w- c:\users\Administrator\Intel
2015-11-29 04:22 . 2015-11-29 04:22 -------- d-----w- c:\users\Administrator\AppData\Roaming\SUPERAntiSpyware.com
2015-11-29 04:22 . 2015-11-29 04:22 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2015-11-29 03:21 . 2015-12-21 20:27 -------- d-----w- c:\programdata\Malwarebytes
2015-11-29 03:21 . 2015-12-27 07:15 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-12-27 22:02 . 2015-08-26 16:27 30848 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2015-12-09 03:39 . 2010-11-21 03:27 301728 ------w- c:\windows\system32\MpSigStub.exe
2015-11-25 23:10 . 2015-11-12 23:48 127680 ----a-w- c:\programdata\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll
2015-11-25 21:27 . 2015-10-07 04:09 97888 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2015-11-03 22:10 . 2015-11-25 22:56 390344 ----a-w- c:\windows\system32\iedkcs32.dll
2015-11-03 17:55 . 2015-11-25 22:55 3211264 ----a-w- c:\windows\system32\win32k.sys
2015-10-30 23:46 . 2015-11-25 22:56 25818624 ----a-w- c:\windows\system32\mshtml.dll
2015-10-30 23:40 . 2015-11-25 22:56 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2015-10-30 23:40 . 2015-11-25 22:56 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2015-10-30 23:25 . 2015-11-25 22:56 66560 ----a-w- c:\windows\system32\iesetup.dll
2015-10-30 23:25 . 2015-11-25 22:56 48640 ----a-w- c:\windows\system32\ieetwproxystub.dll
2015-10-30 23:25 . 2015-11-25 22:56 417792 ----a-w- c:\windows\system32\html.iec
2015-10-30 23:25 . 2015-11-25 22:56 2886656 ----a-w- c:\windows\system32\iertutil.dll
2015-10-30 23:24 . 2015-11-25 22:56 585728 ----a-w- c:\windows\system32\vbscript.dll
2015-10-30 23:24 . 2015-11-25 22:56 88064 ----a-w- c:\windows\system32\MshtmlDac.dll
2015-10-30 23:17 . 2015-11-25 22:56 54784 ----a-w- c:\windows\system32\jsproxy.dll
2015-10-30 23:16 . 2015-11-25 22:56 34304 ----a-w- c:\windows\system32\iernonce.dll
2015-10-30 23:13 . 2015-11-25 22:56 616960 ----a-w- c:\windows\system32\ieui.dll
2015-10-30 23:12 . 2015-11-25 22:56 114688 ----a-w- c:\windows\system32\ieetwcollector.exe
2015-10-30 23:12 . 2015-11-25 22:56 144384 ----a-w- c:\windows\system32\ieUnatt.exe
2015-10-30 23:11 . 2015-11-25 22:56 814080 ----a-w- c:\windows\system32\jscript9diag.dll
2015-10-30 23:11 . 2015-11-25 22:56 817664 ----a-w- c:\windows\system32\jscript.dll
2015-10-30 23:11 . 2015-11-25 22:56 5990912 ----a-w- c:\windows\system32\jscript9.dll
2015-10-30 23:04 . 2015-11-25 22:56 968704 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2015-10-30 23:01 . 2015-11-25 22:56 489984 ----a-w- c:\windows\system32\dxtmsft.dll
2015-10-30 22:58 . 2015-11-25 22:56 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb
2015-10-30 22:53 . 2015-11-25 22:56 77824 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2015-10-30 22:49 . 2015-11-25 22:56 199680 ----a-w- c:\windows\system32\msrating.dll
2015-10-30 22:49 . 2015-11-25 22:56 92160 ----a-w- c:\windows\system32\mshtmled.dll
2015-10-30 22:47 . 2015-11-25 22:56 504832 ----a-w- c:\windows\SysWow64\vbscript.dll
2015-10-30 22:46 . 2015-11-25 22:56 315392 ----a-w- c:\windows\system32\dxtrans.dll
2015-10-30 22:46 . 2015-11-25 22:56 62464 ----a-w- c:\windows\SysWow64\iesetup.dll
2015-10-30 22:45 . 2015-11-25 22:56 47616 ----a-w- c:\windows\SysWow64\ieetwproxystub.dll
2015-10-30 22:45 . 2015-11-25 22:56 341504 ----a-w- c:\windows\SysWow64\html.iec
2015-10-30 22:44 . 2015-11-25 22:56 64000 ----a-w- c:\windows\SysWow64\MshtmlDac.dll
2015-10-30 22:44 . 2015-11-25 22:56 152064 ----a-w- c:\windows\system32\occache.dll
2015-10-30 22:36 . 2015-11-25 22:56 115712 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2015-10-30 22:36 . 2015-11-25 22:56 620032 ----a-w- c:\windows\SysWow64\jscript9diag.dll
2015-10-30 22:34 . 2015-11-25 22:56 262144 ----a-w- c:\windows\system32\webcheck.dll
2015-10-30 22:32 . 2015-11-25 22:56 720896 ----a-w- c:\windows\system32\ie4uinit.exe
2015-10-30 22:31 . 2015-11-25 22:56 801280 ----a-w- c:\windows\system32\msfeeds.dll
2015-10-30 22:29 . 2015-11-25 22:56 1359360 ----a-w- c:\windows\system32\mshtmlmedia.dll
2015-10-30 22:29 . 2015-11-25 22:56 2126336 ----a-w- c:\windows\system32\inetcpl.cpl
2015-10-30 22:23 . 2015-11-25 22:56 60416 ----a-w- c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2015-10-30 22:22 . 2015-11-25 22:56 14457856 ----a-w- c:\windows\system32\ieframe.dll
2015-10-30 22:17 . 2015-11-25 22:56 2487808 ----a-w- c:\windows\system32\wininet.dll
2015-10-30 22:16 . 2015-11-25 22:56 4527616 ----a-w- c:\windows\SysWow64\jscript9.dll
2015-10-30 22:09 . 2015-11-25 22:56 1155072 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2015-10-30 22:09 . 2015-11-25 22:56 2052608 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2015-10-30 22:04 . 2015-11-25 22:56 1547264 ----a-w- c:\windows\system32\urlmon.dll
2015-10-30 21:53 . 2015-11-25 22:56 800768 ----a-w- c:\windows\system32\ieapfltr.dll
2015-10-30 21:51 . 2015-11-25 22:56 2011136 ----a-w- c:\windows\SysWow64\wininet.dll
2015-10-27 23:43 . 2015-08-13 18:38 145617392 ----a-w- c:\windows\system32\MRT.exe
2015-10-20 18:42 . 2015-11-25 22:55 98816 ----a-w- c:\windows\system32\wudriver.dll
2015-10-20 18:42 . 2015-11-25 22:55 37888 ----a-w- c:\windows\system32\wups2.dll
2015-10-20 18:42 . 2015-11-25 22:55 36864 ----a-w- c:\windows\system32\wups.dll
2015-10-20 18:42 . 2015-11-25 22:55 3168768 ----a-w- c:\windows\system32\wucltux.dll
2015-10-20 18:42 . 2015-11-25 22:55 2608128 ----a-w- c:\windows\system32\wuaueng.dll
2015-10-20 18:42 . 2015-11-25 22:55 192512 ----a-w- c:\windows\system32\wuwebv.dll
2015-10-20 18:42 . 2015-11-25 22:55 696320 ----a-w- c:\windows\system32\wuapi.dll
2015-10-20 18:41 . 2015-11-25 22:55 91136 ----a-w- c:\windows\system32\WinSetupUI.dll
2015-10-20 18:41 . 2015-11-25 22:55 12288 ----a-w- c:\windows\system32\wu.upgrade.ps.dll
2015-10-20 18:41 . 2015-11-25 22:55 37888 ----a-w- c:\windows\system32\wuapp.exe
2015-10-20 18:41 . 2015-11-25 22:55 140288 ----a-w- c:\windows\system32\wuauclt.exe
2015-10-20 17:46 . 2015-11-25 22:55 93696 ----a-w- c:\windows\SysWow64\wudriver.dll
2015-10-20 17:46 . 2015-11-25 22:55 30208 ----a-w- c:\windows\SysWow64\wups.dll
2015-10-20 17:46 . 2015-11-25 22:55 174080 ----a-w- c:\windows\SysWow64\wuwebv.dll
2015-10-20 17:46 . 2015-11-25 22:55 566784 ----a-w- c:\windows\SysWow64\wuapi.dll
2015-10-20 17:45 . 2015-11-25 22:55 35328 ----a-w- c:\windows\SysWow64\wuapp.exe
2015-10-20 01:12 . 2015-11-25 22:56 5570496 ----a-w- c:\windows\system32\ntoskrnl.exe
2015-10-20 01:12 . 2015-11-25 22:56 154560 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2015-10-20 01:12 . 2015-11-25 22:56 95680 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2015-10-20 01:09 . 2015-11-25 22:56 1730496 ----a-w- c:\windows\system32\ntdll.dll
2015-10-20 01:06 . 2015-11-25 22:56 243712 ----a-w- c:\windows\system32\wow64.dll
2015-10-20 01:06 . 2015-11-25 22:56 215040 ----a-w- c:\windows\system32\winsrv.dll
2015-10-20 01:06 . 2015-11-25 22:56 362496 ----a-w- c:\windows\system32\wow64win.dll
2015-10-20 01:06 . 2015-11-25 22:56 13312 ----a-w- c:\windows\system32\wow64cpu.dll
2015-10-20 01:05 . 2015-11-25 22:56 210944 ----a-w- c:\windows\system32\wdigest.dll
2015-10-20 01:05 . 2015-11-25 22:56 86528 ----a-w- c:\windows\system32\TSpkg.dll
2015-10-20 01:05 . 2015-11-25 22:56 503808 ----a-w- c:\windows\system32\srcore.dll
2015-10-20 01:05 . 2015-11-25 22:56 50176 ----a-w- c:\windows\system32\srclient.dll
2015-10-20 01:05 . 2015-11-25 22:56 29184 ----a-w- c:\windows\system32\sspisrv.dll
2015-10-20 01:05 . 2015-11-25 22:56 136192 ----a-w- c:\windows\system32\sspicli.dll
2015-10-20 01:05 . 2015-11-25 22:56 28160 ----a-w- c:\windows\system32\secur32.dll
2015-10-20 01:05 . 2015-11-25 22:56 344064 ----a-w- c:\windows\system32\schannel.dll
2015-10-20 01:05 . 2015-11-25 22:56 1216512 ----a-w- c:\windows\system32\rpcrt4.dll
2015-10-20 01:05 . 2015-11-25 22:56 312320 ----a-w- c:\windows\system32\ncrypt.dll
2015-10-20 01:05 . 2015-11-25 22:56 16384 ----a-w- c:\windows\system32\ntvdm64.dll
2015-10-20 01:05 . 2015-11-25 22:56 315392 ----a-w- c:\windows\system32\msv1_0.dll
2015-10-20 01:05 . 2015-11-25 22:56 729600 ----a-w- c:\windows\system32\kerberos.dll
2015-10-20 01:05 . 2015-11-25 22:56 1461760 ----a-w- c:\windows\system32\lsasrv.dll
2015-10-20 01:05 . 2015-11-25 22:56 424960 ----a-w- c:\windows\system32\KernelBase.dll
2015-10-20 01:05 . 2015-11-25 22:56 1164800 ----a-w- c:\windows\system32\kernel32.dll
2015-10-20 01:05 . 2015-11-25 22:56 44032 ----a-w- c:\windows\system32\cryptbase.dll
2015-10-20 01:05 . 2015-11-25 22:56 43520 ----a-w- c:\windows\system32\csrsrv.dll
2015-10-20 01:05 . 2015-11-25 22:56 22016 ----a-w- c:\windows\system32\credssp.dll
2015-10-20 01:05 . 2015-11-25 22:56 112640 ----a-w- c:\windows\system32\smss.exe
2015-10-20 01:05 . 2015-11-25 22:56 296960 ----a-w- c:\windows\system32\rstrui.exe
2015-10-20 01:04 . 2015-11-25 22:56 31232 ----a-w- c:\windows\system32\lsass.exe
2015-10-20 01:04 . 2015-11-25 22:56 338432 ----a-w- c:\windows\system32\conhost.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"GIDDesktop"="c:\program files (x86)\SFT\GuardedID\gidd.exe" [2015-12-08 383632]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"KSS"="c:\program files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe" [2015-06-03 919296]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"DisableCAD"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"TaskbarNoNotification"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 Cti32svc;CTI32 Telephony Engine;c:\program files (x86)\CTI32\cti32svc.exe;c:\program files (x86)\CTI32\cti32svc.exe [x]
R2 HmpElements;HmpElements Server;c:\program files (x86)\Inventive Labs\Hmp Elements Server\HmpElementsServer.exe;c:\program files (x86)\Inventive Labs\Hmp Elements Server\HmpElementsServer.exe [x]
R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
R2 Spitfire_BusinessService;Spitfire_BusinessService;c:\spd enterprise\SpitFire_BusinessService\Spitfire_BusinessService.exe;c:\spd enterprise\SpitFire_BusinessService\Spitfire_BusinessService.exe [x]
R2 Spitfire_DialService;Spitfire_DialService;c:\spd enterprise\SpitFire_DialService\Spitfire_DialService.exe;c:\spd enterprise\SpitFire_DialService\Spitfire_DialService.exe [x]
R2 Spitfire_LoginService;Spitfire_LoginService;c:\spd enterprise\SpitFire_LoginService\Spitfire_LoginService.exe;c:\spd enterprise\SpitFire_LoginService\Spitfire_LoginService.exe [x]
R3 AthBTPort;Qualcomm Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_flt.sys [x]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys;c:\windows\SYSNATIVE\drivers\btath_a2dp.sys [x]
R3 btath_avdt;Qualcomm Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys;c:\windows\SYSNATIVE\drivers\btath_avdt.sys [x]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_hcrp.sys [x]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_lwflt.sys [x]
R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_rcp.sys [x]
R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x]
R3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys;c:\windows\SYSNATIVE\DRIVERS\btmaux.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 EsgScanner;EsgScanner;c:\windows\system32\DRIVERS\EsgScanner.sys;c:\windows\SYSNATIVE\DRIVERS\EsgScanner.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;c:\program files\Intel\iCLS Client\SocketHeciServer.exe;c:\program files\Intel\iCLS Client\SocketHeciServer.exe [x]
R3 MFE_RR;MFE_RR;c:\users\ADMINI~1\AppData\Local\Temp\mfe_rr.sys;c:\users\ADMINI~1\AppData\Local\Temp\mfe_rr.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 SQL Server Distributed Replay Client;SQL Server Distributed Replay Client;c:\program files (x86)\Microsoft SQL Server\120\Tools\DReplayClient\DReplayClient.exe;c:\program files (x86)\Microsoft SQL Server\120\Tools\DReplayClient\DReplayClient.exe [x]
R3 SQL Server Distributed Replay Controller;SQL Server Distributed Replay Controller;c:\program files (x86)\Microsoft SQL Server\120\Tools\DReplayController\DReplayController.exe;c:\program files (x86)\Microsoft SQL Server\120\Tools\DReplayController\DReplayController.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
R4 RsFx0310;RsFx0310 Driver;c:\windows\system32\DRIVERS\RsFx0310.sys;c:\windows\SYSNATIVE\DRIVERS\RsFx0310.sys [x]
R4 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R4 Spitfire_RecordingService;Spitfire_RecordingService;c:\spd enterprise\SpitFire_RecordingService\Spitfire_RecordingService.exe;c:\spd enterprise\SpitFire_RecordingService\Spitfire_RecordingService.exe [x]
S0 BTATH_BUS;Qualcomm Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys;c:\windows\SYSNATIVE\DRIVERS\btath_bus.sys [x]
S0 iaStorA;iaStorA;c:\windows\system32\DRIVERS\iaStorA.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorA.sys [x]
S0 iaStorF;iaStorF;c:\windows\system32\DRIVERS\iaStorF.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorF.sys [x]
S0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S1 epp;epp;c:\program files\EMSISOFT ANTI-MALWARE\epp.sys;c:\program files\EMSISOFT ANTI-MALWARE\epp.sys [x]
S1 GIDv2;GIDv2; [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x]
S2 a2AntiMalware;Emsisoft Protection Service;c:\program files\Emsisoft Anti-Malware\a2service.exe;c:\program files\Emsisoft Anti-Malware\a2service.exe [x]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [x]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe;c:\program files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe;c:\program files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 Intel(R) ME Service;Intel(R) ME Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S2 kss;Kaspersky Security Scan Service;c:\program files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe -r;c:\program files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe -r [x]
S2 MsDtsServer120;SQL Server Integration Services 12.0;c:\program files\Microsoft SQL Server\120\DTS\Binn\MsDtsSrvr.exe;c:\program files\Microsoft SQL Server\120\DTS\Binn\MsDtsSrvr.exe [x]
S2 ReportServer;SQL Server Reporting Services (MSSQLSERVER);c:\program files\Microsoft SQL Server\MSRS12.MSSQLSERVER\Reporting Services\ReportServer\bin\ReportingServicesService.exe;c:\program files\Microsoft SQL Server\MSRS12.MSSQLSERVER\Reporting Services\ReportServer\bin\ReportingServicesService.exe [x]
S2 RtkAudioService;Realtek Audio Service;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe [x]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys;c:\windows\SYSNATIVE\Drivers\SSPORT.sys [x]
S2 ZAtheros Wlan Agent;ZAtheros Wlan Agent;c:\program files (x86)\Dell Wireless\Ath_WlanAgent.exe;c:\program files (x86)\Dell Wireless\Ath_WlanAgent.exe [x]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys [x]
S3 iusb3hub;Intel(R) USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
S3 MSSQLFDLauncher;SQL Full-text Filter Daemon Launcher (MSSQLSERVER);c:\program files\Microsoft SQL Server\MSSQL12.MSSQLSERVER\MSSQL\Binn\fdlauncher.exe;c:\program files\Microsoft SQL Server\MSSQL12.MSSQLSERVER\MSSQL\Binn\fdlauncher.exe [x]
S3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 usbkey;USB Dongle;c:\windows\system32\DRIVERS\USBKey64.sys;c:\windows\SYSNATIVE\DRIVERS\USBKey64.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MBAMSWISSARMY
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{ECD3D782-D51B-424D-A87F-5F5A8D531BDF}-1Reg]
2015-12-08 15:58 352912 ----a-w- c:\program files (x86)\SFT\GuardedID\GIDTB.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{ECD3D782-D51B-424D-A87F-5F5A8D531BDF}-2Help]
2015-12-08 15:59 351888 ----a-w- c:\program files (x86)\SFT\GuardedID\GIDI.exe
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{ECD3D782-D51B-424D-A87F-5F5A8D531BDF}-3Reg]
2015-12-08 15:59 351888 ----a-w- c:\program files (x86)\SFT\GuardedID\GIDI.exe
.
Contents of the 'Scheduled Tasks' folder
.
2015-12-26 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 27a79555-d756-4328-ac77-c26a65a70f3c.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2013-11-07 20:08]
.
2015-12-27 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task d567e468-fa7b-49dc-920a-806d5cb4ced0.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2013-11-07 20:08]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" [2013-04-30 36352]
.
------- Supplementary Scan -------
.
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <-loopback>
IE: Append to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office12\EXCEL.EXE/3000
Trusted Zone: dell.com
TCP: Interfaces\{6A39E489-BA19-4673-8B03-06A016DA7062}: NameServer = 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
FF - ProfilePath - c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\dim0fd18.default\
.
"ImagePath"="\"c:\program files\Microsoft SQL Server\MSRS12.MSSQLSERVER\Reporting Services\ReportServer\bin\ReportingServicesService.exe\""
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\ReportServerSharePoint:Service]
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (Administrator)
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,3b,1b,ab,8a,06,
66,c0,87,45,0d,ae,e4,92,9a,f3,99,6b,5c
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,3b,1b,54,1d,da,
cb,75,f5,32,08,a4,7b,da,65,c3,85,ce,b6
"{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}"=hex:51,66,7a,6c,4c,1d,3b,1b,8f,83,96,
16,e7,99,30,06,a0,72,3e,0b,7f,2b,a6,ac
.
[HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,b6,46,b9,21,8d,db,72,4c,ac,5f,df,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,b6,46,b9,21,8d,db,72,4c,ac,5f,df,\
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d6,81,84,48,89,b9,54,48,84,9f,ab,\
.
[HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3g2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.3G2"
.
[HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gp\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.3GP"
.
[HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gp2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.3G2"
.
[HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gpp\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.3GP"
.
[HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.AAC\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ADTS"
.
[HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ADT\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ADTS"
.
[HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ADTS\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ADTS"
.
[HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"
.
[HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"
.
[HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"
.
[HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asf\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASF"
.
[HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASX"
.
[HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AU"
.
[HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.avi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AVI"
.
[HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cda\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.CDA"
.
[HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.crx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="OperaStable"
.
[HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.csv\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Excel.CSV"
.
[HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.HTM"
.
[HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.HTM"
.
[HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.indd\UserChoice]
@Denied: (2) (Administrator)
"Progid"="InDesign.Document"
.
[HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\AcroRd32.exe"
.
[HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\Photoshop.exe"
.
[HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m1v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.M2T\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.M2TS"
.
[HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.M2TS\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.M2TS"
.
[HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.M2V\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.m3u"
.
[HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4a\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.M4A"
.
[HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP4"
.
[HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mht\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.MHT"
.
[HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mhtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.MHT"
.
[HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"
.
[HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"
.
[HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MOD\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mov\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MOV"
.
[HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP3"
.
[HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP3"
.
[HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP4"
.
[HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP4"
.
[HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpa\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpe\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpeg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpv2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MTS\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.M2TS"
.
[HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nex\UserChoice]
@Denied: (2) (Administrator)
"Progid"="OperaStable"
.
[HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.opdownload\UserChoice]
@Denied: (2) (Administrator)
"Progid"="OperaStable"
.
[HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.partial\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.PARTIAL"
.
[HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\UserChoice]
@Denied: (2) (Administrator)
"Progid"="PhotoViewer.FileAssoc.Png"
.
[HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psd\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Photoshop.Image.16"
.
[HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rar\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\7zFM.exe"
.
[HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rmi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"
.
[HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="OperaStable"
.
[HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AU"
.
[HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.svg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.SVG"
.
[HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.TS\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.TTS"
.
[HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.TTS\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.TTS"
.
[HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.txt\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\NOTEPAD.EXE"
.
[HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.url\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.URL"
.
[HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WAV"
.
[HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wax\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WAX"
.
[HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.website\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.WEBSITE"
.
[HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASF"
.
[HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMA"
.
[HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmd\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMD"
.
[HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wms\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMS"
.
[HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmv\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMV"
.
[HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASX"
.
[HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmz\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMZ"
.
[HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wpl\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WPL"
.
[HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wvx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WVX"
.
[HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.XHT"
.
[HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.XHT"
.
[HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xlsx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Excel.Sheet.12"
.
[HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\WORDPAD.EXE"
.
[HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xps\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\mspaint.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2015-12-27 17:57:02
ComboFix-quarantined-files.txt 2015-12-27 22:57
.
Pre-Run: 818,928,033,792 bytes free
Post-Run: 818,451,443,712 bytes free
.
- - End Of File - - 5DD1D8A5642AE7C13DBC1E375191C51D
A36C5E4F47E84449FF07ED3517B43A31

 

[Boufeez]

Can you shed some light on the 3 registry keys below ?
¤¤¤ Registry : 3 ¤¤¤
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\MFE_RR (\??\C:\Users\ADMINI~1\AppData\Local\Temp\mfe_rr.sys) -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MFE_RR (\??\C:\Users\ADMINI~1\AppData\Local\Temp\mfe_rr.sys) -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\MFE_RR (\??\C:\Users\ADMINI~1\AppData\Local\Temp\mfe_rr.sys) -> Found

 

[Broni]

Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.

• Double click to run it.
• Make sure you checkmark Addition.txt box.
• Press Scan button.
• Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.

 

[Boufeez]

On another note, When I try go into repair mode it boots to the option to select language and there is no mouse or keyboard. I have tried plugging them into USB 2.0 ports as I have read that if plugged in 3.0 ports windows does not like that. Any info would be grateful ,or a workaround to repair damage that the Trojans have done to the registry . One of them was a Trojan.passwordstealer ect...I wish I would of saved those reports for your review. God bless

 

[Broni]

Those three files look like some McAfee leftovers

 

[Boufeez]

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:27-12-2015
Ran by Administrator (administrator) on OFFICE-1-PC (27-12-2015 18:09:53)
Running from C:\Users\Administrator\Desktop
Loaded Profiles: Administrator & ReportServer & MSSQLFDLauncher & MsDtsServer120 (Available Profiles: Administrator & MSSQLServerOLAPService & ReportServer & MSSQLFDLauncher & MsDtsServer120 & MSSQLSERVER & Classic .NET AppPool & DefaultAppPool & ASP.NET v4.0 Classic)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Emsisoft Ltd) C:\Program Files\Emsisoft Anti-Malware\a2service.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe
(Apple Computer, Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\120\DTS\Binn\MsDtsSrvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSRS12.MSSQLSERVER\Reporting Services\ReportServer\bin\ReportingServicesService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Atheros) C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL12.MSSQLSERVER\MSSQL\Binn\fdlauncher.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [286704 2013-04-30] (Intel Corporation)
HKLM-x32\...\Run: [GIDDesktop] => C:\Program Files (x86)\SFT\GuardedID\gidd.exe [383632 2015-12-08] (StrikeForce Technologies Inc.)
HKLM\...\Policies\Explorer: [TaskbarNoNotification] 1
HKU\S-1-5-18\...\Run: [KSS] => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe [919296 2015-06-03] (Kaspersky Lab ZAO)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\..\Interfaces\{6A39E489-BA19-4673-8B03-06A016DA7062}: [NameServer] 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3097266444-2333562351-893229259-500\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\S-1-5-21-3097266444-2333562351-893229259-500 -> DefaultScope {2C8E46FD-E217-4113-9F3D-2BCB7EB4F6C0} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKU\S-1-5-21-3097266444-2333562351-893229259-500 -> {2C8E46FD-E217-4113-9F3D-2BCB7EB4F6C0} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22] (Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\ssv.dll [2015-11-25] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007-05-10] (Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\jp2ssv.dll [2015-11-25] (Oracle Corporation)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007-05-10] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - GuardedID - {983EB3A5-F9EE-4fe2-B3C3-E64A32F6305D} - C:\Program Files (x86)\SFT\GuardedID\gidtb.dll [2015-12-08] (StrikeForce Technologies Inc)
Toolbar: HKU\S-1-5-21-3097266444-2333562351-893229259-500 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab

FireFox:
========
FF ProfilePath: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\dim0fd18.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_19_0_0_185.dll [2015-09-28] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_185.dll [2015-09-28] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-01-24] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-01-24] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-01-24] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2015-11-25] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2015-11-25] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Extension: GuardedID Toolbar - C:\Program Files (x86)\Mozilla Firefox\extensions\guardedid@sftnj.com [2015-12-23] [not signed]
FF Extension: GuardedID Toolbar - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\guardedid@sftnj.com [2015-12-23] [not signed]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
R2 a2AntiMalware; C:\Program Files\Emsisoft Anti-Malware\a2service.exe [10768560 2015-11-21] (Emsisoft Ltd)
R2 AtherosSvc; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [322176 2014-10-28] (Windows (R) Win 7 DDK provider) [File not signed]
R2 Bonjour Service; C:\Program Files (x86)\Bonjour\mDNSResponder.exe [229376 2006-02-28] (Apple Computer, Inc.) [File not signed]
S2 Cti32svc; C:\Program Files (x86)\CTI32\cti32svc.exe [24576 2015-02-23] (Inventive Labs, LLC) [File not signed]
S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2015-11-24] (Macrovision Europe Ltd.) [File not signed]
S2 HmpElements; C:\Program Files (x86)\Inventive Labs\Hmp Elements Server\HmpElementsServer.exe [1946088 2015-02-26] (Inventive Labs, Inc.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-04-30] (Intel Corporation)
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [2451456 2012-07-13] (Realsil Microelectronics Inc.) [File not signed]
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [732160 2012-12-10] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129336 2013-01-31] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [167736 2013-01-31] (Intel Corporation)
R2 kss; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe [919296 2015-06-03] (Kaspersky Lab ZAO)
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 MsDtsServer120; C:\Program Files\Microsoft SQL Server\120\DTS\Binn\MsDtsSrvr.exe [216768 2015-04-20] (Microsoft Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
R3 MSSQLFDLauncher; C:\Program Files\Microsoft SQL Server\MSSQL12.MSSQLSERVER\MSSQL\Binn\fdlauncher.exe [50880 2014-02-21] (Microsoft Corporation)
S2 MSSQLSERVER; C:\Program Files\Microsoft SQL Server\MSSQL12.MSSQLSERVER\MSSQL\Binn\sqlservr.exe [372416 2015-04-20] (Microsoft Corporation)
S3 MSSQLServerOLAPService; C:\Program Files\Microsoft SQL Server\MSAS12.MSSQLSERVER\OLAP\bin\msmdsrv.exe [51156160 2015-04-20] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
R2 ReportServer; C:\Program Files\Microsoft SQL Server\MSRS12.MSSQLSERVER\Reporting Services\ReportServer\bin\ReportingServicesService.exe [2467008 2015-04-20] (Microsoft Corporation)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [202824 2013-01-18] (Realtek Semiconductor)
S2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [175752 2015-06-23] (Sandboxie Holdings, LLC)
S2 Spitfire_BusinessService; C:\SPD Enterprise\SpitFire_BusinessService\Spitfire_BusinessService.exe [7168 2015-07-23] () [File not signed]
S2 Spitfire_DialService; C:\SPD Enterprise\SpitFire_DialService\Spitfire_DialService.exe [6656 2015-07-29] () [File not signed]
S2 Spitfire_LoginService; C:\SPD Enterprise\SpitFire_LoginService\Spitfire_LoginService.exe [7680 2015-09-14] () [File not signed]
S4 Spitfire_RecordingService; C:\SPD Enterprise\SpitFire_RecordingService\Spitfire_RecordingService.exe [6656 2013-12-31] () [File not signed]
S3 SQL Server Distributed Replay Client; C:\Program Files (x86)\Microsoft SQL Server\120\Tools\DReplayClient\DReplayClient.exe [139968 2014-02-21] (Microsoft Corporation)
S3 SQL Server Distributed Replay Controller; C:\Program Files (x86)\Microsoft SQL Server\120\Tools\DReplayController\DReplayController.exe [345280 2014-02-21] (Microsoft Corporation)
S3 SQLSERVERAGENT; C:\Program Files\Microsoft SQL Server\MSSQL12.MSSQLSERVER\MSSQL\Binn\SQLAGENT.EXE [613056 2015-04-20] (Microsoft Corporation)
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [81536 2014-05-13] (Atheros) [File not signed]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 BTATH_LWFLT; C:\Windows\System32\DRIVERS\btath_lwflt.sys [77464 2014-10-28] (Qualcomm Atheros)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R1 epp; C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\epp.sys [123992 2015-10-23] (Emsisoft Ltd)
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2015-12-24] ()
R1 GIDv2; C:\Windows\System32\Drivers\GIDv2.sys [28648 2015-12-08] (StrikeForce Technologies, Inc.)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28656 2013-04-30] (Intel Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2015-12-27] (Malwarebytes)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [116736 2014-02-19] (Intel Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
S4 RsFx0310; C:\Windows\System32\DRIVERS\RsFx0310.sys [249024 2015-04-20] (Microsoft Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [190088 2015-06-23] (Sandboxie Holdings, LLC)
R2 SSPORT; C:\Windows\SysWOW64\Drivers\SSPORT.sys [11576 2009-10-28] (Samsung Electronics)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [30848 2015-12-27] ()
R3 usbkey; C:\Windows\System32\DRIVERS\USBKey64.sys [40288 2015-08-14] ()
S3 btmaux; system32\DRIVERS\btmaux.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S2 DgiVecp; \??\C:\Windows\system32\Drivers\DgiVecp.sys [X]
S3 MFE_RR; \??\C:\Users\ADMINI~1\AppData\Local\Temp\mfe_rr.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-12-27 18:09 - 2015-12-27 18:10 - 00016416 _____ C:\Users\Administrator\Desktop\FRST.txt
2015-12-27 17:58 - 2015-12-27 17:58 - 00047494 _____ C:\Users\Administrator\Desktop\combo.txt
2015-12-27 17:57 - 2015-12-27 17:57 - 00047494 _____ C:\ComboFix.txt
2015-12-27 17:51 - 2015-12-27 17:57 - 00000000 ____D C:\Qoobox
2015-12-27 17:51 - 2011-06-26 01:45 - 00256000 _____ C:\Windows\PEV.exe
2015-12-27 17:51 - 2010-11-07 12:20 - 00208896 _____ C:\Windows\MBR.exe
2015-12-27 17:51 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-12-27 17:51 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-12-27 17:51 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-12-27 17:51 - 2000-08-30 19:00 - 00098816 _____ C:\Windows\sed.exe
2015-12-27 17:51 - 2000-08-30 19:00 - 00080412 _____ C:\Windows\grep.exe
2015-12-27 17:51 - 2000-08-30 19:00 - 00068096 _____ C:\Windows\zip.exe
2015-12-27 17:46 - 2015-12-27 17:46 - 05641584 ____R (Swearware) C:\Users\Administrator\Desktop\ComboFix.exe
2015-12-27 17:25 - 2015-12-27 17:25 - 00000702 _____ C:\Users\Administrator\Desktop\JRT.txt
2015-12-27 17:23 - 2015-12-27 17:24 - 01599336 _____ (Malwarebytes) C:\Users\Administrator\Desktop\JRT.exe
2015-12-27 17:23 - 2015-12-27 17:23 - 00000685 _____ C:\Users\Administrator\Desktop\AdwCleaner[S1].txt
2015-12-27 17:20 - 2015-12-27 17:20 - 01743360 _____ C:\Users\Administrator\Desktop\adwcleaner_5.026.exe
2015-12-27 17:20 - 2015-12-27 17:20 - 00000000 ____D C:\AdwCleaner
2015-12-27 17:18 - 2015-12-27 17:18 - 00001067 _____ C:\Users\Administrator\Desktop\malewarebytes.txt
2015-12-27 17:18 - 2015-12-27 17:18 - 00000612 _____ C:\Users\Administrator\Desktop\malewarebytes.txt.lnk
2015-12-27 17:09 - 2015-12-27 17:09 - 00005126 _____ C:\Users\Administrator\Desktop\Roguereport.txt
2015-12-27 17:01 - 2015-12-27 17:02 - 20834888 _____ C:\Users\Administrator\Desktop\RogueKiller.exe
2015-12-27 16:35 - 2015-12-27 18:09 - 00000000 ____D C:\FRST
2015-12-27 16:35 - 2015-12-27 16:35 - 02370560 _____ (Farbar) C:\Users\Administrator\Desktop\FRST64.exe
2015-12-27 03:22 - 2015-12-27 03:22 - 00002759 _____ C:\Users\Public\Desktop\Sophos Virus Removal Tool.lnk
2015-12-27 03:22 - 2015-12-27 03:22 - 00000000 ____D C:\ProgramData\Sophos
2015-12-27 03:22 - 2015-12-27 03:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
2015-12-27 03:22 - 2015-12-27 03:22 - 00000000 ____D C:\Program Files (x86)\Sophos
2015-12-27 02:13 - 2015-12-27 02:15 - 00000000 ____D C:\Users\Administrator\Desktop\mbar
2015-12-27 02:12 - 2015-12-27 02:13 - 00002122 _____ C:\Users\Administrator\Desktop\Rkill.txt
2015-12-27 02:12 - 2015-12-27 02:12 - 02032072 _____ (Bleeping Computer, LLC) C:\Users\Administrator\Downloads\rkill.exe
2015-12-26 03:38 - 2015-12-26 03:38 - 00002210 _____ C:\DelFix.txt
2015-12-25 20:25 - 2015-12-25 20:57 - 00000000 ____D C:\Windows\erdnt
2015-12-25 17:58 - 2015-12-25 17:58 - 00380416 _____ C:\Users\Administrator\Downloads\explore.exe
2015-12-25 17:57 - 2015-12-25 17:57 - 00380416 _____ C:\Users\Administrator\Downloads\iexplorer.exe
2015-12-25 17:56 - 2015-12-25 17:58 - 00079434 _____ C:\Windows\ntbtlog.txt
2015-12-24 22:54 - 2015-12-24 22:54 - 00001135 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk.1451015906.old
2015-12-24 22:54 - 2015-12-24 22:54 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Opera Software
2015-12-24 22:54 - 2015-12-24 22:54 - 00000000 ____D C:\Users\Administrator\AppData\Local\Opera Software
2015-12-24 22:53 - 2015-12-24 22:58 - 00000000 ____D C:\Program Files (x86)\Opera
2015-12-24 22:45 - 2015-12-24 22:45 - 00022704 _____ C:\Windows\system32\Drivers\EsgScanner.sys
2015-12-24 22:22 - 2015-12-27 17:10 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-12-24 22:22 - 2015-12-27 02:13 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-12-24 22:22 - 2015-12-24 22:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-12-24 22:22 - 2015-12-24 22:22 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-12-24 22:22 - 2015-10-05 09:50 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-12-24 22:22 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2015-12-24 21:19 - 2015-12-27 05:19 - 00000526 _____ C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task d567e468-fa7b-49dc-920a-806d5cb4ced0.job
2015-12-24 21:19 - 2015-12-26 02:00 - 00000526 _____ C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 27a79555-d756-4328-ac77-c26a65a70f3c.job
2015-12-24 21:19 - 2015-12-24 21:19 - 00003626 _____ C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task 27a79555-d756-4328-ac77-c26a65a70f3c
2015-12-24 21:19 - 2015-12-24 21:19 - 00003552 _____ C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task d567e468-fa7b-49dc-920a-806d5cb4ced0
2015-12-24 21:17 - 2015-12-24 21:36 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2015-12-24 21:17 - 2015-12-24 21:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Security Scan
2015-12-24 21:17 - 2015-12-24 21:17 - 00000000 ____D C:\Program Files (x86)\Kaspersky Lab
2015-12-24 21:16 - 2015-12-24 21:19 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2015-12-24 21:16 - 2015-12-24 21:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2015-12-24 01:12 - 2015-12-24 01:12 - 00000000 _____ C:\autoexec.bat
2015-12-24 00:44 - 2015-12-26 00:10 - 00000000 ____D C:\Users\Administrator\Downloads\TMRBLog
2015-12-23 21:58 - 2015-12-23 21:58 - 00784152 _____ (McAfee, Inc.) C:\Users\Administrator\Downloads\rootkitremover.exe
2015-12-23 21:24 - 2015-12-24 18:03 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-12-23 13:16 - 2015-12-23 13:16 - 00110560 _____ C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2015-12-23 13:11 - 2015-12-23 13:11 - 02354776 _____ C:\Windows\system32\FNTCACHE.DAT
2015-12-22 21:55 - 2015-12-22 21:55 - 05167224 _____ C:\Users\Administrator\Desktop\George Boufidis .pdf
2015-12-22 21:16 - 2015-12-22 21:16 - 00000000 ____D C:\Users\Administrator\Desktop\Dr Jonas Laforge
2015-12-22 21:14 - 2015-12-22 21:14 - 00277464 _____ C:\Users\Administrator\Desktop\Dr Jonas Laforge.zip
2015-12-22 18:38 - 2015-12-22 18:38 - 00000000 ____D C:\ProgramData\Emsisoft
2015-12-22 18:34 - 2015-12-22 18:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware
2015-12-22 18:33 - 2015-12-27 17:29 - 00000000 ____D C:\Program Files\Emsisoft Anti-Malware
2015-12-22 18:33 - 2015-12-22 18:33 - 08656400 _____ (Trend Micro Inc.) C:\Users\Administrator\Downloads\RootkitBuster_v5_1061.exe
2015-12-22 18:32 - 2015-12-22 18:32 - 00102912 _____ (bartblaze) C:\Users\Administrator\Downloads\Rem-VBSworm.exe
2015-12-22 18:29 - 2015-12-23 20:25 - 00000000 ____D C:\ProgramData\Malwarebytes Anti-Exploit
2015-12-22 18:28 - 2015-12-22 18:33 - 205471992 _____ (Emsisoft Ltd. ) C:\Users\Administrator\Downloads\EmsisoftAntiMalwareSetup.exe.exe
2015-12-22 18:25 - 2015-12-22 18:25 - 01847144 _____ (Malwarebytes ) C:\Users\Administrator\Downloads\mbae-setup-1.08.1.1044.exe
2015-12-22 18:14 - 2015-12-22 21:15 - 00277310 _____ C:\Users\Administrator\Desktop\Patient -George Boufidis.pdf
2015-12-21 15:59 - 2015-12-27 02:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2015-12-21 15:59 - 2015-12-27 02:19 - 00000000 ____D C:\Program Files\RogueKiller
2015-12-21 15:51 - 2015-12-08 10:51 - 00028648 _____ (StrikeForce Technologies, Inc.) C:\Windows\system32\Drivers\gidv2.sys
2015-12-21 15:15 - 2015-12-21 15:40 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\log
2015-12-15 16:46 - 2015-12-15 16:46 - 00204756 _____ C:\Users\Administrator\Desktop\clean phones 17063.csv
2015-12-08 10:58 - 2015-12-08 10:58 - 00396440 _____ (StrikeForce Technologies Inc.) C:\Windows\system32\GIDHOOK64.DLL
2015-12-08 10:58 - 2015-12-08 10:58 - 00380576 ____N (StrikeForce Technologies Inc.) C:\Windows\system32\GIDHookLogon64.dll
2015-12-08 10:58 - 2015-12-08 10:58 - 00334992 _____ (StrikeForce Technologies Inc.) C:\Windows\SysWOW64\GIDHook.dll
2015-12-08 10:58 - 2015-12-08 10:58 - 00283800 _____ (easyhook.codeplex.com) C:\Windows\system32\EasyHook64.dll
2015-12-08 10:58 - 2015-12-08 10:58 - 00187024 ____N (StrikeForce Technologies Inc.) C:\Windows\system32\GIDBIN3.DLL
2015-12-08 10:58 - 2015-12-08 10:58 - 00187024 _____ (StrikeForce Technologies Inc.) C:\Windows\SysWOW64\GIDBIN3.dll
2015-12-08 10:58 - 2015-12-08 10:58 - 00104608 ____N (StrikeForce Technologies Inc.) C:\Windows\system32\GIDLogonCP64.dll
2015-12-08 10:58 - 2015-12-08 10:58 - 00098448 _____ (StrikeForce Technologies Inc.) C:\Windows\system32\GIDBIN1.DLL
2015-12-08 10:58 - 2015-12-08 10:58 - 00090784 _____ (StrikeForce Technologies Inc) C:\Windows\SysWOW64\SysEventMenu.dll
2015-12-08 10:58 - 2015-12-08 10:58 - 00086672 _____ (StrikeForce Technologies Inc.) C:\Windows\SysWOW64\GIDBIN1.dll
2015-12-08 10:51 - 2015-12-08 10:51 - 00148464 ____N (StrikeForce Technologies Inc.) C:\Windows\system32\GidSc64.dll
2015-12-08 10:51 - 2015-12-08 10:51 - 00130424 _____ (StrikeForce Technologies Inc.) C:\Windows\SysWOW64\gidSc32.dll
2015-12-04 15:24 - 2015-12-04 15:24 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Wireshark
2015-12-04 00:32 - 2015-12-15 20:32 - 00017408 _____ C:\Users\Administrator\Documents\Kamasutra.xlsx
2015-11-29 01:01 - 2014-02-21 05:20 - 00052416 _____ (Microsoft Corporation) C:\Windows\system32\perf-ReportServer-rsctr12.1.4100.1.dll
2015-11-29 01:01 - 2014-02-21 05:20 - 00045760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\perf-ReportServer-rsctr12.1.4100.1.dll
2015-11-29 00:41 - 2015-11-29 00:41 - 00000000 ____D C:\Intel
2015-11-29 00:21 - 2015-11-29 00:21 - 00000000 ____D C:\Users\Administrator\AppData\Local\Intel
2015-11-29 00:20 - 2015-11-29 00:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel Driver Update Utility
2015-11-29 00:20 - 2015-11-29 00:20 - 00000000 ____D C:\Program Files (x86)\Intel Driver Update Utility
2015-11-29 00:06 - 2015-11-29 00:06 - 00000000 ____D C:\Users\Administrator\Intel
2015-11-28 23:54 - 2015-11-28 23:54 - 00001436 _____ C:\Users\Administrator\Desktop\SpitFireControlCenter - Shortcut.lnk
2015-11-28 23:22 - 2015-11-28 23:22 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\SUPERAntiSpyware.com
2015-11-28 23:22 - 2015-11-28 23:22 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2015-11-28 22:56 - 2015-11-28 22:57 - 24041864 _____ (SUPERAntiSpyware) C:\Users\Administrator\Downloads\SUPERAntiSpyware.exe
2015-11-28 22:21 - 2015-12-27 02:15 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-11-28 22:21 - 2015-12-21 15:27 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-11-28 22:20 - 2015-11-28 22:20 - 16563352 _____ (Malwarebytes Corp.) C:\Users\Administrator\Downloads\mbar-1.09.3.1001.exe
2015-11-28 21:40 - 2015-11-28 21:40 - 00000000 ____D C:\Users\Administrator\Documents\Version Cue
2015-11-27 23:59 - 2015-11-27 23:59 - 00000000 ____D C:\Windows\pss

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-12-27 17:56 - 2009-07-13 22:20 - 00000000 ____D C:\Windows
2015-12-27 17:56 - 2009-07-13 21:34 - 00000215 _____ C:\Windows\system.ini
2015-12-27 17:51 - 2015-11-12 19:00 - 00000000 ____D C:\Users\MSSQLSERVER
2015-12-27 17:02 - 2015-08-26 11:27 - 00030848 _____ C:\Windows\system32\Drivers\TrueSight.sys
2015-12-27 16:36 - 2009-07-13 23:45 - 00021312 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-12-27 16:36 - 2009-07-13 23:45 - 00021312 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-12-27 16:34 - 2009-07-14 00:13 - 01094326 _____ C:\Windows\system32\PerfStringBackup.INI
2015-12-27 16:34 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\inf
2015-12-27 16:27 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-12-27 02:10 - 2015-08-19 20:01 - 00003970 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{457B9D94-DBA1-45CA-8B54-1BFDDB92A0F5}
2015-12-26 04:09 - 2015-08-19 17:32 - 00000000 ____D C:\Users\Administrator\AppData\Local\CrashDumps
2015-12-25 21:55 - 2009-07-14 00:32 - 00000000 ____D C:\Windows\Downloaded Program Files
2015-12-25 04:03 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\Branding
2015-12-24 22:58 - 2015-09-05 21:14 - 00001413 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-12-24 20:09 - 2015-10-22 14:10 - 00000000 ____D C:\Users\Administrator\Desktop\Scripts
2015-12-24 01:54 - 2015-11-12 19:00 - 00000000 ____D C:\Users\MSSQLFDLauncher
2015-12-23 21:51 - 2015-10-16 17:43 - 00000224 _____ C:\Users\Administrator\Desktop\Dialer.url
2015-12-23 20:20 - 2009-07-14 00:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-12-23 14:34 - 2015-08-14 10:34 - 00000000 ____D C:\Users\Administrator\AppData\Local\LogMeIn Rescue Calling Card
2015-12-23 14:33 - 2015-08-14 10:34 - 00000000 ____D C:\Program Files (x86)\LogMeIn Rescue Calling Card
2015-12-23 14:13 - 2015-08-14 10:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpitFire Online Support
2015-12-23 14:11 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\ModemLogs
2015-12-22 18:19 - 2015-08-28 20:25 - 11323704 _____ (SurfRight B.V.) C:\Users\Administrator\Downloads\HitmanPro_x64.exe
2015-12-21 15:51 - 2015-09-08 18:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GuardedID
2015-12-21 15:51 - 2015-09-08 17:35 - 00000000 ____D C:\Users\Administrator\AppData\Local\Downloaded Installations
2015-12-21 15:40 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\IME
2015-12-19 19:49 - 2015-08-28 20:30 - 00002284 _____ C:\Windows\Sandboxie.ini
2015-12-18 16:48 - 2015-08-14 11:06 - 00000000 ____D C:\Users\Administrator\Documents\SQL Server Management Studio
2015-12-18 16:42 - 2015-08-14 11:18 - 00000000 ____D C:\AgentApp
2015-12-18 16:28 - 2015-08-14 10:50 - 00000000 ____D C:\Program Files (x86)\CTI32
2015-12-13 12:14 - 2015-11-12 19:00 - 00000000 ____D C:\Users\MSSQLServerOLAPService
2015-12-13 12:14 - 2015-11-12 19:00 - 00000000 ____D C:\Users\MsDtsServer120
2015-12-11 20:53 - 2015-10-06 20:06 - 00001458 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
2015-12-08 22:39 - 2010-11-20 22:27 - 00301728 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-12-04 00:19 - 2015-08-14 11:06 - 00000000 ____D C:\Users\Administrator\Documents\Visual Studio 2008
2015-12-01 20:50 - 2015-08-19 18:20 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Skype
2015-11-29 16:07 - 2015-09-08 18:21 - 00000000 ____D C:\ProgramData\GID
2015-11-29 01:01 - 2015-11-12 19:00 - 00000000 ____D C:\Users\ReportServer
2015-11-29 01:01 - 2015-11-12 18:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft SQL Server 2014
2015-11-29 01:01 - 2010-11-21 02:16 - 00000000 ___RD C:\Users\Public\Recorded TV
2015-11-29 00:56 - 2015-08-14 10:56 - 00000000 ____D C:\Program Files\Microsoft SQL Server
2015-11-29 00:56 - 2015-08-14 10:56 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server
2015-11-29 00:48 - 2015-08-13 15:36 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2015-11-29 00:48 - 2015-08-13 15:36 - 00000000 ____D C:\Program Files\Intel
2015-11-29 00:41 - 2015-08-13 15:36 - 00000000 ____D C:\Program Files (x86)\Intel
2015-11-29 00:41 - 2015-08-13 15:35 - 00000000 ____D C:\Program Files (x86)\InstallShield Installation Information
2015-11-29 00:20 - 2015-08-13 14:23 - 00000000 ____D C:\ProgramData\Package Cache
2015-11-29 00:06 - 2015-08-14 10:33 - 00000000 ____D C:\Users\Administrator
2015-11-29 00:04 - 2015-08-14 10:57 - 00000000 ____D C:\Windows\SysWOW64\1033
2015-11-29 00:04 - 2015-08-14 10:57 - 00000000 ____D C:\Windows\system32\1033
2015-11-28 23:30 - 2015-08-14 11:05 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-11-28 21:42 - 2015-08-18 10:50 - 00000000 ____D C:\Users\Administrator\AppData\Local\Adobe
2015-11-28 21:40 - 2015-08-14 10:33 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Adobe
2015-11-28 00:58 - 2015-09-12 20:23 - 00002814 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2015-11-28 00:58 - 2015-08-19 13:11 - 00003888 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task

==================== Files in the root of some directories =======

2015-08-26 20:49 - 2015-08-26 20:49 - 0004096 _____ () C:\Users\Administrator\AppData\Local\keyfile3.drm

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-12-20 01:13

==================== End of FRST.txt ============================

 

[Broni]

When I try go into repair mode it boots to the option to select language and there is no mouse or keyboard

This would be a subject to a different forum.

 

[Boufeez]

Additional scan result of Farbar Recovery Scan Tool (x64) Version:27-12-2015
Ran by Administrator (2015-12-27 18:10:06)
Running from C:\Users\Administrator\Desktop
Windows 7 Professional Service Pack 1 (X64) (2015-08-13 20:31:49)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3097266444-2333562351-893229259-500 - Administrator - Enabled) => C:\Users\Administrator
Guest (S-1-5-21-3097266444-2333562351-893229259-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Disabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AV: Emsisoft Anti-Malware (Disabled - Up to date) {2F44E1F9-850B-1C7A-0E56-EB2E0A3E20C9}
AS: Microsoft Security Essentials (Disabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Emsisoft Anti-Malware (Disabled - Up to date) {9425001D-A331-13F4-34E6-D05C71B96A74}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Add or Remove Adobe Creative Suite 3 Master Collection (HKLM-x32\...\Adobe_4dcfd9b7e901b57f81f667144603236) (Version: 1.0 - Adobe Systems Incorporated)
Adobe Flash Player 18 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.185 - Adobe Systems Incorporated)
Adobe Flash Player 9 ActiveX (HKLM-x32\...\{BC4F8E84-5E29-49EC-B4E7-E6F9CB50986C}) (Version: 9.0.45.0 - Adobe Systems, Inc.)
Adobe Flash Player 9 Plugin (HKLM-x32\...\{88D422DB-E9C7-4E16-9D80-2999F4FD6AD9}) (Version: 9.0.45.0 - Adobe Systems, Inc.)
AgentApp (HKLM-x32\...\{AF941339-68D2-4F19-9FEA-F085EF20E33E}) (Version: 1.0.0 - OPC Marketing, Inc.)
AHV content for Acrobat and Flash (x32 Version: 1 - Adobe Systems Incorporated) Hidden
AMD Catalyst Install Manager (HKLM\...\{F62CA14F-AB88-4A97-7752-BF36193B4CC3}) (Version: 8.0.903.0 - Advanced Micro Devices, Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.09 - Piriform)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
CTI32 (HKLM-x32\...\{859C79E6-9913-437E-888E-C8891D8D32C5}) (Version: 4.5.0.0 - Inventive Labs, LLC)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell WLAN and Bluetooth Client Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Dell Inc.)
Emsisoft Anti-Malware (HKLM\...\{5502032C-88C1-4303-99FE-B5CBD7684CEA}_is1) (Version: 11.0 - Emsisoft Ltd.)
GuardedID (HKLM-x32\...\{ECD3D782-D51B-424D-A87F-5F5A8D531BDF}) (Version: 4.00.0038 - StrikeForce Technologies, Inc)
Hmp Elements Server (HKLM-x32\...\{E9DD8AB9-0D79-47A0-9142-A3DC7FB789A1}) (Version: 1.0.0 - Inventive Labs)
Intel Driver Update Utility (HKLM-x32\...\{fe92d390-13ee-4660-a2f8-39a066fdffe0}) (Version: 2.2.0.5 - Intel)
Intel(R) Driver Update Utility 2.2.0.5 (x32 Version: 2.2.0.1 - Intel) Hidden
Intel(R) Manageability Engine Firmware Recovery Agent (HKLM-x32\...\{A6C48A9F-694A-4234-B3AA-62590B668927}) (Version: 1.0.0.36702 - Intel Corporation)
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.0.1168 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.0.1310 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.6.0.1033 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.5.0.19 - Intel Corporation)
Itibiti RTC (x32 Version: 0.0.1 - Itibiti Inc) Hidden
Java 8 Update 66 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218066F0}) (Version: 8.0.660.18 - Oracle Corporation)
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Kaspersky Security Scan (HKLM-x32\...\InstallWIX_{D1282694-0693-41A8-ABC1-6D1FFC1F65C5}) (Version: 15.0.0.740 - Kaspersky Lab)
Kaspersky Security Scan (x32 Version: 15.0.0.740 - Kaspersky Lab) Hidden
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Help Viewer 1.1 (HKLM\...\Microsoft Help Viewer 1.1) (Version: 1.1.40219 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.6.140.0 - Microsoft Corporation)
Microsoft ODBC Driver 11 for SQL Server (HKLM\...\{BF5ABBDB-D3AA-4BCB-8D10-FCD4A4BB7F93}) (Version: 12.1.4100.1 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Report Viewer 2014 Runtime (HKLM-x32\...\{327E9C0D-1687-414F-923E-F5979E549548}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft Report Viewer Redistributable 2008 SP1 (HKLM-x32\...\Microsoft Report Viewer Redistributable 2008 (KB971119)) (Version: - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files (HKLM\...\{6292D514-17A4-403F-98F9-E150F10C043D}) (Version: 10.3.5500.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client (HKLM\...\{49D665A2-4C2A-476E-9AB8-FCC425F526FC}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2014 (64-bit) (HKLM\...\Microsoft SQL Server SQLServer2014) (Version: - Microsoft Corporation)
Microsoft SQL Server 2014 Policies (HKLM-x32\...\{1C30FE7E-8A8C-4492-89D6-10CB20C3B0EB}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 RS Add-in for SharePoint (HKLM\...\{E4B2839D-5C17-4A21-AB5A-2540AAD6F776}) (Version: 12.1.4100.1 - Microsoft Corporation)
Microsoft SQL Server 2014 Setup (English) (HKLM\...\{C7E2483C-10A4-41E3-A2F6-240186FE3E41}) (Version: 12.1.4100.1 - Microsoft Corporation)
Microsoft SQL Server 2014 Transact-SQL Compiler Service (HKLM\...\{1A73AF5D-69EE-4AE0-917C-2429CE593A86}) (Version: 12.1.4100.1 - Microsoft Corporation)
Microsoft SQL Server 2014 Transact-SQL ScriptDom (HKLM\...\{FF7DDA05-6EA7-4C01-B44A-3E57F8B9B97B}) (Version: 12.1.4100.1 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM-x32\...\{C3F6F200-6D7B-4879-B9EE-700C0CE1FCDA}) (Version: 10.51.2500.0 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (x64) (HKLM\...\{C9F697B9-FAC8-4B76-9D3D-40FA3BFA4F9E}) (Version: 10.51.2500.0 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM\...\{E3F613C1-105F-4717-BFE7-007729A95D67}) (Version: 12.1.4100.1 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219 (HKLM-x32\...\{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Shell (Isolated) - ENU (HKLM-x32\...\{D64B6984-242F-32BC-B008-752806E5FC44}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 - ENU (HKLM-x32\...\{4ECF4BDC-8387-329A-ABE9-CF5798F84BB2}) (Version: 9.0.35191 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications x64 Runtime 3.0 (HKLM\...\{F14401A9-F0A0-33CC-8444-F60823A60DEB}) (Version: 10.0.40220 - Microsoft Corporation)
Microsoft VSS Writer for SQL Server 2014 (HKLM\...\{366CD715-2FF4-40B4-A8B4-A05E5D21A945}) (Version: 12.1.4100.1 - Microsoft Corporation)
Mozilla Firefox 43.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 43.0.2 (x86 en-US)) (Version: 43.0.2 - Mozilla)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.8.1 - Notepad++ Team)
PDF Settings (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.334 - Qualcomm Atheros Communications)
Realtek Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 7.67.1226.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6833 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.2.8400.30137 - Realtek Semiconductor Corp.)
RogueKiller version 11 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 11 - Adlice Software)
Samsung Scan Assistant (HKLM-x32\...\Samsung Scan Assistant) (Version: 1.04.22.00 - Samsung Electronics Co., Ltd.)
Sandboxie 4.20 (64-bit) (HKLM\...\Sandboxie) (Version: 4.20 - Sandboxie Holdings, LLC)
Service Pack 1 for SQL Server 2014 (KB3058865) (64-bit) (HKLM\...\KB3058865) (Version: 12.1.4100.1 - Microsoft Corporation)
Skype™ 7.8 (HKLM-x32\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.8.102 - Skype Technologies S.A.)
Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.5.5 - Sophos Limited)
Spitfire Enterprise Setup (HKLM-x32\...\{B06EDCA9-BB6F-4129-89BF-619CF7E8C895}) (Version: 1.0.0 - OPC Marketing, Inc.)
SpitFire Online Support (HKLM-x32\...\{7E117A6A-8579-4435-8290-4089C1C5BEFA}) (Version: 5.2.142 - LogMeIn, Inc.)
SQL Server 2014 Analysis Services (Version: 12.1.4100.1 - Microsoft Corporation) Hidden
SQL Server 2014 Client Tools (Version: 12.1.4100.1 - Microsoft Corporation) Hidden
SQL Server 2014 Common Files (Version: 12.1.4100.1 - Microsoft Corporation) Hidden
SQL Server 2014 Data quality client (Version: 12.1.4100.1 - Microsoft Corporation) Hidden
SQL Server 2014 Data quality service (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server 2014 Data quality service (Version: 12.1.4100.1 - Microsoft Corporation) Hidden
SQL Server 2014 Database Engine Services (Version: 12.1.4100.1 - Microsoft Corporation) Hidden
SQL Server 2014 Database Engine Shared (Version: 12.1.4100.1 - Microsoft Corporation) Hidden
SQL Server 2014 Distributed Replay (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server 2014 Distributed Replay (Version: 12.1.4100.1 - Microsoft Corporation) Hidden
SQL Server 2014 Documentation Components (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server 2014 Full text search (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server 2014 Integration Services (Version: 12.1.4100.1 - Microsoft Corporation) Hidden
SQL Server 2014 Management Studio (Version: 12.1.4100.1 - Microsoft Corporation) Hidden
SQL Server 2014 Master Data Services (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server 2014 Master Data Services (Version: 12.1.4100.1 - Microsoft Corporation) Hidden
SQL Server 2014 Reporting Services (Version: 12.1.4100.1 - Microsoft Corporation) Hidden
SQL Server 2014 RS_SharePoint_SharedService (Version: 12.1.4100.1 - Microsoft Corporation) Hidden
SQL Server 2014 SQL Data Quality Common (Version: 12.1.4100.1 - Microsoft Corporation) Hidden
SQL Server Browser for SQL Server 2014 (HKLM-x32\...\{3204DE95-97D2-4261-A286-98A262E171D4}) (Version: 12.1.4100.1 - Microsoft Corporation)
Sql Server Customer Experience Improvement Program (Version: 12.1.4100.1 - Microsoft Corporation) Hidden
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1210 - SUPERAntiSpyware.com)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Visual Studio 2010 Prerequisites - English (HKLM\...\{662014D2-0450-37ED-ABAE-157C88127BEB}) (Version: 10.0.40219 - Microsoft Corporation)
Windows Driver Package - KEYLOK (usbkey) USB (06/10/2010 64.0.0.0) (HKLM\...\B048A6D4B0188E5A802ADFF30A7C78FA4AD99BE0) (Version: 06/10/2010 64.0.0.0 - KEYLOK)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Wireshark 1.12.4 (64-bit) (HKLM-x32\...\Wireshark) (Version: 1.12.4 - The Wireshark developer community, hxxp://www.wireshark.org)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3097266444-2333562351-893229259-500_Classes\CLSID\{8A791F0C-C63C-4EC5-B97F-FBCE74EDBC54}\InprocServer32 -> C:\Program Files\TextPad 7\System\ShellExt64.dll => No File

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {039C781B-6DBA-480A-BAAE-F4526492FBF2} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2015-09-10] (Microsoft Corporation)
Task: {35426E9E-2325-4447-A034-3D53CA43A05E} - System32\Tasks\SUPERAntiSpyware Scheduled Task 27a79555-d756-4328-ac77-c26a65a70f3c => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-07] (SUPERAdBlocker.com)
Task: {36399346-416E-4E77-8CB0-875D9FC80F51} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2015-09-10] (Microsoft Corporation)
Task: {382D8390-2F47-4971-8485-67904EE6C098} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2015-09-10] (Microsoft)
Task: {42B33681-5FD0-4544-8B62-327707AD5763} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated)
Task: {54F94D1A-6512-449C-9545-7497ADAE0B77} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2012-06-14] (Intel Corporation)
Task: {59D2A24E-30F4-4538-BDAB-E172A5CC94EF} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-08-19] (Piriform Ltd)
Task: {8961A1AA-9AC7-4492-865D-D7EDBB884375} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2015-09-10] (Microsoft Corporation)
Task: {99BB52DA-9C66-4AD6-AEE4-05DFE207C3ED} - System32\Tasks\SUPERAntiSpyware Scheduled Task d567e468-fa7b-49dc-920a-806d5cb4ced0 => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-07] (SUPERAdBlocker.com)
Task: {E19B4111-5B41-4B98-8C1C-E3B5CAFC271C} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2012-06-14] (Intel Corporation)
Task: {FA7C3623-1B87-4403-BF7B-D0DC8AAB7385} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2015-09-10] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 27a79555-d756-4328-ac77-c26a65a70f3c.job => C:\Program Files\SUPERAntiSpyware\SASTask.exedC:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
Task: C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task d567e468-fa7b-49dc-920a-806d5cb4ced0.job => C:\Program Files\SUPERAntiSpyware\SASTask.exedC:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-07-01 08:45 - 2015-07-01 08:45 - 00022528 _____ () C:\Windows\System32\us005lm.dll
2015-06-03 13:44 - 2015-06-03 13:44 - 00315648 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\dblite.dll
2015-08-13 15:36 - 2013-01-24 08:57 - 01199576 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-3097266444-2333562351-893229259-500\...\dell.com -> dell.com

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2015-12-25 20:47 - 00000027 ____N C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3097266444-2333562351-893229259-500\Control Panel\Desktop\\Wallpaper -> C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: FLEXnet Licensing Service => 3
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: Spitfire_RecordingService => 2
MSCONFIG\startupfolder: C:^Users^Administrator^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk => C:\Windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
MSCONFIG\startupreg: 3200 Scan2PC => "C:\Windows\twain_32\Samsung\SCX3200\Scan2Pc.exe"
MSCONFIG\startupreg: Acrobat Assistant 8.0 => "C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: GIDDesktop => C:\Program Files (x86)\SFT\GuardedID\gidd.exe /s
MSCONFIG\startupreg: IAStorIcon => "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60
MSCONFIG\startupreg: Logitech Download Assistant => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
MSCONFIG\startupreg: MSC => "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
MSCONFIG\startupreg: RESTART_STICKY_NOTES => C:\Windows\System32\StikyNot.exe
MSCONFIG\startupreg: RtHDVBg => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /MAXX5REC
MSCONFIG\startupreg: RTHDVCPL => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
MSCONFIG\startupreg: SandboxieControl => "C:\Program Files\Sandboxie\SbieCtrl.exe"
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: USB3MON => "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [TCP Query User{AE6C5FC8-A0D9-46DD-A1B5-155D97D0F734}C:\users\office-1\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe] => (Allow) C:\users\office-1\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe
FirewallRules: [UDP Query User{60E14D3B-9877-4159-BEC0-8D61D27AEBA4}C:\users\office-1\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe] => (Allow) C:\users\office-1\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe
FirewallRules: [TCP Query User{6585E25D-EB32-4621-9E08-209FDB7A6ED0}C:\program files (x86)\logmein rescue calling card\callingcard.exe] => (Allow) C:\program files (x86)\logmein rescue calling card\callingcard.exe
FirewallRules: [UDP Query User{77636F3D-D090-484A-A6EA-77963587E151}C:\program files (x86)\logmein rescue calling card\callingcard.exe] => (Allow) C:\program files (x86)\logmein rescue calling card\callingcard.exe
FirewallRules: [{BCF523DE-F86A-4691-8B46-A11BCCC018F3}] => (Allow) LPort=5080
FirewallRules: [{41E75145-6C45-495B-932D-C4C34FFF0711}] => (Allow) C:\Users\Administrator\AppData\Local\Temp\Ins73AE\Setup\bin\MainInst.exe
FirewallRules: [{14AEC39A-A671-473D-B8C8-BC8172493BB3}] => (Allow) C:\Users\Administrator\AppData\Local\Temp\Ins73AE\Setup\bin\MainInst.exe
FirewallRules: [{189AD50A-7A82-422B-96B2-781DC2AF3253}] => (Allow) C:\Windows\twain_32\Samsung\ScanMgr.exe
FirewallRules: [{6B931C08-4EBE-4FDF-A52C-C2256BD3C1CA}] => (Allow) C:\Windows\twain_32\Samsung\ScanMgr.exe
FirewallRules: [{301F79D9-3FAC-4EBA-8ECD-94C314250F5C}] => (Allow) C:\Windows\twain_32\Samsung\SCX3200\Scan2Pc.exe
FirewallRules: [{7DF48D35-D45C-4C01-836A-C1EB79F4B155}] => (Allow) C:\Windows\twain_32\Samsung\SCX3200\Scan2Pc.exe
FirewallRules: [{72DF3227-99F4-409A-85FE-32991DEDB6DE}] => (Allow) C:\Windows\twain_32\Samsung\SCX3200\Sscan2io.exe
FirewallRules: [{5449BC9F-00BA-44F8-8DFA-31DC80A90943}] => (Allow) C:\Windows\twain_32\Samsung\SCX3200\Sscan2io.exe
FirewallRules: [{F4C00A51-F149-4361-941D-ACA1BB905ECE}] => (Allow) C:\Program Files (x86)\Scan Assistant\USDAgent.exe
FirewallRules: [{6A8E2750-F342-4535-AF17-4C8A38CE6FF6}] => (Allow) C:\Program Files (x86)\Scan Assistant\USDAgent.exe
FirewallRules: [{5EC0075F-8C4F-4223-AB9F-EEEBDD344F81}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{2AD4BD74-DDAD-4DA4-B41D-432263867F9E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{27DB3D31-D527-48C6-923B-EF28F6E615C8}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{006240AB-FB49-4709-B2CD-75F08D8CAB27}C:\program files (x86)\ringcentral for windows\softphone.exe] => (Allow) C:\program files (x86)\ringcentral for windows\softphone.exe
FirewallRules: [UDP Query User{38D14734-4070-432B-AEF6-C69337B504A5}C:\program files (x86)\ringcentral for windows\softphone.exe] => (Allow) C:\program files (x86)\ringcentral for windows\softphone.exe
FirewallRules: [{CC0D81D8-676B-4CA0-8608-38760AD57BA8}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{2DEDCFE4-2AFC-42E8-BB36-E28D7DBD60DF}] => (Allow) LPort=2869
FirewallRules: [{79D090B2-837A-479B-97FD-92F2436820ED}] => (Allow) LPort=1900
FirewallRules: [{AD07EDFE-D4A8-440A-9E52-A6BFD6A0739D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{273B9CA7-84C8-4917-BEB8-D61DB8C4599C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Restore Points =========================

22-12-2015 22:38:54 JRT Pre-Junkware Removal
22-12-2015 22:41:56 JRT Pre-Junkware Removal
23-12-2015 13:23:49 Windows Update
24-12-2015 00:49:58 JRT Pre-Junkware Removal
24-12-2015 22:28:12 Removed 7-Zip 9.20 (x64 edition)
25-12-2015 21:24:23 JRT Pre-Junkware Removal
27-12-2015 02:23:07 Windows Update
27-12-2015 03:21:57 Installed Sophos Virus Removal Tool.
27-12-2015 17:24:03 JRT Pre-Junkware Removal

==================== Faulty Device Manager Devices =============

Name: Generic Bluetooth Adapter
Description: Generic Bluetooth Adapter
Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Manufacturer: GenericAdapter
Service: BTHUSB
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Dell Wireless 1703 802.11b/g/n (2.4GHz)
Description: Dell Wireless 1703 802.11b/g/n (2.4GHz)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Atheros Communications Inc.
Service: athr
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (12/27/2015 05:49:41 PM) (Source: Report Server Windows Service (MSSQLSERVER)) (EventID: 107) (User: )
Description: Report Server Windows Service (MSSQLSERVER) cannot connect to the report server database.

Error: (12/27/2015 05:47:11 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: HmpElementsServer.exe, version: 2.2.9.1, time stamp: 0x54efa03c
Faulting module name: HmpElementsUmc.dll, version: 2.2.9.1, time stamp: 0x54e80171
Exception code: 0xc0000005
Fault offset: 0x00a2bd28
Faulting process id: 0x1568
Faulting application start time: 0xHmpElementsServer.exe0
Faulting application path: HmpElementsServer.exe1
Faulting module path: HmpElementsServer.exe2
Report Id: HmpElementsServer.exe3

Error: (12/27/2015 05:47:09 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: HmpElementsServer.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.AccessViolationException
Stack:
at HmpElements.Server.BeepDetectorUmc.FreeBeepDetector(IntPtr)
at HmpElements.Server.BeepDetector.Finalize()

Error: (12/27/2015 05:03:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: HmpElementsServer.exe, version: 2.2.9.1, time stamp: 0x54efa03c
Faulting module name: HmpElementsUmc.dll, version: 2.2.9.1, time stamp: 0x54e80171
Exception code: 0xc0000005
Fault offset: 0x00a2bd28
Faulting process id: 0x8d0
Faulting application start time: 0xHmpElementsServer.exe0
Faulting application path: HmpElementsServer.exe1
Faulting module path: HmpElementsServer.exe2
Report Id: HmpElementsServer.exe3

Error: (12/27/2015 05:03:48 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: HmpElementsServer.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.AccessViolationException
Stack:
at HmpElements.Server.BeepDetectorUmc.FreeBeepDetector(IntPtr)
at HmpElements.Server.BeepDetector.Finalize()

Error: (12/27/2015 04:29:26 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/27/2015 04:28:45 PM) (Source: Report Server Windows Service (MSSQLSERVER)) (EventID: 107) (User: )
Description: Report Server Windows Service (MSSQLSERVER) cannot connect to the report server database.

Error: (12/27/2015 03:22:37 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: HmpElementsServer.exe, version: 2.2.9.1, time stamp: 0x54efa03c
Faulting module name: HmpElementsUmc.dll, version: 2.2.9.1, time stamp: 0x54e80171
Exception code: 0xc0000005
Fault offset: 0x00a2bd28
Faulting process id: 0xa04
Faulting application start time: 0xHmpElementsServer.exe0
Faulting application path: HmpElementsServer.exe1
Faulting module path: HmpElementsServer.exe2
Report Id: HmpElementsServer.exe3

Error: (12/27/2015 03:22:36 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: HmpElementsServer.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.AccessViolationException
Stack:
at HmpElements.Server.BeepDetectorUmc.FreeBeepDetector(IntPtr)
at HmpElements.Server.BeepDetector.Finalize()

Error: (12/27/2015 02:05:08 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (12/27/2015 05:56:12 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (12/27/2015 05:54:51 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (12/27/2015 05:50:05 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Sandboxie Service service terminated unexpectedly. It has done this 1 time(s).

Error: (12/27/2015 05:49:48 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The MBAMService service terminated unexpectedly. It has done this 1 time(s).

Error: (12/27/2015 05:49:46 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The MBAMScheduler service terminated unexpectedly. It has done this 1 time(s).

Error: (12/27/2015 05:49:23 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The SQL Server (MSSQLSERVER) service terminated unexpectedly. It has done this 1 time(s).

Error: (12/27/2015 05:49:18 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The SQL Server VSS Writer service terminated unexpectedly. It has done this 1 time(s).

Error: (12/27/2015 05:30:38 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Spitfire_BusinessService service terminated unexpectedly. It has done this 2 time(s).

Error: (12/27/2015 05:03:47 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Spitfire_DialService service terminated unexpectedly. It has done this 1 time(s).

Error: (12/27/2015 05:03:41 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The CTI32 Telephony Engine service terminated unexpectedly. It has done this 1 time(s).


CodeIntegrity:
===================================
Date: 2015-12-25 21:39:25.560
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Emsisoft Anti-Malware\a2hooks64.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-12-25 20:59:02.982
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Emsisoft Anti-Malware\a2hooks64.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-12-25 20:44:44.221
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-12-25 20:44:44.208
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-11-29 00:33:03.932
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\ADMINI~1\AppData\Local\Temp\PCIUtil.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-11-29 00:33:03.918
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\ADMINI~1\AppData\Local\Temp\PCIUtil.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-11-29 00:24:14.144
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\Administrator\Desktop\PCIUtil.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-11-29 00:24:14.128
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\Administrator\Desktop\PCIUtil.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-11-29 00:24:13.270
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\ADMINI~1\AppData\Local\Temp\PCIUtil.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-11-29 00:24:13.254
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\ADMINI~1\AppData\Local\Temp\PCIUtil.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7-4770 CPU @ 3.40GHz
Percentage of memory in use: 28%
Total physical RAM: 12237.72 MB
Available physical RAM: 8769.59 MB
Total Virtual: 24473.65 MB
Available Virtual: 21351.12 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:931.28 GB) (Free:762.38 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt ============================

 

[Broni]

Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

[Boufeez]

Fix result of Farbar Recovery Scan Tool (x64) Version:27-12-2015
Ran by Administrator (2015-12-27 18:28:49) Run:1
Running from C:\Users\Administrator\Desktop
Loaded Profiles: Administrator & ReportServer & MSSQLFDLauncher & MsDtsServer120 & MSSQLSERVER (Available Profiles: Administrator & MSSQLServerOLAPService & ReportServer & MSSQLFDLauncher & MsDtsServer120 & MSSQLSERVER & Classic .NET AppPool & DefaultAppPool & ASP.NET v4.0 Classic)
Boot Mode: Normal
==============================================

fixlist content:
*****************
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3097266444-2333562351-893229259-500\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
Toolbar: HKU\S-1-5-21-3097266444-2333562351-893229259-500 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
S3 btmaux; system32\DRIVERS\btmaux.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S2 DgiVecp; \??\C:\Windows\system32\Drivers\DgiVecp.sys [X]
S3 MFE_RR; \??\C:\Users\ADMINI~1\AppData\Local\Temp\mfe_rr.sys [X]
2015-08-26 20:49 - 2015-08-26 20:49 - 0004096 _____ () C:\Users\Administrator\AppData\Local\keyfile3.drm
CustomCLSID: HKU\S-1-5-21-3097266444-2333562351-893229259-500_Classes\CLSID\{8A791F0C-C63C-4EC5-B97F-FBCE74EDBC54}\InprocServer32 -> C:\Program Files\TextPad 7\System\ShellExt64.dll => No File

*****************

"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKU\S-1-5-21-3097266444-2333562351-893229259-500\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
HKU\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => value removed successfully
HKCR\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => key not found.
btmaux => service removed successfully
catchme => service removed successfully
DgiVecp => service removed successfully
MFE_RR => service removed successfully
C:\Users\Administrator\AppData\Local\keyfile3.drm => moved successfully
"HKU\S-1-5-21-3097266444-2333562351-893229259-500_Classes\CLSID\{8A791F0C-C63C-4EC5-B97F-FBCE74EDBC54}" => key removed successfully

==== End of Fixlog 18:28:49 ====

 

[Boufeez]

Wow all my correct icons reappeared on the desktop! after the fix list was ran. Please send a link where I can make a small donation for your time .

Thanks- let me know the nest step!

 

[Broni]

Cool

Donation link is in my signature

Last scans...

Download Security Check from here or here and save it to your Desktop.

• Double-click SecurityCheck.exe
• Follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run

Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
Make sure the following options are checked:

• Internet Services
• Windows Firewall
• System Restore
• Security Center
• Windows Update
• Windows Defender
• Other Services

Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.

Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe

• Double click on TFC.exe to run the program.
• Click on Start button to begin cleaning process.
• TFC will close all running programs, and it may ask you to restart computer.

Download Sophos Free Virus Removal Tool and save it to your desktop.

• Double click the icon and select Run
• Click Next
• Select I accept the terms in this license agreement, then click Next twice
• Click Install
• Click Finish to launch the program
• Once the virus database has been updated click Start Scanning
• If any threats are found click Details, then View log file... (bottom left hand corner)
• Copy and paste the results in your reply
• Close the Notepad document, close the Threat Details screen, then click Start cleanup
• Click Exit to close the program

 

[Boufeez]

Results of screen317's Security Check version 1.009
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Microsoft Security Essentials
Emsisoft Anti-Malware
Antivirus up to date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
Java 8 Update 66
Java version 32-bit out of Date!
Adobe Flash Player 9 Flash Player out of Date!
Adobe Flash Player 19.0.0.185
Mozilla Firefox (43.0.2)
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbam.exe
Emsisoft Anti-Malware a2service.exe
Malwarebytes Anti-Malware mbamscheduler.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````



Farbar Service Scanner Version: 10-06-2014
Ran by Administrator (administrator) on 27-12-2015 at 19:11:57
Running from "C:\Users\Administrator\Desktop"
Microsoft Windows 7 Professional Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed


**** End of log ****

Getting user folders.
Stopping running processes.
Emptying Temp folders.
User: Administrator
->Temp folder emptied: 3432119 bytes
->Temporary Internet Files folder emptied: 11079530 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 4638182 bytes
->Flash cache emptied: 506 bytes
User: All Users
User: ASP.NET v4.0 Classic
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Classic .NET AppPool
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: DefaultAppPool
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: MsDtsServer120
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: MSSQLFDLauncher
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: MSSQLSERVER
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: MSSQLServerOLAPService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: OFFICE-1
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Public
->Temp folder emptied: 0 bytes
User: ReportServer
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 9104266 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes
Emptying RecycleBin. Do not interrupt.
RecycleBin emptied: 0 bytes
Process complete!
Total Files Cleaned = 27.00 mb



SOPHOS would not let me click the details button. (It was greyed out)

 

[Boufeez]

In addition, when I try and run GMER I still get this message :

" C:\windows\system32\config\system: The process cannot access the file because it is being used by another process"

In the Farbar scan, I see " Itibiti RTC (x32 Version: 0.0.1 - Itibiti Inc) Hidden" I believe this was one of the viruses before I had contacted you ,but its still there.

Thanks in advance Broni

 

[Broni]

In the Farbar scan, I see " Itibiti RTC (x32 Version: 0.0.1 - Itibiti Inc) Hidden" I believe this was one of the viruses before I had contacted you ,but its still there.

This is just registry leftover. It's not active so don't worry about it.

Not sure about GMER error but...

Update Adobe Flash Player: http://get.adobe.com/flashplayer/
Make sure you UN-check Yes, install McAfee Security Scan Plus

NOTE 1: Beginning with Adobe Flash Version 11.3, the universal installer includes the 32-bit and 64-bit versions of the Flash Player.
NOTE 2: While installing make sure you UN-check any extra garbage which wants to install alongside.

==================================

Your computer is clean

1. This step will remove all cleaning tools we used, it'll reset restore points (so you won't get reinfected by accidentally using some older restore point) and it'll make some other minor adjustments...
This is a very crucial step so make sure you don't skip it.
Download

DelFix by Xplode to your desktop. Delfix will delete all the used tools and logfiles.

Double-click Delfix.exe to start the tool.
Make sure the following items are checked:

• Activate UAC (optional; some users prefer to keep it off)
• Remove disinfection tools
• Create registry backup
• Purge System Restore
• Reset system settings

Now click "Run" and wait patiently.
Once finished a logfile will be created. You don't have to attach it to your next reply.

2. Make sure Windows Updates are current.

3. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

4. Check if your browser plugins are up to date.
Firefox - https://www.mozilla.org/en-US/plugincheck/
other browsers: https://browsercheck.qualys.com/ (click on "Scan without installing plugin" and then on "Scan now")

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC), AdwCleaner and Junkware Removal Tool (JRT) weekly (you need to redownload these tools since they were removed by DelFix).

8. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

11. Read:
How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
About those Toolbars and Add-ons - Potentially Unwanted Programs (PUPs) which change your browser settings: http://www.bleepingcomputer.com/for...curity-questions-best-practices/#entry3187642

12. Please, let me know, how your computer is doing.

 

[Boufeez]

Hello -

Thanks for your expertise, That's great ! Mr clean, the seal of approval!

Donation was made last night through your signature link

The machine were working on was running fine the last 48 hours and my fiance, did some web browsing ,nothing crazy and explorer is acting up big time. Keeps crashing every 20-30 seconds. Couldn't log on to techspot using explorer , had to use Firefox.
That's how bad it is.

I run Super anti spyware and it finds like 200 tracking cookies. I clear them, browse ebay for example, Just a couple pages, explorer crashes ,run Super anti spyware and again there is 200 adware cookies.

I was really grateful the machine was running great but that lasted an entire day....Broni ?