Additional scan result of Farbar Recovery Scan Tool (x64) Version:27-12-2015
Ran by Administrator (2015-12-27 18:10:06)
Running from C:\Users\Administrator\Desktop
Windows 7 Professional Service Pack 1 (X64) (2015-08-13 20:31:49)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-3097266444-2333562351-893229259-500 - Administrator - Enabled) => C:\Users\Administrator
Guest (S-1-5-21-3097266444-2333562351-893229259-501 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Microsoft Security Essentials (Disabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AV: Emsisoft Anti-Malware (Disabled - Up to date) {2F44E1F9-850B-1C7A-0E56-EB2E0A3E20C9}
AS: Microsoft Security Essentials (Disabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Emsisoft Anti-Malware (Disabled - Up to date) {9425001D-A331-13F4-34E6-D05C71B96A74}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Add or Remove Adobe Creative Suite 3 Master Collection (HKLM-x32\...\Adobe_4dcfd9b7e901b57f81f667144603236) (Version: 1.0 - Adobe Systems Incorporated)
Adobe Flash Player 18 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.185 - Adobe Systems Incorporated)
Adobe Flash Player 9 ActiveX (HKLM-x32\...\{BC4F8E84-5E29-49EC-B4E7-E6F9CB50986C}) (Version: 9.0.45.0 - Adobe Systems, Inc.)
Adobe Flash Player 9 Plugin (HKLM-x32\...\{88D422DB-E9C7-4E16-9D80-2999F4FD6AD9}) (Version: 9.0.45.0 - Adobe Systems, Inc.)
AgentApp (HKLM-x32\...\{AF941339-68D2-4F19-9FEA-F085EF20E33E}) (Version: 1.0.0 - OPC Marketing, Inc.)
AHV content for Acrobat and Flash (x32 Version: 1 - Adobe Systems Incorporated) Hidden
AMD Catalyst Install Manager (HKLM\...\{F62CA14F-AB88-4A97-7752-BF36193B4CC3}) (Version: 8.0.903.0 - Advanced Micro Devices, Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.09 - Piriform)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
CTI32 (HKLM-x32\...\{859C79E6-9913-437E-888E-C8891D8D32C5}) (Version: 4.5.0.0 - Inventive Labs, LLC)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell WLAN and Bluetooth Client Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Dell Inc.)
Emsisoft Anti-Malware (HKLM\...\{5502032C-88C1-4303-99FE-B5CBD7684CEA}_is1) (Version: 11.0 - Emsisoft Ltd.)
GuardedID (HKLM-x32\...\{ECD3D782-D51B-424D-A87F-5F5A8D531BDF}) (Version: 4.00.0038 - StrikeForce Technologies, Inc)
Hmp Elements Server (HKLM-x32\...\{E9DD8AB9-0D79-47A0-9142-A3DC7FB789A1}) (Version: 1.0.0 - Inventive Labs)
Intel Driver Update Utility (HKLM-x32\...\{fe92d390-13ee-4660-a2f8-39a066fdffe0}) (Version: 2.2.0.5 - Intel)
Intel(R) Driver Update Utility 2.2.0.5 (x32 Version: 2.2.0.1 - Intel) Hidden
Intel(R) Manageability Engine Firmware Recovery Agent (HKLM-x32\...\{A6C48A9F-694A-4234-B3AA-62590B668927}) (Version: 1.0.0.36702 - Intel Corporation)
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.0.1168 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.0.1310 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.6.0.1033 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.5.0.19 - Intel Corporation)
Itibiti RTC (x32 Version: 0.0.1 - Itibiti Inc) Hidden
Java 8 Update 66 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218066F0}) (Version: 8.0.660.18 - Oracle Corporation)
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Kaspersky Security Scan (HKLM-x32\...\InstallWIX_{D1282694-0693-41A8-ABC1-6D1FFC1F65C5}) (Version: 15.0.0.740 - Kaspersky Lab)
Kaspersky Security Scan (x32 Version: 15.0.0.740 - Kaspersky Lab) Hidden
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Help Viewer 1.1 (HKLM\...\Microsoft Help Viewer 1.1) (Version: 1.1.40219 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.6.140.0 - Microsoft Corporation)
Microsoft ODBC Driver 11 for SQL Server (HKLM\...\{BF5ABBDB-D3AA-4BCB-8D10-FCD4A4BB7F93}) (Version: 12.1.4100.1 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Report Viewer 2014 Runtime (HKLM-x32\...\{327E9C0D-1687-414F-923E-F5979E549548}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft Report Viewer Redistributable 2008 SP1 (HKLM-x32\...\Microsoft Report Viewer Redistributable 2008 (KB971119)) (Version: - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files (HKLM\...\{6292D514-17A4-403F-98F9-E150F10C043D}) (Version: 10.3.5500.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client (HKLM\...\{49D665A2-4C2A-476E-9AB8-FCC425F526FC}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2014 (64-bit) (HKLM\...\Microsoft SQL Server SQLServer2014) (Version: - Microsoft Corporation)
Microsoft SQL Server 2014 Policies (HKLM-x32\...\{1C30FE7E-8A8C-4492-89D6-10CB20C3B0EB}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 RS Add-in for SharePoint (HKLM\...\{E4B2839D-5C17-4A21-AB5A-2540AAD6F776}) (Version: 12.1.4100.1 - Microsoft Corporation)
Microsoft SQL Server 2014 Setup (English) (HKLM\...\{C7E2483C-10A4-41E3-A2F6-240186FE3E41}) (Version: 12.1.4100.1 - Microsoft Corporation)
Microsoft SQL Server 2014 Transact-SQL Compiler Service (HKLM\...\{1A73AF5D-69EE-4AE0-917C-2429CE593A86}) (Version: 12.1.4100.1 - Microsoft Corporation)
Microsoft SQL Server 2014 Transact-SQL ScriptDom (HKLM\...\{FF7DDA05-6EA7-4C01-B44A-3E57F8B9B97B}) (Version: 12.1.4100.1 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM-x32\...\{C3F6F200-6D7B-4879-B9EE-700C0CE1FCDA}) (Version: 10.51.2500.0 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (x64) (HKLM\...\{C9F697B9-FAC8-4B76-9D3D-40FA3BFA4F9E}) (Version: 10.51.2500.0 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM\...\{E3F613C1-105F-4717-BFE7-007729A95D67}) (Version: 12.1.4100.1 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219 (HKLM-x32\...\{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Shell (Isolated) - ENU (HKLM-x32\...\{D64B6984-242F-32BC-B008-752806E5FC44}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 - ENU (HKLM-x32\...\{4ECF4BDC-8387-329A-ABE9-CF5798F84BB2}) (Version: 9.0.35191 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications x64 Runtime 3.0 (HKLM\...\{F14401A9-F0A0-33CC-8444-F60823A60DEB}) (Version: 10.0.40220 - Microsoft Corporation)
Microsoft VSS Writer for SQL Server 2014 (HKLM\...\{366CD715-2FF4-40B4-A8B4-A05E5D21A945}) (Version: 12.1.4100.1 - Microsoft Corporation)
Mozilla Firefox 43.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 43.0.2 (x86 en-US)) (Version: 43.0.2 - Mozilla)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.8.1 - Notepad++ Team)
PDF Settings (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.334 - Qualcomm Atheros Communications)
Realtek Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 7.67.1226.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6833 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.2.8400.30137 - Realtek Semiconductor Corp.)
RogueKiller version 11 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 11 - Adlice Software)
Samsung Scan Assistant (HKLM-x32\...\Samsung Scan Assistant) (Version: 1.04.22.00 - Samsung Electronics Co., Ltd.)
Sandboxie 4.20 (64-bit) (HKLM\...\Sandboxie) (Version: 4.20 - Sandboxie Holdings, LLC)
Service Pack 1 for SQL Server 2014 (KB3058865) (64-bit) (HKLM\...\KB3058865) (Version: 12.1.4100.1 - Microsoft Corporation)
Skype™ 7.8 (HKLM-x32\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.8.102 - Skype Technologies S.A.)
Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.5.5 - Sophos Limited)
Spitfire Enterprise Setup (HKLM-x32\...\{B06EDCA9-BB6F-4129-89BF-619CF7E8C895}) (Version: 1.0.0 - OPC Marketing, Inc.)
SpitFire Online Support (HKLM-x32\...\{7E117A6A-8579-4435-8290-4089C1C5BEFA}) (Version: 5.2.142 - LogMeIn, Inc.)
SQL Server 2014 Analysis Services (Version: 12.1.4100.1 - Microsoft Corporation) Hidden
SQL Server 2014 Client Tools (Version: 12.1.4100.1 - Microsoft Corporation) Hidden
SQL Server 2014 Common Files (Version: 12.1.4100.1 - Microsoft Corporation) Hidden
SQL Server 2014 Data quality client (Version: 12.1.4100.1 - Microsoft Corporation) Hidden
SQL Server 2014 Data quality service (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server 2014 Data quality service (Version: 12.1.4100.1 - Microsoft Corporation) Hidden
SQL Server 2014 Database Engine Services (Version: 12.1.4100.1 - Microsoft Corporation) Hidden
SQL Server 2014 Database Engine Shared (Version: 12.1.4100.1 - Microsoft Corporation) Hidden
SQL Server 2014 Distributed Replay (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server 2014 Distributed Replay (Version: 12.1.4100.1 - Microsoft Corporation) Hidden
SQL Server 2014 Documentation Components (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server 2014 Full text search (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server 2014 Integration Services (Version: 12.1.4100.1 - Microsoft Corporation) Hidden
SQL Server 2014 Management Studio (Version: 12.1.4100.1 - Microsoft Corporation) Hidden
SQL Server 2014 Master Data Services (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server 2014 Master Data Services (Version: 12.1.4100.1 - Microsoft Corporation) Hidden
SQL Server 2014 Reporting Services (Version: 12.1.4100.1 - Microsoft Corporation) Hidden
SQL Server 2014 RS_SharePoint_SharedService (Version: 12.1.4100.1 - Microsoft Corporation) Hidden
SQL Server 2014 SQL Data Quality Common (Version: 12.1.4100.1 - Microsoft Corporation) Hidden
SQL Server Browser for SQL Server 2014 (HKLM-x32\...\{3204DE95-97D2-4261-A286-98A262E171D4}) (Version: 12.1.4100.1 - Microsoft Corporation)
Sql Server Customer Experience Improvement Program (Version: 12.1.4100.1 - Microsoft Corporation) Hidden
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1210 - SUPERAntiSpyware.com)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Visual Studio 2010 Prerequisites - English (HKLM\...\{662014D2-0450-37ED-ABAE-157C88127BEB}) (Version: 10.0.40219 - Microsoft Corporation)
Windows Driver Package - KEYLOK (usbkey) USB (06/10/2010 64.0.0.0) (HKLM\...\B048A6D4B0188E5A802ADFF30A7C78FA4AD99BE0) (Version: 06/10/2010 64.0.0.0 - KEYLOK)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Wireshark 1.12.4 (64-bit) (HKLM-x32\...\Wireshark) (Version: 1.12.4 - The Wireshark developer community, hxxp://
www.wireshark.org)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-3097266444-2333562351-893229259-500_Classes\CLSID\{8A791F0C-C63C-4EC5-B97F-FBCE74EDBC54}\InprocServer32 -> C:\Program Files\TextPad 7\System\ShellExt64.dll => No File
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {039C781B-6DBA-480A-BAAE-F4526492FBF2} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2015-09-10] (Microsoft Corporation)
Task: {35426E9E-2325-4447-A034-3D53CA43A05E} - System32\Tasks\SUPERAntiSpyware Scheduled Task 27a79555-d756-4328-ac77-c26a65a70f3c => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-07] (SUPERAdBlocker.com)
Task: {36399346-416E-4E77-8CB0-875D9FC80F51} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2015-09-10] (Microsoft Corporation)
Task: {382D8390-2F47-4971-8485-67904EE6C098} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2015-09-10] (Microsoft)
Task: {42B33681-5FD0-4544-8B62-327707AD5763} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated)
Task: {54F94D1A-6512-449C-9545-7497ADAE0B77} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2012-06-14] (Intel Corporation)
Task: {59D2A24E-30F4-4538-BDAB-E172A5CC94EF} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-08-19] (Piriform Ltd)
Task: {8961A1AA-9AC7-4492-865D-D7EDBB884375} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2015-09-10] (Microsoft Corporation)
Task: {99BB52DA-9C66-4AD6-AEE4-05DFE207C3ED} - System32\Tasks\SUPERAntiSpyware Scheduled Task d567e468-fa7b-49dc-920a-806d5cb4ced0 => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-07] (SUPERAdBlocker.com)
Task: {E19B4111-5B41-4B98-8C1C-E3B5CAFC271C} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2012-06-14] (Intel Corporation)
Task: {FA7C3623-1B87-4403-BF7B-D0DC8AAB7385} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2015-09-10] (Microsoft Corporation)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 27a79555-d756-4328-ac77-c26a65a70f3c.job => C:\Program Files\SUPERAntiSpyware\SASTask.exedC:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
Task: C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task d567e468-fa7b-49dc-920a-806d5cb4ced0.job => C:\Program Files\SUPERAntiSpyware\SASTask.exedC:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2015-07-01 08:45 - 2015-07-01 08:45 - 00022528 _____ () C:\Windows\System32\us005lm.dll
2015-06-03 13:44 - 2015-06-03 13:44 - 00315648 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\dblite.dll
2015-08-13 15:36 - 2013-01-24 08:57 - 01199576 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE trusted site: HKU\S-1-5-21-3097266444-2333562351-893229259-500\...\dell.com -> dell.com
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-13 21:34 - 2015-12-25 20:47 - 00000027 ____N C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-3097266444-2333562351-893229259-500\Control Panel\Desktop\\Wallpaper -> C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: FLEXnet Licensing Service => 3
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: Spitfire_RecordingService => 2
MSCONFIG\startupfolder: C:^Users^Administrator^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk => C:\Windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
MSCONFIG\startupreg: 3200 Scan2PC => "C:\Windows\twain_32\Samsung\SCX3200\Scan2Pc.exe"
MSCONFIG\startupreg: Acrobat Assistant 8.0 => "C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: GIDDesktop => C:\Program Files (x86)\SFT\GuardedID\gidd.exe /s
MSCONFIG\startupreg: IAStorIcon => "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60
MSCONFIG\startupreg: Logitech Download Assistant => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
MSCONFIG\startupreg: MSC => "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
MSCONFIG\startupreg: RESTART_STICKY_NOTES => C:\Windows\System32\StikyNot.exe
MSCONFIG\startupreg: RtHDVBg => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /MAXX5REC
MSCONFIG\startupreg: RTHDVCPL => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
MSCONFIG\startupreg: SandboxieControl => "C:\Program Files\Sandboxie\SbieCtrl.exe"
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: USB3MON => "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [TCP Query User{AE6C5FC8-A0D9-46DD-A1B5-155D97D0F734}C:\users\office-1\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe] => (Allow) C:\users\office-1\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe
FirewallRules: [UDP Query User{60E14D3B-9877-4159-BEC0-8D61D27AEBA4}C:\users\office-1\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe] => (Allow) C:\users\office-1\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe
FirewallRules: [TCP Query User{6585E25D-EB32-4621-9E08-209FDB7A6ED0}C:\program files (x86)\logmein rescue calling card\callingcard.exe] => (Allow) C:\program files (x86)\logmein rescue calling card\callingcard.exe
FirewallRules: [UDP Query User{77636F3D-D090-484A-A6EA-77963587E151}C:\program files (x86)\logmein rescue calling card\callingcard.exe] => (Allow) C:\program files (x86)\logmein rescue calling card\callingcard.exe
FirewallRules: [{BCF523DE-F86A-4691-8B46-A11BCCC018F3}] => (Allow) LPort=5080
FirewallRules: [{41E75145-6C45-495B-932D-C4C34FFF0711}] => (Allow) C:\Users\Administrator\AppData\Local\Temp\Ins73AE\Setup\bin\MainInst.exe
FirewallRules: [{14AEC39A-A671-473D-B8C8-BC8172493BB3}] => (Allow) C:\Users\Administrator\AppData\Local\Temp\Ins73AE\Setup\bin\MainInst.exe
FirewallRules: [{189AD50A-7A82-422B-96B2-781DC2AF3253}] => (Allow) C:\Windows\twain_32\Samsung\ScanMgr.exe
FirewallRules: [{6B931C08-4EBE-4FDF-A52C-C2256BD3C1CA}] => (Allow) C:\Windows\twain_32\Samsung\ScanMgr.exe
FirewallRules: [{301F79D9-3FAC-4EBA-8ECD-94C314250F5C}] => (Allow) C:\Windows\twain_32\Samsung\SCX3200\Scan2Pc.exe
FirewallRules: [{7DF48D35-D45C-4C01-836A-C1EB79F4B155}] => (Allow) C:\Windows\twain_32\Samsung\SCX3200\Scan2Pc.exe
FirewallRules: [{72DF3227-99F4-409A-85FE-32991DEDB6DE}] => (Allow) C:\Windows\twain_32\Samsung\SCX3200\Sscan2io.exe
FirewallRules: [{5449BC9F-00BA-44F8-8DFA-31DC80A90943}] => (Allow) C:\Windows\twain_32\Samsung\SCX3200\Sscan2io.exe
FirewallRules: [{F4C00A51-F149-4361-941D-ACA1BB905ECE}] => (Allow) C:\Program Files (x86)\Scan Assistant\USDAgent.exe
FirewallRules: [{6A8E2750-F342-4535-AF17-4C8A38CE6FF6}] => (Allow) C:\Program Files (x86)\Scan Assistant\USDAgent.exe
FirewallRules: [{5EC0075F-8C4F-4223-AB9F-EEEBDD344F81}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{2AD4BD74-DDAD-4DA4-B41D-432263867F9E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{27DB3D31-D527-48C6-923B-EF28F6E615C8}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{006240AB-FB49-4709-B2CD-75F08D8CAB27}C:\program files (x86)\ringcentral for windows\softphone.exe] => (Allow) C:\program files (x86)\ringcentral for windows\softphone.exe
FirewallRules: [UDP Query User{38D14734-4070-432B-AEF6-C69337B504A5}C:\program files (x86)\ringcentral for windows\softphone.exe] => (Allow) C:\program files (x86)\ringcentral for windows\softphone.exe
FirewallRules: [{CC0D81D8-676B-4CA0-8608-38760AD57BA8}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{2DEDCFE4-2AFC-42E8-BB36-E28D7DBD60DF}] => (Allow) LPort=2869
FirewallRules: [{79D090B2-837A-479B-97FD-92F2436820ED}] => (Allow) LPort=1900
FirewallRules: [{AD07EDFE-D4A8-440A-9E52-A6BFD6A0739D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{273B9CA7-84C8-4917-BEB8-D61DB8C4599C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
==================== Restore Points =========================
22-12-2015 22:38:54 JRT Pre-Junkware Removal
22-12-2015 22:41:56 JRT Pre-Junkware Removal
23-12-2015 13:23:49 Windows Update
24-12-2015 00:49:58 JRT Pre-Junkware Removal
24-12-2015 22:28:12 Removed 7-Zip 9.20 (x64 edition)
25-12-2015 21:24:23 JRT Pre-Junkware Removal
27-12-2015 02:23:07 Windows Update
27-12-2015 03:21:57 Installed Sophos Virus Removal Tool.
27-12-2015 17:24:03 JRT Pre-Junkware Removal
==================== Faulty Device Manager Devices =============
Name: Generic Bluetooth Adapter
Description: Generic Bluetooth Adapter
Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Manufacturer: GenericAdapter
Service: BTHUSB
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: Dell Wireless 1703 802.11b/g/n (2.4GHz)
Description: Dell Wireless 1703 802.11b/g/n (2.4GHz)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Atheros Communications Inc.
Service: athr
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (12/27/2015 05:49:41 PM) (Source: Report Server Windows Service (MSSQLSERVER)) (EventID: 107) (User: )
Description: Report Server Windows Service (MSSQLSERVER) cannot connect to the report server database.
Error: (12/27/2015 05:47:11 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: HmpElementsServer.exe, version: 2.2.9.1, time stamp: 0x54efa03c
Faulting module name: HmpElementsUmc.dll, version: 2.2.9.1, time stamp: 0x54e80171
Exception code: 0xc0000005
Fault offset: 0x00a2bd28
Faulting process id: 0x1568
Faulting application start time: 0xHmpElementsServer.exe0
Faulting application path: HmpElementsServer.exe1
Faulting module path: HmpElementsServer.exe2
Report Id: HmpElementsServer.exe3
Error: (12/27/2015 05:47:09 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: HmpElementsServer.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.AccessViolationException
Stack:
at HmpElements.Server.BeepDetectorUmc.FreeBeepDetector(IntPtr)
at HmpElements.Server.BeepDetector.Finalize()
Error: (12/27/2015 05:03:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: HmpElementsServer.exe, version: 2.2.9.1, time stamp: 0x54efa03c
Faulting module name: HmpElementsUmc.dll, version: 2.2.9.1, time stamp: 0x54e80171
Exception code: 0xc0000005
Fault offset: 0x00a2bd28
Faulting process id: 0x8d0
Faulting application start time: 0xHmpElementsServer.exe0
Faulting application path: HmpElementsServer.exe1
Faulting module path: HmpElementsServer.exe2
Report Id: HmpElementsServer.exe3
Error: (12/27/2015 05:03:48 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: HmpElementsServer.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.AccessViolationException
Stack:
at HmpElements.Server.BeepDetectorUmc.FreeBeepDetector(IntPtr)
at HmpElements.Server.BeepDetector.Finalize()
Error: (12/27/2015 04:29:26 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (12/27/2015 04:28:45 PM) (Source: Report Server Windows Service (MSSQLSERVER)) (EventID: 107) (User: )
Description: Report Server Windows Service (MSSQLSERVER) cannot connect to the report server database.
Error: (12/27/2015 03:22:37 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: HmpElementsServer.exe, version: 2.2.9.1, time stamp: 0x54efa03c
Faulting module name: HmpElementsUmc.dll, version: 2.2.9.1, time stamp: 0x54e80171
Exception code: 0xc0000005
Fault offset: 0x00a2bd28
Faulting process id: 0xa04
Faulting application start time: 0xHmpElementsServer.exe0
Faulting application path: HmpElementsServer.exe1
Faulting module path: HmpElementsServer.exe2
Report Id: HmpElementsServer.exe3
Error: (12/27/2015 03:22:36 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: HmpElementsServer.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.AccessViolationException
Stack:
at HmpElements.Server.BeepDetectorUmc.FreeBeepDetector(IntPtr)
at HmpElements.Server.BeepDetector.Finalize()
Error: (12/27/2015 02:05:08 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
System errors:
=============
Error: (12/27/2015 05:56:12 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
Error: (12/27/2015 05:54:51 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
Error: (12/27/2015 05:50:05 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Sandboxie Service service terminated unexpectedly. It has done this 1 time(s).
Error: (12/27/2015 05:49:48 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The MBAMService service terminated unexpectedly. It has done this 1 time(s).
Error: (12/27/2015 05:49:46 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The MBAMScheduler service terminated unexpectedly. It has done this 1 time(s).
Error: (12/27/2015 05:49:23 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The SQL Server (MSSQLSERVER) service terminated unexpectedly. It has done this 1 time(s).
Error: (12/27/2015 05:49:18 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The SQL Server VSS Writer service terminated unexpectedly. It has done this 1 time(s).
Error: (12/27/2015 05:30:38 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Spitfire_BusinessService service terminated unexpectedly. It has done this 2 time(s).
Error: (12/27/2015 05:03:47 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Spitfire_DialService service terminated unexpectedly. It has done this 1 time(s).
Error: (12/27/2015 05:03:41 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The CTI32 Telephony Engine service terminated unexpectedly. It has done this 1 time(s).
CodeIntegrity:
===================================
Date: 2015-12-25 21:39:25.560
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Emsisoft Anti-Malware\a2hooks64.dll because the set of per-page image hashes could not be found on the system.
Date: 2015-12-25 20:59:02.982
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Emsisoft Anti-Malware\a2hooks64.dll because the set of per-page image hashes could not be found on the system.
Date: 2015-12-25 20:44:44.221
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2015-12-25 20:44:44.208
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2015-11-29 00:33:03.932
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\ADMINI~1\AppData\Local\Temp\PCIUtil.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2015-11-29 00:33:03.918
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\ADMINI~1\AppData\Local\Temp\PCIUtil.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2015-11-29 00:24:14.144
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\Administrator\Desktop\PCIUtil.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2015-11-29 00:24:14.128
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\Administrator\Desktop\PCIUtil.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2015-11-29 00:24:13.270
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\ADMINI~1\AppData\Local\Temp\PCIUtil.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2015-11-29 00:24:13.254
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\ADMINI~1\AppData\Local\Temp\PCIUtil.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i7-4770 CPU @ 3.40GHz
Percentage of memory in use: 28%
Total physical RAM: 12237.72 MB
Available physical RAM: 8769.59 MB
Total Virtual: 24473.65 MB
Available Virtual: 21351.12 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:931.28 GB) (Free:762.38 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 00000000)
Partition: GPT.
==================== End of Addition.txt ============================