TechSpot

Trojan Detected : win32/beaugrit.gen!c

By Boufeez
May 27, 2016
  1. Screen has been flashing to black and then back to normal with a yellow exclamation mark appearing in the system tray with no description or anything. I did not think much of it , but now a few days later I got a message from Microsoft security essentials telling me a Trojan has been detected while I was doing some banking.
     
  2. Boufeez

    Boufeez TS Member Topic Starter Posts: 78

    Please provide instructions to follow

    Thank you very much.
     
  3. Boufeez

    Boufeez TS Member Topic Starter Posts: 78

    Stopzilla logs:

    Block/Extraction General 2016-05-27 18:14:24 Extracted package System Policies.DisableRegistryTools
    Block/Extraction General 2016-05-27 18:14:23 Extracted package Trojan.Win32.Cognac!a
    Block/Extraction General 2016-05-27 18:14:23 Extracted package Trojan.Win32.Mal.gen!b56
    Block/Extraction General 2016-05-27 18:14:22 Extracted package VirTool.Win32.Obfuscator
    Block/Extraction General 2016-05-27 18:14:22 Extracted package Trojan.Win32.Redirector.gen
    Block/Extraction General 2016-05-27 18:14:21 Extracted package Vundo.A7
    Information General 2016-05-27 18:11:06 Completed system scan.
    Information General 2016-05-27 18:11:05 Inspecting WinSock registry (LSP Chain)
    Information General 2016-05-27 17:19:42 Started system scan.
    Information General 2016-05-27 17:18:50 Inspecting registered Internet Explorer toolbars
    Information General 2016-05-27 17:18:45 Inspecting WinSock registry (LSP Chain)
    Information General 2016-05-27 17:18:45 Inspecting WinLogon notification handlers and modules loaded by WinLogon
    Information General 2016-05-27 17:18:43 Inspecting WinLogon notification handlers and modules loaded by WinLogon
    Information General 2016-05-27 17:18:43 Inspecting registered Explorer bars
    Information General 2016-05-27 17:18:22 Inspecting registered Browser Helper Objects (BHOs)
    Information General 2016-05-27 17:18:18 Starting process watcher
    Warning/Detection General 2016-05-27 17:14:42 Detected malicious registry entry DisableRegistryTools in hklm\software\microsoft\windows\currentversion\policies\system
    Block/Extraction General 2016-05-27 17:14:42 Deleted registry value DisableRegistryTools in hklm\software\microsoft\windows\currentversion\policies\system
    Block/Extraction General 2016-05-27 17:14:36 Terminated service: WSearch - Windows Search
    Information General 2016-05-27 17:14:36 Started system scan.
    Information General 2016-05-27 17:14:31 Inspecting registered Internet Explorer toolbars
    Information General 2016-05-27 17:14:30 Inspecting WinSock registry (LSP Chain)
    Information General 2016-05-27 17:14:29 Inspecting WinLogon notification handlers and modules loaded by WinLogon
    Block/Extraction General 2016-05-27 17:14:29 Terminated service: SysMain - Superfetch
    Information General 2016-05-27 17:14:28 Inspecting WinLogon notification handlers and modules loaded by WinLogon
    Block/Extraction General 2016-05-27 17:14:24 Deleted registry value system in hklm\software\microsoft\windows nt\currentversion\winlogon
    Information General 2016-05-27 17:14:23 Inspecting registered Explorer bars
    Information General 2016-05-27 17:13:56 Inspecting registered Browser Helper Objects (BHOs)
    Information General 2016-05-27 17:13:55 Starting process watcher
     
  4. Boufeez

    Boufeez TS Member Topic Starter Posts: 78

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:25-05-2016 01
    Ran by Administrator (administrator) on OFFICE-1-PC (27-05-2016 18:56:15)
    Running from C:\Users\Administrator\Desktop
    Loaded Profiles: Administrator & ReportServer & MSSQLFDLauncher & MsDtsServer120 & MSSQLSERVER (Available Profiles: Administrator & MSSQLServerOLAPService & ReportServer & MSSQLFDLauncher & MsDtsServer120 & MSSQLSERVER & Classic .NET AppPool & DefaultAppPool & ASP.NET v4.0 Classic)
    Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
    Internet Explorer Version 11 (Default browser: IE)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
    (AMD) C:\Windows\System32\atiesrxx.exe
    (iS3, Inc.) C:\Program Files (x86)\iS3\STOPzilla AntiMalware\SZServer.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    (AMD) C:\Windows\System32\atieclxx.exe
    (SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
    (Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
    (Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe
    (Apple Computer, Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    (Inventive Labs, LLC) C:\Program Files (x86)\CTI32\cti32svc.exe
    (Inventive Labs, Inc.) C:\Program Files (x86)\Inventive Labs\Hmp Elements Server\HmpElementsServer.exe
    (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
    (Intel(R) Corporation) C:\Program Files\Intel\BCA\pabeSvc64.exe
    (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\120\DTS\Binn\MsDtsSrvr.exe
    (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL12.MSSQLSERVER\MSSQL\Binn\sqlservr.exe
    (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSRS12.MSSQLSERVER\Reporting Services\ReportServer\bin\ReportingServicesService.exe
    (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    (McAfee, Inc.) C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    (Atheros) C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
    (Microsoft Corporation) C:\Windows\System32\alg.exe
    (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL12.MSSQLSERVER\MSSQL\Binn\fdlauncher.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
    (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL12.MSSQLSERVER\MSSQL\Binn\fdhost.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
    (iS3, Inc.) C:\Program Files (x86)\iS3\STOPzilla AntiMalware\STOPzilla.exe
    (Qualcomm®Atheros®) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
    (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
    (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
    (Microsoft Corporation) C:\Windows\System32\StikyNot.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    (Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    () C:\SPD Enterprise\SpitFire_BusinessService\Spitfire_BusinessService.exe
    () C:\SPD Enterprise\SpitFire_LoginService\Spitfire_LoginService.exe
    (McAfee, Inc.) C:\Program Files\TrueKey\McTkSchedulerService.exe
    () C:\SPD Enterprise\SpitFire_DialService\Spitfire_DialService.exe
    (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe


    ==================== Registry (Whitelisted) ===========================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [286704 2013-04-30] (Intel Corporation)
    HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1340192 2016-01-29] (Microsoft Corporation)
    HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
    HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe [134784 2014-10-28] (Qualcomm®Atheros®)
    HKLM\...\Policies\Explorer: [TaskbarNoNotification] 1
    HKU\S-1-5-21-3097266444-2333562351-893229259-500\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8455960 2015-08-19] (Piriform Ltd)
    HKU\S-1-5-21-3097266444-2333562351-893229259-500\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)
    HKU\S-1-5-21-3097266444-2333562351-893229259-500\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [11264 2009-07-13] (Microsoft Corporation)
    Lsa: [Notification Packages] scecli C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Tcpip\..\Interfaces\{422811A0-BBB7-4BD5-AAAE-BB743DC9F38E}: [DhcpNameServer] 192.168.2.1
    Tcpip\..\Interfaces\{9D3C4071-F374-4945-9A9C-1599E5144CC0}: [NameServer] 8.8.8.8,8.4.4.4

    Internet Explorer:
    ==================
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
    HKU\S-1-5-21-3097266444-2333562351-893229259-500\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
    HKU\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    SearchScopes: HKU\S-1-5-21-3097266444-2333562351-893229259-500 -> DefaultScope {A6A0D800-A86D-46FF-B3A8-EC68EB4F50E0} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
    SearchScopes: HKU\S-1-5-21-3097266444-2333562351-893229259-500 -> {A6A0D800-A86D-46FF-B3A8-EC68EB4F50E0} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
    Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007-05-10] (Adobe Systems Incorporated)
    Toolbar: HKU\S-1-5-21-3097266444-2333562351-893229259-500 -> No Name - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - No File
    DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab

    FireFox:
    ========
    FF ProfilePath: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\dim0fd18.default
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_213.dll [2016-04-15] ()
    FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_213.dll [2016-04-15] ()
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-01-24] (Intel Corporation)
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-01-24] (Intel Corporation)
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-01-24] (Intel Corporation)
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)

    Chrome:
    =======
    CHR Profile: C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Google Slides) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-01-31]
    CHR Extension: (Google Docs) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-01-31]
    CHR Extension: (Google Drive) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-01-31]
    CHR Extension: (YouTube) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-01-31]
    CHR Extension: (Google Search) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-01-31]
    CHR Extension: (Google Sheets) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-01-31]
    CHR Extension: (Google Docs Offline) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-04-23]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-23]
    CHR Extension: (Gmail) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-01-31]

    ==================== Services (Whitelisted) ========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
    R2 AtherosSvc; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [322176 2014-10-28] (Windows (R) Win 7 DDK provider) [File not signed]
    R2 Bonjour Service; C:\Program Files (x86)\Bonjour\mDNSResponder.exe [229376 2006-02-28] (Apple Computer, Inc.) [File not signed]
    R2 Cti32svc; C:\Program Files (x86)\CTI32\cti32svc.exe [24576 2015-02-23] (Inventive Labs, LLC) [File not signed]
    S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2015-11-24] (Macrovision Europe Ltd.) [File not signed]
    R2 HmpElements; C:\Program Files (x86)\Inventive Labs\Hmp Elements Server\HmpElementsServer.exe [1946088 2015-02-26] (Inventive Labs, Inc.)
    R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-04-30] (Intel Corporation)
    R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [2451456 2012-07-13] (Realsil Microelectronics Inc.) [File not signed]
    R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [732160 2012-12-10] (Intel(R) Corporation) [File not signed]
    S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel(R) Corporation)
    R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129336 2013-01-31] (Intel Corporation)
    R2 IntelBCAsvc; C:\Program Files\Intel\BCA\pabeSvc64.exe [3020440 2015-11-25] (Intel(R) Corporation)
    R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [167736 2013-01-31] (Intel Corporation)
    R2 MsDtsServer120; C:\Program Files\Microsoft SQL Server\120\DTS\Binn\MsDtsSrvr.exe [216768 2015-06-09] (Microsoft Corporation)
    R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2016-01-29] (Microsoft Corporation)
    R3 MSSQLFDLauncher; C:\Program Files\Microsoft SQL Server\MSSQL12.MSSQLSERVER\MSSQL\Binn\fdlauncher.exe [50880 2014-02-21] (Microsoft Corporation)
    R2 MSSQLSERVER; C:\Program Files\Microsoft SQL Server\MSSQL12.MSSQLSERVER\MSSQL\Binn\sqlservr.exe [372416 2015-06-09] (Microsoft Corporation)
    S3 MSSQLServerOLAPService; C:\Program Files\Microsoft SQL Server\MSAS12.MSSQLSERVER\OLAP\bin\msmdsrv.exe [51156160 2015-04-21] (Microsoft Corporation)
    R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [374344 2016-01-29] (Microsoft Corporation)
    R2 ReportServer; C:\Program Files\Microsoft SQL Server\MSRS12.MSSQLSERVER\Reporting Services\ReportServer\bin\ReportingServicesService.exe [2467008 2015-04-21] (Microsoft Corporation)
    S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-02-28] (Riverbed Technology, Inc.)
    R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [202824 2013-01-18] (Realtek Semiconductor)
    R2 Spitfire_BusinessService; C:\SPD Enterprise\SpitFire_BusinessService\Spitfire_BusinessService.exe [7168 2016-02-15] () [File not signed]
    R2 Spitfire_DialService; C:\SPD Enterprise\SpitFire_DialService\Spitfire_DialService.exe [6656 2016-03-02] () [File not signed]
    R2 Spitfire_LoginService; C:\SPD Enterprise\SpitFire_LoginService\Spitfire_LoginService.exe [7680 2016-01-12] () [File not signed]
    S4 Spitfire_RecordingService; C:\SPD Enterprise\SpitFire_RecordingService\Spitfire_RecordingService.exe [6656 2013-12-31] () [File not signed]
    S3 SQL Server Distributed Replay Client; C:\Program Files (x86)\Microsoft SQL Server\120\Tools\DReplayClient\DReplayClient.exe [139968 2014-02-21] (Microsoft Corporation)
    S3 SQL Server Distributed Replay Controller; C:\Program Files (x86)\Microsoft SQL Server\120\Tools\DReplayController\DReplayController.exe [345280 2014-02-21] (Microsoft Corporation)
    S3 SQLSERVERAGENT; C:\Program Files\Microsoft SQL Server\MSSQL12.MSSQLSERVER\MSSQL\Binn\SQLAGENT.EXE [613056 2015-06-09] (Microsoft Corporation)
    R2 szserver; C:\Program Files (x86)\iS3\STOPzilla AntiMalware\SZServer.exe [194464 2016-03-22] (iS3, Inc.)
    R2 TrueKey; C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe [878904 2016-05-16] (McAfee, Inc.)
    R2 TrueKeyScheduler; C:\Program Files\TrueKey\McTkSchedulerService.exe [15736 2016-05-16] (McAfee, Inc.)
    S3 TrueKeyServiceHelper; C:\Program Files\TrueKey\McAfee.TrueKey.ServiceHelper.exe [86864 2016-05-16] (McAfee, Inc.)
    S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
    R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [81536 2014-05-13] (Atheros) [File not signed]
    S2 InstallerService; "C:\Program Files\TrueKey\Mcafee.TrueKey.InstallerService.exe" [X]

    ===================== Drivers (Whitelisted) ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    S3 BTATH_LWFLT; C:\Windows\System32\DRIVERS\btath_lwflt.sys [77464 2014-10-28] (Qualcomm Atheros)
    S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
    S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2015-12-24] ()
    R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28656 2013-04-30] (Intel Corporation)
    R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [116736 2014-02-19] (Intel Corporation)
    R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [289120 2015-11-13] (Microsoft Corporation)
    R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133816 2015-11-13] (Microsoft Corporation)
    R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-02-28] (Riverbed Technology, Inc.)
    S4 RsFx0310; C:\Windows\System32\DRIVERS\RsFx0310.sys [249024 2015-04-21] (Microsoft Corporation)
    R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    R2 SSPORT; C:\Windows\SysWOW64\Drivers\SSPORT.sys [11576 2009-10-28] (Samsung Electronics)
    R0 szkg5; C:\Windows\SysWow64\drivers\szkg64.sys [74768 2016-03-22] (iS3 Inc.)
    U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [28272 2016-05-27] ()
    R3 usbkey; C:\Windows\System32\DRIVERS\USBKey64.sys [40288 2015-08-14] ()
    S0 is3srv; SySWOW64\drivers\is3srv64.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2016-05-27 18:56 - 2016-05-27 18:56 - 00018488 _____ C:\Users\Administrator\Desktop\FRST.txt
    2016-05-27 18:55 - 2016-05-27 18:55 - 02383360 _____ (Farbar) C:\Users\Administrator\Desktop\FRST64.exe
    2016-05-27 18:46 - 2016-05-27 18:56 - 00000768 _____ C:\Windows\system32\Drivers\kgpcpy.cfg
    2016-05-27 18:15 - 2016-05-27 18:15 - 00002767 _____ C:\Users\Administrator\Desktop\EventLog.txt
    2016-05-27 17:59 - 2016-05-27 18:41 - 00000016 _____ C:\Windows\system32\config\software.szfi
    2016-05-27 17:17 - 2016-05-27 18:44 - 00203804 _____ C:\Windows\ntbtlog.txt
    2016-05-27 17:17 - 2016-05-27 17:17 - 976951121 _____ C:\Windows\MEMORY.DMP
    2016-05-27 17:17 - 2016-05-27 17:17 - 00276176 _____ C:\Windows\Minidump\052716-19983-01.dmp
    2016-05-27 17:13 - 2016-05-27 18:56 - 00000000 ____D C:\ProgramData\STOPzilla!
    2016-05-27 17:13 - 2016-05-27 17:13 - 00002031 _____ C:\Users\Public\Desktop\STOPzilla AntiMalware.lnk
    2016-05-27 17:13 - 2016-05-27 17:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\STOPzilla AntiMalware
    2016-05-27 17:13 - 2016-05-27 17:13 - 00000000 ____D C:\Program Files (x86)\iS3
    2016-05-27 17:12 - 2016-05-27 17:12 - 00593064 _____ C:\Users\Administrator\Downloads\STOPzilla_ASM_RW65.exe
    2016-05-27 10:48 - 2016-05-27 10:48 - 02354776 _____ C:\Windows\system32\FNTCACHE.DAT
    2016-05-26 03:53 - 2016-05-26 03:53 - 04952336 _____ (Advanced Micro Devices, Inc.) C:\Users\Administrator\Downloads\autodetectutility.exe
    2016-05-26 03:29 - 2016-05-26 03:29 - 00110560 _____ C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
    2016-05-25 20:18 - 2016-05-25 20:18 - 18910676 _____ C:\Users\Administrator\Downloads\CommunityShowcaseDramaticSkies3.themepack
    2016-05-25 20:18 - 2016-05-25 20:18 - 08402527 _____ C:\Users\Administrator\Downloads\DarkSkiesTracyHymas.themepack
    2016-05-25 20:17 - 2016-05-25 20:18 - 25388785 _____ C:\Users\Administrator\Downloads\CommunityShowcaseAqua4.themepack
    2016-05-25 20:17 - 2016-05-25 20:17 - 07884764 _____ C:\Users\Administrator\Downloads\AuroraBorealis.themepack
    2016-05-25 20:16 - 2016-05-25 20:16 - 08546059 _____ C:\Users\Administrator\Downloads\SpectacularSkiesMarcoMuller.themepack
    2016-05-25 20:01 - 2016-05-25 20:01 - 30639455 _____ C:\Users\Administrator\Downloads\PanoramasEurope.deskthemepack
    2016-05-25 20:01 - 2016-05-25 20:01 - 14659653 _____ C:\Users\Administrator\Downloads\Serbia_nat.themepack
    2016-05-25 20:01 - 2016-05-25 20:01 - 13655051 _____ C:\Users\Administrator\Downloads\WildBeautyCharlesBergman.themepack
    2016-05-25 20:01 - 2016-05-25 20:01 - 13545604 _____ C:\Users\Administrator\Downloads\PerspectivesJapan2KazuoNakadai.themepack
    2016-05-25 20:00 - 2016-05-25 20:00 - 06699390 _____ C:\Users\Administrator\Downloads\PanoramicGlaciers.deskthemepack
    2016-05-25 19:56 - 2016-05-25 19:56 - 16877897 _____ C:\Users\Administrator\Downloads\Forests.themepack
    2016-05-24 20:23 - 2016-05-24 20:23 - 28908032 _____ (Adlice Software ) C:\Users\Administrator\Downloads\setup.exe
    2016-05-24 20:21 - 2016-05-24 20:22 - 19867720 _____ C:\Users\Administrator\Downloads\RogueKiller.exe
    2016-05-09 12:57 - 2016-05-09 12:57 - 00095614 _____ C:\Users\Administrator\Downloads\1Z9V6W889191354820.pdf
    2016-05-07 16:44 - 2016-05-07 16:44 - 03615296 _____ C:\Users\Administrator\Downloads\adwcleaner_5.115.exe
    2016-05-07 16:44 - 2016-05-07 16:44 - 01610816 _____ (Malwarebytes) C:\Users\Administrator\Downloads\JRT(1).exe
    2016-05-06 14:46 - 2016-05-06 14:46 - 00193306 _____ C:\Users\Administrator\Downloads\514102-0926.PDF
    2016-05-06 02:04 - 2016-05-06 14:16 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
    2016-05-05 15:51 - 2016-05-05 15:51 - 00004556 _____ C:\Users\Administrator\Downloads\invoice_179.pdf
    2016-05-05 13:47 - 2016-05-05 13:47 - 00193306 _____ C:\Users\Administrator\Downloads\514100-1081.PDF
    2016-05-03 23:17 - 2016-05-03 23:18 - 00098975 _____ C:\Users\Administrator\Downloads\tftpmanager-1.1.0.0.tgz
    2016-05-02 17:43 - 2016-05-02 17:43 - 00005184 _____ C:\Users\Administrator\Downloads\Order Confirmation 5141020926.zip
    2016-05-01 02:21 - 2016-05-01 02:21 - 05248352 _____ C:\Users\Administrator\Downloads\Your Payment Has Been Approved!.zip
    2016-04-27 13:15 - 2016-04-27 13:15 - 00000000 ___RD C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2016-05-27 18:56 - 2015-12-27 17:35 - 00000000 ____D C:\FRST
    2016-05-27 18:54 - 2016-01-31 02:40 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2016-05-27 18:54 - 2009-07-14 00:45 - 00021312 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2016-05-27 18:54 - 2009-07-14 00:45 - 00021312 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2016-05-27 18:52 - 2015-08-19 21:01 - 00003970 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{457B9D94-DBA1-45CA-8B54-1BFDDB92A0F5}
    2016-05-27 18:51 - 2009-07-14 01:13 - 01094326 _____ C:\Windows\system32\PerfStringBackup.INI
    2016-05-27 18:51 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\inf
    2016-05-27 18:47 - 2016-01-31 02:40 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2016-05-27 18:47 - 2015-08-14 11:34 - 00000000 ____D C:\Users\Administrator\AppData\Local\LogMeIn Rescue Calling Card
    2016-05-27 18:47 - 2015-08-14 11:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpitFire Online Support
    2016-05-27 18:46 - 2016-03-31 14:19 - 00000438 _____ C:\Windows\system32\Drivers\etc\hosts.ics
    2016-05-27 18:46 - 2015-11-12 20:00 - 00000000 ____D C:\Users\ReportServer
    2016-05-27 18:46 - 2015-11-12 20:00 - 00000000 ____D C:\Users\MSSQLFDLauncher
    2016-05-27 18:45 - 2015-11-12 20:00 - 00000000 ____D C:\Users\MsDtsServer120
    2016-05-27 18:45 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
    2016-05-27 17:27 - 2015-08-26 12:27 - 00028272 _____ C:\Windows\system32\Drivers\TrueSight.sys
    2016-05-27 17:18 - 2015-11-12 20:00 - 00000000 ____D C:\Users\MSSQLSERVER
    2016-05-27 17:17 - 2016-02-25 23:28 - 00000000 ____D C:\Windows\Minidump
    2016-05-27 17:00 - 2015-12-22 19:29 - 00000000 ____D C:\ProgramData\Malwarebytes Anti-Exploit
    2016-05-27 16:56 - 2016-03-09 18:57 - 00002064 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wireshark.lnk
    2016-05-27 16:55 - 2015-12-27 04:22 - 00000000 ____D C:\ProgramData\Sophos
    2016-05-27 16:55 - 2015-09-10 14:27 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\RingCentralMeetings
    2016-05-27 16:55 - 2015-08-14 11:34 - 00000000 ____D C:\Program Files (x86)\LogMeIn Rescue Calling Card
    2016-05-27 16:34 - 2016-02-03 18:47 - 00000000 ____D C:\Users\Administrator\Desktop\Medical
    2016-05-27 13:01 - 2015-12-29 18:39 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Kodi
    2016-05-27 10:48 - 2016-04-15 02:08 - 00000000 ____D C:\Program Files (x86)\McAfee
    2016-05-27 10:48 - 2016-04-15 01:59 - 00000000 ____D C:\Program Files\TrueKey
    2016-05-26 03:28 - 2015-10-07 00:09 - 00000000 ____D C:\Program Files (x86)\Java
    2016-05-26 00:31 - 2016-04-15 02:08 - 00001190 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\True Key.lnk
    2016-05-25 19:54 - 2015-08-18 11:50 - 00000000 ____D C:\Users\Administrator\AppData\Local\Adobe
    2016-05-25 19:54 - 2015-08-14 11:33 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Adobe
    2016-05-25 19:44 - 2015-09-17 13:29 - 00018995 _____ C:\Users\Administrator\Desktop\contacts.xlsx
    2016-05-25 19:21 - 2015-08-19 18:32 - 00000000 ____D C:\Users\Administrator\AppData\Local\CrashDumps
    2016-05-24 01:11 - 2015-08-19 19:20 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Skype
    2016-05-22 13:49 - 2015-08-14 11:50 - 00000000 ____D C:\Program Files (x86)\CTI32
    2016-05-21 12:15 - 2015-12-29 23:12 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
    2016-05-20 12:36 - 2015-12-29 23:12 - 00003770 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
    2016-05-20 12:36 - 2015-08-21 00:08 - 00797376 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2016-05-20 12:36 - 2015-08-21 00:08 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2016-05-14 15:24 - 2016-03-02 00:20 - 00000000 ____D C:\ProgramData\McAfee
    2016-05-13 17:02 - 2015-08-14 12:06 - 00000000 ____D C:\Users\Administrator\Documents\SQL Server Management Studio
    2016-05-13 16:24 - 2016-04-15 02:08 - 00003348 _____ C:\Windows\System32\Tasks\McAfee Remediation (Prepare)
    2016-05-13 16:21 - 2015-08-14 11:56 - 00000000 ____D C:\Program Files\Microsoft SQL Server
    2016-05-13 16:21 - 2015-08-14 11:56 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server
    2016-05-11 17:55 - 2016-01-31 02:42 - 00002195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
    2016-05-10 16:49 - 2016-01-31 02:40 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
    2016-05-10 16:49 - 2016-01-31 02:40 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
    2016-05-08 13:59 - 2015-12-24 22:16 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
    2016-05-07 11:03 - 2015-12-28 02:44 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
    2016-05-04 20:54 - 2015-08-17 21:49 - 00000000 ____D C:\Users\ASP.NET v4.0 Classic
    2016-05-03 23:20 - 2015-09-08 17:13 - 00000000 ____D C:\Share
    2016-05-03 16:39 - 2016-04-20 18:51 - 00000000 ____D C:\Users\Administrator\Desktop\project1
    2016-05-01 12:32 - 2016-03-04 03:19 - 34330525 _____ C:\Users\Administrator\Desktop\Data 2A.xlsx
    2016-04-30 18:27 - 2016-03-26 12:29 - 00008704 ___SH C:\Users\Administrator\Documents\Thumbs.db

    ==================== Files in the root of some directories =======

    2016-01-21 01:26 - 2016-01-21 01:26 - 0000017 _____ () C:\Users\Administrator\AppData\Local\resmon.resmoncfg

    Some files in TEMP:
    ====================
    C:\Users\Administrator\AppData\Local\Temp\dllnt_dump.dll


    ==================== Bamital & volsnap =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\system32\winlogon.exe => File is digitally signed
    C:\Windows\system32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\system32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\system32\services.exe => File is digitally signed
    C:\Windows\system32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\system32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\system32\rpcss.dll => File is digitally signed
    C:\Windows\system32\dnsapi.dll => File is digitally signed
    C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
    C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2016-05-18 15:04

    ==================== End of FRST.txt ============================
     
  5. Boufeez

    Boufeez TS Member Topic Starter Posts: 78

    Additional scan result of Farbar Recovery Scan Tool (x64) Version:25-05-2016 01
    Ran by Administrator (2016-05-27 18:56:55)
    Running from C:\Users\Administrator\Desktop
    Windows 7 Professional Service Pack 1 (X64) (2015-08-13 20:31:49)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-3097266444-2333562351-893229259-500 - Administrator - Enabled) => C:\Users\Administrator
    Guest (S-1-5-21-3097266444-2333562351-893229259-501 - Limited - Enabled)

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Microsoft Security Essentials (Enabled - Up to date) {768124D7-F5F7-6D2F-DDC2-94DFA4017C95}
    AS: Microsoft Security Essentials (Enabled - Up to date) {CDE0C533-D3CD-62A1-E772-AFADDF863628}
    AS: STOPzilla (Enabled - Up to date) {E375F917-FA8E-0C29-B3C0-275922AEB69A}
    AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    Add or Remove Adobe Creative Suite 3 Master Collection (HKLM-x32\...\Adobe_4dcfd9b7e901b57f81f667144603236) (Version: 1.0 - Adobe Systems Incorporated)
    Adobe Flash Player 21 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 21.0.0.242 - Adobe Systems Incorporated)
    Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.213 - Adobe Systems Incorporated)
    AgentApp (HKLM-x32\...\{AF941339-68D2-4F19-9FEA-F085EF20E33E}) (Version: 1.0.0 - OPC Marketing, Inc.)
    AHV content for Acrobat and Flash (x32 Version: 1 - Adobe Systems Incorporated) Hidden
    AMD Catalyst Install Manager (HKLM\...\{F62CA14F-AB88-4A97-7752-BF36193B4CC3}) (Version: 8.0.903.0 - Advanced Micro Devices, Inc.)
    CCleaner (HKLM\...\CCleaner) (Version: 5.09 - Piriform)
    Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
    CTI32 (HKLM-x32\...\{859C79E6-9913-437E-888E-C8891D8D32C5}) (Version: 4.5.0.0 - Inventive Labs, LLC)
    D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
    Dell WLAN and Bluetooth Client Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Dell Inc.)
    FileZilla Client 3.16.1 (HKLM-x32\...\FileZilla Client) (Version: 3.16.1 - Tim Kosse)
    GDR 4213 for SQL Server 2014 (KB3070446) (64-bit) (HKLM\...\KB3070446) (Version: 12.1.4213.0 - Microsoft Corporation)
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 50.0.2661.102 - Google Inc.)
    Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden
    Hmp Elements Server (HKLM-x32\...\{E9DD8AB9-0D79-47A0-9142-A3DC7FB789A1}) (Version: 1.0.0 - Inventive Labs)
    Intel Driver Update Utility (HKLM-x32\...\{fe92d390-13ee-4660-a2f8-39a066fdffe0}) (Version: 2.2.0.5 - Intel)
    Intel Security True Key (HKLM\...\TrueKey) (Version: 4.1.137.1 - Intel Security)
    Intel(R) Driver Update Utility 2.2.0.5 (x32 Version: 2.2.0.1 - Intel) Hidden
    Intel(R) Manageability Engine Firmware Recovery Agent (HKLM-x32\...\{A6C48A9F-694A-4234-B3AA-62590B668927}) (Version: 1.0.0.36702 - Intel Corporation)
    Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.0.1168 - Intel Corporation)
    Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.0.1310 - Intel Corporation)
    Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.6.0.1033 - Intel Corporation)
    Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.5.0.19 - Intel Corporation)
    Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
    Kodi (HKU\S-1-5-21-3097266444-2333562351-893229259-500\...\Kodi) (Version: - XBMC-Foundation)
    Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)
    Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
    Microsoft Help Viewer 1.1 (HKLM\...\Microsoft Help Viewer 1.1) (Version: 1.1.40219 - Microsoft Corporation)
    Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.6.140.0 - Microsoft Corporation)
    Microsoft ODBC Driver 11 for SQL Server (HKLM\...\{BF5ABBDB-D3AA-4BCB-8D10-FCD4A4BB7F93}) (Version: 12.1.4100.1 - Microsoft Corporation)
    Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
    Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
    Microsoft Report Viewer 2014 Runtime (HKLM-x32\...\{327E9C0D-1687-414F-923E-F5979E549548}) (Version: 12.0.2000.8 - Microsoft Corporation)
    Microsoft Report Viewer Redistributable 2008 SP1 (HKLM-x32\...\Microsoft Report Viewer Redistributable 2008 (KB971119)) (Version: - Microsoft Corporation)
    Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.9.218.0 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
    Microsoft SQL Server 2008 R2 Management Objects (HKLM-x32\...\{83F2B8F4-5CF3-4BE9-9772-9543EAE4AC5F}) (Version: 10.51.2500.0 - Microsoft Corporation)
    Microsoft SQL Server 2008 Setup Support Files (HKLM\...\{6292D514-17A4-403F-98F9-E150F10C043D}) (Version: 10.3.5500.0 - Microsoft Corporation)
    Microsoft SQL Server 2012 Native Client (HKLM\...\{49D665A2-4C2A-476E-9AB8-FCC425F526FC}) (Version: 11.0.2100.60 - Microsoft Corporation)
    Microsoft SQL Server 2014 (64-bit) (HKLM\...\Microsoft SQL Server SQLServer2014) (Version: - Microsoft Corporation)
    Microsoft SQL Server 2014 Policies (HKLM-x32\...\{1C30FE7E-8A8C-4492-89D6-10CB20C3B0EB}) (Version: 12.0.2000.8 - Microsoft Corporation)
    Microsoft SQL Server 2014 RS Add-in for SharePoint (HKLM\...\{E4B2839D-5C17-4A21-AB5A-2540AAD6F776}) (Version: 12.1.4100.1 - Microsoft Corporation)
    Microsoft SQL Server 2014 Setup (English) (HKLM\...\{2975950A-6723-4FD2-9719-78DD9C30A7F4}) (Version: 12.1.4213.0 - Microsoft Corporation)
    Microsoft SQL Server 2014 Transact-SQL Compiler Service (HKLM\...\{5BC5068F-1F64-4D2D-948F-E75F30B850CB}) (Version: 12.1.4213.0 - Microsoft Corporation)
    Microsoft SQL Server 2014 Transact-SQL ScriptDom (HKLM\...\{FF7DDA05-6EA7-4C01-B44A-3E57F8B9B97B}) (Version: 12.1.4100.1 - Microsoft Corporation)
    Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
    Microsoft SQL Server System CLR Types (HKLM-x32\...\{C3F6F200-6D7B-4879-B9EE-700C0CE1FCDA}) (Version: 10.51.2500.0 - Microsoft Corporation)
    Microsoft SQL Server System CLR Types (x64) (HKLM\...\{C9F697B9-FAC8-4B76-9D3D-40FA3BFA4F9E}) (Version: 10.51.2500.0 - Microsoft Corporation)
    Microsoft System CLR Types for SQL Server 2014 (HKLM\...\{E3F613C1-105F-4717-BFE7-007729A95D67}) (Version: 12.1.4100.1 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219 (HKLM-x32\...\{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
    Microsoft Visual Studio 2010 Shell (Isolated) - ENU (HKLM-x32\...\{D64B6984-242F-32BC-B008-752806E5FC44}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual Studio Tools for Applications 2.0 - ENU (HKLM-x32\...\{4ECF4BDC-8387-329A-ABE9-CF5798F84BB2}) (Version: 9.0.35191 - Microsoft Corporation)
    Microsoft VSS Writer for SQL Server 2014 (HKLM\...\{366CD715-2FF4-40B4-A8B4-A05E5D21A945}) (Version: 12.1.4100.1 - Microsoft Corporation)
    Mozilla Firefox 46.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 46.0.1 (x86 en-US)) (Version: 46.0.1 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 46.0.1.5966 - Mozilla)
    Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.8.1 - Notepad++ Team)
    PDF Settings (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
    Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.334 - Qualcomm Atheros Communications)
    Realtek Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 7.67.1226.2012 - Realtek)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6833 - Realtek Semiconductor Corp.)
    Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.2.8400.30137 - Realtek Semiconductor Corp.)
    Samsung Scan Assistant (HKLM-x32\...\Samsung Scan Assistant) (Version: 1.04.22.00 - Samsung Electronics Co., Ltd.)
    Service Pack 1 for SQL Server 2014 (KB3058865) (64-bit) (HKLM\...\KB3058865) (Version: 12.1.4100.1 - Microsoft Corporation)
    Skype™ 7.8 (HKLM-x32\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.8.102 - Skype Technologies S.A.)
    Spitfire Enterprise Setup (HKLM-x32\...\{B06EDCA9-BB6F-4129-89BF-619CF7E8C895}) (Version: 1.0.0 - OPC Marketing, Inc.)
    SpitFire Online Support (HKLM-x32\...\{7E117A6A-8579-4435-8290-4089C1C5BEFA}) (Version: 5.2.142 - LogMeIn, Inc.)
    SQL Server 2014 Analysis Services (Version: 12.1.4100.1 - Microsoft Corporation) Hidden
    SQL Server 2014 Client Tools (Version: 12.1.4100.1 - Microsoft Corporation) Hidden
    SQL Server 2014 Common Files (Version: 12.1.4100.1 - Microsoft Corporation) Hidden
    SQL Server 2014 Data quality client (Version: 12.1.4100.1 - Microsoft Corporation) Hidden
    SQL Server 2014 Data quality service (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
    SQL Server 2014 Data quality service (Version: 12.1.4100.1 - Microsoft Corporation) Hidden
    SQL Server 2014 Database Engine Services (Version: 12.1.4100.1 - Microsoft Corporation) Hidden
    SQL Server 2014 Database Engine Shared (Version: 12.1.4100.1 - Microsoft Corporation) Hidden
    SQL Server 2014 Distributed Replay (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
    SQL Server 2014 Distributed Replay (Version: 12.1.4100.1 - Microsoft Corporation) Hidden
    SQL Server 2014 Documentation Components (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
    SQL Server 2014 Full text search (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
    SQL Server 2014 Integration Services (Version: 12.1.4100.1 - Microsoft Corporation) Hidden
    SQL Server 2014 Management Studio (Version: 12.1.4100.1 - Microsoft Corporation) Hidden
    SQL Server 2014 Master Data Services (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
    SQL Server 2014 Master Data Services (Version: 12.1.4100.1 - Microsoft Corporation) Hidden
    SQL Server 2014 Reporting Services (Version: 12.1.4100.1 - Microsoft Corporation) Hidden
    SQL Server 2014 RS_SharePoint_SharedService (Version: 12.1.4100.1 - Microsoft Corporation) Hidden
    SQL Server 2014 SQL Data Quality Common (Version: 12.1.4100.1 - Microsoft Corporation) Hidden
    SQL Server Browser for SQL Server 2014 (HKLM-x32\...\{3204DE95-97D2-4261-A286-98A262E171D4}) (Version: 12.1.4100.1 - Microsoft Corporation)
    Sql Server Customer Experience Improvement Program (Version: 12.1.4100.1 - Microsoft Corporation) Hidden
    STOPzilla AntiMalware (HKLM-x32\...\{4BA66CCC-1AC5-4188-B3D4-BC29394C45E6}) (Version: 6.5.2.58 - iS3, Inc.)
    SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1210 - SUPERAntiSpyware.com)
    Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
    Visual Studio 2010 Prerequisites - English (HKLM\...\{662014D2-0450-37ED-ABAE-157C88127BEB}) (Version: 10.0.40219 - Microsoft Corporation)
    Windows Driver Package - KEYLOK (usbkey) USB (06/10/2010 64.0.0.0) (HKLM\...\B048A6D4B0188E5A802ADFF30A7C78FA4AD99BE0) (Version: 06/10/2010 64.0.0.0 - KEYLOK)
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
    WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
    Wireshark 2.0.2 (64-bit) (HKLM-x32\...\Wireshark) (Version: 2.0.2 - The Wireshark developer community, hxxps://www.wireshark.org)

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {039C781B-6DBA-480A-BAAE-F4526492FBF2} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2015-09-10] (Microsoft Corporation)
    Task: {36399346-416E-4E77-8CB0-875D9FC80F51} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2015-09-10] (Microsoft Corporation)
    Task: {382D8390-2F47-4971-8485-67904EE6C098} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2015-09-10] (Microsoft)
    Task: {42B33681-5FD0-4544-8B62-327707AD5763} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated)
    Task: {54F94D1A-6512-449C-9545-7497ADAE0B77} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2012-06-14] (Intel Corporation)
    Task: {59D2A24E-30F4-4538-BDAB-E172A5CC94EF} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-08-19] (Piriform Ltd)
    Task: {63FAFC84-4951-408B-8BFB-BD9D4C2DF50A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-01-31] (Google Inc.)
    Task: {8961A1AA-9AC7-4492-865D-D7EDBB884375} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2015-09-10] (Microsoft Corporation)
    Task: {C3391B3B-A086-42A6-8875-34E80CB7B0D7} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-05-20] (Adobe Systems Incorporated)
    Task: {D9945D77-7510-4A34-93E3-2D0C198EA211} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-01-31] (Google Inc.)
    Task: {E19B4111-5B41-4B98-8C1C-E3B5CAFC271C} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2012-06-14] (Intel Corporation)
    Task: {FA7C3623-1B87-4403-BF7B-D0DC8AAB7385} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2015-09-10] (Microsoft Corporation)
    Task: {FC5C3148-C057-4B34-AA54-76D3BA0A6673} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee Anti-Virus And Anti-Spyware\upgrade.exe [2016-03-31] (McAfee, Inc.)

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

    ==================== Shortcuts =============================

    (The entries could be listed to be restored or removed.)

    ==================== Loaded Modules (Whitelisted) ==============

    2015-07-01 09:45 - 2015-07-01 09:45 - 00022528 _____ () C:\Windows\System32\us005lm.dll
    2015-08-19 13:43 - 2014-12-05 16:32 - 00420352 _____ () C:\Windows\system32\SaMinDrv.dll
    2016-03-16 06:17 - 2016-03-16 06:17 - 00052912 _____ () C:\Program Files\FileZilla FTP Client\fzshellext_64.dll
    2014-10-28 01:26 - 2014-10-28 01:26 - 00086016 _____ () C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Modules\Map\MAP.dll
    2015-08-14 12:12 - 2016-02-15 18:44 - 00007168 _____ () C:\SPD Enterprise\SpitFire_BusinessService\Spitfire_BusinessService.exe
    2015-08-14 12:12 - 2016-01-12 15:45 - 00007680 _____ () C:\SPD Enterprise\SpitFire_LoginService\Spitfire_LoginService.exe
    2015-08-14 12:12 - 2016-03-02 15:05 - 00006656 _____ () C:\SPD Enterprise\SpitFire_DialService\Spitfire_DialService.exe
    2015-08-13 16:36 - 2013-01-24 09:57 - 01199576 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)


    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


    ==================== Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)

    HKU\S-1-5-21-3097266444-2333562351-893229259-500\Software\Classes\.exe: exefile => <===== ATTENTION
    HKU\S-1-5-21-3097266444-2333562351-893229259-500\Software\Classes\exefile: <===== ATTENTION

    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)

    IE trusted site: HKU\S-1-5-21-3097266444-2333562351-893229259-500\...\dell.com -> dell.com

    ==================== Hosts content: ===============================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2009-07-13 22:34 - 2016-05-27 17:13 - 00000042 ____A C:\Windows\system32\Drivers\etc\hosts

    ::1 localhost
    127.0.0.1 localhost

    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-3097266444-2333562351-893229259-500\Control Panel\Desktop\\Wallpaper -> C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
    DNS Servers: 8.8.8.8 - 8.4.4.4
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (Currently there is no automatic fix for this section.)

    MSCONFIG\Services: AdobeARMservice => 2
    MSCONFIG\Services: FLEXnet Licensing Service => 3
    MSCONFIG\Services: SkypeUpdate => 2
    MSCONFIG\Services: Spitfire_RecordingService => 2
    MSCONFIG\startupfolder: C:^Users^Administrator^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk => C:\Windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
    MSCONFIG\startupreg: 3200 Scan2PC => "C:\Windows\twain_32\Samsung\SCX3200\Scan2Pc.exe"
    MSCONFIG\startupreg: Acrobat Assistant 8.0 => "C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
    MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
    MSCONFIG\startupreg: GIDDesktop => C:\Program Files (x86)\SFT\GuardedID\gidd.exe /s
    MSCONFIG\startupreg: IAStorIcon => "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60
    MSCONFIG\startupreg: Logitech Download Assistant => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
    MSCONFIG\startupreg: MSC => "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
    MSCONFIG\startupreg: RESTART_STICKY_NOTES => C:\Windows\System32\StikyNot.exe
    MSCONFIG\startupreg: RtHDVBg => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /MAXX5REC
    MSCONFIG\startupreg: RTHDVCPL => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
    MSCONFIG\startupreg: SandboxieControl => "C:\Program Files\Sandboxie\SbieCtrl.exe"
    MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    MSCONFIG\startupreg: USB3MON => "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"

    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
    FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
    FirewallRules: [TCP Query User{AE6C5FC8-A0D9-46DD-A1B5-155D97D0F734}C:\users\office-1\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe] => (Allow) C:\users\office-1\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe
    FirewallRules: [UDP Query User{60E14D3B-9877-4159-BEC0-8D61D27AEBA4}C:\users\office-1\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe] => (Allow) C:\users\office-1\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe
    FirewallRules: [TCP Query User{6585E25D-EB32-4621-9E08-209FDB7A6ED0}C:\program files (x86)\logmein rescue calling card\callingcard.exe] => (Allow) C:\program files (x86)\logmein rescue calling card\callingcard.exe
    FirewallRules: [UDP Query User{77636F3D-D090-484A-A6EA-77963587E151}C:\program files (x86)\logmein rescue calling card\callingcard.exe] => (Allow) C:\program files (x86)\logmein rescue calling card\callingcard.exe
    FirewallRules: [{189AD50A-7A82-422B-96B2-781DC2AF3253}] => (Allow) C:\Windows\twain_32\Samsung\ScanMgr.exe
    FirewallRules: [{6B931C08-4EBE-4FDF-A52C-C2256BD3C1CA}] => (Allow) C:\Windows\twain_32\Samsung\ScanMgr.exe
    FirewallRules: [{301F79D9-3FAC-4EBA-8ECD-94C314250F5C}] => (Allow) C:\Windows\twain_32\Samsung\SCX3200\Scan2Pc.exe
    FirewallRules: [{7DF48D35-D45C-4C01-836A-C1EB79F4B155}] => (Allow) C:\Windows\twain_32\Samsung\SCX3200\Scan2Pc.exe
    FirewallRules: [{72DF3227-99F4-409A-85FE-32991DEDB6DE}] => (Allow) C:\Windows\twain_32\Samsung\SCX3200\Sscan2io.exe
    FirewallRules: [{5449BC9F-00BA-44F8-8DFA-31DC80A90943}] => (Allow) C:\Windows\twain_32\Samsung\SCX3200\Sscan2io.exe
    FirewallRules: [{F4C00A51-F149-4361-941D-ACA1BB905ECE}] => (Allow) C:\Program Files (x86)\Scan Assistant\USDAgent.exe
    FirewallRules: [{6A8E2750-F342-4535-AF17-4C8A38CE6FF6}] => (Allow) C:\Program Files (x86)\Scan Assistant\USDAgent.exe
    FirewallRules: [{5EC0075F-8C4F-4223-AB9F-EEEBDD344F81}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
    FirewallRules: [{2AD4BD74-DDAD-4DA4-B41D-432263867F9E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{27DB3D31-D527-48C6-923B-EF28F6E615C8}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{CC0D81D8-676B-4CA0-8608-38760AD57BA8}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
    FirewallRules: [{2DEDCFE4-2AFC-42E8-BB36-E28D7DBD60DF}] => (Allow) LPort=2869
    FirewallRules: [{79D090B2-837A-479B-97FD-92F2436820ED}] => (Allow) LPort=1900
    FirewallRules: [{AD07EDFE-D4A8-440A-9E52-A6BFD6A0739D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{273B9CA7-84C8-4917-BEB8-D61DB8C4599C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [TCP Query User{09D16C11-E48F-4741-8187-CA2D06B85E0B}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe
    FirewallRules: [UDP Query User{637310E8-F08E-430D-BE3E-26E844B68352}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe
    FirewallRules: [TCP Query User{45633BFC-442B-43BB-8AB7-94D2DE4D1F85}C:\program files (x86)\logmein rescue calling card\callingcard.exe] => (Allow) C:\program files (x86)\logmein rescue calling card\callingcard.exe
    FirewallRules: [UDP Query User{BB0A803D-FD8C-4B9A-9398-C0095E926D7F}C:\program files (x86)\logmein rescue calling card\callingcard.exe] => (Allow) C:\program files (x86)\logmein rescue calling card\callingcard.exe
    FirewallRules: [TCP Query User{35673452-6D37-4875-AAA6-2755933285A3}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe
    FirewallRules: [UDP Query User{A7CE908A-23D8-49F7-AE1B-DCBE8172A249}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe
    FirewallRules: [TCP Query User{C7A9F53E-0623-4627-A73C-BB5968D03513}C:\users\administrator\desktop\new folder\tftpd64.452\tftpd64.exe] => (Allow) C:\users\administrator\desktop\new folder\tftpd64.452\tftpd64.exe
    FirewallRules: [UDP Query User{F296876A-E289-4296-BF7A-7A9F57F23E92}C:\users\administrator\desktop\new folder\tftpd64.452\tftpd64.exe] => (Allow) C:\users\administrator\desktop\new folder\tftpd64.452\tftpd64.exe
    FirewallRules: [{139C0536-A856-4C88-B78E-67731723486B}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{D4FB6878-DDB2-4C94-8DD7-EA896D575FBB}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{34B318AF-1749-4376-B0AD-61C54A040E0E}] => (Allow) LPort=80
    FirewallRules: [{97D27989-B79D-4A35-AF0D-4E44F5066E46}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

    ==================== Restore Points =========================

    22-05-2016 02:46:48 Windows Update
    25-05-2016 14:52:49 Windows Update
    26-05-2016 03:27:42 Removed Java 8 Update 73
    27-05-2016 16:55:07 Removed Sophos Virus Removal Tool.
    27-05-2016 17:00:05 Removed WOT for Internet Explorer
    27-05-2016 17:12:54 Installed STOPzilla AntiMalware.
    27-05-2016 17:14:29 STOPzilla Restore Point.

    ==================== Faulty Device Manager Devices =============

    Name: Dell Wireless 1703 802.11b/g/n (2.4GHz)
    Description: Dell Wireless 1703 802.11b/g/n (2.4GHz)
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Atheros Communications Inc.
    Service: athr
    Problem: : This device is disabled. (Code 22)
    Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

    Name: Dell Wireless 1703 Bluetooth
    Description: Dell Wireless 1703 Bluetooth
    Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
    Manufacturer: Qualcomm Atheros Communications
    Service: BTHUSB
    Problem: : This device is disabled. (Code 22)
    Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (05/27/2016 06:46:59 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (05/27/2016 06:46:35 PM) (Source: Report Server Windows Service (MSSQLSERVER)) (EventID: 107) (User: )
    Description: Report Server Windows Service (MSSQLSERVER) cannot connect to the report server database.

    Error: (05/27/2016 06:16:24 PM) (Source: System Restore) (EventID: 8193) (User: )
    Description: Failed to create restore point (Process = C:\Program Files (x86)\iS3\STOPzilla AntiMalware\SZScanner.exe Files (x86)\iS3\STOPzilla AntiMalware\SZScanner.exe" ; Description = STOPzilla Restore Point.; Error = 0x8007043c).

    Error: (05/27/2016 05:19:42 PM) (Source: System Restore) (EventID: 8193) (User: )
    Description: Failed to create restore point (Process = C:\Program Files (x86)\iS3\STOPzilla AntiMalware\SZScanner.exe Files (x86)\iS3\STOPzilla AntiMalware\SZScanner.exe" ; Description = STOPzilla Restore Point.; Error = 0x8007043c).

    Error: (05/27/2016 05:19:11 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (05/27/2016 10:49:57 AM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (05/27/2016 10:49:14 AM) (Source: Report Server Windows Service (MSSQLSERVER)) (EventID: 107) (User: )
    Description: Report Server Windows Service (MSSQLSERVER) cannot connect to the report server database.

    Error: (05/26/2016 12:53:54 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: HmpElementsServer.exe, version: 2.2.9.1, time stamp: 0x54efa03c
    Faulting module name: HmpElementsUmc.dll, version: 2.2.9.1, time stamp: 0x54e80171
    Exception code: 0xc0000005
    Fault offset: 0x00a2bd28
    Faulting process id: 0x9cc
    Faulting application start time: 0xHmpElementsServer.exe0
    Faulting application path: HmpElementsServer.exe1
    Faulting module path: HmpElementsServer.exe2
    Report Id: HmpElementsServer.exe3

    Error: (05/26/2016 12:53:54 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
    Description: Application: HmpElementsServer.exe
    Framework Version: v4.0.30319
    Description: The process was terminated due to an unhandled exception.
    Exception Info: System.AccessViolationException
    Stack:
    at HmpElements.Server.BeepDetectorUmc.FreeBeepDetector(IntPtr)
    at HmpElements.Server.BeepDetector.Finalize()

    Error: (05/26/2016 12:53:37 AM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program Kodi.exe version 15.2.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

    Process ID: 23c0

    Start Time: 01d1b6fe117d83cf

    Termination Time: 18

    Application Path: C:\Program Files (x86)\Kodi\Kodi.exe

    Report Id: c9cf63f3-22fd-11e6-8d13-b8ca3a9ab41e


    System errors:
    =============
    Error: (05/27/2016 06:46:50 PM) (Source: ipnathlp) (EventID: 30013) (User: )
    Description: 192.168.2.220192.168.137.0255.255.255.0

    Error: (05/27/2016 06:46:50 PM) (Source: ipnathlp) (EventID: 1233) (User: )
    Description:

    Error: (05/27/2016 06:46:36 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
    Description: The following boot-start or system-start driver(s) failed to load:
    is3srv

    Error: (05/27/2016 06:45:40 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The Service Installer TrueKey service failed to start due to the following error:
    %%2

    Error: (05/27/2016 06:44:22 PM) (Source: Disk) (EventID: 11) (User: )
    Description: The driver detected a controller error on \Device\Harddisk4\DR4.

    Error: (05/27/2016 06:44:22 PM) (Source: Disk) (EventID: 11) (User: )
    Description: The driver detected a controller error on \Device\Harddisk3\DR3.

    Error: (05/27/2016 06:44:22 PM) (Source: Disk) (EventID: 11) (User: )
    Description: The driver detected a controller error on \Device\Harddisk2\DR2.

    Error: (05/27/2016 06:44:22 PM) (Source: Disk) (EventID: 11) (User: )
    Description: The driver detected a controller error on \Device\Harddisk1\DR1.

    Error: (05/27/2016 06:44:07 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
    %%1068

    Error: (05/27/2016 06:44:06 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
    %%1068


    CodeIntegrity:
    ===================================
    Date: 2016-03-11 00:07:26.898
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2016-03-11 00:07:26.883
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2015-12-25 21:39:25.560
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Emsisoft Anti-Malware\a2hooks64.dll because the set of per-page image hashes could not be found on the system.

    Date: 2015-12-25 20:59:02.982
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Emsisoft Anti-Malware\a2hooks64.dll because the set of per-page image hashes could not be found on the system.

    Date: 2015-12-25 20:44:44.221
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2015-12-25 20:44:44.208
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2015-11-29 00:33:03.932
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\ADMINI~1\AppData\Local\Temp\PCIUtil.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2015-11-29 00:33:03.918
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\ADMINI~1\AppData\Local\Temp\PCIUtil.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2015-11-29 00:24:14.144
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\Administrator\Desktop\PCIUtil.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2015-11-29 00:24:14.128
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\Administrator\Desktop\PCIUtil.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


    ==================== Memory info ===========================

    Processor: Intel(R) Core(TM) i7-4770 CPU @ 3.40GHz
    Percentage of memory in use: 31%
    Total physical RAM: 12237.72 MB
    Available physical RAM: 8442.43 MB
    Total Virtual: 24473.65 MB
    Available Virtual: 20396.2 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:931.28 GB) (Free:794.75 GB) NTFS
    Drive f: () (Removable) (Total:1.86 GB) (Free:0 GB) FAT

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 00000000)

    Partition: GPT.

    ========================================================
    Disk: 4 (Size: 1.9 GB) (Disk ID: 00000000)

    Partition: GPT.

    ==================== End of Addition.txt ============================
     
  6. Boufeez

    Boufeez TS Member Topic Starter Posts: 78

    The following has been quarantined by Stopzilla
    Trojan.Win32.Cognac!a
    Trojan.Win32.Mal.gen!b56
    VirTool.Win32.Obfuscator
    Trojan.Win32.Redirector.gen
    Vundo.A7
    ------
    The following has been quarantined by Microsoft security essentials
    win32/beaugrit.gen!c

     
  7. Broni

    Broni Malware Annihilator Posts: 52,899   +344

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    =================================

    [​IMG] STOPzilla is not really recommended for various reasons. I strongly suggest you uninstall it.

    Then...

    [​IMG] Download RogueKiller from one of the following links and save it to your Desktop:

    Link 1
    Link 2
    • Close all the running programs
    • Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again
    [​IMG] Please download Malwarebytes Anti-Malware (MBAM) to your desktop.
    NOTE. If you already have MBAM 2.0 installed scroll down.
    • Double-click mbam-setup-2.0.0.1000.exe and follow the prompts to install the program.
    • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
    • Click Finish.
    • On the Dashboard, click the 'Update Now >>' link
    • After the update completes, click the 'Scan Now >>' button.
    • Or, on the Dashboard, click the Scan Now >> button.
    • If an update is available, click the Update Now button.
    • A Threat Scan will begin.
    • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
    • In most cases, a restart will be required.
    • Wait for the prompt to restart the computer to appear, then click on Yes.
    If you already have MBAM 2.0 installed:
    • On the Dashboard, click the 'Update Now >>' link
    • After the update completes, click the 'Scan Now >>' button.
    • Or, on the Dashboard, click the Scan Now >> button.
    • If an update is available, click the Update Now button.
    • A Threat Scan will begin.
    • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
    • In most cases, a restart will be required.
    • Wait for the prompt to restart the computer to appear, then click on Yes.
    How to get logs:
    (Export log to save as txt)
    • After the restart once you are back at your desktop, open MBAM once more.
    • Click on the History tab > Application Logs.
    • Double click on the Scan Log which shows the Date and time of the scan just performed.
    • Click 'Export'.
    • Click 'Text file (*.txt)'
    • In the Save File dialog box which appears, click on Desktop.
    • In the File name: box type a name for your scan log.
    • A message box named 'File Saved' should appear stating "Your file has been successfully exported".
    • Click Ok
    • Attach that saved log to your next reply.
    (Copy to clipboard for pasting into forum replies or tickets)
    • After the restart once you are back at your desktop, open MBAM once more.
    • Click on the History tab > Application Logs.
    • Double click on the Scan Log which shows the Date and time of the scan just performed.
    • Click 'Copy to Clipboard'
    • Paste the contents of the clipboard into your reply.
    [​IMG] Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Scan button.
    • When the scan has finished click on Clean button.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.
    [​IMG] Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.
     
  8. Boufeez

    Boufeez TS Member Topic Starter Posts: 78

    RogueKiller V12.3.0.0 (x64) [May 22 2016] (Free) by Adlice Software
    mail : http://www.adlice.com/contact/
    Feedback : http://forum.adlice.com
    Website : http://www.adlice.com/software/roguekiller/
    Blog : http://www.adlice.com

    Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User : Administrator [Administrator]
    Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
    Mode : Scan -- Date : 05/28/2016 00:30:31

    ¤¤¤ Processes : 0 ¤¤¤

    ¤¤¤ Registry : 0 ¤¤¤

    ¤¤¤ Tasks : 0 ¤¤¤

    ¤¤¤ Files : 0 ¤¤¤

    ¤¤¤ Hosts File : 0 ¤¤¤

    ¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

    ¤¤¤ Web browsers : 0 ¤¤¤

    ¤¤¤ MBR Check : ¤¤¤
    +++++ PhysicalDrive0: Intel Raid 1 Volume SCSI Disk Device +++++
    --- User ---
    [MBR] 0086f36f0b7bc8b257f89fc226376c3d
    [BSP] 9e3b3c473b1db0daa516427cdae6e1cc : Windows Vista/7/8 MBR Code
    Partition table:
    0 - [MAN-MOUNT] EFI system partition | Offset (sectors): 2052 | Size: 99 MB
    1 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 205200 | Size: 128 MB
    2 - Basic data partition | Offset (sectors): 467856 | Size: 953626 MB
    User = LL1 ... OK
    Error reading LL2 MBR! ([18] The program issued a command but the command length is incorrect. )

    +++++ PhysicalDrive1: CF/MD Card +++++
    Error reading User MBR! ([15] The device is not ready. )
    Error reading LL1 MBR! NOT VALID!
    Error reading LL2 MBR! ([32] The request is not supported. )

    +++++ PhysicalDrive2: SM/xD Card +++++
    Error reading User MBR! ([15] The device is not ready. )
    Error reading LL1 MBR! NOT VALID!
    Error reading LL2 MBR! ([32] The request is not supported. )

    +++++ PhysicalDrive3: SD/mini-MMC/RS Card +++++
    Error reading User MBR! ([15] The device is not ready. )
    Error reading LL1 MBR! NOT VALID!
    Error reading LL2 MBR! ([32] The request is not supported. )

    +++++ PhysicalDrive4: MS/Pro/Duo Card +++++
    --- User ---
    [MBR] 776b1a1ef05c5b6a9b722141f602614c
    [BSP] df4f83c1f72e36823a12b0dfc7617313 : Empty MBR Code
    Partition table:
    0 - [ACTIVE] FAT16 (0x6) [VISIBLE] Offset (sectors): 387 | Size: 1904 MB
    User = LL1 ... OK
    Error reading LL2 MBR! ([32] The request is not supported. )
     
  9. Boufeez

    Boufeez TS Member Topic Starter Posts: 78

    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Scan Date: 5/28/2016
    Scan Time: 12:32 AM
    Logfile: jj.txt
    Administrator: Yes

    Version: 2.2.1.1043
    Malware Database: v2016.05.28.02
    Rootkit Database: v2016.05.27.01
    License: Free
    Malware Protection: Disabled
    Malicious Website Protection: Disabled
    Self-protection: Disabled

    OS: Windows 7 Service Pack 1
    CPU: x64
    File System: NTFS
    User: Administrator

    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 637238
    Time Elapsed: 13 min, 58 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Enabled
    Heuristics: Enabled
    PUP: Enabled
    PUM: Enabled

    Processes: 0
    (No malicious items detected)

    Modules: 0
    (No malicious items detected)

    Registry Keys: 0
    (No malicious items detected)

    Registry Values: 0
    (No malicious items detected)

    Registry Data: 0
    (No malicious items detected)

    Folders: 0
    (No malicious items detected)

    Files: 0
    (No malicious items detected)

    Physical Sectors: 0
    (No malicious items detected)


    (end)
     
  10. Boufeez

    Boufeez TS Member Topic Starter Posts: 78

    # AdwCleaner v5.026 - Logfile created 29/12/2015 at 21:34:55
    # Updated 21/12/2015 by Xplode
    # Database : 2015-12-29.1 [Server]
    # Operating system : Windows 7 Professional Service Pack 1 (x64)
    # Username : Administrator - OFFICE-1-PC
    # Running from : C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GC3JYA5P\adwcleaner_5.026.exe
    # Option : Scan
    # Support : http://toolslib.net/forum

    ***** [ Services ] *****


    ***** [ Folders ] *****


    ***** [ Files ] *****


    ***** [ DLL ] *****


    ***** [ Shortcuts ] *****


    ***** [ Scheduled tasks ] *****


    ***** [ Registry ] *****


    ***** [ Web browsers ] *****


    ########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [677 bytes] ##########
    # AdwCleaner v5.118 - Logfile created 28/05/2016 at 00:49:54
    # Updated 23/05/2016 by Xplode
    # Database : 2016-05-26.2 [Server]
    # Operating system : Windows 7 Professional Service Pack 1 (X64)
    # Username : Administrator - OFFICE-1-PC
    # Running from : C:\Users\Administrator\Downloads\adwcleaner_5.118.exe
    # Option : Scan
    # Support : http://toolslib.net/forum

    ***** [ Services ] *****


    ***** [ Folders ] *****


    ***** [ Files ] *****


    ***** [ DLL ] *****


    ***** [ WMI ] *****


    ***** [ Shortcuts ] *****


    ***** [ Scheduled tasks ] *****


    ***** [ Registry ] *****


    ***** [ Web browsers ] *****


    *************************

    C:\AdwCleaner\AdwCleaner[C1].txt - [2613 bytes] - [28/12/2015 20:59:20]
    C:\AdwCleaner\AdwCleaner[C2].txt - [2519 bytes] - [29/12/2015 22:35:28]
    C:\AdwCleaner\AdwCleaner[C3].txt - [779 bytes] - [04/01/2016 18:38:05]
    C:\AdwCleaner\AdwCleaner[S1].txt - [2423 bytes] - [27/12/2015 18:20:58]
    C:\AdwCleaner\AdwCleaner[S2].txt - [2257 bytes] - [28/12/2015 20:57:16]
    C:\AdwCleaner\AdwCleaner[S3].txt - [1784 bytes] - [29/12/2015 22:34:55]
    C:\AdwCleaner\AdwCleaner[S4].txt - [687 bytes] - [04/01/2016 18:36:25]
    C:\AdwCleaner\AdwCleaner[S5].txt - [687 bytes] - [10/01/2016 20:46:36]
    C:\AdwCleaner\AdwCleaner[S6].txt - [687 bytes] - [10/01/2016 20:48:39]
    C:\AdwCleaner\AdwCleaner[S7].txt - [755 bytes] - [19/01/2016 21:38:41]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [2145 bytes] ##########
     
  11. Boufeez

    Boufeez TS Member Topic Starter Posts: 78

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Malwarebytes
    Version: 8.0.6 (04.25.2016)
    Operating System: Windows 7 Professional x64
    Ran by Administrator (Administrator) on Sat 05/28/2016 at 0:51:41.07
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    File System: 12

    Failed to delete: C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1S83ZJC4 (Temporary Internet Files Folder)
    Failed to delete: C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UCVZS3SX (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JG0GI4IQ (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O2R61G00 (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X360HZQU (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZC44P2Q7 (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1S83ZJC4 (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JG0GI4IQ (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O2R61G00 (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UCVZS3SX (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X360HZQU (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZC44P2Q7 (Temporary Internet Files Folder)



    Registry: 0





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Sat 05/28/2016 at 0:53:09.63
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     
  12. Boufeez

    Boufeez TS Member Topic Starter Posts: 78

    So these are false positives I got from Microsoft Security Essentials ?

    What about the the screen flashing black for a second ( like someone connecting to the machine remotely ) and yellow exclamation mark in systray with no description appears right after screen flashes black.
     
  13. Broni

    Broni Malware Annihilator Posts: 52,899   +344

    We'll keep checking...

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Very Important! Temporarily disable your anti-virus and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
      If the connection is not there use restore point you created prior to running Combofix.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try the following...

    Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Download Rkill (courtesy of BleepingComputer.com) to your desktop.
    There are 2 different versions. If one of them won't run then download and try to run the other one.
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
    iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

    Restart computer in safe mode

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Windows Vista, 7 or 8 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    When the scan is done Notepad will open with rKill.txt log.
    NOTE. rKill.txt log will also be present on your desktop.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
     
  14. Boufeez

    Boufeez TS Member Topic Starter Posts: 78

    Thanks Broni ! Your a real lifesaver..

    Still getting the random black screen for about a second and then the non descriptive yellow exclamation mark in the system tray. Really seems like the characteristics of someone connecting to the machine .

    ComboFix 16-05-18.01 - Administrator 05/29/2016 18:56:26.5.8 - x64
    Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.12238.10174 [GMT -4:00]
    Running from: c:\users\Administrator\Desktop\ComboFix.exe
    AV: Microsoft Security Essentials *Disabled/Updated* {768124D7-F5F7-6D2F-DDC2-94DFA4017C95}
    SP: Microsoft Security Essentials *Disabled/Updated* {CDE0C533-D3CD-62A1-E772-AFADDF863628}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((( Files Created from 2016-04-28 to 2016-05-29 )))))))))))))))))))))))))))))))
    .
    .
    2016-05-29 23:00 . 2016-05-29 23:00 -------- d-----w- c:\users\ReportServer\AppData\Local\temp
    2016-05-29 23:00 . 2016-05-29 23:00 -------- d-----w- c:\users\Public\AppData\Local\temp
    2016-05-29 23:00 . 2016-05-29 23:00 -------- d-----w- c:\users\OFFICE-1\AppData\Local\temp
    2016-05-29 18:15 . 2016-05-26 20:28 11895896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F4CDF2F4-60E8-4611-B742-B100DE53C983}\mpengine.dll
    2016-05-29 18:15 . 2016-05-26 20:28 11895896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2016-05-28 04:32 . 2016-05-28 04:32 192216 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
    2016-05-28 04:31 . 2016-03-10 18:09 64896 ----a-w- c:\windows\system32\drivers\mwac.sys
    2016-05-28 04:31 . 2016-03-10 18:08 140672 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
    2016-05-28 04:31 . 2016-03-10 18:08 27008 ----a-w- c:\windows\system32\drivers\mbam.sys
    2016-05-28 04:31 . 2016-05-28 04:31 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
    2016-05-28 04:08 . 2016-05-28 04:09 -------- d-----w- c:\program files\RogueKiller
    2016-05-27 23:42 . 2016-05-27 23:42 -------- d-----w- c:\users\Administrator\AppData\Local\ESET
    2016-05-27 21:13 . 2016-05-28 00:10 -------- d-----w- c:\programdata\STOPzilla!
    2016-05-22 06:47 . 2016-05-11 18:10 1167568 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{363F49C3-8689-4765-B9AB-99CF88910EF3}\gapaengine.dll
    2016-05-12 14:48 . 2016-05-12 14:48 53384 ----a-w- c:\windows\system32\drivers\EpfwLWF.sys
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2016-05-28 04:10 . 2015-08-26 16:27 28272 ----a-w- c:\windows\system32\drivers\TrueSight.sys
    2016-05-20 16:36 . 2015-08-21 04:08 797376 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2016-05-20 16:36 . 2015-08-21 04:08 142528 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2016-05-11 18:10 . 2016-01-21 03:48 1167568 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
    2016-04-22 07:57 . 2010-11-21 03:27 453288 ------w- c:\windows\system32\MpSigStub.exe
    2016-03-18 19:14 . 2015-11-12 23:48 127680 ----a-w- c:\programdata\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll
    2016-03-05 06:10 . 2015-08-13 18:38 146614896 ----a-w- c:\windows\system32\MRT.exe
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
    "CCleaner Monitoring"="c:\program files\CCleaner\CCleaner64.exe" [2015-08-19 8455960]
    "RESTART_STICKY_NOTES"="c:\windows\System32\StikyNot.exe" [BU]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    "DisableCAD"= 1 (0x1)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
    "TaskbarNoNotification"= 1 (0x1)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Notification Packages REG_MULTI_SZ scecli c:\program files\TrueKey\McAfeeTrueKeyPasswordFilter
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    R0 is3srv;is3srv;c:\windows\SySWOW64\drivers\is3srv64.sys;c:\windows\SySWOW64\drivers\is3srv64.sys [x]
    R0 szkg5;szkg5;c:\windows\SySWOW64\drivers\szkg64.sys;c:\windows\SySWOW64\drivers\szkg64.sys [x]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
    R2 Cti32svc;CTI32 Telephony Engine;c:\program files (x86)\CTI32\cti32svc.exe;c:\program files (x86)\CTI32\cti32svc.exe [x]
    R2 HmpElements;HmpElements Server;c:\program files (x86)\Inventive Labs\Hmp Elements Server\HmpElementsServer.exe;c:\program files (x86)\Inventive Labs\Hmp Elements Server\HmpElementsServer.exe [x]
    R2 InstallerService;Service Installer TrueKey;c:\program files\TrueKey\Mcafee.TrueKey.InstallerService.exe;c:\program files\TrueKey\Mcafee.TrueKey.InstallerService.exe [x]
    R2 MsDtsServer120;SQL Server Integration Services 12.0;c:\program files\Microsoft SQL Server\120\DTS\Binn\MsDtsSrvr.exe;c:\program files\Microsoft SQL Server\120\DTS\Binn\MsDtsSrvr.exe [x]
    R2 Spitfire_BusinessService;Spitfire_BusinessService;c:\spd enterprise\SpitFire_BusinessService\Spitfire_BusinessService.exe;c:\spd enterprise\SpitFire_BusinessService\Spitfire_BusinessService.exe [x]
    R2 Spitfire_DialService;Spitfire_DialService;c:\spd enterprise\SpitFire_DialService\Spitfire_DialService.exe;c:\spd enterprise\SpitFire_DialService\Spitfire_DialService.exe [x]
    R2 Spitfire_LoginService;Spitfire_LoginService;c:\spd enterprise\SpitFire_LoginService\Spitfire_LoginService.exe;c:\spd enterprise\SpitFire_LoginService\Spitfire_LoginService.exe [x]
    R3 AthBTPort;Qualcomm Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_flt.sys [x]
    R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
    R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys;c:\windows\SYSNATIVE\drivers\btath_a2dp.sys [x]
    R3 btath_avdt;Qualcomm Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys;c:\windows\SYSNATIVE\drivers\btath_avdt.sys [x]
    R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_hcrp.sys [x]
    R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_lwflt.sys [x]
    R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_rcp.sys [x]
    R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x]
    R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
    R3 EsgScanner;EsgScanner;c:\windows\system32\DRIVERS\EsgScanner.sys;c:\windows\SYSNATIVE\DRIVERS\EsgScanner.sys [x]
    R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
    R3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;c:\program files\Intel\iCLS Client\SocketHeciServer.exe;c:\program files\Intel\iCLS Client\SocketHeciServer.exe [x]
    R3 MSSQLFDLauncher;SQL Full-text Filter Daemon Launcher (MSSQLSERVER);c:\program files\Microsoft SQL Server\MSSQL12.MSSQLSERVER\MSSQL\Binn\fdlauncher.exe;c:\program files\Microsoft SQL Server\MSSQL12.MSSQLSERVER\MSSQL\Binn\fdlauncher.exe [x]
    R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
    R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
    R3 SQL Server Distributed Replay Client;SQL Server Distributed Replay Client;c:\program files (x86)\Microsoft SQL Server\120\Tools\DReplayClient\DReplayClient.exe;c:\program files (x86)\Microsoft SQL Server\120\Tools\DReplayClient\DReplayClient.exe [x]
    R3 SQL Server Distributed Replay Controller;SQL Server Distributed Replay Controller;c:\program files (x86)\Microsoft SQL Server\120\Tools\DReplayController\DReplayController.exe;c:\program files (x86)\Microsoft SQL Server\120\Tools\DReplayController\DReplayController.exe [x]
    R3 TrueKeyServiceHelper;TrueKeyServiceHelper;c:\program files\TrueKey\McAfee.TrueKey.ServiceHelper.exe;c:\program files\TrueKey\McAfee.TrueKey.ServiceHelper.exe [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
    R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
    R4 RsFx0310;RsFx0310 Driver;c:\windows\system32\DRIVERS\RsFx0310.sys;c:\windows\SYSNATIVE\DRIVERS\RsFx0310.sys [x]
    R4 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
    R4 Spitfire_RecordingService;Spitfire_RecordingService;c:\spd enterprise\SpitFire_RecordingService\Spitfire_RecordingService.exe;c:\spd enterprise\SpitFire_RecordingService\Spitfire_RecordingService.exe [x]
    S0 BTATH_BUS;Qualcomm Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys;c:\windows\SYSNATIVE\DRIVERS\btath_bus.sys [x]
    S0 iaStorA;iaStorA;c:\windows\system32\DRIVERS\iaStorA.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorA.sys [x]
    S0 iaStorF;iaStorF;c:\windows\system32\DRIVERS\iaStorF.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorF.sys [x]
    S0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
    S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x]
    S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x]
    S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x]
    S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [x]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
    S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe;c:\program files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [x]
    S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
    S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
    S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe;c:\program files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [x]
    S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
    S2 Intel(R) ME Service;Intel(R) ME Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [x]
    S2 IntelBCAsvc;Intel(R) Biometric and Context Agent Service;c:\program files\Intel\BCA\pabeSvc64.exe;c:\program files\Intel\BCA\pabeSvc64.exe [x]
    S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
    S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys;c:\windows\SYSNATIVE\drivers\npf.sys [x]
    S2 ReportServer;SQL Server Reporting Services (MSSQLSERVER);c:\program files\Microsoft SQL Server\MSRS12.MSSQLSERVER\Reporting Services\ReportServer\bin\ReportingServicesService.exe;c:\program files\Microsoft SQL Server\MSRS12.MSSQLSERVER\Reporting Services\ReportServer\bin\ReportingServicesService.exe [x]
    S2 RtkAudioService;Realtek Audio Service;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe [x]
    S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys;c:\windows\SYSNATIVE\Drivers\SSPORT.sys [x]
    S2 TrueKey;Intel Security True Key;c:\program files\TrueKey\McAfee.TrueKey.Service.exe;c:\program files\TrueKey\McAfee.TrueKey.Service.exe [x]
    S2 TrueKeyScheduler;Intel Security True Key Scheduler;c:\program files\TrueKey\McTkSchedulerService.exe;c:\program files\TrueKey\McTkSchedulerService.exe [x]
    S2 ZAtheros Wlan Agent;ZAtheros Wlan Agent;c:\program files (x86)\Dell Wireless\Ath_WlanAgent.exe;c:\program files (x86)\Dell Wireless\Ath_WlanAgent.exe [x]
    S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys [x]
    S3 iusb3hub;Intel(R) USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
    S3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
    S3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]
    S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
    S3 usbkey;USB Dongle;c:\windows\system32\DRIVERS\USBKey64.sys;c:\windows\SYSNATIVE\DRIVERS\USBKey64.sys [x]
    .
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
    iissvcs REG_MULTI_SZ w3svc was
    apphost REG_MULTI_SZ apphostsvc
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
    2016-05-11 21:54 1186968 ----a-w- c:\program files (x86)\Google\Chrome\Application\50.0.2661.102\Installer\chrmstp.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2016-05-21 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-08-21 16:36]
    .
    2016-05-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2016-01-31 06:40]
    .
    2016-05-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2016-01-31 06:40]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IAStorIcon"="c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" [2013-04-30 36352]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2016-01-30 1340192]
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://www.google.com/
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = <-loopback>
    Trusted Zone: dell.com
    TCP: Interfaces\{9D3C4071-F374-4945-9A9C-1599E5144CC0}: NameServer = 8.8.8.8,8.4.4.4
    FF - ProfilePath - c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\dim0fd18.default\
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-Locked - (no file)
    Wow6432Node-HKLM-Run-Malwarebytes Anti-Exploit - c:\program files (x86)\Malwarebytes Anti-Exploit\mbae.exe
    .
    .
    "ImagePath"="\"c:\program files\Microsoft SQL Server\MSRS12.MSSQLSERVER\Reporting Services\ReportServer\bin\ReportingServicesService.exe\""
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\ReportServerSharePoint:Service]
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Internet Explorer\Approved Extensions]
    @Denied: (2) (Administrator)
    .
    [HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Internet Explorer\User Preferences]
    @Denied: (2) (Administrator)
    "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,b7,55,2b,a8,e5,da,33,44,87,df,8e,\
    "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,b7,55,2b,a8,e5,da,33,44,87,df,8e,\
    "6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,b6,46,b9,21,8d,db,72,4c,ac,5f,df,\
    .
    [HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Internet Explorer\User Preferences - Do not modify. Direct modification is a violation of ISV software requirements.]
    @Denied: (2) (Administrator)
    "Learn about ISV Software Requirements"="http://go.microsoft.com/fwlink/?LinkId=392206"
    "2E1C892BBCB432157F277FDF4D11FD173738EC8D13"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,b6,46,b9,21,8d,db,72,4c,ac,5f,df,\
    .
    [HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3g2\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.3G2"
    .
    [HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gp\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.3GP"
    .
    [HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gp2\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.3G2"
    .
    [HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gpp\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.3GP"
    .
    [HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.AAC\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.ADTS"
    .
    [HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ADT\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.ADTS"
    .
    [HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ADTS\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.ADTS"
    .
    [HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.AIFF"
    .
    [HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.AIFF"
    .
    [HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.AIFF"
    .
    [HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asf\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.ASF"
    .
    [HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asx\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.ASX"
    .
    [HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.AU"
    .
    [HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.avi\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.AVI"
    .
    [HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cda\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.CDA"
    .
    [HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.config\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="Applications\\notepad++.exe"
    .
    [HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.crx\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="OperaStable"
    .
    [HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.csv\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="Excel.CSV"
    .
    [HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WindowsLiveMail.Email.1"
    .
    [HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="IE.AssocFile.HTM"
    .
    [HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="IE.AssocFile.HTM"
    .
    [HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.indd\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="InDesign.Document"
    .
    [HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="Applications\\AcroRd32.exe"
    .
    [HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="jpegfile"
    .
    [HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.Log\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="Applications\\notepad.exe"
    .
    [HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m1v\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.MPEG"
    .
    [HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.M2T\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.M2TS"
    .
    [HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.M2TS\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.M2TS"
    .
    [HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.M2V\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.MPEG"
    .
    [HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.m3u"
    .
    [HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4a\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.M4A"
    .
    [HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4v\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.MP4"
    .
    [HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mht\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="IE.AssocFile.MHT"
    .
    [HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mhtml\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="IE.AssocFile.MHT"
    .
    [HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.MIDI"
    .
    [HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.MIDI"
    .
    [HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MOD\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.MPEG"
    .
    [HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mov\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.MOV"
    .
    [HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.MP3"
    .
    [HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2v\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.MPEG"
    .
    [HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.MP3"
    .
    [HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.MP4"
    .
    [HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4v\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.MP4"
    .
    [HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpa\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.MPEG"
    .
    [HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpe\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.MPEG"
    .
    [HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpeg\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.MPEG"
    .
    [HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpg\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.MPEG"
    .
    [HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpv2\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.MPEG"
    .
    [HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MTS\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.M2TS"
    .
    [HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nex\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="OperaStable"
    .
    [HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.opdownload\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="OperaStable"
    .
    [HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.partial\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="IE.AssocFile.PARTIAL"
    .
    [HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="PhotoViewer.FileAssoc.Png"
    .
    [HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ppt\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="Applications\\WINWORD.EXE"
    .
    [HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psd\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="Photoshop.Image.16"
    .
    [HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rar\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="Applications\\7zFM.exe"
    .
    [HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rmi\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.MIDI"
    .
    [HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="FirefoxHTML"
    .
    [HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.AU"
    .
    [HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.svg\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="IE.AssocFile.SVG"
    .
    [HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.TS\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.TTS"
    .
    [HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.TTS\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.TTS"
    .
    [HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.txt\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="Applications\\NOTEPAD.EXE"
    .
    [HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.url\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="IE.AssocFile.URL"
    .
    [HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WindowsLiveMail.VCard.1"
    .
    [HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.WAV"
    .
    [HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wax\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.WAX"
    .
    [HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.website\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="IE.AssocFile.WEBSITE"
    .
    [HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wm\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.ASF"
    .
    [HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.WMA"
    .
    [HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmd\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.WMD"
    .
    [HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wms\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.WMS"
    .
    [HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmv\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.WMV"
    .
    [HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmx\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.ASX"
    .
    [HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmz\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.WMZ"
    .
    [HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wpl\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.WPL"
    .
    [HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wvx\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.WVX"
    .
    [HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="IE.AssocFile.XHT"
    .
    [HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="IE.AssocFile.XHT"
    .
    [HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xlsx\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="Excel.Sheet.12"
    .
    [HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xml\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="Applications\\WORDPAD.EXE"
    .
    [HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xps\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="Applications\\mspaint.exe"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2016-05-29 19:01:31
    ComboFix-quarantined-files.txt 2016-05-29 23:01
    ComboFix2.txt 2016-03-11 05:08
    ComboFix3.txt 2016-01-20 02:18
    ComboFix4.txt 2015-12-30 02:48
    ComboFix5.txt 2016-05-29 22:54
    .
    Pre-Run: 860,001,959,936 bytes free
    Post-Run: 859,881,959,424 bytes free
    .
    - - End Of File - - 384196FAD12C264A7D743DFEAF398A0E
    A36C5E4F47E84449FF07ED3517B43A31
     
  15. Boufeez

    Boufeez TS Member Topic Starter Posts: 78

    Can we run a "hijackthis" scan ?

    I really feel as if there is someone logging into the machine. The bios version is up to date and all updates are completed and there are no errors in device manager which should mean there is no faulty videocard / hardware ect...
     
  16. Boufeez

    Boufeez TS Member Topic Starter Posts: 78

    In system property's under remote tab, the following is unchecked :

    Allow remote assistance connections to this computer

    Radio button selected :

    Don't allow connections to this computer
     
  17. Broni

    Broni Malware Annihilator Posts: 52,899   +344

    HijackThis is a very outdated tool not used anymore.

    Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.

    • Double click to run it.
    • Make sure you checkmark Addition.txt box.
    • Press Scan button.
    • Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.
     
  18. Boufeez

    Boufeez TS Member Topic Starter Posts: 78

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:29-05-2016 02
    Ran by Administrator (administrator) on OFFICE-1-PC (31-05-2016 12:31:08)
    Running from C:\Users\Administrator\Desktop
    Loaded Profiles: Administrator & ReportServer (Available Profiles: Administrator & MSSQLServerOLAPService & ReportServer & MSSQLFDLauncher & MsDtsServer120 & MSSQLSERVER & Classic .NET AppPool & DefaultAppPool & ASP.NET v4.0 Classic)
    Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
    Internet Explorer Version 11 (Default browser: IE)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
    (AMD) C:\Windows\System32\atiesrxx.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    (AMD) C:\Windows\System32\atieclxx.exe
    (SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
    (Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
    (Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe
    (Apple Computer, Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
    (Intel(R) Corporation) C:\Program Files\Intel\BCA\pabeSvc64.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
    (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
    (Microsoft Corporation) C:\Windows\System32\StikyNot.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    (Atheros) C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
    (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
    (Microsoft Corporation) C:\Windows\System32\alg.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSRS12.MSSQLSERVER\Reporting Services\ReportServer\bin\ReportingServicesService.exe
    (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    (Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    (McAfee, Inc.) C:\Program Files\TrueKey\McTA558.tmp
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
    (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    (McAfee, Inc.) C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe
    (Farbar) C:\Users\Administrator\Desktop\FRST64(1).exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe


    ==================== Registry (Whitelisted) ===========================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [286704 2013-04-30] (Intel Corporation)
    HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1340192 2016-01-29] (Microsoft Corporation)
    HKLM\...\Policies\Explorer: [TaskbarNoNotification] 1
    HKU\S-1-5-21-3097266444-2333562351-893229259-500\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8455960 2015-08-19] (Piriform Ltd)
    HKU\S-1-5-21-3097266444-2333562351-893229259-500\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)
    HKU\S-1-5-21-3097266444-2333562351-893229259-500\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [11264 2009-07-13] (Microsoft Corporation)
    Lsa: [Notification Packages] scecli C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Tcpip\..\Interfaces\{422811A0-BBB7-4BD5-AAAE-BB743DC9F38E}: [DhcpNameServer] 192.168.2.1
    Tcpip\..\Interfaces\{9D3C4071-F374-4945-9A9C-1599E5144CC0}: [NameServer] 8.8.8.8,8.4.4.4

    Internet Explorer:
    ==================
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
    HKU\S-1-5-21-3097266444-2333562351-893229259-500\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
    HKU\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    SearchScopes: HKU\S-1-5-21-3097266444-2333562351-893229259-500 -> DefaultScope {A6A0D800-A86D-46FF-B3A8-EC68EB4F50E0} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
    SearchScopes: HKU\S-1-5-21-3097266444-2333562351-893229259-500 -> {A6A0D800-A86D-46FF-B3A8-EC68EB4F50E0} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
    Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007-05-10] (Adobe Systems Incorporated)
    Toolbar: HKU\S-1-5-21-3097266444-2333562351-893229259-500 -> No Name - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - No File
    DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab

    FireFox:
    ========
    FF ProfilePath: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\dim0fd18.default
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_213.dll [2016-04-15] ()
    FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_213.dll [2016-04-15] ()
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-01-24] (Intel Corporation)
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-01-24] (Intel Corporation)
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-01-24] (Intel Corporation)
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)

    Chrome:
    =======
    CHR Profile: C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Google Slides) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-01-31]
    CHR Extension: (Google Docs) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-01-31]
    CHR Extension: (Google Drive) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-01-31]
    CHR Extension: (YouTube) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-01-31]
    CHR Extension: (Google Search) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-01-31]
    CHR Extension: (Google Sheets) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-01-31]
    CHR Extension: (Google Docs Offline) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-04-23]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-23]
    CHR Extension: (Gmail) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-01-31]

    ==================== Services (Whitelisted) ========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
    S2 0186021464671152mcinstcleanup; C:\Windows\TEMP\018602~1.EXE [883024 2015-10-28] (McAfee, Inc.)
    R2 AtherosSvc; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [322176 2014-10-28] (Windows (R) Win 7 DDK provider) [File not signed]
    R2 Bonjour Service; C:\Program Files (x86)\Bonjour\mDNSResponder.exe [229376 2006-02-28] (Apple Computer, Inc.) [File not signed]
    S2 Cti32svc; C:\Program Files (x86)\CTI32\cti32svc.exe [24576 2015-02-23] (Inventive Labs, LLC) [File not signed]
    S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2015-11-24] (Macrovision Europe Ltd.) [File not signed]
    S2 HmpElements; C:\Program Files (x86)\Inventive Labs\Hmp Elements Server\HmpElementsServer.exe [1946088 2015-02-26] (Inventive Labs, Inc.)
    R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-04-30] (Intel Corporation)
    R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [2451456 2012-07-13] (Realsil Microelectronics Inc.) [File not signed]
    R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [732160 2012-12-10] (Intel(R) Corporation) [File not signed]
    S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel(R) Corporation)
    R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129336 2013-01-31] (Intel Corporation)
    R2 IntelBCAsvc; C:\Program Files\Intel\BCA\pabeSvc64.exe [3020440 2015-11-25] (Intel(R) Corporation)
    R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [167736 2013-01-31] (Intel Corporation)
    S2 MsDtsServer120; C:\Program Files\Microsoft SQL Server\120\DTS\Binn\MsDtsSrvr.exe [216768 2015-06-09] (Microsoft Corporation)
    R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2016-01-29] (Microsoft Corporation)
    S3 MSSQLFDLauncher; C:\Program Files\Microsoft SQL Server\MSSQL12.MSSQLSERVER\MSSQL\Binn\fdlauncher.exe [50880 2014-02-21] (Microsoft Corporation)
    S2 MSSQLSERVER; C:\Program Files\Microsoft SQL Server\MSSQL12.MSSQLSERVER\MSSQL\Binn\sqlservr.exe [372416 2015-06-09] (Microsoft Corporation)
    S3 MSSQLServerOLAPService; C:\Program Files\Microsoft SQL Server\MSAS12.MSSQLSERVER\OLAP\bin\msmdsrv.exe [51156160 2015-04-21] (Microsoft Corporation)
    R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [374344 2016-01-29] (Microsoft Corporation)
    R2 ReportServer; C:\Program Files\Microsoft SQL Server\MSRS12.MSSQLSERVER\Reporting Services\ReportServer\bin\ReportingServicesService.exe [2467008 2015-04-21] (Microsoft Corporation)
    S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-02-28] (Riverbed Technology, Inc.)
    R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [202824 2013-01-18] (Realtek Semiconductor)
    S2 Spitfire_BusinessService; C:\SPD Enterprise\SpitFire_BusinessService\Spitfire_BusinessService.exe [7168 2016-02-15] () [File not signed]
    S2 Spitfire_DialService; C:\SPD Enterprise\SpitFire_DialService\Spitfire_DialService.exe [6656 2016-03-02] () [File not signed]
    S2 Spitfire_LoginService; C:\SPD Enterprise\SpitFire_LoginService\Spitfire_LoginService.exe [7680 2016-01-12] () [File not signed]
    S4 Spitfire_RecordingService; C:\SPD Enterprise\SpitFire_RecordingService\Spitfire_RecordingService.exe [6656 2013-12-31] () [File not signed]
    S3 SQL Server Distributed Replay Client; C:\Program Files (x86)\Microsoft SQL Server\120\Tools\DReplayClient\DReplayClient.exe [139968 2014-02-21] (Microsoft Corporation)
    S3 SQL Server Distributed Replay Controller; C:\Program Files (x86)\Microsoft SQL Server\120\Tools\DReplayController\DReplayController.exe [345280 2014-02-21] (Microsoft Corporation)
    S3 SQLSERVERAGENT; C:\Program Files\Microsoft SQL Server\MSSQL12.MSSQLSERVER\MSSQL\Binn\SQLAGENT.EXE [613056 2015-06-09] (Microsoft Corporation)
    R2 TrueKey; C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe [878904 2016-05-16] (McAfee, Inc.)
    R2 TrueKeyScheduler; C:\Program Files\TrueKey\McTkSchedulerService.exe [15736 2016-05-16] (McAfee, Inc.)
    S3 TrueKeyServiceHelper; C:\Program Files\TrueKey\McAfee.TrueKey.ServiceHelper.exe [86864 2016-05-16] (McAfee, Inc.)
    S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
    R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [81536 2014-05-13] (Atheros) [File not signed]
    S2 InstallerService; "C:\Program Files\TrueKey\Mcafee.TrueKey.InstallerService.exe" [X]

    ===================== Drivers (Whitelisted) ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    S3 BTATH_LWFLT; C:\Windows\System32\DRIVERS\btath_lwflt.sys [77464 2014-10-28] (Qualcomm Atheros)
    S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
    S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2015-12-24] ()
    R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28656 2013-04-30] (Intel Corporation)
    R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [116736 2014-02-19] (Intel Corporation)
    R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [289120 2015-11-13] (Microsoft Corporation)
    R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133816 2015-11-13] (Microsoft Corporation)
    R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-02-28] (Riverbed Technology, Inc.)
    S4 RsFx0310; C:\Windows\System32\DRIVERS\RsFx0310.sys [249024 2015-04-21] (Microsoft Corporation)
    R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    R2 SSPORT; C:\Windows\SysWOW64\Drivers\SSPORT.sys [11576 2009-10-28] (Samsung Electronics)
    R3 usbkey; C:\Windows\System32\DRIVERS\USBKey64.sys [40288 2015-08-14] ()
    S0 is3srv; SySWOW64\drivers\is3srv64.sys [X]
    S0 szkg5; SySWOW64\drivers\szkg64.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2016-05-30 23:34 - 2016-05-31 12:31 - 00016753 _____ C:\Users\Administrator\Desktop\FRST.txt
    2016-05-30 23:34 - 2016-05-30 23:34 - 02383872 _____ (Farbar) C:\Users\Administrator\Desktop\FRST64(1).exe
    2016-05-30 23:33 - 2016-05-30 23:33 - 02383872 _____ (Farbar) C:\Users\Administrator\Downloads\FRST64.exe
    2016-05-30 23:28 - 2016-05-30 23:28 - 00000000 ____D C:\Users\Administrator\AppData\Local\ElevatedDiagnostics
    2016-05-30 11:23 - 2016-05-30 11:23 - 02354776 _____ C:\Windows\system32\FNTCACHE.DAT
    2016-05-29 20:08 - 2016-05-29 20:08 - 00110560 _____ C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
    2016-05-29 19:01 - 2016-05-29 19:01 - 00035018 _____ C:\ComboFix.txt
    2016-05-29 18:54 - 2011-06-26 02:45 - 00256000 _____ C:\Windows\PEV.exe
    2016-05-29 18:54 - 2009-04-20 00:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
    2016-05-29 18:54 - 2000-08-30 20:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
    2016-05-29 18:54 - 2000-08-30 20:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
    2016-05-29 18:14 - 2016-05-29 18:47 - 00000174 _____ C:\Users\Administrator\Desktop\Router.url
    2016-05-29 10:26 - 2016-05-29 10:26 - 00000000 ___RD C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
    2016-05-28 01:49 - 2016-05-28 01:49 - 00448512 _____ (OldTimer Tools) C:\Users\Administrator\Downloads\TFC.exe
    2016-05-28 01:46 - 2016-05-28 01:46 - 00852798 _____ C:\Users\Administrator\Downloads\SecurityCheck.exe
    2016-05-28 00:50 - 2016-05-28 00:50 - 01610816 _____ (Malwarebytes) C:\Users\Administrator\Downloads\JRT(2).exe
    2016-05-28 00:49 - 2016-05-28 00:49 - 03678272 _____ C:\Users\Administrator\Downloads\adwcleaner_5.118.exe
    2016-05-28 00:38 - 2016-05-28 00:39 - 130580248 _____ (Microsoft Corporation) C:\Users\Administrator\Downloads\msert.exe
    2016-05-28 00:32 - 2016-05-28 00:32 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2016-05-28 00:31 - 2016-05-28 00:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2016-05-28 00:31 - 2016-05-28 00:31 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
    2016-05-28 00:31 - 2016-03-10 14:09 - 00064896 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
    2016-05-28 00:31 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
    2016-05-28 00:31 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
    2016-05-28 00:15 - 2016-05-28 00:15 - 02424421 _____ (UltraDefrag Development Team) C:\Users\Administrator\Downloads\ultradefrag-7.0.1.bin.amd64.exe
    2016-05-28 00:12 - 2016-05-28 00:13 - 12054376 _____ C:\Users\Administrator\Downloads\pwsafe-3.38.2.exe
    2016-05-28 00:09 - 2016-05-28 00:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
    2016-05-28 00:08 - 2016-05-28 00:09 - 00000000 ____D C:\Program Files\RogueKiller
    2016-05-27 20:14 - 2016-05-27 20:14 - 28908032 _____ (Adlice Software ) C:\Users\Administrator\Downloads\setup(1).exe
    2016-05-27 20:14 - 2016-05-27 20:14 - 22851472 _____ (Malwarebytes ) C:\Users\Administrator\Downloads\mbam-setup-2.2.1.1043.exe
    2016-05-27 20:09 - 2016-05-27 20:09 - 00000960 _____ C:\Windows\system32\Drivers\kgpfr2.cfg
    2016-05-27 19:58 - 2016-05-27 20:01 - 241108488 _____ C:\Users\Administrator\Downloads\EmsisoftEmergencyKit.exe
    2016-05-27 19:42 - 2016-05-27 19:42 - 00000000 ____D C:\Users\Administrator\AppData\Local\ESET
    2016-05-27 18:46 - 2016-05-27 19:58 - 00001680 _____ C:\Windows\system32\Drivers\kgpcpy.cfg
    2016-05-27 17:59 - 2016-05-27 18:41 - 00000016 _____ C:\Windows\system32\config\software.szfi
    2016-05-27 17:13 - 2016-05-27 20:10 - 00000000 ____D C:\ProgramData\STOPzilla!
    2016-05-27 17:12 - 2016-05-27 17:12 - 00593064 _____ C:\Users\Administrator\Downloads\STOPzilla_ASM_RW65.exe
    2016-05-26 03:53 - 2016-05-26 03:53 - 04952336 _____ (Advanced Micro Devices, Inc.) C:\Users\Administrator\Downloads\autodetectutility.exe
    2016-05-25 20:18 - 2016-05-25 20:18 - 18910676 _____ C:\Users\Administrator\Downloads\CommunityShowcaseDramaticSkies3.themepack
    2016-05-25 20:18 - 2016-05-25 20:18 - 08402527 _____ C:\Users\Administrator\Downloads\DarkSkiesTracyHymas.themepack
    2016-05-25 20:17 - 2016-05-25 20:18 - 25388785 _____ C:\Users\Administrator\Downloads\CommunityShowcaseAqua4.themepack
    2016-05-25 20:17 - 2016-05-25 20:17 - 07884764 _____ C:\Users\Administrator\Downloads\AuroraBorealis.themepack
    2016-05-25 20:16 - 2016-05-25 20:16 - 08546059 _____ C:\Users\Administrator\Downloads\SpectacularSkiesMarcoMuller.themepack
    2016-05-25 20:01 - 2016-05-25 20:01 - 30639455 _____ C:\Users\Administrator\Downloads\PanoramasEurope.deskthemepack
    2016-05-25 20:01 - 2016-05-25 20:01 - 14659653 _____ C:\Users\Administrator\Downloads\Serbia_nat.themepack
    2016-05-25 20:01 - 2016-05-25 20:01 - 13655051 _____ C:\Users\Administrator\Downloads\WildBeautyCharlesBergman.themepack
    2016-05-25 20:01 - 2016-05-25 20:01 - 13545604 _____ C:\Users\Administrator\Downloads\PerspectivesJapan2KazuoNakadai.themepack
    2016-05-25 20:00 - 2016-05-25 20:00 - 06699390 _____ C:\Users\Administrator\Downloads\PanoramicGlaciers.deskthemepack
    2016-05-25 19:56 - 2016-05-25 19:56 - 16877897 _____ C:\Users\Administrator\Downloads\Forests.themepack
    2016-05-24 20:23 - 2016-05-24 20:23 - 28908032 _____ (Adlice Software ) C:\Users\Administrator\Downloads\setup.exe
    2016-05-24 20:21 - 2016-05-24 20:22 - 19867720 _____ C:\Users\Administrator\Downloads\RogueKiller.exe
    2016-05-12 10:48 - 2016-05-12 10:48 - 00053384 _____ (ESET) C:\Windows\system32\Drivers\EpfwLWF.sys
    2016-05-09 12:57 - 2016-05-09 12:57 - 00095614 _____ C:\Users\Administrator\Downloads\1Z9V6W889191354820.pdf
    2016-05-07 16:44 - 2016-05-07 16:44 - 03615296 _____ C:\Users\Administrator\Downloads\adwcleaner_5.115.exe
    2016-05-07 16:44 - 2016-05-07 16:44 - 01610816 _____ (Malwarebytes) C:\Users\Administrator\Downloads\JRT(1).exe
    2016-05-06 14:46 - 2016-05-06 14:46 - 00193306 _____ C:\Users\Administrator\Downloads\514102-0926.PDF
    2016-05-06 02:04 - 2016-05-06 14:16 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
    2016-05-05 15:51 - 2016-05-05 15:51 - 00004556 _____ C:\Users\Administrator\Downloads\invoice_179.pdf
    2016-05-05 13:47 - 2016-05-05 13:47 - 00193306 _____ C:\Users\Administrator\Downloads\514100-1081.PDF
    2016-05-03 23:17 - 2016-05-03 23:18 - 00098975 _____ C:\Users\Administrator\Downloads\tftpmanager-1.1.0.0.tgz
    2016-05-02 17:43 - 2016-05-02 17:43 - 00005184 _____ C:\Users\Administrator\Downloads\Order Confirmation 5141020926.zip
    2016-05-01 02:21 - 2016-05-01 02:21 - 05248352 _____ C:\Users\Administrator\Downloads\Your Payment Has Been Approved!.zip

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2016-05-31 12:31 - 2015-12-27 17:35 - 00000000 ____D C:\FRST
    2016-05-31 11:54 - 2016-01-31 02:40 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2016-05-31 01:07 - 2016-04-15 01:59 - 00000000 ____D C:\Program Files\TrueKey
    2016-05-31 01:06 - 2016-04-15 02:08 - 00001190 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\True Key.lnk
    2016-05-31 01:05 - 2016-04-15 02:08 - 00000000 ____D C:\Program Files (x86)\McAfee
    2016-05-31 00:09 - 2015-08-19 21:01 - 00003970 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{457B9D94-DBA1-45CA-8B54-1BFDDB92A0F5}
    2016-05-30 23:36 - 2009-07-14 00:45 - 00021312 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2016-05-30 23:36 - 2009-07-14 00:45 - 00021312 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2016-05-30 23:32 - 2009-07-14 01:13 - 01094326 _____ C:\Windows\system32\PerfStringBackup.INI
    2016-05-30 23:32 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\inf
    2016-05-30 23:28 - 2016-03-31 14:19 - 00000437 _____ C:\Windows\system32\Drivers\etc\hosts.ics
    2016-05-30 23:26 - 2016-01-31 02:40 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2016-05-30 23:24 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
    2016-05-30 13:05 - 2015-12-29 18:39 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Kodi
    2016-05-29 20:12 - 2016-02-03 18:47 - 00000000 ____D C:\Users\Administrator\Desktop\Medical
    2016-05-29 19:56 - 2016-02-25 23:28 - 00000000 ____D C:\Windows\Minidump
    2016-05-29 19:01 - 2015-12-27 18:51 - 00000000 ____D C:\Qoobox
    2016-05-29 19:00 - 2009-07-13 22:34 - 00000215 _____ C:\Windows\system.ini
    2016-05-29 18:44 - 2015-11-12 20:00 - 00000000 ____D C:\Users\MSSQLFDLauncher
    2016-05-29 18:44 - 2015-11-12 20:00 - 00000000 ____D C:\Users\MsDtsServer120
    2016-05-28 00:10 - 2015-08-26 12:27 - 00028272 _____ C:\Windows\system32\Drivers\TrueSight.sys
    2016-05-27 21:10 - 2015-08-17 21:49 - 00000000 ____D C:\Users\ASP.NET v4.0 Classic
    2016-05-27 18:47 - 2015-08-14 11:34 - 00000000 ____D C:\Users\Administrator\AppData\Local\LogMeIn Rescue Calling Card
    2016-05-27 18:47 - 2015-08-14 11:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpitFire Online Support
    2016-05-27 18:46 - 2015-11-12 20:00 - 00000000 ____D C:\Users\ReportServer
    2016-05-27 17:18 - 2015-11-12 20:00 - 00000000 ____D C:\Users\MSSQLSERVER
    2016-05-27 17:00 - 2015-12-22 19:29 - 00000000 ____D C:\ProgramData\Malwarebytes Anti-Exploit
    2016-05-27 16:56 - 2016-03-09 18:57 - 00002064 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wireshark.lnk
    2016-05-27 16:55 - 2015-12-27 04:22 - 00000000 ____D C:\ProgramData\Sophos
    2016-05-27 16:55 - 2015-09-10 14:27 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\RingCentralMeetings
    2016-05-27 16:55 - 2015-08-14 11:34 - 00000000 ____D C:\Program Files (x86)\LogMeIn Rescue Calling Card
    2016-05-26 03:28 - 2015-10-07 00:09 - 00000000 ____D C:\Program Files (x86)\Java
    2016-05-25 19:54 - 2015-08-18 11:50 - 00000000 ____D C:\Users\Administrator\AppData\Local\Adobe
    2016-05-25 19:54 - 2015-08-14 11:33 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Adobe
    2016-05-25 19:44 - 2015-09-17 13:29 - 00018995 _____ C:\Users\Administrator\Desktop\contacts.xlsx
    2016-05-25 19:21 - 2015-08-19 18:32 - 00000000 ____D C:\Users\Administrator\AppData\Local\CrashDumps
    2016-05-24 01:11 - 2015-08-19 19:20 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Skype
    2016-05-22 13:49 - 2015-08-14 11:50 - 00000000 ____D C:\Program Files (x86)\CTI32
    2016-05-21 12:15 - 2015-12-29 23:12 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
    2016-05-20 12:36 - 2015-12-29 23:12 - 00003770 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
    2016-05-20 12:36 - 2015-08-21 00:08 - 00797376 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2016-05-20 12:36 - 2015-08-21 00:08 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2016-05-14 15:24 - 2016-03-02 00:20 - 00000000 ____D C:\ProgramData\McAfee
    2016-05-13 17:02 - 2015-08-14 12:06 - 00000000 ____D C:\Users\Administrator\Documents\SQL Server Management Studio
    2016-05-13 16:24 - 2016-04-15 02:08 - 00003348 _____ C:\Windows\System32\Tasks\McAfee Remediation (Prepare)
    2016-05-13 16:21 - 2015-08-14 11:56 - 00000000 ____D C:\Program Files\Microsoft SQL Server
    2016-05-13 16:21 - 2015-08-14 11:56 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server
    2016-05-11 17:55 - 2016-01-31 02:42 - 00002195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
    2016-05-10 16:49 - 2016-01-31 02:40 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
    2016-05-10 16:49 - 2016-01-31 02:40 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
    2016-05-08 13:59 - 2015-12-24 22:16 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
    2016-05-07 11:03 - 2015-12-28 02:44 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
    2016-05-03 23:20 - 2015-09-08 17:13 - 00000000 ____D C:\Share
    2016-05-03 16:39 - 2016-04-20 18:51 - 00000000 ____D C:\Users\Administrator\Desktop\project1
    2016-05-01 12:32 - 2016-03-04 03:19 - 34330525 _____ C:\Users\Administrator\Desktop\Data 2A.xlsx

    ==================== Files in the root of some directories =======

    2016-01-21 01:26 - 2016-01-21 01:26 - 0000017 _____ () C:\Users\Administrator\AppData\Local\resmon.resmoncfg

    ==================== Bamital & volsnap =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\system32\winlogon.exe => File is digitally signed
    C:\Windows\system32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\system32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\system32\services.exe => File is digitally signed
    C:\Windows\system32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\system32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\system32\rpcss.dll => File is digitally signed
    C:\Windows\system32\dnsapi.dll => File is digitally signed
    C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
    C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2016-05-28 17:37

    ==================== End of FRST.txt ============================
     
  19. Boufeez

    Boufeez TS Member Topic Starter Posts: 78

    Additional scan result of Farbar Recovery Scan Tool (x64) Version:29-05-2016 02
    Ran by Administrator (2016-05-31 12:31:20)
    Running from C:\Users\Administrator\Desktop
    Windows 7 Professional Service Pack 1 (X64) (2015-08-13 20:31:49)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-3097266444-2333562351-893229259-500 - Administrator - Enabled) => C:\Users\Administrator
    Guest (S-1-5-21-3097266444-2333562351-893229259-501 - Limited - Enabled)

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Microsoft Security Essentials (Enabled - Up to date) {768124D7-F5F7-6D2F-DDC2-94DFA4017C95}
    AS: Microsoft Security Essentials (Enabled - Up to date) {CDE0C533-D3CD-62A1-E772-AFADDF863628}
    AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    Add or Remove Adobe Creative Suite 3 Master Collection (HKLM-x32\...\Adobe_4dcfd9b7e901b57f81f667144603236) (Version: 1.0 - Adobe Systems Incorporated)
    Adobe Flash Player 21 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 21.0.0.242 - Adobe Systems Incorporated)
    Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.213 - Adobe Systems Incorporated)
    AgentApp (HKLM-x32\...\{AF941339-68D2-4F19-9FEA-F085EF20E33E}) (Version: 1.0.0 - OPC Marketing, Inc.)
    AHV content for Acrobat and Flash (x32 Version: 1 - Adobe Systems Incorporated) Hidden
    AMD Catalyst Install Manager (HKLM\...\{F62CA14F-AB88-4A97-7752-BF36193B4CC3}) (Version: 8.0.903.0 - Advanced Micro Devices, Inc.)
    CCleaner (HKLM\...\CCleaner) (Version: 5.09 - Piriform)
    Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
    CTI32 (HKLM-x32\...\{859C79E6-9913-437E-888E-C8891D8D32C5}) (Version: 4.5.0.0 - Inventive Labs, LLC)
    D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
    Dell WLAN and Bluetooth Client Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Dell Inc.)
    FileZilla Client 3.16.1 (HKLM-x32\...\FileZilla Client) (Version: 3.16.1 - Tim Kosse)
    GDR 4213 for SQL Server 2014 (KB3070446) (64-bit) (HKLM\...\KB3070446) (Version: 12.1.4213.0 - Microsoft Corporation)
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 50.0.2661.102 - Google Inc.)
    Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden
    Hmp Elements Server (HKLM-x32\...\{E9DD8AB9-0D79-47A0-9142-A3DC7FB789A1}) (Version: 1.0.0 - Inventive Labs)
    Intel Driver Update Utility (HKLM-x32\...\{fe92d390-13ee-4660-a2f8-39a066fdffe0}) (Version: 2.2.0.5 - Intel)
    Intel Security True Key (HKLM\...\TrueKey) (Version: 4.1.137.1 - Intel Security)
    Intel(R) Driver Update Utility 2.2.0.5 (x32 Version: 2.2.0.1 - Intel) Hidden
    Intel(R) Manageability Engine Firmware Recovery Agent (HKLM-x32\...\{A6C48A9F-694A-4234-B3AA-62590B668927}) (Version: 1.0.0.36702 - Intel Corporation)
    Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.0.1168 - Intel Corporation)
    Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.0.1310 - Intel Corporation)
    Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.6.0.1033 - Intel Corporation)
    Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.5.0.19 - Intel Corporation)
    Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
    Kodi (HKU\S-1-5-21-3097266444-2333562351-893229259-500\...\Kodi) (Version: - XBMC-Foundation)
    Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
    Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)
    Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
    Microsoft Help Viewer 1.1 (HKLM\...\Microsoft Help Viewer 1.1) (Version: 1.1.40219 - Microsoft Corporation)
    Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.6.140.0 - Microsoft Corporation)
    Microsoft ODBC Driver 11 for SQL Server (HKLM\...\{BF5ABBDB-D3AA-4BCB-8D10-FCD4A4BB7F93}) (Version: 12.1.4100.1 - Microsoft Corporation)
    Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
    Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
    Microsoft Report Viewer 2014 Runtime (HKLM-x32\...\{327E9C0D-1687-414F-923E-F5979E549548}) (Version: 12.0.2000.8 - Microsoft Corporation)
    Microsoft Report Viewer Redistributable 2008 SP1 (HKLM-x32\...\Microsoft Report Viewer Redistributable 2008 (KB971119)) (Version: - Microsoft Corporation)
    Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.9.218.0 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
    Microsoft SQL Server 2008 R2 Management Objects (HKLM-x32\...\{83F2B8F4-5CF3-4BE9-9772-9543EAE4AC5F}) (Version: 10.51.2500.0 - Microsoft Corporation)
    Microsoft SQL Server 2008 Setup Support Files (HKLM\...\{6292D514-17A4-403F-98F9-E150F10C043D}) (Version: 10.3.5500.0 - Microsoft Corporation)
    Microsoft SQL Server 2012 Native Client (HKLM\...\{49D665A2-4C2A-476E-9AB8-FCC425F526FC}) (Version: 11.0.2100.60 - Microsoft Corporation)
    Microsoft SQL Server 2014 (64-bit) (HKLM\...\Microsoft SQL Server SQLServer2014) (Version: - Microsoft Corporation)
    Microsoft SQL Server 2014 Policies (HKLM-x32\...\{1C30FE7E-8A8C-4492-89D6-10CB20C3B0EB}) (Version: 12.0.2000.8 - Microsoft Corporation)
    Microsoft SQL Server 2014 RS Add-in for SharePoint (HKLM\...\{E4B2839D-5C17-4A21-AB5A-2540AAD6F776}) (Version: 12.1.4100.1 - Microsoft Corporation)
    Microsoft SQL Server 2014 Setup (English) (HKLM\...\{2975950A-6723-4FD2-9719-78DD9C30A7F4}) (Version: 12.1.4213.0 - Microsoft Corporation)
    Microsoft SQL Server 2014 Transact-SQL Compiler Service (HKLM\...\{5BC5068F-1F64-4D2D-948F-E75F30B850CB}) (Version: 12.1.4213.0 - Microsoft Corporation)
    Microsoft SQL Server 2014 Transact-SQL ScriptDom (HKLM\...\{FF7DDA05-6EA7-4C01-B44A-3E57F8B9B97B}) (Version: 12.1.4100.1 - Microsoft Corporation)
    Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
    Microsoft SQL Server System CLR Types (HKLM-x32\...\{C3F6F200-6D7B-4879-B9EE-700C0CE1FCDA}) (Version: 10.51.2500.0 - Microsoft Corporation)
    Microsoft SQL Server System CLR Types (x64) (HKLM\...\{C9F697B9-FAC8-4B76-9D3D-40FA3BFA4F9E}) (Version: 10.51.2500.0 - Microsoft Corporation)
    Microsoft System CLR Types for SQL Server 2014 (HKLM\...\{E3F613C1-105F-4717-BFE7-007729A95D67}) (Version: 12.1.4100.1 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219 (HKLM-x32\...\{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
    Microsoft Visual Studio 2010 Shell (Isolated) - ENU (HKLM-x32\...\{D64B6984-242F-32BC-B008-752806E5FC44}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual Studio Tools for Applications 2.0 - ENU (HKLM-x32\...\{4ECF4BDC-8387-329A-ABE9-CF5798F84BB2}) (Version: 9.0.35191 - Microsoft Corporation)
    Microsoft VSS Writer for SQL Server 2014 (HKLM\...\{366CD715-2FF4-40B4-A8B4-A05E5D21A945}) (Version: 12.1.4100.1 - Microsoft Corporation)
    Mozilla Firefox 46.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 46.0.1 (x86 en-US)) (Version: 46.0.1 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 46.0.1.5966 - Mozilla)
    Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.8.1 - Notepad++ Team)
    PDF Settings (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
    Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.334 - Qualcomm Atheros Communications)
    Realtek Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 7.67.1226.2012 - Realtek)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6833 - Realtek Semiconductor Corp.)
    Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.2.8400.30137 - Realtek Semiconductor Corp.)
    RogueKiller version 12 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12 - Adlice Software)
    Samsung Scan Assistant (HKLM-x32\...\Samsung Scan Assistant) (Version: 1.04.22.00 - Samsung Electronics Co., Ltd.)
    Service Pack 1 for SQL Server 2014 (KB3058865) (64-bit) (HKLM\...\KB3058865) (Version: 12.1.4100.1 - Microsoft Corporation)
    Skype™ 7.8 (HKLM-x32\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.8.102 - Skype Technologies S.A.)
    Spitfire Enterprise Setup (HKLM-x32\...\{B06EDCA9-BB6F-4129-89BF-619CF7E8C895}) (Version: 1.0.0 - OPC Marketing, Inc.)
    SpitFire Online Support (HKLM-x32\...\{7E117A6A-8579-4435-8290-4089C1C5BEFA}) (Version: 5.2.142 - LogMeIn, Inc.)
    SQL Server 2014 Analysis Services (Version: 12.1.4100.1 - Microsoft Corporation) Hidden
    SQL Server 2014 Client Tools (Version: 12.1.4100.1 - Microsoft Corporation) Hidden
    SQL Server 2014 Common Files (Version: 12.1.4100.1 - Microsoft Corporation) Hidden
    SQL Server 2014 Data quality client (Version: 12.1.4100.1 - Microsoft Corporation) Hidden
    SQL Server 2014 Data quality service (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
    SQL Server 2014 Data quality service (Version: 12.1.4100.1 - Microsoft Corporation) Hidden
    SQL Server 2014 Database Engine Services (Version: 12.1.4100.1 - Microsoft Corporation) Hidden
    SQL Server 2014 Database Engine Shared (Version: 12.1.4100.1 - Microsoft Corporation) Hidden
    SQL Server 2014 Distributed Replay (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
    SQL Server 2014 Distributed Replay (Version: 12.1.4100.1 - Microsoft Corporation) Hidden
    SQL Server 2014 Documentation Components (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
    SQL Server 2014 Full text search (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
    SQL Server 2014 Integration Services (Version: 12.1.4100.1 - Microsoft Corporation) Hidden
    SQL Server 2014 Management Studio (Version: 12.1.4100.1 - Microsoft Corporation) Hidden
    SQL Server 2014 Master Data Services (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
    SQL Server 2014 Master Data Services (Version: 12.1.4100.1 - Microsoft Corporation) Hidden
    SQL Server 2014 Reporting Services (Version: 12.1.4100.1 - Microsoft Corporation) Hidden
    SQL Server 2014 RS_SharePoint_SharedService (Version: 12.1.4100.1 - Microsoft Corporation) Hidden
    SQL Server 2014 SQL Data Quality Common (Version: 12.1.4100.1 - Microsoft Corporation) Hidden
    SQL Server Browser for SQL Server 2014 (HKLM-x32\...\{3204DE95-97D2-4261-A286-98A262E171D4}) (Version: 12.1.4100.1 - Microsoft Corporation)
    Sql Server Customer Experience Improvement Program (Version: 12.1.4100.1 - Microsoft Corporation) Hidden
    SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1210 - SUPERAntiSpyware.com)
    Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
    Visual Studio 2010 Prerequisites - English (HKLM\...\{662014D2-0450-37ED-ABAE-157C88127BEB}) (Version: 10.0.40219 - Microsoft Corporation)
    Windows Driver Package - KEYLOK (usbkey) USB (06/10/2010 64.0.0.0) (HKLM\...\B048A6D4B0188E5A802ADFF30A7C78FA4AD99BE0) (Version: 06/10/2010 64.0.0.0 - KEYLOK)
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
    WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
    Wireshark 2.0.2 (64-bit) (HKLM-x32\...\Wireshark) (Version: 2.0.2 - The Wireshark developer community, hxxps://www.wireshark.org)

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {039C781B-6DBA-480A-BAAE-F4526492FBF2} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2015-09-10] (Microsoft Corporation)
    Task: {36399346-416E-4E77-8CB0-875D9FC80F51} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2015-09-10] (Microsoft Corporation)
    Task: {382D8390-2F47-4971-8485-67904EE6C098} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2015-09-10] (Microsoft)
    Task: {42B33681-5FD0-4544-8B62-327707AD5763} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated)
    Task: {54F94D1A-6512-449C-9545-7497ADAE0B77} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2012-06-14] (Intel Corporation)
    Task: {59D2A24E-30F4-4538-BDAB-E172A5CC94EF} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-08-19] (Piriform Ltd)
    Task: {63FAFC84-4951-408B-8BFB-BD9D4C2DF50A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-01-31] (Google Inc.)
    Task: {8961A1AA-9AC7-4492-865D-D7EDBB884375} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2015-09-10] (Microsoft Corporation)
    Task: {C3391B3B-A086-42A6-8875-34E80CB7B0D7} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-05-20] (Adobe Systems Incorporated)
    Task: {D9945D77-7510-4A34-93E3-2D0C198EA211} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-01-31] (Google Inc.)
    Task: {E19B4111-5B41-4B98-8C1C-E3B5CAFC271C} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2012-06-14] (Intel Corporation)
    Task: {FA7C3623-1B87-4403-BF7B-D0DC8AAB7385} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2015-09-10] (Microsoft Corporation)
    Task: {FC5C3148-C057-4B34-AA54-76D3BA0A6673} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee Anti-Virus And Anti-Spyware\upgrade.exe [2016-03-31] (McAfee, Inc.)

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

    ==================== Shortcuts =============================

    (The entries could be listed to be restored or removed.)

    ==================== Loaded Modules (Whitelisted) ==============

    2015-07-01 09:45 - 2015-07-01 09:45 - 00022528 _____ () C:\Windows\System32\us005lm.dll
    2016-03-16 06:17 - 2016-03-16 06:17 - 00052912 _____ () C:\Program Files\FileZilla FTP Client\fzshellext_64.dll
    2015-08-19 13:43 - 2014-12-05 16:32 - 00420352 _____ () C:\Windows\system32\SaMinDrv.dll
    2015-08-13 16:36 - 2013-01-24 09:57 - 01199576 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)


    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


    ==================== Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)

    HKU\S-1-5-21-3097266444-2333562351-893229259-500\Software\Classes\exefile: <===== ATTENTION

    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)

    IE trusted site: HKU\S-1-5-21-3097266444-2333562351-893229259-500\...\dell.com -> dell.com

    ==================== Hosts content: ===============================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2009-07-13 22:34 - 2016-05-27 17:13 - 00000042 ____A C:\Windows\system32\Drivers\etc\hosts

    ::1 localhost
    127.0.0.1 localhost

    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-3097266444-2333562351-893229259-500\Control Panel\Desktop\\Wallpaper -> C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
    DNS Servers: 8.8.8.8 - 8.4.4.4
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (Currently there is no automatic fix for this section.)

    MSCONFIG\Services: AdobeARMservice => 2
    MSCONFIG\Services: FLEXnet Licensing Service => 3
    MSCONFIG\Services: SkypeUpdate => 2
    MSCONFIG\Services: Spitfire_RecordingService => 2
    MSCONFIG\startupfolder: C:^Users^Administrator^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk => C:\Windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
    MSCONFIG\startupreg: 3200 Scan2PC => "C:\Windows\twain_32\Samsung\SCX3200\Scan2Pc.exe"
    MSCONFIG\startupreg: Acrobat Assistant 8.0 => "C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
    MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
    MSCONFIG\startupreg: GIDDesktop => C:\Program Files (x86)\SFT\GuardedID\gidd.exe /s
    MSCONFIG\startupreg: IAStorIcon => "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60
    MSCONFIG\startupreg: Logitech Download Assistant => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
    MSCONFIG\startupreg: MSC => "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
    MSCONFIG\startupreg: RESTART_STICKY_NOTES => C:\Windows\System32\StikyNot.exe
    MSCONFIG\startupreg: RtHDVBg => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /MAXX5REC
    MSCONFIG\startupreg: RTHDVCPL => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
    MSCONFIG\startupreg: SandboxieControl => "C:\Program Files\Sandboxie\SbieCtrl.exe"
    MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    MSCONFIG\startupreg: USB3MON => "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"

    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
    FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
    FirewallRules: [TCP Query User{AE6C5FC8-A0D9-46DD-A1B5-155D97D0F734}C:\users\office-1\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe] => (Allow) C:\users\office-1\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe
    FirewallRules: [UDP Query User{60E14D3B-9877-4159-BEC0-8D61D27AEBA4}C:\users\office-1\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe] => (Allow) C:\users\office-1\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe
    FirewallRules: [TCP Query User{6585E25D-EB32-4621-9E08-209FDB7A6ED0}C:\program files (x86)\logmein rescue calling card\callingcard.exe] => (Allow) C:\program files (x86)\logmein rescue calling card\callingcard.exe
    FirewallRules: [UDP Query User{77636F3D-D090-484A-A6EA-77963587E151}C:\program files (x86)\logmein rescue calling card\callingcard.exe] => (Allow) C:\program files (x86)\logmein rescue calling card\callingcard.exe
    FirewallRules: [{189AD50A-7A82-422B-96B2-781DC2AF3253}] => (Allow) C:\Windows\twain_32\Samsung\ScanMgr.exe
    FirewallRules: [{6B931C08-4EBE-4FDF-A52C-C2256BD3C1CA}] => (Allow) C:\Windows\twain_32\Samsung\ScanMgr.exe
    FirewallRules: [{301F79D9-3FAC-4EBA-8ECD-94C314250F5C}] => (Allow) C:\Windows\twain_32\Samsung\SCX3200\Scan2Pc.exe
    FirewallRules: [{7DF48D35-D45C-4C01-836A-C1EB79F4B155}] => (Allow) C:\Windows\twain_32\Samsung\SCX3200\Scan2Pc.exe
    FirewallRules: [{72DF3227-99F4-409A-85FE-32991DEDB6DE}] => (Allow) C:\Windows\twain_32\Samsung\SCX3200\Sscan2io.exe
    FirewallRules: [{5449BC9F-00BA-44F8-8DFA-31DC80A90943}] => (Allow) C:\Windows\twain_32\Samsung\SCX3200\Sscan2io.exe
    FirewallRules: [{F4C00A51-F149-4361-941D-ACA1BB905ECE}] => (Allow) C:\Program Files (x86)\Scan Assistant\USDAgent.exe
    FirewallRules: [{6A8E2750-F342-4535-AF17-4C8A38CE6FF6}] => (Allow) C:\Program Files (x86)\Scan Assistant\USDAgent.exe
    FirewallRules: [{5EC0075F-8C4F-4223-AB9F-EEEBDD344F81}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
    FirewallRules: [{2AD4BD74-DDAD-4DA4-B41D-432263867F9E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{27DB3D31-D527-48C6-923B-EF28F6E615C8}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{CC0D81D8-676B-4CA0-8608-38760AD57BA8}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
    FirewallRules: [{2DEDCFE4-2AFC-42E8-BB36-E28D7DBD60DF}] => (Allow) LPort=2869
    FirewallRules: [{79D090B2-837A-479B-97FD-92F2436820ED}] => (Allow) LPort=1900
    FirewallRules: [{AD07EDFE-D4A8-440A-9E52-A6BFD6A0739D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{273B9CA7-84C8-4917-BEB8-D61DB8C4599C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [TCP Query User{09D16C11-E48F-4741-8187-CA2D06B85E0B}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe
    FirewallRules: [UDP Query User{637310E8-F08E-430D-BE3E-26E844B68352}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe
    FirewallRules: [TCP Query User{45633BFC-442B-43BB-8AB7-94D2DE4D1F85}C:\program files (x86)\logmein rescue calling card\callingcard.exe] => (Allow) C:\program files (x86)\logmein rescue calling card\callingcard.exe
    FirewallRules: [UDP Query User{BB0A803D-FD8C-4B9A-9398-C0095E926D7F}C:\program files (x86)\logmein rescue calling card\callingcard.exe] => (Allow) C:\program files (x86)\logmein rescue calling card\callingcard.exe
    FirewallRules: [TCP Query User{35673452-6D37-4875-AAA6-2755933285A3}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe
    FirewallRules: [UDP Query User{A7CE908A-23D8-49F7-AE1B-DCBE8172A249}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe
    FirewallRules: [TCP Query User{C7A9F53E-0623-4627-A73C-BB5968D03513}C:\users\administrator\desktop\new folder\tftpd64.452\tftpd64.exe] => (Allow) C:\users\administrator\desktop\new folder\tftpd64.452\tftpd64.exe
    FirewallRules: [UDP Query User{F296876A-E289-4296-BF7A-7A9F57F23E92}C:\users\administrator\desktop\new folder\tftpd64.452\tftpd64.exe] => (Allow) C:\users\administrator\desktop\new folder\tftpd64.452\tftpd64.exe
    FirewallRules: [{139C0536-A856-4C88-B78E-67731723486B}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{D4FB6878-DDB2-4C94-8DD7-EA896D575FBB}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{34B318AF-1749-4376-B0AD-61C54A040E0E}] => (Allow) LPort=80
    FirewallRules: [{97D27989-B79D-4A35-AF0D-4E44F5066E46}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

    ==================== Restore Points =========================

    29-05-2016 00:00:00 Scheduled Checkpoint
    29-05-2016 02:53:06 Windows Update

    ==================== Faulty Device Manager Devices =============

    Name: Dell Wireless 1703 Bluetooth
    Description: Dell Wireless 1703 Bluetooth
    Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
    Manufacturer: Qualcomm Atheros Communications
    Service: BTHUSB
    Problem: : This device is disabled. (Code 22)
    Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

    Name: Dell Wireless 1703 802.11b/g/n (2.4GHz)
    Description: Dell Wireless 1703 802.11b/g/n (2.4GHz)
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Atheros Communications Inc.
    Service: athr
    Problem: : This device is disabled. (Code 22)
    Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (05/31/2016 11:29:53 AM) (Source: Report Server Windows Service (MSSQLSERVER)) (EventID: 107) (User: )
    Description: Report Server Windows Service (MSSQLSERVER) cannot connect to the report server database.

    Error: (05/30/2016 11:43:05 PM) (Source: Report Server Windows Service (MSSQLSERVER)) (EventID: 107) (User: )
    Description: Report Server Windows Service (MSSQLSERVER) cannot connect to the report server database.

    Error: (05/30/2016 11:42:34 PM) (Source: MSSQLSERVER) (EventID: 30089) (User: )
    Description: The fulltext filter daemon host (FDHost) process has stopped abnormally. This can occur if an incorrectly configured or malfunctioning linguistic component, such as a wordbreaker, stemmer or filter has caused an irrecoverable error during full-text indexing or query processing. The process will be restarted automatically.

    Error: (05/30/2016 11:42:27 PM) (Source: MSSQLSERVER) (EventID: 30089) (User: )
    Description: The fulltext filter daemon host (FDHost) process has stopped abnormally. This can occur if an incorrectly configured or malfunctioning linguistic component, such as a wordbreaker, stemmer or filter has caused an irrecoverable error during full-text indexing or query processing. The process will be restarted automatically.

    Error: (05/30/2016 11:42:09 PM) (Source: MSSQLSERVER) (EventID: 30089) (User: )
    Description: The fulltext filter daemon host (FDHost) process has stopped abnormally. This can occur if an incorrectly configured or malfunctioning linguistic component, such as a wordbreaker, stemmer or filter has caused an irrecoverable error during full-text indexing or query processing. The process will be restarted automatically.

    Error: (05/30/2016 11:41:59 PM) (Source: MSSQLSERVER) (EventID: 30089) (User: )
    Description: The fulltext filter daemon host (FDHost) process has stopped abnormally. This can occur if an incorrectly configured or malfunctioning linguistic component, such as a wordbreaker, stemmer or filter has caused an irrecoverable error during full-text indexing or query processing. The process will be restarted automatically.

    Error: (05/30/2016 11:41:49 PM) (Source: MSSQLSERVER) (EventID: 30089) (User: )
    Description: The fulltext filter daemon host (FDHost) process has stopped abnormally. This can occur if an incorrectly configured or malfunctioning linguistic component, such as a wordbreaker, stemmer or filter has caused an irrecoverable error during full-text indexing or query processing. The process will be restarted automatically.

    Error: (05/30/2016 11:41:31 PM) (Source: MSSQLSERVER) (EventID: 30089) (User: )
    Description: The fulltext filter daemon host (FDHost) process has stopped abnormally. This can occur if an incorrectly configured or malfunctioning linguistic component, such as a wordbreaker, stemmer or filter has caused an irrecoverable error during full-text indexing or query processing. The process will be restarted automatically.

    Error: (05/30/2016 11:41:24 PM) (Source: MSSQLSERVER) (EventID: 30089) (User: )
    Description: The fulltext filter daemon host (FDHost) process has stopped abnormally. This can occur if an incorrectly configured or malfunctioning linguistic component, such as a wordbreaker, stemmer or filter has caused an irrecoverable error during full-text indexing or query processing. The process will be restarted automatically.

    Error: (05/30/2016 11:41:17 PM) (Source: MSSQLSERVER) (EventID: 30089) (User: )
    Description: The fulltext filter daemon host (FDHost) process has stopped abnormally. This can occur if an incorrectly configured or malfunctioning linguistic component, such as a wordbreaker, stemmer or filter has caused an irrecoverable error during full-text indexing or query processing. The process will be restarted automatically.


    System errors:
    =============
    Error: (05/30/2016 11:43:09 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The SQL Full-text Filter Daemon Launcher (MSSQLSERVER) service terminated unexpectedly. It has done this 5 time(s).

    Error: (05/30/2016 11:42:42 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The SQL Server VSS Writer service terminated unexpectedly. It has done this 1 time(s).

    Error: (05/30/2016 11:42:40 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The SQL Server (MSSQLSERVER) service terminated unexpectedly. It has done this 1 time(s).

    Error: (05/30/2016 11:42:30 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The SQL Full-text Filter Daemon Launcher (MSSQLSERVER) service terminated unexpectedly. It has done this 4 time(s).

    Error: (05/30/2016 11:42:07 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The SQL Full-text Filter Daemon Launcher (MSSQLSERVER) service terminated unexpectedly. It has done this 3 time(s).

    Error: (05/30/2016 11:41:56 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The SQL Server Integration Services 12.0 service terminated unexpectedly. It has done this 1 time(s).

    Error: (05/30/2016 11:41:52 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The SQL Full-text Filter Daemon Launcher (MSSQLSERVER) service terminated unexpectedly. It has done this 2 time(s).

    Error: (05/30/2016 11:41:28 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The SQL Full-text Filter Daemon Launcher (MSSQLSERVER) service terminated unexpectedly. It has done this 1 time(s).

    Error: (05/30/2016 11:40:50 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The CTI32 Telephony Engine service terminated unexpectedly. It has done this 1 time(s).

    Error: (05/30/2016 11:40:50 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The Spitfire_BusinessService service terminated unexpectedly. It has done this 1 time(s).


    CodeIntegrity:
    ===================================
    Date: 2016-03-11 00:07:26.898
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2016-03-11 00:07:26.883
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2015-12-25 21:39:25.560
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Emsisoft Anti-Malware\a2hooks64.dll because the set of per-page image hashes could not be found on the system.

    Date: 2015-12-25 20:59:02.982
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Emsisoft Anti-Malware\a2hooks64.dll because the set of per-page image hashes could not be found on the system.

    Date: 2015-12-25 20:44:44.221
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2015-12-25 20:44:44.208
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2015-11-29 00:33:03.932
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\ADMINI~1\AppData\Local\Temp\PCIUtil.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2015-11-29 00:33:03.918
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\ADMINI~1\AppData\Local\Temp\PCIUtil.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2015-11-29 00:24:14.144
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\Administrator\Desktop\PCIUtil.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2015-11-29 00:24:14.128
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\Administrator\Desktop\PCIUtil.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


    ==================== Memory info ===========================

    Processor: Intel(R) Core(TM) i7-4770 CPU @ 3.40GHz
    Percentage of memory in use: 23%
    Total physical RAM: 12237.72 MB
    Available physical RAM: 9305.4 MB
    Total Virtual: 24473.65 MB
    Available Virtual: 21268.03 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:931.28 GB) (Free:799.95 GB) NTFS
    Drive f: () (Removable) (Total:1.86 GB) (Free:0 GB) FAT

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 00000000)

    Partition: GPT.

    ========================================================
    Disk: 4 (Size: 1.9 GB) (Disk ID: 00000000)

    Partition: GPT.

    ==================== End of Addition.txt ============================
     
  20. Broni

    Broni Malware Annihilator Posts: 52,899   +344

    What kind of details can you provide? It's hard to work with "feelings".

    Download attached fixlist.txt file and save it to the Desktop.
    NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    Run FRST(FRST64) and press the Fix button just once and wait.
    The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
     

    Attached Files:

  21. Broni

    Broni Malware Annihilator Posts: 52,899   +344

    Still with me?
     
  22. Broni

    Broni Malware Annihilator Posts: 52,899   +344

    This topic is marked as abandoned and closed due to inactivity.

    This member will NOT be eligible to receive any more help in malware removal forum.
     
  23. Broni

    Broni Malware Annihilator Posts: 52,899   +344

    Reopened.
     
  24. Boufeez

    Boufeez TS Member Topic Starter Posts: 78

    Hi Broni

    Thanks for your assistance , your time and knowledge is really appreciated.

    As I mentioned in my earlier posts , every so often the screen will go black for a second and then come back, but with a yellow exclamation mark in the system tray with no description when I click on it or hover over with the mouse. I checked the device manager and all the hardware seems fine. It has all the symptoms of someone logging in and sharing my screen. Even the resolution changes in my email client.

    What's happening now ( just started yesterday)

    About eight keys on the keyboard just STOPPED working...I have plugged in about 6 different keyboard and all the same identical keys on the 6 different keyboards simply don't work . Seems to be the machine....When I take the original keyboard and plug it in another machine it works ( all keys)

    I am worried one day I wont be able to unlock the machine ( password protected) ....

    Please help !!!!!!!!
     
  25. Broni

    Broni Malware Annihilator Posts: 52,899   +344

    In this forum we're just checking if your computer is clean co please follow my reply #20.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...