Solved Trojan Detected : win32/beaugrit.gen!c

[Boufeez]

Screen has been flashing to black and then back to normal with a yellow exclamation mark appearing in the system tray with no description or anything. I did not think much of it , but now a few days later I got a message from Microsoft security essentials telling me a Trojan has been detected while I was doing some banking.

 

[Boufeez]

Please provide instructions to follow

Thank you very much.

 

[Boufeez]

Stopzilla logs:

Block/Extraction General 2016-05-27 18:14:24 Extracted package System Policies.DisableRegistryTools
Block/Extraction General 2016-05-27 18:14:23 Extracted package Trojan.Win32.Cognac!a
Block/Extraction General 2016-05-27 18:14:23 Extracted package Trojan.Win32.Mal.gen!b56
Block/Extraction General 2016-05-27 18:14:22 Extracted package VirTool.Win32.Obfuscator
Block/Extraction General 2016-05-27 18:14:22 Extracted package Trojan.Win32.Redirector.gen
Block/Extraction General 2016-05-27 18:14:21 Extracted package Vundo.A7
Information General 2016-05-27 18:11:06 Completed system scan.
Information General 2016-05-27 18:11:05 Inspecting WinSock registry (LSP Chain)
Information General 2016-05-27 17:19:42 Started system scan.
Information General 2016-05-27 17:18:50 Inspecting registered Internet Explorer toolbars
Information General 2016-05-27 17:18:45 Inspecting WinSock registry (LSP Chain)
Information General 2016-05-27 17:18:45 Inspecting WinLogon notification handlers and modules loaded by WinLogon
Information General 2016-05-27 17:18:43 Inspecting WinLogon notification handlers and modules loaded by WinLogon
Information General 2016-05-27 17:18:43 Inspecting registered Explorer bars
Information General 2016-05-27 17:18:22 Inspecting registered Browser Helper Objects (BHOs)
Information General 2016-05-27 17:18:18 Starting process watcher
Warning/Detection General 2016-05-27 17:14:42 Detected malicious registry entry DisableRegistryTools in hklm\software\microsoft\windows\currentversion\policies\system
Block/Extraction General 2016-05-27 17:14:42 Deleted registry value DisableRegistryTools in hklm\software\microsoft\windows\currentversion\policies\system
Block/Extraction General 2016-05-27 17:14:36 Terminated service: WSearch - Windows Search
Information General 2016-05-27 17:14:36 Started system scan.
Information General 2016-05-27 17:14:31 Inspecting registered Internet Explorer toolbars
Information General 2016-05-27 17:14:30 Inspecting WinSock registry (LSP Chain)
Information General 2016-05-27 17:14:29 Inspecting WinLogon notification handlers and modules loaded by WinLogon
Block/Extraction General 2016-05-27 17:14:29 Terminated service: SysMain - Superfetch
Information General 2016-05-27 17:14:28 Inspecting WinLogon notification handlers and modules loaded by WinLogon
Block/Extraction General 2016-05-27 17:14:24 Deleted registry value system in hklm\software\microsoft\windows nt\currentversion\winlogon
Information General 2016-05-27 17:14:23 Inspecting registered Explorer bars
Information General 2016-05-27 17:13:56 Inspecting registered Browser Helper Objects (BHOs)
Information General 2016-05-27 17:13:55 Starting process watcher

 

[Boufeez]

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:25-05-2016 01
Ran by Administrator (administrator) on OFFICE-1-PC (27-05-2016 18:56:15)
Running from C:\Users\Administrator\Desktop
Loaded Profiles: Administrator & ReportServer & MSSQLFDLauncher & MsDtsServer120 & MSSQLSERVER (Available Profiles: Administrator & MSSQLServerOLAPService & ReportServer & MSSQLFDLauncher & MsDtsServer120 & MSSQLSERVER & Classic .NET AppPool & DefaultAppPool & ASP.NET v4.0 Classic)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(iS3, Inc.) C:\Program Files (x86)\iS3\STOPzilla AntiMalware\SZServer.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(AMD) C:\Windows\System32\atieclxx.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe
(Apple Computer, Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
(Inventive Labs, LLC) C:\Program Files (x86)\CTI32\cti32svc.exe
(Inventive Labs, Inc.) C:\Program Files (x86)\Inventive Labs\Hmp Elements Server\HmpElementsServer.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel(R) Corporation) C:\Program Files\Intel\BCA\pabeSvc64.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\120\DTS\Binn\MsDtsSrvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL12.MSSQLSERVER\MSSQL\Binn\sqlservr.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSRS12.MSSQLSERVER\Reporting Services\ReportServer\bin\ReportingServicesService.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(McAfee, Inc.) C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Atheros) C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL12.MSSQLSERVER\MSSQL\Binn\fdlauncher.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL12.MSSQLSERVER\MSSQL\Binn\fdhost.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(iS3, Inc.) C:\Program Files (x86)\iS3\STOPzilla AntiMalware\STOPzilla.exe
(Qualcomm®Atheros®) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
() C:\SPD Enterprise\SpitFire_BusinessService\Spitfire_BusinessService.exe
() C:\SPD Enterprise\SpitFire_LoginService\Spitfire_LoginService.exe
(McAfee, Inc.) C:\Program Files\TrueKey\McTkSchedulerService.exe
() C:\SPD Enterprise\SpitFire_DialService\Spitfire_DialService.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [286704 2013-04-30] (Intel Corporation)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1340192 2016-01-29] (Microsoft Corporation)
HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe [134784 2014-10-28] (Qualcomm®Atheros®)
HKLM\...\Policies\Explorer: [TaskbarNoNotification] 1
HKU\S-1-5-21-3097266444-2333562351-893229259-500\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8455960 2015-08-19] (Piriform Ltd)
HKU\S-1-5-21-3097266444-2333562351-893229259-500\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)
HKU\S-1-5-21-3097266444-2333562351-893229259-500\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [11264 2009-07-13] (Microsoft Corporation)
Lsa: [Notification Packages] scecli C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\..\Interfaces\{422811A0-BBB7-4BD5-AAAE-BB743DC9F38E}: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{9D3C4071-F374-4945-9A9C-1599E5144CC0}: [NameServer] 8.8.8.8,8.4.4.4

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3097266444-2333562351-893229259-500\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\S-1-5-21-3097266444-2333562351-893229259-500 -> DefaultScope {A6A0D800-A86D-46FF-B3A8-EC68EB4F50E0} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKU\S-1-5-21-3097266444-2333562351-893229259-500 -> {A6A0D800-A86D-46FF-B3A8-EC68EB4F50E0} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007-05-10] (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-3097266444-2333562351-893229259-500 -> No Name - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - No File
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab

FireFox:
========
FF ProfilePath: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\dim0fd18.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_213.dll [2016-04-15] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_213.dll [2016-04-15] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-01-24] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-01-24] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-01-24] (Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)

Chrome:
=======
CHR Profile: C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-01-31]
CHR Extension: (Google Docs) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-01-31]
CHR Extension: (Google Drive) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-01-31]
CHR Extension: (YouTube) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-01-31]
CHR Extension: (Google Search) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-01-31]
CHR Extension: (Google Sheets) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-01-31]
CHR Extension: (Google Docs Offline) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-04-23]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-23]
CHR Extension: (Gmail) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-01-31]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
R2 AtherosSvc; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [322176 2014-10-28] (Windows (R) Win 7 DDK provider) [File not signed]
R2 Bonjour Service; C:\Program Files (x86)\Bonjour\mDNSResponder.exe [229376 2006-02-28] (Apple Computer, Inc.) [File not signed]
R2 Cti32svc; C:\Program Files (x86)\CTI32\cti32svc.exe [24576 2015-02-23] (Inventive Labs, LLC) [File not signed]
S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2015-11-24] (Macrovision Europe Ltd.) [File not signed]
R2 HmpElements; C:\Program Files (x86)\Inventive Labs\Hmp Elements Server\HmpElementsServer.exe [1946088 2015-02-26] (Inventive Labs, Inc.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-04-30] (Intel Corporation)
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [2451456 2012-07-13] (Realsil Microelectronics Inc.) [File not signed]
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [732160 2012-12-10] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129336 2013-01-31] (Intel Corporation)
R2 IntelBCAsvc; C:\Program Files\Intel\BCA\pabeSvc64.exe [3020440 2015-11-25] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [167736 2013-01-31] (Intel Corporation)
R2 MsDtsServer120; C:\Program Files\Microsoft SQL Server\120\DTS\Binn\MsDtsSrvr.exe [216768 2015-06-09] (Microsoft Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2016-01-29] (Microsoft Corporation)
R3 MSSQLFDLauncher; C:\Program Files\Microsoft SQL Server\MSSQL12.MSSQLSERVER\MSSQL\Binn\fdlauncher.exe [50880 2014-02-21] (Microsoft Corporation)
R2 MSSQLSERVER; C:\Program Files\Microsoft SQL Server\MSSQL12.MSSQLSERVER\MSSQL\Binn\sqlservr.exe [372416 2015-06-09] (Microsoft Corporation)
S3 MSSQLServerOLAPService; C:\Program Files\Microsoft SQL Server\MSAS12.MSSQLSERVER\OLAP\bin\msmdsrv.exe [51156160 2015-04-21] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [374344 2016-01-29] (Microsoft Corporation)
R2 ReportServer; C:\Program Files\Microsoft SQL Server\MSRS12.MSSQLSERVER\Reporting Services\ReportServer\bin\ReportingServicesService.exe [2467008 2015-04-21] (Microsoft Corporation)
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-02-28] (Riverbed Technology, Inc.)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [202824 2013-01-18] (Realtek Semiconductor)
R2 Spitfire_BusinessService; C:\SPD Enterprise\SpitFire_BusinessService\Spitfire_BusinessService.exe [7168 2016-02-15] () [File not signed]
R2 Spitfire_DialService; C:\SPD Enterprise\SpitFire_DialService\Spitfire_DialService.exe [6656 2016-03-02] () [File not signed]
R2 Spitfire_LoginService; C:\SPD Enterprise\SpitFire_LoginService\Spitfire_LoginService.exe [7680 2016-01-12] () [File not signed]
S4 Spitfire_RecordingService; C:\SPD Enterprise\SpitFire_RecordingService\Spitfire_RecordingService.exe [6656 2013-12-31] () [File not signed]
S3 SQL Server Distributed Replay Client; C:\Program Files (x86)\Microsoft SQL Server\120\Tools\DReplayClient\DReplayClient.exe [139968 2014-02-21] (Microsoft Corporation)
S3 SQL Server Distributed Replay Controller; C:\Program Files (x86)\Microsoft SQL Server\120\Tools\DReplayController\DReplayController.exe [345280 2014-02-21] (Microsoft Corporation)
S3 SQLSERVERAGENT; C:\Program Files\Microsoft SQL Server\MSSQL12.MSSQLSERVER\MSSQL\Binn\SQLAGENT.EXE [613056 2015-06-09] (Microsoft Corporation)
R2 szserver; C:\Program Files (x86)\iS3\STOPzilla AntiMalware\SZServer.exe [194464 2016-03-22] (iS3, Inc.)
R2 TrueKey; C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe [878904 2016-05-16] (McAfee, Inc.)
R2 TrueKeyScheduler; C:\Program Files\TrueKey\McTkSchedulerService.exe [15736 2016-05-16] (McAfee, Inc.)
S3 TrueKeyServiceHelper; C:\Program Files\TrueKey\McAfee.TrueKey.ServiceHelper.exe [86864 2016-05-16] (McAfee, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [81536 2014-05-13] (Atheros) [File not signed]
S2 InstallerService; "C:\Program Files\TrueKey\Mcafee.TrueKey.InstallerService.exe" [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 BTATH_LWFLT; C:\Windows\System32\DRIVERS\btath_lwflt.sys [77464 2014-10-28] (Qualcomm Atheros)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2015-12-24] ()
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28656 2013-04-30] (Intel Corporation)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [116736 2014-02-19] (Intel Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [289120 2015-11-13] (Microsoft Corporation)
R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133816 2015-11-13] (Microsoft Corporation)
R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-02-28] (Riverbed Technology, Inc.)
S4 RsFx0310; C:\Windows\System32\DRIVERS\RsFx0310.sys [249024 2015-04-21] (Microsoft Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R2 SSPORT; C:\Windows\SysWOW64\Drivers\SSPORT.sys [11576 2009-10-28] (Samsung Electronics)
R0 szkg5; C:\Windows\SysWow64\drivers\szkg64.sys [74768 2016-03-22] (iS3 Inc.)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [28272 2016-05-27] ()
R3 usbkey; C:\Windows\System32\DRIVERS\USBKey64.sys [40288 2015-08-14] ()
S0 is3srv; SySWOW64\drivers\is3srv64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-05-27 18:56 - 2016-05-27 18:56 - 00018488 _____ C:\Users\Administrator\Desktop\FRST.txt
2016-05-27 18:55 - 2016-05-27 18:55 - 02383360 _____ (Farbar) C:\Users\Administrator\Desktop\FRST64.exe
2016-05-27 18:46 - 2016-05-27 18:56 - 00000768 _____ C:\Windows\system32\Drivers\kgpcpy.cfg
2016-05-27 18:15 - 2016-05-27 18:15 - 00002767 _____ C:\Users\Administrator\Desktop\EventLog.txt
2016-05-27 17:59 - 2016-05-27 18:41 - 00000016 _____ C:\Windows\system32\config\software.szfi
2016-05-27 17:17 - 2016-05-27 18:44 - 00203804 _____ C:\Windows\ntbtlog.txt
2016-05-27 17:17 - 2016-05-27 17:17 - 976951121 _____ C:\Windows\MEMORY.DMP
2016-05-27 17:17 - 2016-05-27 17:17 - 00276176 _____ C:\Windows\Minidump\052716-19983-01.dmp
2016-05-27 17:13 - 2016-05-27 18:56 - 00000000 ____D C:\ProgramData\STOPzilla!
2016-05-27 17:13 - 2016-05-27 17:13 - 00002031 _____ C:\Users\Public\Desktop\STOPzilla AntiMalware.lnk
2016-05-27 17:13 - 2016-05-27 17:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\STOPzilla AntiMalware
2016-05-27 17:13 - 2016-05-27 17:13 - 00000000 ____D C:\Program Files (x86)\iS3
2016-05-27 17:12 - 2016-05-27 17:12 - 00593064 _____ C:\Users\Administrator\Downloads\STOPzilla_ASM_RW65.exe
2016-05-27 10:48 - 2016-05-27 10:48 - 02354776 _____ C:\Windows\system32\FNTCACHE.DAT
2016-05-26 03:53 - 2016-05-26 03:53 - 04952336 _____ (Advanced Micro Devices, Inc.) C:\Users\Administrator\Downloads\autodetectutility.exe
2016-05-26 03:29 - 2016-05-26 03:29 - 00110560 _____ C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2016-05-25 20:18 - 2016-05-25 20:18 - 18910676 _____ C:\Users\Administrator\Downloads\CommunityShowcaseDramaticSkies3.themepack
2016-05-25 20:18 - 2016-05-25 20:18 - 08402527 _____ C:\Users\Administrator\Downloads\DarkSkiesTracyHymas.themepack
2016-05-25 20:17 - 2016-05-25 20:18 - 25388785 _____ C:\Users\Administrator\Downloads\CommunityShowcaseAqua4.themepack
2016-05-25 20:17 - 2016-05-25 20:17 - 07884764 _____ C:\Users\Administrator\Downloads\AuroraBorealis.themepack
2016-05-25 20:16 - 2016-05-25 20:16 - 08546059 _____ C:\Users\Administrator\Downloads\SpectacularSkiesMarcoMuller.themepack
2016-05-25 20:01 - 2016-05-25 20:01 - 30639455 _____ C:\Users\Administrator\Downloads\PanoramasEurope.deskthemepack
2016-05-25 20:01 - 2016-05-25 20:01 - 14659653 _____ C:\Users\Administrator\Downloads\Serbia_nat.themepack
2016-05-25 20:01 - 2016-05-25 20:01 - 13655051 _____ C:\Users\Administrator\Downloads\WildBeautyCharlesBergman.themepack
2016-05-25 20:01 - 2016-05-25 20:01 - 13545604 _____ C:\Users\Administrator\Downloads\PerspectivesJapan2KazuoNakadai.themepack
2016-05-25 20:00 - 2016-05-25 20:00 - 06699390 _____ C:\Users\Administrator\Downloads\PanoramicGlaciers.deskthemepack
2016-05-25 19:56 - 2016-05-25 19:56 - 16877897 _____ C:\Users\Administrator\Downloads\Forests.themepack
2016-05-24 20:23 - 2016-05-24 20:23 - 28908032 _____ (Adlice Software ) C:\Users\Administrator\Downloads\setup.exe
2016-05-24 20:21 - 2016-05-24 20:22 - 19867720 _____ C:\Users\Administrator\Downloads\RogueKiller.exe
2016-05-09 12:57 - 2016-05-09 12:57 - 00095614 _____ C:\Users\Administrator\Downloads\1Z9V6W889191354820.pdf
2016-05-07 16:44 - 2016-05-07 16:44 - 03615296 _____ C:\Users\Administrator\Downloads\adwcleaner_5.115.exe
2016-05-07 16:44 - 2016-05-07 16:44 - 01610816 _____ (Malwarebytes) C:\Users\Administrator\Downloads\JRT(1).exe
2016-05-06 14:46 - 2016-05-06 14:46 - 00193306 _____ C:\Users\Administrator\Downloads\514102-0926.PDF
2016-05-06 02:04 - 2016-05-06 14:16 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-05-05 15:51 - 2016-05-05 15:51 - 00004556 _____ C:\Users\Administrator\Downloads\invoice_179.pdf
2016-05-05 13:47 - 2016-05-05 13:47 - 00193306 _____ C:\Users\Administrator\Downloads\514100-1081.PDF
2016-05-03 23:17 - 2016-05-03 23:18 - 00098975 _____ C:\Users\Administrator\Downloads\tftpmanager-1.1.0.0.tgz
2016-05-02 17:43 - 2016-05-02 17:43 - 00005184 _____ C:\Users\Administrator\Downloads\Order Confirmation 5141020926.zip
2016-05-01 02:21 - 2016-05-01 02:21 - 05248352 _____ C:\Users\Administrator\Downloads\Your Payment Has Been Approved!.zip
2016-04-27 13:15 - 2016-04-27 13:15 - 00000000 ___RD C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-05-27 18:56 - 2015-12-27 17:35 - 00000000 ____D C:\FRST
2016-05-27 18:54 - 2016-01-31 02:40 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-05-27 18:54 - 2009-07-14 00:45 - 00021312 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-05-27 18:54 - 2009-07-14 00:45 - 00021312 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-05-27 18:52 - 2015-08-19 21:01 - 00003970 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{457B9D94-DBA1-45CA-8B54-1BFDDB92A0F5}
2016-05-27 18:51 - 2009-07-14 01:13 - 01094326 _____ C:\Windows\system32\PerfStringBackup.INI
2016-05-27 18:51 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\inf
2016-05-27 18:47 - 2016-01-31 02:40 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-05-27 18:47 - 2015-08-14 11:34 - 00000000 ____D C:\Users\Administrator\AppData\Local\LogMeIn Rescue Calling Card
2016-05-27 18:47 - 2015-08-14 11:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpitFire Online Support
2016-05-27 18:46 - 2016-03-31 14:19 - 00000438 _____ C:\Windows\system32\Drivers\etc\hosts.ics
2016-05-27 18:46 - 2015-11-12 20:00 - 00000000 ____D C:\Users\ReportServer
2016-05-27 18:46 - 2015-11-12 20:00 - 00000000 ____D C:\Users\MSSQLFDLauncher
2016-05-27 18:45 - 2015-11-12 20:00 - 00000000 ____D C:\Users\MsDtsServer120
2016-05-27 18:45 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-05-27 17:27 - 2015-08-26 12:27 - 00028272 _____ C:\Windows\system32\Drivers\TrueSight.sys
2016-05-27 17:18 - 2015-11-12 20:00 - 00000000 ____D C:\Users\MSSQLSERVER
2016-05-27 17:17 - 2016-02-25 23:28 - 00000000 ____D C:\Windows\Minidump
2016-05-27 17:00 - 2015-12-22 19:29 - 00000000 ____D C:\ProgramData\Malwarebytes Anti-Exploit
2016-05-27 16:56 - 2016-03-09 18:57 - 00002064 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wireshark.lnk
2016-05-27 16:55 - 2015-12-27 04:22 - 00000000 ____D C:\ProgramData\Sophos
2016-05-27 16:55 - 2015-09-10 14:27 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\RingCentralMeetings
2016-05-27 16:55 - 2015-08-14 11:34 - 00000000 ____D C:\Program Files (x86)\LogMeIn Rescue Calling Card
2016-05-27 16:34 - 2016-02-03 18:47 - 00000000 ____D C:\Users\Administrator\Desktop\Medical
2016-05-27 13:01 - 2015-12-29 18:39 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Kodi
2016-05-27 10:48 - 2016-04-15 02:08 - 00000000 ____D C:\Program Files (x86)\McAfee
2016-05-27 10:48 - 2016-04-15 01:59 - 00000000 ____D C:\Program Files\TrueKey
2016-05-26 03:28 - 2015-10-07 00:09 - 00000000 ____D C:\Program Files (x86)\Java
2016-05-26 00:31 - 2016-04-15 02:08 - 00001190 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\True Key.lnk
2016-05-25 19:54 - 2015-08-18 11:50 - 00000000 ____D C:\Users\Administrator\AppData\Local\Adobe
2016-05-25 19:54 - 2015-08-14 11:33 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Adobe
2016-05-25 19:44 - 2015-09-17 13:29 - 00018995 _____ C:\Users\Administrator\Desktop\contacts.xlsx
2016-05-25 19:21 - 2015-08-19 18:32 - 00000000 ____D C:\Users\Administrator\AppData\Local\CrashDumps
2016-05-24 01:11 - 2015-08-19 19:20 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Skype
2016-05-22 13:49 - 2015-08-14 11:50 - 00000000 ____D C:\Program Files (x86)\CTI32
2016-05-21 12:15 - 2015-12-29 23:12 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-05-20 12:36 - 2015-12-29 23:12 - 00003770 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-05-20 12:36 - 2015-08-21 00:08 - 00797376 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-05-20 12:36 - 2015-08-21 00:08 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-05-14 15:24 - 2016-03-02 00:20 - 00000000 ____D C:\ProgramData\McAfee
2016-05-13 17:02 - 2015-08-14 12:06 - 00000000 ____D C:\Users\Administrator\Documents\SQL Server Management Studio
2016-05-13 16:24 - 2016-04-15 02:08 - 00003348 _____ C:\Windows\System32\Tasks\McAfee Remediation (Prepare)
2016-05-13 16:21 - 2015-08-14 11:56 - 00000000 ____D C:\Program Files\Microsoft SQL Server
2016-05-13 16:21 - 2015-08-14 11:56 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server
2016-05-11 17:55 - 2016-01-31 02:42 - 00002195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-05-10 16:49 - 2016-01-31 02:40 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-05-10 16:49 - 2016-01-31 02:40 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-05-08 13:59 - 2015-12-24 22:16 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2016-05-07 11:03 - 2015-12-28 02:44 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-05-04 20:54 - 2015-08-17 21:49 - 00000000 ____D C:\Users\ASP.NET v4.0 Classic
2016-05-03 23:20 - 2015-09-08 17:13 - 00000000 ____D C:\Share
2016-05-03 16:39 - 2016-04-20 18:51 - 00000000 ____D C:\Users\Administrator\Desktop\project1
2016-05-01 12:32 - 2016-03-04 03:19 - 34330525 _____ C:\Users\Administrator\Desktop\Data 2A.xlsx
2016-04-30 18:27 - 2016-03-26 12:29 - 00008704 ___SH C:\Users\Administrator\Documents\Thumbs.db

==================== Files in the root of some directories =======

2016-01-21 01:26 - 2016-01-21 01:26 - 0000017 _____ () C:\Users\Administrator\AppData\Local\resmon.resmoncfg

Some files in TEMP:
====================
C:\Users\Administrator\AppData\Local\Temp\dllnt_dump.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-05-18 15:04

==================== End of FRST.txt ============================

 

[Boufeez]

Additional scan result of Farbar Recovery Scan Tool (x64) Version:25-05-2016 01
Ran by Administrator (2016-05-27 18:56:55)
Running from C:\Users\Administrator\Desktop
Windows 7 Professional Service Pack 1 (X64) (2015-08-13 20:31:49)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3097266444-2333562351-893229259-500 - Administrator - Enabled) => C:\Users\Administrator
Guest (S-1-5-21-3097266444-2333562351-893229259-501 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {768124D7-F5F7-6D2F-DDC2-94DFA4017C95}
AS: Microsoft Security Essentials (Enabled - Up to date) {CDE0C533-D3CD-62A1-E772-AFADDF863628}
AS: STOPzilla (Enabled - Up to date) {E375F917-FA8E-0C29-B3C0-275922AEB69A}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Add or Remove Adobe Creative Suite 3 Master Collection (HKLM-x32\...\Adobe_4dcfd9b7e901b57f81f667144603236) (Version: 1.0 - Adobe Systems Incorporated)
Adobe Flash Player 21 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 21.0.0.242 - Adobe Systems Incorporated)
Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.213 - Adobe Systems Incorporated)
AgentApp (HKLM-x32\...\{AF941339-68D2-4F19-9FEA-F085EF20E33E}) (Version: 1.0.0 - OPC Marketing, Inc.)
AHV content for Acrobat and Flash (x32 Version: 1 - Adobe Systems Incorporated) Hidden
AMD Catalyst Install Manager (HKLM\...\{F62CA14F-AB88-4A97-7752-BF36193B4CC3}) (Version: 8.0.903.0 - Advanced Micro Devices, Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.09 - Piriform)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
CTI32 (HKLM-x32\...\{859C79E6-9913-437E-888E-C8891D8D32C5}) (Version: 4.5.0.0 - Inventive Labs, LLC)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell WLAN and Bluetooth Client Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Dell Inc.)
FileZilla Client 3.16.1 (HKLM-x32\...\FileZilla Client) (Version: 3.16.1 - Tim Kosse)
GDR 4213 for SQL Server 2014 (KB3070446) (64-bit) (HKLM\...\KB3070446) (Version: 12.1.4213.0 - Microsoft Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 50.0.2661.102 - Google Inc.)
Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden
Hmp Elements Server (HKLM-x32\...\{E9DD8AB9-0D79-47A0-9142-A3DC7FB789A1}) (Version: 1.0.0 - Inventive Labs)
Intel Driver Update Utility (HKLM-x32\...\{fe92d390-13ee-4660-a2f8-39a066fdffe0}) (Version: 2.2.0.5 - Intel)
Intel Security True Key (HKLM\...\TrueKey) (Version: 4.1.137.1 - Intel Security)
Intel(R) Driver Update Utility 2.2.0.5 (x32 Version: 2.2.0.1 - Intel) Hidden
Intel(R) Manageability Engine Firmware Recovery Agent (HKLM-x32\...\{A6C48A9F-694A-4234-B3AA-62590B668927}) (Version: 1.0.0.36702 - Intel Corporation)
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.0.1168 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.0.1310 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.6.0.1033 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.5.0.19 - Intel Corporation)
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Kodi (HKU\S-1-5-21-3097266444-2333562351-893229259-500\...\Kodi) (Version: - XBMC-Foundation)
Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Help Viewer 1.1 (HKLM\...\Microsoft Help Viewer 1.1) (Version: 1.1.40219 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.6.140.0 - Microsoft Corporation)
Microsoft ODBC Driver 11 for SQL Server (HKLM\...\{BF5ABBDB-D3AA-4BCB-8D10-FCD4A4BB7F93}) (Version: 12.1.4100.1 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Report Viewer 2014 Runtime (HKLM-x32\...\{327E9C0D-1687-414F-923E-F5979E549548}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft Report Viewer Redistributable 2008 SP1 (HKLM-x32\...\Microsoft Report Viewer Redistributable 2008 (KB971119)) (Version: - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.9.218.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Management Objects (HKLM-x32\...\{83F2B8F4-5CF3-4BE9-9772-9543EAE4AC5F}) (Version: 10.51.2500.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files (HKLM\...\{6292D514-17A4-403F-98F9-E150F10C043D}) (Version: 10.3.5500.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client (HKLM\...\{49D665A2-4C2A-476E-9AB8-FCC425F526FC}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2014 (64-bit) (HKLM\...\Microsoft SQL Server SQLServer2014) (Version: - Microsoft Corporation)
Microsoft SQL Server 2014 Policies (HKLM-x32\...\{1C30FE7E-8A8C-4492-89D6-10CB20C3B0EB}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 RS Add-in for SharePoint (HKLM\...\{E4B2839D-5C17-4A21-AB5A-2540AAD6F776}) (Version: 12.1.4100.1 - Microsoft Corporation)
Microsoft SQL Server 2014 Setup (English) (HKLM\...\{2975950A-6723-4FD2-9719-78DD9C30A7F4}) (Version: 12.1.4213.0 - Microsoft Corporation)
Microsoft SQL Server 2014 Transact-SQL Compiler Service (HKLM\...\{5BC5068F-1F64-4D2D-948F-E75F30B850CB}) (Version: 12.1.4213.0 - Microsoft Corporation)
Microsoft SQL Server 2014 Transact-SQL ScriptDom (HKLM\...\{FF7DDA05-6EA7-4C01-B44A-3E57F8B9B97B}) (Version: 12.1.4100.1 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM-x32\...\{C3F6F200-6D7B-4879-B9EE-700C0CE1FCDA}) (Version: 10.51.2500.0 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (x64) (HKLM\...\{C9F697B9-FAC8-4B76-9D3D-40FA3BFA4F9E}) (Version: 10.51.2500.0 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM\...\{E3F613C1-105F-4717-BFE7-007729A95D67}) (Version: 12.1.4100.1 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219 (HKLM-x32\...\{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Shell (Isolated) - ENU (HKLM-x32\...\{D64B6984-242F-32BC-B008-752806E5FC44}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 - ENU (HKLM-x32\...\{4ECF4BDC-8387-329A-ABE9-CF5798F84BB2}) (Version: 9.0.35191 - Microsoft Corporation)
Microsoft VSS Writer for SQL Server 2014 (HKLM\...\{366CD715-2FF4-40B4-A8B4-A05E5D21A945}) (Version: 12.1.4100.1 - Microsoft Corporation)
Mozilla Firefox 46.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 46.0.1 (x86 en-US)) (Version: 46.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 46.0.1.5966 - Mozilla)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.8.1 - Notepad++ Team)
PDF Settings (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.334 - Qualcomm Atheros Communications)
Realtek Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 7.67.1226.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6833 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.2.8400.30137 - Realtek Semiconductor Corp.)
Samsung Scan Assistant (HKLM-x32\...\Samsung Scan Assistant) (Version: 1.04.22.00 - Samsung Electronics Co., Ltd.)
Service Pack 1 for SQL Server 2014 (KB3058865) (64-bit) (HKLM\...\KB3058865) (Version: 12.1.4100.1 - Microsoft Corporation)
Skype™ 7.8 (HKLM-x32\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.8.102 - Skype Technologies S.A.)
Spitfire Enterprise Setup (HKLM-x32\...\{B06EDCA9-BB6F-4129-89BF-619CF7E8C895}) (Version: 1.0.0 - OPC Marketing, Inc.)
SpitFire Online Support (HKLM-x32\...\{7E117A6A-8579-4435-8290-4089C1C5BEFA}) (Version: 5.2.142 - LogMeIn, Inc.)
SQL Server 2014 Analysis Services (Version: 12.1.4100.1 - Microsoft Corporation) Hidden
SQL Server 2014 Client Tools (Version: 12.1.4100.1 - Microsoft Corporation) Hidden
SQL Server 2014 Common Files (Version: 12.1.4100.1 - Microsoft Corporation) Hidden
SQL Server 2014 Data quality client (Version: 12.1.4100.1 - Microsoft Corporation) Hidden
SQL Server 2014 Data quality service (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server 2014 Data quality service (Version: 12.1.4100.1 - Microsoft Corporation) Hidden
SQL Server 2014 Database Engine Services (Version: 12.1.4100.1 - Microsoft Corporation) Hidden
SQL Server 2014 Database Engine Shared (Version: 12.1.4100.1 - Microsoft Corporation) Hidden
SQL Server 2014 Distributed Replay (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server 2014 Distributed Replay (Version: 12.1.4100.1 - Microsoft Corporation) Hidden
SQL Server 2014 Documentation Components (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server 2014 Full text search (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server 2014 Integration Services (Version: 12.1.4100.1 - Microsoft Corporation) Hidden
SQL Server 2014 Management Studio (Version: 12.1.4100.1 - Microsoft Corporation) Hidden
SQL Server 2014 Master Data Services (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server 2014 Master Data Services (Version: 12.1.4100.1 - Microsoft Corporation) Hidden
SQL Server 2014 Reporting Services (Version: 12.1.4100.1 - Microsoft Corporation) Hidden
SQL Server 2014 RS_SharePoint_SharedService (Version: 12.1.4100.1 - Microsoft Corporation) Hidden
SQL Server 2014 SQL Data Quality Common (Version: 12.1.4100.1 - Microsoft Corporation) Hidden
SQL Server Browser for SQL Server 2014 (HKLM-x32\...\{3204DE95-97D2-4261-A286-98A262E171D4}) (Version: 12.1.4100.1 - Microsoft Corporation)
Sql Server Customer Experience Improvement Program (Version: 12.1.4100.1 - Microsoft Corporation) Hidden
STOPzilla AntiMalware (HKLM-x32\...\{4BA66CCC-1AC5-4188-B3D4-BC29394C45E6}) (Version: 6.5.2.58 - iS3, Inc.)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1210 - SUPERAntiSpyware.com)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Visual Studio 2010 Prerequisites - English (HKLM\...\{662014D2-0450-37ED-ABAE-157C88127BEB}) (Version: 10.0.40219 - Microsoft Corporation)
Windows Driver Package - KEYLOK (usbkey) USB (06/10/2010 64.0.0.0) (HKLM\...\B048A6D4B0188E5A802ADFF30A7C78FA4AD99BE0) (Version: 06/10/2010 64.0.0.0 - KEYLOK)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
Wireshark 2.0.2 (64-bit) (HKLM-x32\...\Wireshark) (Version: 2.0.2 - The Wireshark developer community, hxxps://www.wireshark.org)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {039C781B-6DBA-480A-BAAE-F4526492FBF2} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2015-09-10] (Microsoft Corporation)
Task: {36399346-416E-4E77-8CB0-875D9FC80F51} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2015-09-10] (Microsoft Corporation)
Task: {382D8390-2F47-4971-8485-67904EE6C098} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2015-09-10] (Microsoft)
Task: {42B33681-5FD0-4544-8B62-327707AD5763} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated)
Task: {54F94D1A-6512-449C-9545-7497ADAE0B77} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2012-06-14] (Intel Corporation)
Task: {59D2A24E-30F4-4538-BDAB-E172A5CC94EF} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-08-19] (Piriform Ltd)
Task: {63FAFC84-4951-408B-8BFB-BD9D4C2DF50A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-01-31] (Google Inc.)
Task: {8961A1AA-9AC7-4492-865D-D7EDBB884375} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2015-09-10] (Microsoft Corporation)
Task: {C3391B3B-A086-42A6-8875-34E80CB7B0D7} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-05-20] (Adobe Systems Incorporated)
Task: {D9945D77-7510-4A34-93E3-2D0C198EA211} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-01-31] (Google Inc.)
Task: {E19B4111-5B41-4B98-8C1C-E3B5CAFC271C} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2012-06-14] (Intel Corporation)
Task: {FA7C3623-1B87-4403-BF7B-D0DC8AAB7385} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2015-09-10] (Microsoft Corporation)
Task: {FC5C3148-C057-4B34-AA54-76D3BA0A6673} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee Anti-Virus And Anti-Spyware\upgrade.exe [2016-03-31] (McAfee, Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-07-01 09:45 - 2015-07-01 09:45 - 00022528 _____ () C:\Windows\System32\us005lm.dll
2015-08-19 13:43 - 2014-12-05 16:32 - 00420352 _____ () C:\Windows\system32\SaMinDrv.dll
2016-03-16 06:17 - 2016-03-16 06:17 - 00052912 _____ () C:\Program Files\FileZilla FTP Client\fzshellext_64.dll
2014-10-28 01:26 - 2014-10-28 01:26 - 00086016 _____ () C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Modules\Map\MAP.dll
2015-08-14 12:12 - 2016-02-15 18:44 - 00007168 _____ () C:\SPD Enterprise\SpitFire_BusinessService\Spitfire_BusinessService.exe
2015-08-14 12:12 - 2016-01-12 15:45 - 00007680 _____ () C:\SPD Enterprise\SpitFire_LoginService\Spitfire_LoginService.exe
2015-08-14 12:12 - 2016-03-02 15:05 - 00006656 _____ () C:\SPD Enterprise\SpitFire_DialService\Spitfire_DialService.exe
2015-08-13 16:36 - 2013-01-24 09:57 - 01199576 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

HKU\S-1-5-21-3097266444-2333562351-893229259-500\Software\Classes\.exe: exefile => <===== ATTENTION
HKU\S-1-5-21-3097266444-2333562351-893229259-500\Software\Classes\exefile: <===== ATTENTION

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-3097266444-2333562351-893229259-500\...\dell.com -> dell.com

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2016-05-27 17:13 - 00000042 ____A C:\Windows\system32\Drivers\etc\hosts

::1 localhost
127.0.0.1 localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3097266444-2333562351-893229259-500\Control Panel\Desktop\\Wallpaper -> C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 8.8.8.8 - 8.4.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: FLEXnet Licensing Service => 3
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: Spitfire_RecordingService => 2
MSCONFIG\startupfolder: C:^Users^Administrator^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk => C:\Windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
MSCONFIG\startupreg: 3200 Scan2PC => "C:\Windows\twain_32\Samsung\SCX3200\Scan2Pc.exe"
MSCONFIG\startupreg: Acrobat Assistant 8.0 => "C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: GIDDesktop => C:\Program Files (x86)\SFT\GuardedID\gidd.exe /s
MSCONFIG\startupreg: IAStorIcon => "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60
MSCONFIG\startupreg: Logitech Download Assistant => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
MSCONFIG\startupreg: MSC => "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
MSCONFIG\startupreg: RESTART_STICKY_NOTES => C:\Windows\System32\StikyNot.exe
MSCONFIG\startupreg: RtHDVBg => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /MAXX5REC
MSCONFIG\startupreg: RTHDVCPL => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
MSCONFIG\startupreg: SandboxieControl => "C:\Program Files\Sandboxie\SbieCtrl.exe"
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: USB3MON => "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [TCP Query User{AE6C5FC8-A0D9-46DD-A1B5-155D97D0F734}C:\users\office-1\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe] => (Allow) C:\users\office-1\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe
FirewallRules: [UDP Query User{60E14D3B-9877-4159-BEC0-8D61D27AEBA4}C:\users\office-1\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe] => (Allow) C:\users\office-1\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe
FirewallRules: [TCP Query User{6585E25D-EB32-4621-9E08-209FDB7A6ED0}C:\program files (x86)\logmein rescue calling card\callingcard.exe] => (Allow) C:\program files (x86)\logmein rescue calling card\callingcard.exe
FirewallRules: [UDP Query User{77636F3D-D090-484A-A6EA-77963587E151}C:\program files (x86)\logmein rescue calling card\callingcard.exe] => (Allow) C:\program files (x86)\logmein rescue calling card\callingcard.exe
FirewallRules: [{189AD50A-7A82-422B-96B2-781DC2AF3253}] => (Allow) C:\Windows\twain_32\Samsung\ScanMgr.exe
FirewallRules: [{6B931C08-4EBE-4FDF-A52C-C2256BD3C1CA}] => (Allow) C:\Windows\twain_32\Samsung\ScanMgr.exe
FirewallRules: [{301F79D9-3FAC-4EBA-8ECD-94C314250F5C}] => (Allow) C:\Windows\twain_32\Samsung\SCX3200\Scan2Pc.exe
FirewallRules: [{7DF48D35-D45C-4C01-836A-C1EB79F4B155}] => (Allow) C:\Windows\twain_32\Samsung\SCX3200\Scan2Pc.exe
FirewallRules: [{72DF3227-99F4-409A-85FE-32991DEDB6DE}] => (Allow) C:\Windows\twain_32\Samsung\SCX3200\Sscan2io.exe
FirewallRules: [{5449BC9F-00BA-44F8-8DFA-31DC80A90943}] => (Allow) C:\Windows\twain_32\Samsung\SCX3200\Sscan2io.exe
FirewallRules: [{F4C00A51-F149-4361-941D-ACA1BB905ECE}] => (Allow) C:\Program Files (x86)\Scan Assistant\USDAgent.exe
FirewallRules: [{6A8E2750-F342-4535-AF17-4C8A38CE6FF6}] => (Allow) C:\Program Files (x86)\Scan Assistant\USDAgent.exe
FirewallRules: [{5EC0075F-8C4F-4223-AB9F-EEEBDD344F81}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{2AD4BD74-DDAD-4DA4-B41D-432263867F9E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{27DB3D31-D527-48C6-923B-EF28F6E615C8}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{CC0D81D8-676B-4CA0-8608-38760AD57BA8}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{2DEDCFE4-2AFC-42E8-BB36-E28D7DBD60DF}] => (Allow) LPort=2869
FirewallRules: [{79D090B2-837A-479B-97FD-92F2436820ED}] => (Allow) LPort=1900
FirewallRules: [{AD07EDFE-D4A8-440A-9E52-A6BFD6A0739D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{273B9CA7-84C8-4917-BEB8-D61DB8C4599C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{09D16C11-E48F-4741-8187-CA2D06B85E0B}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe
FirewallRules: [UDP Query User{637310E8-F08E-430D-BE3E-26E844B68352}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe
FirewallRules: [TCP Query User{45633BFC-442B-43BB-8AB7-94D2DE4D1F85}C:\program files (x86)\logmein rescue calling card\callingcard.exe] => (Allow) C:\program files (x86)\logmein rescue calling card\callingcard.exe
FirewallRules: [UDP Query User{BB0A803D-FD8C-4B9A-9398-C0095E926D7F}C:\program files (x86)\logmein rescue calling card\callingcard.exe] => (Allow) C:\program files (x86)\logmein rescue calling card\callingcard.exe
FirewallRules: [TCP Query User{35673452-6D37-4875-AAA6-2755933285A3}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe
FirewallRules: [UDP Query User{A7CE908A-23D8-49F7-AE1B-DCBE8172A249}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe
FirewallRules: [TCP Query User{C7A9F53E-0623-4627-A73C-BB5968D03513}C:\users\administrator\desktop\new folder\tftpd64.452\tftpd64.exe] => (Allow) C:\users\administrator\desktop\new folder\tftpd64.452\tftpd64.exe
FirewallRules: [UDP Query User{F296876A-E289-4296-BF7A-7A9F57F23E92}C:\users\administrator\desktop\new folder\tftpd64.452\tftpd64.exe] => (Allow) C:\users\administrator\desktop\new folder\tftpd64.452\tftpd64.exe
FirewallRules: [{139C0536-A856-4C88-B78E-67731723486B}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{D4FB6878-DDB2-4C94-8DD7-EA896D575FBB}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{34B318AF-1749-4376-B0AD-61C54A040E0E}] => (Allow) LPort=80
FirewallRules: [{97D27989-B79D-4A35-AF0D-4E44F5066E46}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

22-05-2016 02:46:48 Windows Update
25-05-2016 14:52:49 Windows Update
26-05-2016 03:27:42 Removed Java 8 Update 73
27-05-2016 16:55:07 Removed Sophos Virus Removal Tool.
27-05-2016 17:00:05 Removed WOT for Internet Explorer
27-05-2016 17:12:54 Installed STOPzilla AntiMalware.
27-05-2016 17:14:29 STOPzilla Restore Point.

==================== Faulty Device Manager Devices =============

Name: Dell Wireless 1703 802.11b/g/n (2.4GHz)
Description: Dell Wireless 1703 802.11b/g/n (2.4GHz)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Atheros Communications Inc.
Service: athr
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Dell Wireless 1703 Bluetooth
Description: Dell Wireless 1703 Bluetooth
Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Manufacturer: Qualcomm Atheros Communications
Service: BTHUSB
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (05/27/2016 06:46:59 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/27/2016 06:46:35 PM) (Source: Report Server Windows Service (MSSQLSERVER)) (EventID: 107) (User: )
Description: Report Server Windows Service (MSSQLSERVER) cannot connect to the report server database.

Error: (05/27/2016 06:16:24 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Program Files (x86)\iS3\STOPzilla AntiMalware\SZScanner.exe Files (x86)\iS3\STOPzilla AntiMalware\SZScanner.exe" ; Description = STOPzilla Restore Point.; Error = 0x8007043c).

Error: (05/27/2016 05:19:42 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Program Files (x86)\iS3\STOPzilla AntiMalware\SZScanner.exe Files (x86)\iS3\STOPzilla AntiMalware\SZScanner.exe" ; Description = STOPzilla Restore Point.; Error = 0x8007043c).

Error: (05/27/2016 05:19:11 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/27/2016 10:49:57 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/27/2016 10:49:14 AM) (Source: Report Server Windows Service (MSSQLSERVER)) (EventID: 107) (User: )
Description: Report Server Windows Service (MSSQLSERVER) cannot connect to the report server database.

Error: (05/26/2016 12:53:54 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: HmpElementsServer.exe, version: 2.2.9.1, time stamp: 0x54efa03c
Faulting module name: HmpElementsUmc.dll, version: 2.2.9.1, time stamp: 0x54e80171
Exception code: 0xc0000005
Fault offset: 0x00a2bd28
Faulting process id: 0x9cc
Faulting application start time: 0xHmpElementsServer.exe0
Faulting application path: HmpElementsServer.exe1
Faulting module path: HmpElementsServer.exe2
Report Id: HmpElementsServer.exe3

Error: (05/26/2016 12:53:54 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: HmpElementsServer.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.AccessViolationException
Stack:
at HmpElements.Server.BeepDetectorUmc.FreeBeepDetector(IntPtr)
at HmpElements.Server.BeepDetector.Finalize()

Error: (05/26/2016 12:53:37 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Kodi.exe version 15.2.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 23c0

Start Time: 01d1b6fe117d83cf

Termination Time: 18

Application Path: C:\Program Files (x86)\Kodi\Kodi.exe

Report Id: c9cf63f3-22fd-11e6-8d13-b8ca3a9ab41e


System errors:
=============
Error: (05/27/2016 06:46:50 PM) (Source: ipnathlp) (EventID: 30013) (User: )
Description: 192.168.2.220192.168.137.0255.255.255.0

Error: (05/27/2016 06:46:50 PM) (Source: ipnathlp) (EventID: 1233) (User: )
Description:

Error: (05/27/2016 06:46:36 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
is3srv

Error: (05/27/2016 06:45:40 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Service Installer TrueKey service failed to start due to the following error:
%%2

Error: (05/27/2016 06:44:22 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk4\DR4.

Error: (05/27/2016 06:44:22 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk3\DR3.

Error: (05/27/2016 06:44:22 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk2\DR2.

Error: (05/27/2016 06:44:22 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.

Error: (05/27/2016 06:44:07 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (05/27/2016 06:44:06 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068


CodeIntegrity:
===================================
Date: 2016-03-11 00:07:26.898
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-03-11 00:07:26.883
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-12-25 21:39:25.560
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Emsisoft Anti-Malware\a2hooks64.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-12-25 20:59:02.982
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Emsisoft Anti-Malware\a2hooks64.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-12-25 20:44:44.221
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-12-25 20:44:44.208
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-11-29 00:33:03.932
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\ADMINI~1\AppData\Local\Temp\PCIUtil.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-11-29 00:33:03.918
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\ADMINI~1\AppData\Local\Temp\PCIUtil.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-11-29 00:24:14.144
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\Administrator\Desktop\PCIUtil.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-11-29 00:24:14.128
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\Administrator\Desktop\PCIUtil.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7-4770 CPU @ 3.40GHz
Percentage of memory in use: 31%
Total physical RAM: 12237.72 MB
Available physical RAM: 8442.43 MB
Total Virtual: 24473.65 MB
Available Virtual: 20396.2 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:931.28 GB) (Free:794.75 GB) NTFS
Drive f: () (Removable) (Total:1.86 GB) (Free:0 GB) FAT

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 00000000)

Partition: GPT.

========================================================
Disk: 4 (Size: 1.9 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt ============================

 

[Boufeez]

The following has been quarantined by Stopzilla
Trojan.Win32.Cognac!a
Trojan.Win32.Mal.gen!b56
VirTool.Win32.Obfuscator
Trojan.Win32.Redirector.gen
Vundo.A7
------
The following has been quarantined by Microsoft security essentials
win32/beaugrit.gen!c

 

[Broni]

Please, observe following rules:

• Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
• If you're stuck, or you're not sure about certain step, always ask before doing anything else.
• Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
• Never run more than one scan at a time.
• Keep updating me regarding your computer behavior, good, or bad.
• The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
• If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
• I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

=================================

STOPzilla is not really recommended for various reasons. I strongly suggest you uninstall it.

Then...

Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2

• Close all the running programs
• Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
• Otherwise just double-click on RogueKiller.exe
• Pre-scan will start. Let it finish.
• Click on SCAN button.
• Wait until the Status box shows Scan Finished
• Click on Delete.
• Wait until the Status box shows Deleting Finished.
• Click on Report and copy/paste the content of the Notepad into your next reply.
• RKreport.txt could also be found on your desktop.
• If more than one log is produced post all logs.
• If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

Please download Malwarebytes Anti-Malware (MBAM) to your desktop.
NOTE. If you already have MBAM 2.0 installed scroll down.

• Double-click mbam-setup-2.0.0.1000.exe and follow the prompts to install the program.
  
• At the end, be sure a checkmark is placed next to the following:
  
• Launch Malwarebytes Anti-Malware
• A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  
• Click Finish.
• On the Dashboard, click the 'Update Now >>' link
• After the update completes, click the 'Scan Now >>' button.
  
• Or, on the Dashboard, click the Scan Now >> button.
• If an update is available, click the Update Now button.
  
• A Threat Scan will begin.
• When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
• In most cases, a restart will be required.
• Wait for the prompt to restart the computer to appear, then click on Yes.

If you already have MBAM 2.0 installed:

• On the Dashboard, click the 'Update Now >>' link
• After the update completes, click the 'Scan Now >>' button.
  
• Or, on the Dashboard, click the Scan Now >> button.
• If an update is available, click the Update Now button.
  
• A Threat Scan will begin.
• When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
• In most cases, a restart will be required.
• Wait for the prompt to restart the computer to appear, then click on Yes.

How to get logs:
(Export log to save as txt)

• After the restart once you are back at your desktop, open MBAM once more.
• Click on the History tab > Application Logs.
• Double click on the Scan Log which shows the Date and time of the scan just performed.
• Click 'Export'.
• Click 'Text file (*.txt)'
• In the Save File dialog box which appears, click on Desktop.
• In the File name: box type a name for your scan log.
• A message box named 'File Saved' should appear stating "Your file has been successfully exported".
• Click Ok
• Attach that saved log to your next reply.

(Copy to clipboard for pasting into forum replies or tickets)

• After the restart once you are back at your desktop, open MBAM once more.
• Click on the History tab > Application Logs.
• Double click on the Scan Log which shows the Date and time of the scan just performed.
• Click 'Copy to Clipboard'
• Paste the contents of the clipboard into your reply.

Please download AdwCleaner by Xplode onto your desktop.

• Close all open programs and internet browsers.
• Double click on adwcleaner.exe to run the tool.
• Click on Scan button.
• When the scan has finished click on Clean button.
• Your computer will be rebooted automatically. A text file will open after the restart.
• Please post the contents of that logfile with your next reply.
• You can find the logfile at C:\AdwCleaner[S1].txt as well.

Please download Junkware Removal Tool to your desktop.

• Shut down your protection software now to avoid potential conflicts.
• Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
• The tool will open and start scanning your system.
• Please be patient as this can take a while to complete depending on your system's specifications.
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• Post the contents of JRT.txt into your next message.

 

[Boufeez]

RogueKiller V12.3.0.0 (x64) [May 22 2016] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/software/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Administrator [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Scan -- Date : 05/28/2016 00:30:31

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 0 ¤¤¤

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: Intel Raid 1 Volume SCSI Disk Device +++++
--- User ---
[MBR] 0086f36f0b7bc8b257f89fc226376c3d
[BSP] 9e3b3c473b1db0daa516427cdae6e1cc : Windows Vista/7/8 MBR Code
Partition table:
0 - [MAN-MOUNT] EFI system partition | Offset (sectors): 2052 | Size: 99 MB
1 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 205200 | Size: 128 MB
2 - Basic data partition | Offset (sectors): 467856 | Size: 953626 MB
User = LL1 ... OK
Error reading LL2 MBR! ([18] The program issued a command but the command length is incorrect. )

+++++ PhysicalDrive1: CF/MD Card +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive2: SM/xD Card +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive3: SD/mini-MMC/RS Card +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive4: MS/Pro/Duo Card +++++
--- User ---
[MBR] 776b1a1ef05c5b6a9b722141f602614c
[BSP] df4f83c1f72e36823a12b0dfc7617313 : Empty MBR Code
Partition table:
0 - [ACTIVE] FAT16 (0x6) [VISIBLE] Offset (sectors): 387 | Size: 1904 MB
User = LL1 ... OK
Error reading LL2 MBR! ([32] The request is not supported. )

 

[Boufeez]

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 5/28/2016
Scan Time: 12:32 AM
Logfile: jj.txt
Administrator: Yes

Version: 2.2.1.1043
Malware Database: v2016.05.28.02
Rootkit Database: v2016.05.27.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Administrator

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 637238
Time Elapsed: 13 min, 58 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

 

[Boufeez]

# AdwCleaner v5.026 - Logfile created 29/12/2015 at 21:34:55
# Updated 21/12/2015 by Xplode
# Database : 2015-12-29.1 [Server]
# Operating system : Windows 7 Professional Service Pack 1 (x64)
# Username : Administrator - OFFICE-1-PC
# Running from : C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GC3JYA5P\adwcleaner_5.026.exe
# Option : Scan
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****


***** [ Files ] *****


***** [ DLL ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****


***** [ Web browsers ] *****


########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [677 bytes] ##########
# AdwCleaner v5.118 - Logfile created 28/05/2016 at 00:49:54
# Updated 23/05/2016 by Xplode
# Database : 2016-05-26.2 [Server]
# Operating system : Windows 7 Professional Service Pack 1 (X64)
# Username : Administrator - OFFICE-1-PC
# Running from : C:\Users\Administrator\Downloads\adwcleaner_5.118.exe
# Option : Scan
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****


***** [ Files ] *****


***** [ DLL ] *****


***** [ WMI ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****


***** [ Web browsers ] *****


*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [2613 bytes] - [28/12/2015 20:59:20]
C:\AdwCleaner\AdwCleaner[C2].txt - [2519 bytes] - [29/12/2015 22:35:28]
C:\AdwCleaner\AdwCleaner[C3].txt - [779 bytes] - [04/01/2016 18:38:05]
C:\AdwCleaner\AdwCleaner[S1].txt - [2423 bytes] - [27/12/2015 18:20:58]
C:\AdwCleaner\AdwCleaner[S2].txt - [2257 bytes] - [28/12/2015 20:57:16]
C:\AdwCleaner\AdwCleaner[S3].txt - [1784 bytes] - [29/12/2015 22:34:55]
C:\AdwCleaner\AdwCleaner[S4].txt - [687 bytes] - [04/01/2016 18:36:25]
C:\AdwCleaner\AdwCleaner[S5].txt - [687 bytes] - [10/01/2016 20:46:36]
C:\AdwCleaner\AdwCleaner[S6].txt - [687 bytes] - [10/01/2016 20:48:39]
C:\AdwCleaner\AdwCleaner[S7].txt - [755 bytes] - [19/01/2016 21:38:41]

########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [2145 bytes] ##########

 

[Boufeez]

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.6 (04.25.2016)
Operating System: Windows 7 Professional x64
Ran by Administrator (Administrator) on Sat 05/28/2016 at 0:51:41.07
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 12

Failed to delete: C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1S83ZJC4 (Temporary Internet Files Folder)
Failed to delete: C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UCVZS3SX (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JG0GI4IQ (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O2R61G00 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X360HZQU (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZC44P2Q7 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1S83ZJC4 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JG0GI4IQ (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O2R61G00 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UCVZS3SX (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X360HZQU (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZC44P2Q7 (Temporary Internet Files Folder)



Registry: 0





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 05/28/2016 at 0:53:09.63
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

[Boufeez]

So these are false positives I got from Microsoft Security Essentials ?

What about the the screen flashing black for a second ( like someone connecting to the machine remotely ) and yellow exclamation mark in systray with no description appears right after screen flashes black.

 

[Broni]

We'll keep checking...

Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

• Never rename Combofix unless instructed.
• Close any open browsers.
• Very Important! Temporarily disable your anti-virus and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
• Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
• Close any open browsers.
• WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
• Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
• If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  If the connection is not there use restore point you created prior to running Combofix.
• Double click on combofix.exe & follow the prompts.

• 
  NOTE1. If Combofix asks you to install Recovery Console, please allow it.
  NOTE 2. If Combofix asks you to update the program, always do so.

• When finished, it will produce a report for you.
• Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try the following...

Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

Restart computer in safe mode

• Double-click on the Rkill desktop icon to run the tool.
• If using Windows Vista, 7 or 8 right-click on it and choose Run As Administrator.
• A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
• If not, delete the file, then download and use the one provided in Link 2.
• Do not reboot until instructed.
• If the tool does not run from any of the links provided, please let me know.

When the scan is done Notepad will open with rKill.txt log.
NOTE. rKill.txt log will also be present on your desktop.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.

 

[Boufeez]

Thanks Broni ! Your a real lifesaver..

Still getting the random black screen for about a second and then the non descriptive yellow exclamation mark in the system tray. Really seems like the characteristics of someone connecting to the machine .

ComboFix 16-05-18.01 - Administrator 05/29/2016 18:56:26.5.8 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.12238.10174 [GMT -4:00]
Running from: c:\users\Administrator\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {768124D7-F5F7-6D2F-DDC2-94DFA4017C95}
SP: Microsoft Security Essentials *Disabled/Updated* {CDE0C533-D3CD-62A1-E772-AFADDF863628}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2016-04-28 to 2016-05-29 )))))))))))))))))))))))))))))))
.
.
2016-05-29 23:00 . 2016-05-29 23:00 -------- d-----w- c:\users\ReportServer\AppData\Local\temp
2016-05-29 23:00 . 2016-05-29 23:00 -------- d-----w- c:\users\Public\AppData\Local\temp
2016-05-29 23:00 . 2016-05-29 23:00 -------- d-----w- c:\users\OFFICE-1\AppData\Local\temp
2016-05-29 18:15 . 2016-05-26 20:28 11895896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F4CDF2F4-60E8-4611-B742-B100DE53C983}\mpengine.dll
2016-05-29 18:15 . 2016-05-26 20:28 11895896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2016-05-28 04:32 . 2016-05-28 04:32 192216 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2016-05-28 04:31 . 2016-03-10 18:09 64896 ----a-w- c:\windows\system32\drivers\mwac.sys
2016-05-28 04:31 . 2016-03-10 18:08 140672 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2016-05-28 04:31 . 2016-03-10 18:08 27008 ----a-w- c:\windows\system32\drivers\mbam.sys
2016-05-28 04:31 . 2016-05-28 04:31 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2016-05-28 04:08 . 2016-05-28 04:09 -------- d-----w- c:\program files\RogueKiller
2016-05-27 23:42 . 2016-05-27 23:42 -------- d-----w- c:\users\Administrator\AppData\Local\ESET
2016-05-27 21:13 . 2016-05-28 00:10 -------- d-----w- c:\programdata\STOPzilla!
2016-05-22 06:47 . 2016-05-11 18:10 1167568 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{363F49C3-8689-4765-B9AB-99CF88910EF3}\gapaengine.dll
2016-05-12 14:48 . 2016-05-12 14:48 53384 ----a-w- c:\windows\system32\drivers\EpfwLWF.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-05-28 04:10 . 2015-08-26 16:27 28272 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2016-05-20 16:36 . 2015-08-21 04:08 797376 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2016-05-20 16:36 . 2015-08-21 04:08 142528 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2016-05-11 18:10 . 2016-01-21 03:48 1167568 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2016-04-22 07:57 . 2010-11-21 03:27 453288 ------w- c:\windows\system32\MpSigStub.exe
2016-03-18 19:14 . 2015-11-12 23:48 127680 ----a-w- c:\programdata\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll
2016-03-05 06:10 . 2015-08-13 18:38 146614896 ----a-w- c:\windows\system32\MRT.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner64.exe" [2015-08-19 8455960]
"RESTART_STICKY_NOTES"="c:\windows\System32\StikyNot.exe" [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"DisableCAD"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"TaskbarNoNotification"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli c:\program files\TrueKey\McAfeeTrueKeyPasswordFilter
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R0 is3srv;is3srv;c:\windows\SySWOW64\drivers\is3srv64.sys;c:\windows\SySWOW64\drivers\is3srv64.sys [x]
R0 szkg5;szkg5;c:\windows\SySWOW64\drivers\szkg64.sys;c:\windows\SySWOW64\drivers\szkg64.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 Cti32svc;CTI32 Telephony Engine;c:\program files (x86)\CTI32\cti32svc.exe;c:\program files (x86)\CTI32\cti32svc.exe [x]
R2 HmpElements;HmpElements Server;c:\program files (x86)\Inventive Labs\Hmp Elements Server\HmpElementsServer.exe;c:\program files (x86)\Inventive Labs\Hmp Elements Server\HmpElementsServer.exe [x]
R2 InstallerService;Service Installer TrueKey;c:\program files\TrueKey\Mcafee.TrueKey.InstallerService.exe;c:\program files\TrueKey\Mcafee.TrueKey.InstallerService.exe [x]
R2 MsDtsServer120;SQL Server Integration Services 12.0;c:\program files\Microsoft SQL Server\120\DTS\Binn\MsDtsSrvr.exe;c:\program files\Microsoft SQL Server\120\DTS\Binn\MsDtsSrvr.exe [x]
R2 Spitfire_BusinessService;Spitfire_BusinessService;c:\spd enterprise\SpitFire_BusinessService\Spitfire_BusinessService.exe;c:\spd enterprise\SpitFire_BusinessService\Spitfire_BusinessService.exe [x]
R2 Spitfire_DialService;Spitfire_DialService;c:\spd enterprise\SpitFire_DialService\Spitfire_DialService.exe;c:\spd enterprise\SpitFire_DialService\Spitfire_DialService.exe [x]
R2 Spitfire_LoginService;Spitfire_LoginService;c:\spd enterprise\SpitFire_LoginService\Spitfire_LoginService.exe;c:\spd enterprise\SpitFire_LoginService\Spitfire_LoginService.exe [x]
R3 AthBTPort;Qualcomm Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_flt.sys [x]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys;c:\windows\SYSNATIVE\drivers\btath_a2dp.sys [x]
R3 btath_avdt;Qualcomm Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys;c:\windows\SYSNATIVE\drivers\btath_avdt.sys [x]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_hcrp.sys [x]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_lwflt.sys [x]
R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_rcp.sys [x]
R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 EsgScanner;EsgScanner;c:\windows\system32\DRIVERS\EsgScanner.sys;c:\windows\SYSNATIVE\DRIVERS\EsgScanner.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;c:\program files\Intel\iCLS Client\SocketHeciServer.exe;c:\program files\Intel\iCLS Client\SocketHeciServer.exe [x]
R3 MSSQLFDLauncher;SQL Full-text Filter Daemon Launcher (MSSQLSERVER);c:\program files\Microsoft SQL Server\MSSQL12.MSSQLSERVER\MSSQL\Binn\fdlauncher.exe;c:\program files\Microsoft SQL Server\MSSQL12.MSSQLSERVER\MSSQL\Binn\fdlauncher.exe [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 SQL Server Distributed Replay Client;SQL Server Distributed Replay Client;c:\program files (x86)\Microsoft SQL Server\120\Tools\DReplayClient\DReplayClient.exe;c:\program files (x86)\Microsoft SQL Server\120\Tools\DReplayClient\DReplayClient.exe [x]
R3 SQL Server Distributed Replay Controller;SQL Server Distributed Replay Controller;c:\program files (x86)\Microsoft SQL Server\120\Tools\DReplayController\DReplayController.exe;c:\program files (x86)\Microsoft SQL Server\120\Tools\DReplayController\DReplayController.exe [x]
R3 TrueKeyServiceHelper;TrueKeyServiceHelper;c:\program files\TrueKey\McAfee.TrueKey.ServiceHelper.exe;c:\program files\TrueKey\McAfee.TrueKey.ServiceHelper.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 RsFx0310;RsFx0310 Driver;c:\windows\system32\DRIVERS\RsFx0310.sys;c:\windows\SYSNATIVE\DRIVERS\RsFx0310.sys [x]
R4 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R4 Spitfire_RecordingService;Spitfire_RecordingService;c:\spd enterprise\SpitFire_RecordingService\Spitfire_RecordingService.exe;c:\spd enterprise\SpitFire_RecordingService\Spitfire_RecordingService.exe [x]
S0 BTATH_BUS;Qualcomm Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys;c:\windows\SYSNATIVE\DRIVERS\btath_bus.sys [x]
S0 iaStorA;iaStorA;c:\windows\system32\DRIVERS\iaStorA.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorA.sys [x]
S0 iaStorF;iaStorF;c:\windows\system32\DRIVERS\iaStorF.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorF.sys [x]
S0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe;c:\program files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe;c:\program files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 Intel(R) ME Service;Intel(R) ME Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [x]
S2 IntelBCAsvc;Intel(R) Biometric and Context Agent Service;c:\program files\Intel\BCA\pabeSvc64.exe;c:\program files\Intel\BCA\pabeSvc64.exe [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys;c:\windows\SYSNATIVE\drivers\npf.sys [x]
S2 ReportServer;SQL Server Reporting Services (MSSQLSERVER);c:\program files\Microsoft SQL Server\MSRS12.MSSQLSERVER\Reporting Services\ReportServer\bin\ReportingServicesService.exe;c:\program files\Microsoft SQL Server\MSRS12.MSSQLSERVER\Reporting Services\ReportServer\bin\ReportingServicesService.exe [x]
S2 RtkAudioService;Realtek Audio Service;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe [x]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys;c:\windows\SYSNATIVE\Drivers\SSPORT.sys [x]
S2 TrueKey;Intel Security True Key;c:\program files\TrueKey\McAfee.TrueKey.Service.exe;c:\program files\TrueKey\McAfee.TrueKey.Service.exe [x]
S2 TrueKeyScheduler;Intel Security True Key Scheduler;c:\program files\TrueKey\McTkSchedulerService.exe;c:\program files\TrueKey\McTkSchedulerService.exe [x]
S2 ZAtheros Wlan Agent;ZAtheros Wlan Agent;c:\program files (x86)\Dell Wireless\Ath_WlanAgent.exe;c:\program files (x86)\Dell Wireless\Ath_WlanAgent.exe [x]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys [x]
S3 iusb3hub;Intel(R) USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 usbkey;USB Dongle;c:\windows\system32\DRIVERS\USBKey64.sys;c:\windows\SYSNATIVE\DRIVERS\USBKey64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2016-05-11 21:54 1186968 ----a-w- c:\program files (x86)\Google\Chrome\Application\50.0.2661.102\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2016-05-21 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-08-21 16:36]
.
2016-05-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2016-01-31 06:40]
.
2016-05-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2016-01-31 06:40]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" [2013-04-30 36352]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2016-01-30 1340192]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <-loopback>
Trusted Zone: dell.com
TCP: Interfaces\{9D3C4071-F374-4945-9A9C-1599E5144CC0}: NameServer = 8.8.8.8,8.4.4.4
FF - ProfilePath - c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\dim0fd18.default\
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-Malwarebytes Anti-Exploit - c:\program files (x86)\Malwarebytes Anti-Exploit\mbae.exe
.
.
"ImagePath"="\"c:\program files\Microsoft SQL Server\MSRS12.MSSQLSERVER\Reporting Services\ReportServer\bin\ReportingServicesService.exe\""
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\ReportServerSharePoint:Service]
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (Administrator)
.
[HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,b7,55,2b,a8,e5,da,33,44,87,df,8e,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,b7,55,2b,a8,e5,da,33,44,87,df,8e,\
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,b6,46,b9,21,8d,db,72,4c,ac,5f,df,\
.
[HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Internet Explorer\User Preferences - Do not modify. Direct modification is a violation of ISV software requirements.]
@Denied: (2) (Administrator)
"Learn about ISV Software Requirements"="http://go.microsoft.com/fwlink/?LinkId=392206"
"2E1C892BBCB432157F277FDF4D11FD173738EC8D13"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,b6,46,b9,21,8d,db,72,4c,ac,5f,df,\
.
[HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3g2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.3G2"
.
[HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gp\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.3GP"
.
[HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gp2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.3G2"
.
[HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gpp\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.3GP"
.
[HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.AAC\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ADTS"
.
[HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ADT\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ADTS"
.
[HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ADTS\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ADTS"
.
[HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"
.
[HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"
.
[HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"
.
[HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asf\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASF"
.
[HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASX"
.
[HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AU"
.
[HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.avi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AVI"
.
[HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cda\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.CDA"
.
[HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.config\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\notepad++.exe"
.
[HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.crx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="OperaStable"
.
[HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.csv\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Excel.CSV"
.
[HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.HTM"
.
[HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.HTM"
.
[HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.indd\UserChoice]
@Denied: (2) (Administrator)
"Progid"="InDesign.Document"
.
[HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\AcroRd32.exe"
.
[HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="jpegfile"
.
[HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.Log\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\notepad.exe"
.
[HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m1v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.M2T\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.M2TS"
.
[HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.M2TS\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.M2TS"
.
[HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.M2V\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.m3u"
.
[HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4a\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.M4A"
.
[HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP4"
.
[HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mht\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.MHT"
.
[HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mhtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.MHT"
.
[HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"
.
[HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"
.
[HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MOD\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mov\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MOV"
.
[HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP3"
.
[HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP3"
.
[HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP4"
.
[HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP4"
.
[HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpa\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpe\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpeg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpv2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MTS\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.M2TS"
.
[HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nex\UserChoice]
@Denied: (2) (Administrator)
"Progid"="OperaStable"
.
[HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.opdownload\UserChoice]
@Denied: (2) (Administrator)
"Progid"="OperaStable"
.
[HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.partial\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.PARTIAL"
.
[HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\UserChoice]
@Denied: (2) (Administrator)
"Progid"="PhotoViewer.FileAssoc.Png"
.
[HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ppt\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\WINWORD.EXE"
.
[HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psd\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Photoshop.Image.16"
.
[HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rar\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\7zFM.exe"
.
[HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rmi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"
.
[HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AU"
.
[HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.svg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.SVG"
.
[HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.TS\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.TTS"
.
[HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.TTS\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.TTS"
.
[HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.txt\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\NOTEPAD.EXE"
.
[HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.url\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.URL"
.
[HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WAV"
.
[HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wax\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WAX"
.
[HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.website\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.WEBSITE"
.
[HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASF"
.
[HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMA"
.
[HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmd\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMD"
.
[HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wms\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMS"
.
[HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmv\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMV"
.
[HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASX"
.
[HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmz\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMZ"
.
[HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wpl\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WPL"
.
[HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wvx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WVX"
.
[HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.XHT"
.
[HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.XHT"
.
[HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xlsx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Excel.Sheet.12"
.
[HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\WORDPAD.EXE"
.
[HKEY_USERS\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xps\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\mspaint.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2016-05-29 19:01:31
ComboFix-quarantined-files.txt 2016-05-29 23:01
ComboFix2.txt 2016-03-11 05:08
ComboFix3.txt 2016-01-20 02:18
ComboFix4.txt 2015-12-30 02:48
ComboFix5.txt 2016-05-29 22:54
.
Pre-Run: 860,001,959,936 bytes free
Post-Run: 859,881,959,424 bytes free
.
- - End Of File - - 384196FAD12C264A7D743DFEAF398A0E
A36C5E4F47E84449FF07ED3517B43A31

 

[Boufeez]

Can we run a "hijackthis" scan ?

I really feel as if there is someone logging into the machine. The bios version is up to date and all updates are completed and there are no errors in device manager which should mean there is no faulty videocard / hardware ect...

 

[Boufeez]

In system property's under remote tab, the following is unchecked :

Allow remote assistance connections to this computer

Radio button selected :

Don't allow connections to this computer

 

[Broni]

HijackThis is a very outdated tool not used anymore.

Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.

• Double click to run it.
• Make sure you checkmark Addition.txt box.
• Press Scan button.
• Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.

 

[Boufeez]

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:29-05-2016 02
Ran by Administrator (administrator) on OFFICE-1-PC (31-05-2016 12:31:08)
Running from C:\Users\Administrator\Desktop
Loaded Profiles: Administrator & ReportServer (Available Profiles: Administrator & MSSQLServerOLAPService & ReportServer & MSSQLFDLauncher & MsDtsServer120 & MSSQLSERVER & Classic .NET AppPool & DefaultAppPool & ASP.NET v4.0 Classic)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(AMD) C:\Windows\System32\atieclxx.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe
(Apple Computer, Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel(R) Corporation) C:\Program Files\Intel\BCA\pabeSvc64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Atheros) C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSRS12.MSSQLSERVER\Reporting Services\ReportServer\bin\ReportingServicesService.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(McAfee, Inc.) C:\Program Files\TrueKey\McTA558.tmp
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(McAfee, Inc.) C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe
(Farbar) C:\Users\Administrator\Desktop\FRST64(1).exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [286704 2013-04-30] (Intel Corporation)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1340192 2016-01-29] (Microsoft Corporation)
HKLM\...\Policies\Explorer: [TaskbarNoNotification] 1
HKU\S-1-5-21-3097266444-2333562351-893229259-500\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8455960 2015-08-19] (Piriform Ltd)
HKU\S-1-5-21-3097266444-2333562351-893229259-500\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)
HKU\S-1-5-21-3097266444-2333562351-893229259-500\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [11264 2009-07-13] (Microsoft Corporation)
Lsa: [Notification Packages] scecli C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\..\Interfaces\{422811A0-BBB7-4BD5-AAAE-BB743DC9F38E}: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{9D3C4071-F374-4945-9A9C-1599E5144CC0}: [NameServer] 8.8.8.8,8.4.4.4

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3097266444-2333562351-893229259-500\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3097266444-2333562351-893229259-500\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\S-1-5-21-3097266444-2333562351-893229259-500 -> DefaultScope {A6A0D800-A86D-46FF-B3A8-EC68EB4F50E0} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKU\S-1-5-21-3097266444-2333562351-893229259-500 -> {A6A0D800-A86D-46FF-B3A8-EC68EB4F50E0} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007-05-10] (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-3097266444-2333562351-893229259-500 -> No Name - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - No File
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab

FireFox:
========
FF ProfilePath: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\dim0fd18.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_213.dll [2016-04-15] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_213.dll [2016-04-15] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-01-24] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-01-24] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-01-24] (Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)

Chrome:
=======
CHR Profile: C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-01-31]
CHR Extension: (Google Docs) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-01-31]
CHR Extension: (Google Drive) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-01-31]
CHR Extension: (YouTube) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-01-31]
CHR Extension: (Google Search) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-01-31]
CHR Extension: (Google Sheets) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-01-31]
CHR Extension: (Google Docs Offline) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-04-23]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-23]
CHR Extension: (Gmail) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-01-31]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
S2 0186021464671152mcinstcleanup; C:\Windows\TEMP\018602~1.EXE [883024 2015-10-28] (McAfee, Inc.)
R2 AtherosSvc; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [322176 2014-10-28] (Windows (R) Win 7 DDK provider) [File not signed]
R2 Bonjour Service; C:\Program Files (x86)\Bonjour\mDNSResponder.exe [229376 2006-02-28] (Apple Computer, Inc.) [File not signed]
S2 Cti32svc; C:\Program Files (x86)\CTI32\cti32svc.exe [24576 2015-02-23] (Inventive Labs, LLC) [File not signed]
S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2015-11-24] (Macrovision Europe Ltd.) [File not signed]
S2 HmpElements; C:\Program Files (x86)\Inventive Labs\Hmp Elements Server\HmpElementsServer.exe [1946088 2015-02-26] (Inventive Labs, Inc.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-04-30] (Intel Corporation)
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [2451456 2012-07-13] (Realsil Microelectronics Inc.) [File not signed]
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [732160 2012-12-10] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129336 2013-01-31] (Intel Corporation)
R2 IntelBCAsvc; C:\Program Files\Intel\BCA\pabeSvc64.exe [3020440 2015-11-25] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [167736 2013-01-31] (Intel Corporation)
S2 MsDtsServer120; C:\Program Files\Microsoft SQL Server\120\DTS\Binn\MsDtsSrvr.exe [216768 2015-06-09] (Microsoft Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2016-01-29] (Microsoft Corporation)
S3 MSSQLFDLauncher; C:\Program Files\Microsoft SQL Server\MSSQL12.MSSQLSERVER\MSSQL\Binn\fdlauncher.exe [50880 2014-02-21] (Microsoft Corporation)
S2 MSSQLSERVER; C:\Program Files\Microsoft SQL Server\MSSQL12.MSSQLSERVER\MSSQL\Binn\sqlservr.exe [372416 2015-06-09] (Microsoft Corporation)
S3 MSSQLServerOLAPService; C:\Program Files\Microsoft SQL Server\MSAS12.MSSQLSERVER\OLAP\bin\msmdsrv.exe [51156160 2015-04-21] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [374344 2016-01-29] (Microsoft Corporation)
R2 ReportServer; C:\Program Files\Microsoft SQL Server\MSRS12.MSSQLSERVER\Reporting Services\ReportServer\bin\ReportingServicesService.exe [2467008 2015-04-21] (Microsoft Corporation)
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-02-28] (Riverbed Technology, Inc.)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [202824 2013-01-18] (Realtek Semiconductor)
S2 Spitfire_BusinessService; C:\SPD Enterprise\SpitFire_BusinessService\Spitfire_BusinessService.exe [7168 2016-02-15] () [File not signed]
S2 Spitfire_DialService; C:\SPD Enterprise\SpitFire_DialService\Spitfire_DialService.exe [6656 2016-03-02] () [File not signed]
S2 Spitfire_LoginService; C:\SPD Enterprise\SpitFire_LoginService\Spitfire_LoginService.exe [7680 2016-01-12] () [File not signed]
S4 Spitfire_RecordingService; C:\SPD Enterprise\SpitFire_RecordingService\Spitfire_RecordingService.exe [6656 2013-12-31] () [File not signed]
S3 SQL Server Distributed Replay Client; C:\Program Files (x86)\Microsoft SQL Server\120\Tools\DReplayClient\DReplayClient.exe [139968 2014-02-21] (Microsoft Corporation)
S3 SQL Server Distributed Replay Controller; C:\Program Files (x86)\Microsoft SQL Server\120\Tools\DReplayController\DReplayController.exe [345280 2014-02-21] (Microsoft Corporation)
S3 SQLSERVERAGENT; C:\Program Files\Microsoft SQL Server\MSSQL12.MSSQLSERVER\MSSQL\Binn\SQLAGENT.EXE [613056 2015-06-09] (Microsoft Corporation)
R2 TrueKey; C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe [878904 2016-05-16] (McAfee, Inc.)
R2 TrueKeyScheduler; C:\Program Files\TrueKey\McTkSchedulerService.exe [15736 2016-05-16] (McAfee, Inc.)
S3 TrueKeyServiceHelper; C:\Program Files\TrueKey\McAfee.TrueKey.ServiceHelper.exe [86864 2016-05-16] (McAfee, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [81536 2014-05-13] (Atheros) [File not signed]
S2 InstallerService; "C:\Program Files\TrueKey\Mcafee.TrueKey.InstallerService.exe" [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 BTATH_LWFLT; C:\Windows\System32\DRIVERS\btath_lwflt.sys [77464 2014-10-28] (Qualcomm Atheros)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2015-12-24] ()
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28656 2013-04-30] (Intel Corporation)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [116736 2014-02-19] (Intel Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [289120 2015-11-13] (Microsoft Corporation)
R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133816 2015-11-13] (Microsoft Corporation)
R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-02-28] (Riverbed Technology, Inc.)
S4 RsFx0310; C:\Windows\System32\DRIVERS\RsFx0310.sys [249024 2015-04-21] (Microsoft Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R2 SSPORT; C:\Windows\SysWOW64\Drivers\SSPORT.sys [11576 2009-10-28] (Samsung Electronics)
R3 usbkey; C:\Windows\System32\DRIVERS\USBKey64.sys [40288 2015-08-14] ()
S0 is3srv; SySWOW64\drivers\is3srv64.sys [X]
S0 szkg5; SySWOW64\drivers\szkg64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-05-30 23:34 - 2016-05-31 12:31 - 00016753 _____ C:\Users\Administrator\Desktop\FRST.txt
2016-05-30 23:34 - 2016-05-30 23:34 - 02383872 _____ (Farbar) C:\Users\Administrator\Desktop\FRST64(1).exe
2016-05-30 23:33 - 2016-05-30 23:33 - 02383872 _____ (Farbar) C:\Users\Administrator\Downloads\FRST64.exe
2016-05-30 23:28 - 2016-05-30 23:28 - 00000000 ____D C:\Users\Administrator\AppData\Local\ElevatedDiagnostics
2016-05-30 11:23 - 2016-05-30 11:23 - 02354776 _____ C:\Windows\system32\FNTCACHE.DAT
2016-05-29 20:08 - 2016-05-29 20:08 - 00110560 _____ C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2016-05-29 19:01 - 2016-05-29 19:01 - 00035018 _____ C:\ComboFix.txt
2016-05-29 18:54 - 2011-06-26 02:45 - 00256000 _____ C:\Windows\PEV.exe
2016-05-29 18:54 - 2009-04-20 00:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2016-05-29 18:54 - 2000-08-30 20:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2016-05-29 18:54 - 2000-08-30 20:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2016-05-29 18:14 - 2016-05-29 18:47 - 00000174 _____ C:\Users\Administrator\Desktop\Router.url
2016-05-29 10:26 - 2016-05-29 10:26 - 00000000 ___RD C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2016-05-28 01:49 - 2016-05-28 01:49 - 00448512 _____ (OldTimer Tools) C:\Users\Administrator\Downloads\TFC.exe
2016-05-28 01:46 - 2016-05-28 01:46 - 00852798 _____ C:\Users\Administrator\Downloads\SecurityCheck.exe
2016-05-28 00:50 - 2016-05-28 00:50 - 01610816 _____ (Malwarebytes) C:\Users\Administrator\Downloads\JRT(2).exe
2016-05-28 00:49 - 2016-05-28 00:49 - 03678272 _____ C:\Users\Administrator\Downloads\adwcleaner_5.118.exe
2016-05-28 00:38 - 2016-05-28 00:39 - 130580248 _____ (Microsoft Corporation) C:\Users\Administrator\Downloads\msert.exe
2016-05-28 00:32 - 2016-05-28 00:32 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-05-28 00:31 - 2016-05-28 00:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-05-28 00:31 - 2016-05-28 00:31 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-05-28 00:31 - 2016-03-10 14:09 - 00064896 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-05-28 00:31 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-05-28 00:31 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-05-28 00:15 - 2016-05-28 00:15 - 02424421 _____ (UltraDefrag Development Team) C:\Users\Administrator\Downloads\ultradefrag-7.0.1.bin.amd64.exe
2016-05-28 00:12 - 2016-05-28 00:13 - 12054376 _____ C:\Users\Administrator\Downloads\pwsafe-3.38.2.exe
2016-05-28 00:09 - 2016-05-28 00:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2016-05-28 00:08 - 2016-05-28 00:09 - 00000000 ____D C:\Program Files\RogueKiller
2016-05-27 20:14 - 2016-05-27 20:14 - 28908032 _____ (Adlice Software ) C:\Users\Administrator\Downloads\setup(1).exe
2016-05-27 20:14 - 2016-05-27 20:14 - 22851472 _____ (Malwarebytes ) C:\Users\Administrator\Downloads\mbam-setup-2.2.1.1043.exe
2016-05-27 20:09 - 2016-05-27 20:09 - 00000960 _____ C:\Windows\system32\Drivers\kgpfr2.cfg
2016-05-27 19:58 - 2016-05-27 20:01 - 241108488 _____ C:\Users\Administrator\Downloads\EmsisoftEmergencyKit.exe
2016-05-27 19:42 - 2016-05-27 19:42 - 00000000 ____D C:\Users\Administrator\AppData\Local\ESET
2016-05-27 18:46 - 2016-05-27 19:58 - 00001680 _____ C:\Windows\system32\Drivers\kgpcpy.cfg
2016-05-27 17:59 - 2016-05-27 18:41 - 00000016 _____ C:\Windows\system32\config\software.szfi
2016-05-27 17:13 - 2016-05-27 20:10 - 00000000 ____D C:\ProgramData\STOPzilla!
2016-05-27 17:12 - 2016-05-27 17:12 - 00593064 _____ C:\Users\Administrator\Downloads\STOPzilla_ASM_RW65.exe
2016-05-26 03:53 - 2016-05-26 03:53 - 04952336 _____ (Advanced Micro Devices, Inc.) C:\Users\Administrator\Downloads\autodetectutility.exe
2016-05-25 20:18 - 2016-05-25 20:18 - 18910676 _____ C:\Users\Administrator\Downloads\CommunityShowcaseDramaticSkies3.themepack
2016-05-25 20:18 - 2016-05-25 20:18 - 08402527 _____ C:\Users\Administrator\Downloads\DarkSkiesTracyHymas.themepack
2016-05-25 20:17 - 2016-05-25 20:18 - 25388785 _____ C:\Users\Administrator\Downloads\CommunityShowcaseAqua4.themepack
2016-05-25 20:17 - 2016-05-25 20:17 - 07884764 _____ C:\Users\Administrator\Downloads\AuroraBorealis.themepack
2016-05-25 20:16 - 2016-05-25 20:16 - 08546059 _____ C:\Users\Administrator\Downloads\SpectacularSkiesMarcoMuller.themepack
2016-05-25 20:01 - 2016-05-25 20:01 - 30639455 _____ C:\Users\Administrator\Downloads\PanoramasEurope.deskthemepack
2016-05-25 20:01 - 2016-05-25 20:01 - 14659653 _____ C:\Users\Administrator\Downloads\Serbia_nat.themepack
2016-05-25 20:01 - 2016-05-25 20:01 - 13655051 _____ C:\Users\Administrator\Downloads\WildBeautyCharlesBergman.themepack
2016-05-25 20:01 - 2016-05-25 20:01 - 13545604 _____ C:\Users\Administrator\Downloads\PerspectivesJapan2KazuoNakadai.themepack
2016-05-25 20:00 - 2016-05-25 20:00 - 06699390 _____ C:\Users\Administrator\Downloads\PanoramicGlaciers.deskthemepack
2016-05-25 19:56 - 2016-05-25 19:56 - 16877897 _____ C:\Users\Administrator\Downloads\Forests.themepack
2016-05-24 20:23 - 2016-05-24 20:23 - 28908032 _____ (Adlice Software ) C:\Users\Administrator\Downloads\setup.exe
2016-05-24 20:21 - 2016-05-24 20:22 - 19867720 _____ C:\Users\Administrator\Downloads\RogueKiller.exe
2016-05-12 10:48 - 2016-05-12 10:48 - 00053384 _____ (ESET) C:\Windows\system32\Drivers\EpfwLWF.sys
2016-05-09 12:57 - 2016-05-09 12:57 - 00095614 _____ C:\Users\Administrator\Downloads\1Z9V6W889191354820.pdf
2016-05-07 16:44 - 2016-05-07 16:44 - 03615296 _____ C:\Users\Administrator\Downloads\adwcleaner_5.115.exe
2016-05-07 16:44 - 2016-05-07 16:44 - 01610816 _____ (Malwarebytes) C:\Users\Administrator\Downloads\JRT(1).exe
2016-05-06 14:46 - 2016-05-06 14:46 - 00193306 _____ C:\Users\Administrator\Downloads\514102-0926.PDF
2016-05-06 02:04 - 2016-05-06 14:16 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-05-05 15:51 - 2016-05-05 15:51 - 00004556 _____ C:\Users\Administrator\Downloads\invoice_179.pdf
2016-05-05 13:47 - 2016-05-05 13:47 - 00193306 _____ C:\Users\Administrator\Downloads\514100-1081.PDF
2016-05-03 23:17 - 2016-05-03 23:18 - 00098975 _____ C:\Users\Administrator\Downloads\tftpmanager-1.1.0.0.tgz
2016-05-02 17:43 - 2016-05-02 17:43 - 00005184 _____ C:\Users\Administrator\Downloads\Order Confirmation 5141020926.zip
2016-05-01 02:21 - 2016-05-01 02:21 - 05248352 _____ C:\Users\Administrator\Downloads\Your Payment Has Been Approved!.zip

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-05-31 12:31 - 2015-12-27 17:35 - 00000000 ____D C:\FRST
2016-05-31 11:54 - 2016-01-31 02:40 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-05-31 01:07 - 2016-04-15 01:59 - 00000000 ____D C:\Program Files\TrueKey
2016-05-31 01:06 - 2016-04-15 02:08 - 00001190 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\True Key.lnk
2016-05-31 01:05 - 2016-04-15 02:08 - 00000000 ____D C:\Program Files (x86)\McAfee
2016-05-31 00:09 - 2015-08-19 21:01 - 00003970 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{457B9D94-DBA1-45CA-8B54-1BFDDB92A0F5}
2016-05-30 23:36 - 2009-07-14 00:45 - 00021312 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-05-30 23:36 - 2009-07-14 00:45 - 00021312 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-05-30 23:32 - 2009-07-14 01:13 - 01094326 _____ C:\Windows\system32\PerfStringBackup.INI
2016-05-30 23:32 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\inf
2016-05-30 23:28 - 2016-03-31 14:19 - 00000437 _____ C:\Windows\system32\Drivers\etc\hosts.ics
2016-05-30 23:26 - 2016-01-31 02:40 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-05-30 23:24 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-05-30 13:05 - 2015-12-29 18:39 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Kodi
2016-05-29 20:12 - 2016-02-03 18:47 - 00000000 ____D C:\Users\Administrator\Desktop\Medical
2016-05-29 19:56 - 2016-02-25 23:28 - 00000000 ____D C:\Windows\Minidump
2016-05-29 19:01 - 2015-12-27 18:51 - 00000000 ____D C:\Qoobox
2016-05-29 19:00 - 2009-07-13 22:34 - 00000215 _____ C:\Windows\system.ini
2016-05-29 18:44 - 2015-11-12 20:00 - 00000000 ____D C:\Users\MSSQLFDLauncher
2016-05-29 18:44 - 2015-11-12 20:00 - 00000000 ____D C:\Users\MsDtsServer120
2016-05-28 00:10 - 2015-08-26 12:27 - 00028272 _____ C:\Windows\system32\Drivers\TrueSight.sys
2016-05-27 21:10 - 2015-08-17 21:49 - 00000000 ____D C:\Users\ASP.NET v4.0 Classic
2016-05-27 18:47 - 2015-08-14 11:34 - 00000000 ____D C:\Users\Administrator\AppData\Local\LogMeIn Rescue Calling Card
2016-05-27 18:47 - 2015-08-14 11:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpitFire Online Support
2016-05-27 18:46 - 2015-11-12 20:00 - 00000000 ____D C:\Users\ReportServer
2016-05-27 17:18 - 2015-11-12 20:00 - 00000000 ____D C:\Users\MSSQLSERVER
2016-05-27 17:00 - 2015-12-22 19:29 - 00000000 ____D C:\ProgramData\Malwarebytes Anti-Exploit
2016-05-27 16:56 - 2016-03-09 18:57 - 00002064 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wireshark.lnk
2016-05-27 16:55 - 2015-12-27 04:22 - 00000000 ____D C:\ProgramData\Sophos
2016-05-27 16:55 - 2015-09-10 14:27 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\RingCentralMeetings
2016-05-27 16:55 - 2015-08-14 11:34 - 00000000 ____D C:\Program Files (x86)\LogMeIn Rescue Calling Card
2016-05-26 03:28 - 2015-10-07 00:09 - 00000000 ____D C:\Program Files (x86)\Java
2016-05-25 19:54 - 2015-08-18 11:50 - 00000000 ____D C:\Users\Administrator\AppData\Local\Adobe
2016-05-25 19:54 - 2015-08-14 11:33 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Adobe
2016-05-25 19:44 - 2015-09-17 13:29 - 00018995 _____ C:\Users\Administrator\Desktop\contacts.xlsx
2016-05-25 19:21 - 2015-08-19 18:32 - 00000000 ____D C:\Users\Administrator\AppData\Local\CrashDumps
2016-05-24 01:11 - 2015-08-19 19:20 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Skype
2016-05-22 13:49 - 2015-08-14 11:50 - 00000000 ____D C:\Program Files (x86)\CTI32
2016-05-21 12:15 - 2015-12-29 23:12 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-05-20 12:36 - 2015-12-29 23:12 - 00003770 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-05-20 12:36 - 2015-08-21 00:08 - 00797376 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-05-20 12:36 - 2015-08-21 00:08 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-05-14 15:24 - 2016-03-02 00:20 - 00000000 ____D C:\ProgramData\McAfee
2016-05-13 17:02 - 2015-08-14 12:06 - 00000000 ____D C:\Users\Administrator\Documents\SQL Server Management Studio
2016-05-13 16:24 - 2016-04-15 02:08 - 00003348 _____ C:\Windows\System32\Tasks\McAfee Remediation (Prepare)
2016-05-13 16:21 - 2015-08-14 11:56 - 00000000 ____D C:\Program Files\Microsoft SQL Server
2016-05-13 16:21 - 2015-08-14 11:56 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server
2016-05-11 17:55 - 2016-01-31 02:42 - 00002195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-05-10 16:49 - 2016-01-31 02:40 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-05-10 16:49 - 2016-01-31 02:40 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-05-08 13:59 - 2015-12-24 22:16 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2016-05-07 11:03 - 2015-12-28 02:44 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-05-03 23:20 - 2015-09-08 17:13 - 00000000 ____D C:\Share
2016-05-03 16:39 - 2016-04-20 18:51 - 00000000 ____D C:\Users\Administrator\Desktop\project1
2016-05-01 12:32 - 2016-03-04 03:19 - 34330525 _____ C:\Users\Administrator\Desktop\Data 2A.xlsx

==================== Files in the root of some directories =======

2016-01-21 01:26 - 2016-01-21 01:26 - 0000017 _____ () C:\Users\Administrator\AppData\Local\resmon.resmoncfg

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-05-28 17:37

==================== End of FRST.txt ============================

 

[Boufeez]

Additional scan result of Farbar Recovery Scan Tool (x64) Version:29-05-2016 02
Ran by Administrator (2016-05-31 12:31:20)
Running from C:\Users\Administrator\Desktop
Windows 7 Professional Service Pack 1 (X64) (2015-08-13 20:31:49)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3097266444-2333562351-893229259-500 - Administrator - Enabled) => C:\Users\Administrator
Guest (S-1-5-21-3097266444-2333562351-893229259-501 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {768124D7-F5F7-6D2F-DDC2-94DFA4017C95}
AS: Microsoft Security Essentials (Enabled - Up to date) {CDE0C533-D3CD-62A1-E772-AFADDF863628}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Add or Remove Adobe Creative Suite 3 Master Collection (HKLM-x32\...\Adobe_4dcfd9b7e901b57f81f667144603236) (Version: 1.0 - Adobe Systems Incorporated)
Adobe Flash Player 21 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 21.0.0.242 - Adobe Systems Incorporated)
Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.213 - Adobe Systems Incorporated)
AgentApp (HKLM-x32\...\{AF941339-68D2-4F19-9FEA-F085EF20E33E}) (Version: 1.0.0 - OPC Marketing, Inc.)
AHV content for Acrobat and Flash (x32 Version: 1 - Adobe Systems Incorporated) Hidden
AMD Catalyst Install Manager (HKLM\...\{F62CA14F-AB88-4A97-7752-BF36193B4CC3}) (Version: 8.0.903.0 - Advanced Micro Devices, Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.09 - Piriform)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
CTI32 (HKLM-x32\...\{859C79E6-9913-437E-888E-C8891D8D32C5}) (Version: 4.5.0.0 - Inventive Labs, LLC)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell WLAN and Bluetooth Client Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Dell Inc.)
FileZilla Client 3.16.1 (HKLM-x32\...\FileZilla Client) (Version: 3.16.1 - Tim Kosse)
GDR 4213 for SQL Server 2014 (KB3070446) (64-bit) (HKLM\...\KB3070446) (Version: 12.1.4213.0 - Microsoft Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 50.0.2661.102 - Google Inc.)
Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden
Hmp Elements Server (HKLM-x32\...\{E9DD8AB9-0D79-47A0-9142-A3DC7FB789A1}) (Version: 1.0.0 - Inventive Labs)
Intel Driver Update Utility (HKLM-x32\...\{fe92d390-13ee-4660-a2f8-39a066fdffe0}) (Version: 2.2.0.5 - Intel)
Intel Security True Key (HKLM\...\TrueKey) (Version: 4.1.137.1 - Intel Security)
Intel(R) Driver Update Utility 2.2.0.5 (x32 Version: 2.2.0.1 - Intel) Hidden
Intel(R) Manageability Engine Firmware Recovery Agent (HKLM-x32\...\{A6C48A9F-694A-4234-B3AA-62590B668927}) (Version: 1.0.0.36702 - Intel Corporation)
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.0.1168 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.0.1310 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.6.0.1033 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.5.0.19 - Intel Corporation)
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Kodi (HKU\S-1-5-21-3097266444-2333562351-893229259-500\...\Kodi) (Version: - XBMC-Foundation)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Help Viewer 1.1 (HKLM\...\Microsoft Help Viewer 1.1) (Version: 1.1.40219 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.6.140.0 - Microsoft Corporation)
Microsoft ODBC Driver 11 for SQL Server (HKLM\...\{BF5ABBDB-D3AA-4BCB-8D10-FCD4A4BB7F93}) (Version: 12.1.4100.1 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Report Viewer 2014 Runtime (HKLM-x32\...\{327E9C0D-1687-414F-923E-F5979E549548}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft Report Viewer Redistributable 2008 SP1 (HKLM-x32\...\Microsoft Report Viewer Redistributable 2008 (KB971119)) (Version: - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.9.218.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Management Objects (HKLM-x32\...\{83F2B8F4-5CF3-4BE9-9772-9543EAE4AC5F}) (Version: 10.51.2500.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files (HKLM\...\{6292D514-17A4-403F-98F9-E150F10C043D}) (Version: 10.3.5500.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client (HKLM\...\{49D665A2-4C2A-476E-9AB8-FCC425F526FC}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2014 (64-bit) (HKLM\...\Microsoft SQL Server SQLServer2014) (Version: - Microsoft Corporation)
Microsoft SQL Server 2014 Policies (HKLM-x32\...\{1C30FE7E-8A8C-4492-89D6-10CB20C3B0EB}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 RS Add-in for SharePoint (HKLM\...\{E4B2839D-5C17-4A21-AB5A-2540AAD6F776}) (Version: 12.1.4100.1 - Microsoft Corporation)
Microsoft SQL Server 2014 Setup (English) (HKLM\...\{2975950A-6723-4FD2-9719-78DD9C30A7F4}) (Version: 12.1.4213.0 - Microsoft Corporation)
Microsoft SQL Server 2014 Transact-SQL Compiler Service (HKLM\...\{5BC5068F-1F64-4D2D-948F-E75F30B850CB}) (Version: 12.1.4213.0 - Microsoft Corporation)
Microsoft SQL Server 2014 Transact-SQL ScriptDom (HKLM\...\{FF7DDA05-6EA7-4C01-B44A-3E57F8B9B97B}) (Version: 12.1.4100.1 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM-x32\...\{C3F6F200-6D7B-4879-B9EE-700C0CE1FCDA}) (Version: 10.51.2500.0 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (x64) (HKLM\...\{C9F697B9-FAC8-4B76-9D3D-40FA3BFA4F9E}) (Version: 10.51.2500.0 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM\...\{E3F613C1-105F-4717-BFE7-007729A95D67}) (Version: 12.1.4100.1 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219 (HKLM-x32\...\{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Shell (Isolated) - ENU (HKLM-x32\...\{D64B6984-242F-32BC-B008-752806E5FC44}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 - ENU (HKLM-x32\...\{4ECF4BDC-8387-329A-ABE9-CF5798F84BB2}) (Version: 9.0.35191 - Microsoft Corporation)
Microsoft VSS Writer for SQL Server 2014 (HKLM\...\{366CD715-2FF4-40B4-A8B4-A05E5D21A945}) (Version: 12.1.4100.1 - Microsoft Corporation)
Mozilla Firefox 46.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 46.0.1 (x86 en-US)) (Version: 46.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 46.0.1.5966 - Mozilla)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.8.1 - Notepad++ Team)
PDF Settings (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.334 - Qualcomm Atheros Communications)
Realtek Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 7.67.1226.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6833 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.2.8400.30137 - Realtek Semiconductor Corp.)
RogueKiller version 12 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12 - Adlice Software)
Samsung Scan Assistant (HKLM-x32\...\Samsung Scan Assistant) (Version: 1.04.22.00 - Samsung Electronics Co., Ltd.)
Service Pack 1 for SQL Server 2014 (KB3058865) (64-bit) (HKLM\...\KB3058865) (Version: 12.1.4100.1 - Microsoft Corporation)
Skype™ 7.8 (HKLM-x32\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.8.102 - Skype Technologies S.A.)
Spitfire Enterprise Setup (HKLM-x32\...\{B06EDCA9-BB6F-4129-89BF-619CF7E8C895}) (Version: 1.0.0 - OPC Marketing, Inc.)
SpitFire Online Support (HKLM-x32\...\{7E117A6A-8579-4435-8290-4089C1C5BEFA}) (Version: 5.2.142 - LogMeIn, Inc.)
SQL Server 2014 Analysis Services (Version: 12.1.4100.1 - Microsoft Corporation) Hidden
SQL Server 2014 Client Tools (Version: 12.1.4100.1 - Microsoft Corporation) Hidden
SQL Server 2014 Common Files (Version: 12.1.4100.1 - Microsoft Corporation) Hidden
SQL Server 2014 Data quality client (Version: 12.1.4100.1 - Microsoft Corporation) Hidden
SQL Server 2014 Data quality service (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server 2014 Data quality service (Version: 12.1.4100.1 - Microsoft Corporation) Hidden
SQL Server 2014 Database Engine Services (Version: 12.1.4100.1 - Microsoft Corporation) Hidden
SQL Server 2014 Database Engine Shared (Version: 12.1.4100.1 - Microsoft Corporation) Hidden
SQL Server 2014 Distributed Replay (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server 2014 Distributed Replay (Version: 12.1.4100.1 - Microsoft Corporation) Hidden
SQL Server 2014 Documentation Components (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server 2014 Full text search (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server 2014 Integration Services (Version: 12.1.4100.1 - Microsoft Corporation) Hidden
SQL Server 2014 Management Studio (Version: 12.1.4100.1 - Microsoft Corporation) Hidden
SQL Server 2014 Master Data Services (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server 2014 Master Data Services (Version: 12.1.4100.1 - Microsoft Corporation) Hidden
SQL Server 2014 Reporting Services (Version: 12.1.4100.1 - Microsoft Corporation) Hidden
SQL Server 2014 RS_SharePoint_SharedService (Version: 12.1.4100.1 - Microsoft Corporation) Hidden
SQL Server 2014 SQL Data Quality Common (Version: 12.1.4100.1 - Microsoft Corporation) Hidden
SQL Server Browser for SQL Server 2014 (HKLM-x32\...\{3204DE95-97D2-4261-A286-98A262E171D4}) (Version: 12.1.4100.1 - Microsoft Corporation)
Sql Server Customer Experience Improvement Program (Version: 12.1.4100.1 - Microsoft Corporation) Hidden
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1210 - SUPERAntiSpyware.com)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Visual Studio 2010 Prerequisites - English (HKLM\...\{662014D2-0450-37ED-ABAE-157C88127BEB}) (Version: 10.0.40219 - Microsoft Corporation)
Windows Driver Package - KEYLOK (usbkey) USB (06/10/2010 64.0.0.0) (HKLM\...\B048A6D4B0188E5A802ADFF30A7C78FA4AD99BE0) (Version: 06/10/2010 64.0.0.0 - KEYLOK)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
Wireshark 2.0.2 (64-bit) (HKLM-x32\...\Wireshark) (Version: 2.0.2 - The Wireshark developer community, hxxps://www.wireshark.org)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {039C781B-6DBA-480A-BAAE-F4526492FBF2} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2015-09-10] (Microsoft Corporation)
Task: {36399346-416E-4E77-8CB0-875D9FC80F51} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2015-09-10] (Microsoft Corporation)
Task: {382D8390-2F47-4971-8485-67904EE6C098} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2015-09-10] (Microsoft)
Task: {42B33681-5FD0-4544-8B62-327707AD5763} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated)
Task: {54F94D1A-6512-449C-9545-7497ADAE0B77} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2012-06-14] (Intel Corporation)
Task: {59D2A24E-30F4-4538-BDAB-E172A5CC94EF} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-08-19] (Piriform Ltd)
Task: {63FAFC84-4951-408B-8BFB-BD9D4C2DF50A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-01-31] (Google Inc.)
Task: {8961A1AA-9AC7-4492-865D-D7EDBB884375} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2015-09-10] (Microsoft Corporation)
Task: {C3391B3B-A086-42A6-8875-34E80CB7B0D7} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-05-20] (Adobe Systems Incorporated)
Task: {D9945D77-7510-4A34-93E3-2D0C198EA211} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-01-31] (Google Inc.)
Task: {E19B4111-5B41-4B98-8C1C-E3B5CAFC271C} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2012-06-14] (Intel Corporation)
Task: {FA7C3623-1B87-4403-BF7B-D0DC8AAB7385} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2015-09-10] (Microsoft Corporation)
Task: {FC5C3148-C057-4B34-AA54-76D3BA0A6673} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee Anti-Virus And Anti-Spyware\upgrade.exe [2016-03-31] (McAfee, Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-07-01 09:45 - 2015-07-01 09:45 - 00022528 _____ () C:\Windows\System32\us005lm.dll
2016-03-16 06:17 - 2016-03-16 06:17 - 00052912 _____ () C:\Program Files\FileZilla FTP Client\fzshellext_64.dll
2015-08-19 13:43 - 2014-12-05 16:32 - 00420352 _____ () C:\Windows\system32\SaMinDrv.dll
2015-08-13 16:36 - 2013-01-24 09:57 - 01199576 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

HKU\S-1-5-21-3097266444-2333562351-893229259-500\Software\Classes\exefile: <===== ATTENTION

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-3097266444-2333562351-893229259-500\...\dell.com -> dell.com

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2016-05-27 17:13 - 00000042 ____A C:\Windows\system32\Drivers\etc\hosts

::1 localhost
127.0.0.1 localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3097266444-2333562351-893229259-500\Control Panel\Desktop\\Wallpaper -> C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 8.8.8.8 - 8.4.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: FLEXnet Licensing Service => 3
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: Spitfire_RecordingService => 2
MSCONFIG\startupfolder: C:^Users^Administrator^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk => C:\Windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
MSCONFIG\startupreg: 3200 Scan2PC => "C:\Windows\twain_32\Samsung\SCX3200\Scan2Pc.exe"
MSCONFIG\startupreg: Acrobat Assistant 8.0 => "C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: GIDDesktop => C:\Program Files (x86)\SFT\GuardedID\gidd.exe /s
MSCONFIG\startupreg: IAStorIcon => "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60
MSCONFIG\startupreg: Logitech Download Assistant => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
MSCONFIG\startupreg: MSC => "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
MSCONFIG\startupreg: RESTART_STICKY_NOTES => C:\Windows\System32\StikyNot.exe
MSCONFIG\startupreg: RtHDVBg => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /MAXX5REC
MSCONFIG\startupreg: RTHDVCPL => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
MSCONFIG\startupreg: SandboxieControl => "C:\Program Files\Sandboxie\SbieCtrl.exe"
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: USB3MON => "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [TCP Query User{AE6C5FC8-A0D9-46DD-A1B5-155D97D0F734}C:\users\office-1\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe] => (Allow) C:\users\office-1\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe
FirewallRules: [UDP Query User{60E14D3B-9877-4159-BEC0-8D61D27AEBA4}C:\users\office-1\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe] => (Allow) C:\users\office-1\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe
FirewallRules: [TCP Query User{6585E25D-EB32-4621-9E08-209FDB7A6ED0}C:\program files (x86)\logmein rescue calling card\callingcard.exe] => (Allow) C:\program files (x86)\logmein rescue calling card\callingcard.exe
FirewallRules: [UDP Query User{77636F3D-D090-484A-A6EA-77963587E151}C:\program files (x86)\logmein rescue calling card\callingcard.exe] => (Allow) C:\program files (x86)\logmein rescue calling card\callingcard.exe
FirewallRules: [{189AD50A-7A82-422B-96B2-781DC2AF3253}] => (Allow) C:\Windows\twain_32\Samsung\ScanMgr.exe
FirewallRules: [{6B931C08-4EBE-4FDF-A52C-C2256BD3C1CA}] => (Allow) C:\Windows\twain_32\Samsung\ScanMgr.exe
FirewallRules: [{301F79D9-3FAC-4EBA-8ECD-94C314250F5C}] => (Allow) C:\Windows\twain_32\Samsung\SCX3200\Scan2Pc.exe
FirewallRules: [{7DF48D35-D45C-4C01-836A-C1EB79F4B155}] => (Allow) C:\Windows\twain_32\Samsung\SCX3200\Scan2Pc.exe
FirewallRules: [{72DF3227-99F4-409A-85FE-32991DEDB6DE}] => (Allow) C:\Windows\twain_32\Samsung\SCX3200\Sscan2io.exe
FirewallRules: [{5449BC9F-00BA-44F8-8DFA-31DC80A90943}] => (Allow) C:\Windows\twain_32\Samsung\SCX3200\Sscan2io.exe
FirewallRules: [{F4C00A51-F149-4361-941D-ACA1BB905ECE}] => (Allow) C:\Program Files (x86)\Scan Assistant\USDAgent.exe
FirewallRules: [{6A8E2750-F342-4535-AF17-4C8A38CE6FF6}] => (Allow) C:\Program Files (x86)\Scan Assistant\USDAgent.exe
FirewallRules: [{5EC0075F-8C4F-4223-AB9F-EEEBDD344F81}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{2AD4BD74-DDAD-4DA4-B41D-432263867F9E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{27DB3D31-D527-48C6-923B-EF28F6E615C8}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{CC0D81D8-676B-4CA0-8608-38760AD57BA8}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{2DEDCFE4-2AFC-42E8-BB36-E28D7DBD60DF}] => (Allow) LPort=2869
FirewallRules: [{79D090B2-837A-479B-97FD-92F2436820ED}] => (Allow) LPort=1900
FirewallRules: [{AD07EDFE-D4A8-440A-9E52-A6BFD6A0739D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{273B9CA7-84C8-4917-BEB8-D61DB8C4599C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{09D16C11-E48F-4741-8187-CA2D06B85E0B}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe
FirewallRules: [UDP Query User{637310E8-F08E-430D-BE3E-26E844B68352}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe
FirewallRules: [TCP Query User{45633BFC-442B-43BB-8AB7-94D2DE4D1F85}C:\program files (x86)\logmein rescue calling card\callingcard.exe] => (Allow) C:\program files (x86)\logmein rescue calling card\callingcard.exe
FirewallRules: [UDP Query User{BB0A803D-FD8C-4B9A-9398-C0095E926D7F}C:\program files (x86)\logmein rescue calling card\callingcard.exe] => (Allow) C:\program files (x86)\logmein rescue calling card\callingcard.exe
FirewallRules: [TCP Query User{35673452-6D37-4875-AAA6-2755933285A3}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe
FirewallRules: [UDP Query User{A7CE908A-23D8-49F7-AE1B-DCBE8172A249}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe
FirewallRules: [TCP Query User{C7A9F53E-0623-4627-A73C-BB5968D03513}C:\users\administrator\desktop\new folder\tftpd64.452\tftpd64.exe] => (Allow) C:\users\administrator\desktop\new folder\tftpd64.452\tftpd64.exe
FirewallRules: [UDP Query User{F296876A-E289-4296-BF7A-7A9F57F23E92}C:\users\administrator\desktop\new folder\tftpd64.452\tftpd64.exe] => (Allow) C:\users\administrator\desktop\new folder\tftpd64.452\tftpd64.exe
FirewallRules: [{139C0536-A856-4C88-B78E-67731723486B}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{D4FB6878-DDB2-4C94-8DD7-EA896D575FBB}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{34B318AF-1749-4376-B0AD-61C54A040E0E}] => (Allow) LPort=80
FirewallRules: [{97D27989-B79D-4A35-AF0D-4E44F5066E46}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

29-05-2016 00:00:00 Scheduled Checkpoint
29-05-2016 02:53:06 Windows Update

==================== Faulty Device Manager Devices =============

Name: Dell Wireless 1703 Bluetooth
Description: Dell Wireless 1703 Bluetooth
Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Manufacturer: Qualcomm Atheros Communications
Service: BTHUSB
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Dell Wireless 1703 802.11b/g/n (2.4GHz)
Description: Dell Wireless 1703 802.11b/g/n (2.4GHz)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Atheros Communications Inc.
Service: athr
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (05/31/2016 11:29:53 AM) (Source: Report Server Windows Service (MSSQLSERVER)) (EventID: 107) (User: )
Description: Report Server Windows Service (MSSQLSERVER) cannot connect to the report server database.

Error: (05/30/2016 11:43:05 PM) (Source: Report Server Windows Service (MSSQLSERVER)) (EventID: 107) (User: )
Description: Report Server Windows Service (MSSQLSERVER) cannot connect to the report server database.

Error: (05/30/2016 11:42:34 PM) (Source: MSSQLSERVER) (EventID: 30089) (User: )
Description: The fulltext filter daemon host (FDHost) process has stopped abnormally. This can occur if an incorrectly configured or malfunctioning linguistic component, such as a wordbreaker, stemmer or filter has caused an irrecoverable error during full-text indexing or query processing. The process will be restarted automatically.

Error: (05/30/2016 11:42:27 PM) (Source: MSSQLSERVER) (EventID: 30089) (User: )
Description: The fulltext filter daemon host (FDHost) process has stopped abnormally. This can occur if an incorrectly configured or malfunctioning linguistic component, such as a wordbreaker, stemmer or filter has caused an irrecoverable error during full-text indexing or query processing. The process will be restarted automatically.

Error: (05/30/2016 11:42:09 PM) (Source: MSSQLSERVER) (EventID: 30089) (User: )
Description: The fulltext filter daemon host (FDHost) process has stopped abnormally. This can occur if an incorrectly configured or malfunctioning linguistic component, such as a wordbreaker, stemmer or filter has caused an irrecoverable error during full-text indexing or query processing. The process will be restarted automatically.

Error: (05/30/2016 11:41:59 PM) (Source: MSSQLSERVER) (EventID: 30089) (User: )
Description: The fulltext filter daemon host (FDHost) process has stopped abnormally. This can occur if an incorrectly configured or malfunctioning linguistic component, such as a wordbreaker, stemmer or filter has caused an irrecoverable error during full-text indexing or query processing. The process will be restarted automatically.

Error: (05/30/2016 11:41:49 PM) (Source: MSSQLSERVER) (EventID: 30089) (User: )
Description: The fulltext filter daemon host (FDHost) process has stopped abnormally. This can occur if an incorrectly configured or malfunctioning linguistic component, such as a wordbreaker, stemmer or filter has caused an irrecoverable error during full-text indexing or query processing. The process will be restarted automatically.

Error: (05/30/2016 11:41:31 PM) (Source: MSSQLSERVER) (EventID: 30089) (User: )
Description: The fulltext filter daemon host (FDHost) process has stopped abnormally. This can occur if an incorrectly configured or malfunctioning linguistic component, such as a wordbreaker, stemmer or filter has caused an irrecoverable error during full-text indexing or query processing. The process will be restarted automatically.

Error: (05/30/2016 11:41:24 PM) (Source: MSSQLSERVER) (EventID: 30089) (User: )
Description: The fulltext filter daemon host (FDHost) process has stopped abnormally. This can occur if an incorrectly configured or malfunctioning linguistic component, such as a wordbreaker, stemmer or filter has caused an irrecoverable error during full-text indexing or query processing. The process will be restarted automatically.

Error: (05/30/2016 11:41:17 PM) (Source: MSSQLSERVER) (EventID: 30089) (User: )
Description: The fulltext filter daemon host (FDHost) process has stopped abnormally. This can occur if an incorrectly configured or malfunctioning linguistic component, such as a wordbreaker, stemmer or filter has caused an irrecoverable error during full-text indexing or query processing. The process will be restarted automatically.


System errors:
=============
Error: (05/30/2016 11:43:09 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The SQL Full-text Filter Daemon Launcher (MSSQLSERVER) service terminated unexpectedly. It has done this 5 time(s).

Error: (05/30/2016 11:42:42 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The SQL Server VSS Writer service terminated unexpectedly. It has done this 1 time(s).

Error: (05/30/2016 11:42:40 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The SQL Server (MSSQLSERVER) service terminated unexpectedly. It has done this 1 time(s).

Error: (05/30/2016 11:42:30 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The SQL Full-text Filter Daemon Launcher (MSSQLSERVER) service terminated unexpectedly. It has done this 4 time(s).

Error: (05/30/2016 11:42:07 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The SQL Full-text Filter Daemon Launcher (MSSQLSERVER) service terminated unexpectedly. It has done this 3 time(s).

Error: (05/30/2016 11:41:56 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The SQL Server Integration Services 12.0 service terminated unexpectedly. It has done this 1 time(s).

Error: (05/30/2016 11:41:52 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The SQL Full-text Filter Daemon Launcher (MSSQLSERVER) service terminated unexpectedly. It has done this 2 time(s).

Error: (05/30/2016 11:41:28 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The SQL Full-text Filter Daemon Launcher (MSSQLSERVER) service terminated unexpectedly. It has done this 1 time(s).

Error: (05/30/2016 11:40:50 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The CTI32 Telephony Engine service terminated unexpectedly. It has done this 1 time(s).

Error: (05/30/2016 11:40:50 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Spitfire_BusinessService service terminated unexpectedly. It has done this 1 time(s).


CodeIntegrity:
===================================
Date: 2016-03-11 00:07:26.898
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-03-11 00:07:26.883
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-12-25 21:39:25.560
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Emsisoft Anti-Malware\a2hooks64.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-12-25 20:59:02.982
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Emsisoft Anti-Malware\a2hooks64.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-12-25 20:44:44.221
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-12-25 20:44:44.208
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-11-29 00:33:03.932
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\ADMINI~1\AppData\Local\Temp\PCIUtil.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-11-29 00:33:03.918
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\ADMINI~1\AppData\Local\Temp\PCIUtil.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-11-29 00:24:14.144
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\Administrator\Desktop\PCIUtil.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-11-29 00:24:14.128
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\Administrator\Desktop\PCIUtil.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7-4770 CPU @ 3.40GHz
Percentage of memory in use: 23%
Total physical RAM: 12237.72 MB
Available physical RAM: 9305.4 MB
Total Virtual: 24473.65 MB
Available Virtual: 21268.03 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:931.28 GB) (Free:799.95 GB) NTFS
Drive f: () (Removable) (Total:1.86 GB) (Free:0 GB) FAT

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 00000000)

Partition: GPT.

========================================================
Disk: 4 (Size: 1.9 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt ============================

 

[Broni]

I really feel as if there is someone logging into the machine.

What kind of details can you provide? It's hard to work with "feelings".

Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

[Broni]

Still with me?

 

[Broni]

This topic is marked as abandoned and closed due to inactivity.

This member will NOT be eligible to receive any more help in malware removal forum.

 

[Broni]

Reopened.

 

[Boufeez]

Hi Broni

Thanks for your assistance , your time and knowledge is really appreciated.

As I mentioned in my earlier posts , every so often the screen will go black for a second and then come back, but with a yellow exclamation mark in the system tray with no description when I click on it or hover over with the mouse. I checked the device manager and all the hardware seems fine. It has all the symptoms of someone logging in and sharing my screen. Even the resolution changes in my email client.

What's happening now ( just started yesterday)

About eight keys on the keyboard just STOPPED working...I have plugged in about 6 different keyboard and all the same identical keys on the 6 different keyboards simply don't work . Seems to be the machine....When I take the original keyboard and plug it in another machine it works ( all keys)

I am worried one day I wont be able to unlock the machine ( password protected) ....

Please help !!!!!!!!

 

[Broni]

In this forum we're just checking if your computer is clean co please follow my reply #20.