Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unnecessary pop up in my IE


  • This topic is locked This topic is locked
5 replies to this topic

#1 iswar

iswar

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:10:51 AM

Posted 21 June 2017 - 02:57 PM

I already started the process here and was asked to continue in this forum. Hopefully we can resolve this issue.
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 21-06-2017 01
Ran by iswar.ramamoorthy (administrator) on CORPLOANER-02 (21-06-2017 14:47:18)
Running from C:\Users\iswar.ramamoorthy.UF-PEORIA.001\Downloads\Maintenance\bleepingComputer\Next Steps
Loaded Profiles: Acronis Agent User & iswar.ramamoorthy & ReportServer$MSSQLSERVER2012 & MsDtsServer110 & MSOLAP$MSSQLSERVER2012 & MSSQL$MSSQLSERVER2012 & MSSQLFDLauncher$MSSQLSERVER2012 & MSSQLServerOLAPService & ReportServer & MSSQLFDLauncher & MSSQLSERVER (Available Profiles: ITuser & Acronis Agent User & Administrator & iswar.ramamoorthy & Jorge.Castro & ed.ishmael & svcadmin & SQLAgent$MSSQLSERVER2012 & ReportServer$MSSQLSERVER2012 & MsDtsServer110 & MSOLAP$MSSQLSERVER2012 & MSSQL$MSSQLSERVER2012 & MSSQLFDLauncher$MSSQLSERVER2012 & MSSQLServerOLAPService & ReportServer & MSSQLFDLauncher & MSSQLSERVER)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Broadcom Corporation) C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
(Broadcom Corporation) C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Agent\agent.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\HidMonitorSvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Acronis) C:\Program Files (x86)\Acronis\ARSM\arsm.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
() C:\Program Files\CE\CovenantEyesCommService.exe
(CovenantEyes) C:\Program Files\CE\CovenantEyesProxy.exe
() C:\dell\Sytem64Folder\DellRctlService.exe
(Intel Corporation) C:\Windows\SysWOW64\esif_uf.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\110\DTS\Binn\MsDtsSrvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSAS11.MSSQLSERVER2012\OLAP\bin\msmdsrv.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL11.MSSQLSERVER2012\MSSQL\Binn\sqlservr.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\Binn\sqlservr.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSAS11.MSSQLSERVER\OLAP\bin\msmdsrv.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSRS11.MSSQLSERVER\Reporting Services\ReportServer\bin\ReportingServicesService.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSRS11.MSSQLSERVER2012\Reporting Services\ReportServer\bin\ReportingServicesService.exe
(Microsoft Corporation) C:\Windows\System32\Locator.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(Waves Audio Ltd.) C:\Program Files\Waves\MaxxAudio\WavesSysSvc64.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
() C:\Program Files\CE\authServer.exe
(Intel) C:\Program Files\Intel Corporation\USB over IP\bin\UoipService.exe
(Acronis) C:\Program Files (x86)\Acronis\BackupAndRecovery\mms.exe
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\Binn\fdlauncher.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL11.MSSQLSERVER2012\MSSQL\Binn\fdlauncher.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\Binn\fdhost.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL11.MSSQLSERVER2012\MSSQL\Binn\fdhost.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(Microsoft Corporation) C:\Windows\CCM\CcmExec.exe
(Microsoft Corporation) C:\Windows\CCM\RemCtrl\CmRcService.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
() C:\Windows\sysnchrb\amsvc.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Intel Corporation) C:\Windows\temp\DPTF\esif_assist_64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
() C:\Windows\sysnchrb\swsys.exe
() C:\Windows\sysnchrb\samimpl.exe
() C:\Windows\sysnchrb\x64\samimpl64.exe
() C:\Windows\sysnchrb\samimpl.exe
() C:\Windows\sysnchrb\x64\samimpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Waves Audio Ltd.) C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
() C:\Program Files\Intel Corporation\Intel WiDi\WRU.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
() C:\Program Files\CE\CovenantEyes.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
() C:\Program Files\CE\CovenantEyesHelper.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Microsoft Corporation) C:\Windows\CCM\SCNotification.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VsHub\1.0.0.0\VsHub.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VsHub\1.0.0.0\Microsoft.VsHub.Server.HttpHost.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\devenv.exe
(Mythicsoft Ltd) C:\Program Files\Mythicsoft\Agent Ransack\AgentRansack.exe
(Microsoft Corporation) C:\Windows\System32\mstsc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\BackupAndRecovery\Common\act.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\BackupAndRecovery\Common\service_process.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [323040 2015-11-17] (Intel Corporation)
HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [736552 2015-05-29] (Alps Electric Co., Ltd.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8853248 2016-04-14] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_MAXX6] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1419008 2016-04-14] (Realtek Semiconductor)
HKLM\...\Run: [WavesSvc] => C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe [718256 2015-12-22] (Waves Audio Ltd.)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [IntelPROSet] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [4879264 2016-02-08] (Intel® Corporation)
HKLM\...\Run: [Intel® WiDi Receiver Updater] => C:\Program Files\Intel Corporation\Intel WiDi\WRU.exe [89600 2015-10-27] ()
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1332328 2015-06-03] (Microsoft Corporation)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [303928 2017-03-22] (Apple Inc.)
HKLM\...\Run: [Covenant Eyes] => C:\Program Files\CE\CovenantEyes.exe [13681560 2017-02-15] ()
HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [403688 2014-08-17] (Acronis)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [AcronisTibMounterMonitor] => C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe [1102184 2013-01-22] (Acronis)
HKLM-x32\...\Run: [BackupAndRecoveryMonitor.exe] => C:\Program Files (x86)\Acronis\BackupAndRecovery\BackupAndRecoveryMonitor.exe [1530584 2014-08-17] (Acronis)
HKLM\...\Policies\Explorer: [HideSCAHealth] 0
GroupPolicy: Restriction <======= ATTENTION
GroupPolicy\User: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Winsock: Catalog9 01 C:\Windows\SysWOW64\CovenantEyesProxy.dll [372120 2017-01-23] (CovenantEyes)
Winsock: Catalog9 02 C:\Windows\SysWOW64\CovenantEyesProxy.dll [372120 2017-01-23] (CovenantEyes)
Winsock: Catalog9 03 C:\Windows\SysWOW64\CovenantEyesProxy.dll [372120 2017-01-23] (CovenantEyes)
Winsock: Catalog9 04 C:\Windows\SysWOW64\CovenantEyesProxy.dll [372120 2017-01-23] (CovenantEyes)
Winsock: Catalog9 18 C:\Windows\SysWOW64\CovenantEyesProxy.dll [372120 2017-01-23] (CovenantEyes)
Winsock: Catalog9-x64 01 C:\Windows\system32\CovenantEyesProxy64.dll [487320 2017-01-23] (CovenantEyes)
Winsock: Catalog9-x64 02 C:\Windows\system32\CovenantEyesProxy64.dll [487320 2017-01-23] (CovenantEyes)
Winsock: Catalog9-x64 03 C:\Windows\system32\CovenantEyesProxy64.dll [487320 2017-01-23] (CovenantEyes)
Winsock: Catalog9-x64 04 C:\Windows\system32\CovenantEyesProxy64.dll [487320 2017-01-23] (CovenantEyes)
Winsock: Catalog9-x64 18 C:\Windows\system32\CovenantEyesProxy64.dll [487320 2017-01-23] (CovenantEyes)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.14
Tcpip\..\Interfaces\{00277C44-9A97-44A9-B749-B1F9F5A91EDF}: [DhcpNameServer] 192.168.0.14
Tcpip\..\Interfaces\{8A4CFDA7-5432-4DC8-BC20-888AE7907B51}: [DhcpNameServer] 192.168.0.14
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-606747145-813497703-1801674531-11638\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-606747145-813497703-1801674531-11638\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-606747145-813497703-1801674531-11638\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-606747145-813497703-1801674531-11638 -> DefaultScope {73BBEA00-1443-4ED8-AB63-8BDE3002F58D} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKU\S-1-5-21-606747145-813497703-1801674531-11638 -> {73BBEA00-1443-4ED8-AB63-8BDE3002F58D} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKU\S-1-5-21-606747145-813497703-1801674531-11638 -> {A177B729-4FA0-49F5-A935-51340D0F66BD} URL = 
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2017-05-05] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_101\bin\ssv.dll [2016-08-30] (Oracle Corporation)
BHO: Covenant Eyes for Internet Explorer -> {927BD2E1-2287-49D2-AE71-95F492CE662E} -> C:\Program Files\CE\extensions\ie\x64\IEExtension.dll [2017-02-15] (Covenant Eyes)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\URLREDIR.DLL [2017-05-05] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2017-05-05] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-08-30] (Oracle Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2017-05-05] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\URLREDIR.DLL [2017-05-05] (Microsoft Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2017-05-05] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-08-30] (Oracle Corporation)
DPF: HKLM-x32 {649C29F2-1216-4653-90FF-3471EAEE432D} hxxp://192.168.0.42:7001/MagicInfo/did/net/VNCViewer/SEVncViewerAdapter.cab
DPF: HKLM-x32 {CD3A34EE-5669-4794-923B-AFCF4989A0C3} hxxp://192.168.0.42:7001/MagicInfo/did/net/uVending/AUAxUploader.cab
DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} hxxps://hearttech.webex.com/client/WBXclient-32.0.7-2/webex/ieatgpc1.cab
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-05-05] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-05-05] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-05-05] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-05-05] (Microsoft Corporation)
 
FireFox:
========
FF Extension: (Java Console) - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} [2016-12-16] [not signed]
FF Extension: (Java Console) - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2016-08-31] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [firefox-integrated-extension@covenanteyes.com] - C:\Program Files\CE\extensions\firefox\firefox-integrated-extension@covenanteyes.com
FF Extension: (Covenant Eyes) - C:\Program Files\CE\extensions\firefox\firefox-integrated-extension@covenanteyes.com [2017-04-19]
FF Plugin: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-08-30] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-08-30] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50906.0\npctrl.dll [2017-03-09] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MIF5BA~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-08-24] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-08-24] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.101.2 -> C:\Windows\SysWOW64\npdeployJava1.dll [2016-08-30] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-08-30] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-08-30] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2017-05-05] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50906.0\npctrl.dll [2017-03-09] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-05-05] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-01] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-01] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-04] (Adobe Systems Inc.)
 
Chrome: 
=======
CHR Profile: C:\Users\iswar.ramamoorthy.UF-PEORIA.001\AppData\Local\Google\Chrome\User Data\Default [2017-06-21]
CHR Extension: (No Name) - C:\Users\iswar.ramamoorthy.UF-PEORIA.001\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-12-16]
CHR Extension: (No Name) - C:\Users\iswar.ramamoorthy.UF-PEORIA.001\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-12-16]
CHR Extension: (No Name) - C:\Users\iswar.ramamoorthy.UF-PEORIA.001\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-12-16]
CHR Extension: (Covenant Eyes for Google Chrome™) - C:\Users\iswar.ramamoorthy.UF-PEORIA.001\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfegkegffcbgpfmemahhkgnbkocmbain [2017-06-05]
CHR Extension: (No Name) - C:\Users\iswar.ramamoorthy.UF-PEORIA.001\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-12-16]
CHR Extension: (Revolver - Tabs) - C:\Users\iswar.ramamoorthy.UF-PEORIA.001\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlknooajieciikpedpldejhhijacnbda [2017-01-03]
CHR Extension: (No Name) - C:\Users\iswar.ramamoorthy.UF-PEORIA.001\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-12-16]
CHR Extension: (No Name) - C:\Users\iswar.ramamoorthy.UF-PEORIA.001\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-12-16]
CHR Extension: (Chrome Web Store Payments) - C:\Users\iswar.ramamoorthy.UF-PEORIA.001\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-09]
CHR Extension: (No Name) - C:\Users\iswar.ramamoorthy.UF-PEORIA.001\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-12-16]
CHR Extension: (Chrome Media Router) - C:\Users\iswar.ramamoorthy.UF-PEORIA.001\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-05-12]
CHR HKLM-x32\...\Chrome\Extension: [bfegkegffcbgpfmemahhkgnbkocmbain] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AcronisAgent; C:\Program Files (x86)\Common Files\Acronis\Agent\agent.exe [2046968 2012-12-29] (Acronis)
R2 ApHidMonitorService; C:\Program Files\DellTPad\HidMonitorSvc.exe [96000 2015-09-25] (Alps Electric Co., Ltd.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-03-17] (Apple Inc.)
R2 ARSM; C:\Program Files (x86)\Acronis\ARSM\arsm.exe [5931240 2014-08-17] (Acronis)
R2 Auth Service; C:\Program Files\CE\authServer.exe [6382488 2017-02-15] ()
R2 CcmExec; C:\Windows\CCM\CcmExec.exe [1775288 2015-10-27] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3294912 2017-05-05] (Microsoft Corporation)
R2 CmRcService; C:\Windows\CCM\RemCtrl\CmRcService.exe [672440 2015-10-27] (Microsoft Corporation)
R2 CovenantEyesCommService; C:\Program Files\CE\CovenantEyesCommService.exe [7119768 2017-02-15] ()
R2 CovenantEyesProxy; C:\Program Files\CE\CovenantEyesProxy.exe [5245336 2017-01-23] (CovenantEyes)
S3 dcpm-notify; C:\Program Files\Dell\CommandPowerManager\NotifyService.exe [94136 2016-06-02] (Dell Inc.)
S4 dcu-oobe; C:\Program Files (x86)\Dell\CommandUpdate\OobeService.exe [84408 2016-06-07] (Dell Inc.)
R2 DellRctlService; c:\Dell\Sytem64Folder\DellRctlService.exe [389120 2016-05-03] () [File not signed]
R2 esifsvc; C:\Windows\SysWOW64\esif_uf.exe [1392792 2015-10-30] (Intel Corporation)
S3 fussvc; C:\Program Files (x86)\Windows Kits\8.0\App Certification Kit\fussvc.exe [139776 2012-07-25] (Microsoft Corporation) [File not signed]
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [19424 2015-11-17] (Intel Corporation)
R2 iBtSiva; C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe [171640 2016-02-27] (Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [356336 2016-06-23] (Intel Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel® Corporation)
S3 Intel® WiDi SAM; C:\Program Files (x86)\Intel Corporation\Intel WiDi\Intel® Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe [19088 2015-09-17] (Intel Corporation)
R2 IntelUSBoverIP; C:\Program Files\Intel Corporation\USB over IP\bin\UoipService.exe [395744 2015-01-14] (Intel)
S3 InvProtectSvc; C:\Program Files (x86)\Invincea\Enterprise\X64\InvProtectSvc64.exe [2672328 2014-07-30] (Invincea, Inc.)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [207648 2015-09-04] (Intel Corporation)
S3 lpasvc; C:\Program Files\Microsoft Policy Platform\policyHost.exe [50352 2015-09-25] (Microsoft Corporation)
S3 lppsvc; C:\Program Files\Microsoft Policy Platform\policyHost.exe [50352 2015-09-25] (Microsoft Corporation)
R2 MMS; C:\Program Files (x86)\Acronis\BackupAndRecovery\mms.exe [11186280 2014-08-17] (Acronis)
R2 MsDtsServer110; C:\Program Files\Microsoft SQL Server\110\DTS\Binn\MsDtsSrvr.exe [218816 2014-05-15] (Microsoft Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-06-03] (Microsoft Corporation)
R2 MSOLAP$MSSQLSERVER2012; C:\Program Files\Microsoft SQL Server\MSAS11.MSSQLSERVER2012\OLAP\bin\msmdsrv.exe [80044736 2014-05-15] (Microsoft Corporation)
R2 MSSQL$MSSQLSERVER2012; C:\Program Files\Microsoft SQL Server\MSSQL11.MSSQLSERVER2012\MSSQL\Binn\sqlservr.exe [194240 2014-05-15] (Microsoft Corporation)
R3 MSSQLFDLauncher; C:\Program Files\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\Binn\fdlauncher.exe [50368 2014-05-15] (Microsoft Corporation)
R3 MSSQLFDLauncher$MSSQLSERVER2012; C:\Program Files\Microsoft SQL Server\MSSQL11.MSSQLSERVER2012\MSSQL\Binn\fdlauncher.exe [50368 2014-05-15] (Microsoft Corporation)
R2 MSSQLSERVER; C:\Program Files\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\Binn\sqlservr.exe [194240 2014-05-15] (Microsoft Corporation)
R2 MSSQLServerOLAPService; C:\Program Files\Microsoft SQL Server\MSAS11.MSSQLSERVER\OLAP\bin\msmdsrv.exe [80044736 2014-05-15] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268192 2016-02-08] ()
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-01-18] (Hewlett-Packard) [File not signed]
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-06-03] (Microsoft Corporation)
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-01-18] (Hewlett-Packard) [File not signed]
R2 ReportServer; C:\Program Files\Microsoft SQL Server\MSRS11.MSSQLSERVER\Reporting Services\ReportServer\bin\ReportingServicesService.exe [2454720 2014-05-15] (Microsoft Corporation)
R2 ReportServer$MSSQLSERVER2012; C:\Program Files\Microsoft SQL Server\MSRS11.MSSQLSERVER2012\Reporting Services\ReportServer\bin\ReportingServicesService.exe [2454720 2014-05-15] (Microsoft Corporation)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [310016 2016-04-14] (Realtek Semiconductor)
R2 Samsvc; C:\Windows\sysnchrb\amsvc.exe [3844472 2016-10-04] ()
S3 SboxSvc; C:\Program Files (x86)\Invincea\Enterprise\Sandbox\SboxSvc.exe [173256 2014-07-30] (Invincea, Inc.)
S3 smstsmgr; C:\Windows\CCM\TSManager.exe [317624 2015-10-27] (Microsoft Corporation)
S3 SQL Server Distributed Replay Client; C:\Program Files (x86)\Microsoft SQL Server\110\Tools\DReplayClient\DReplayClient.exe [137304 2012-02-11] (Microsoft Corporation)
S3 SQL Server Distributed Replay Controller; C:\Program Files (x86)\Microsoft SQL Server\110\Tools\DReplayController\DReplayController.exe [342104 2012-02-11] (Microsoft Corporation)
S3 SQLAgent$MSSQLSERVER2012; C:\Program Files\Microsoft SQL Server\MSSQL11.MSSQLSERVER2012\MSSQL\Binn\SQLAGENT.EXE [613056 2014-05-15] (Microsoft Corporation)
S3 SQLSERVERAGENT; C:\Program Files\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\Binn\SQLAGENT.EXE [613056 2014-05-15] (Microsoft Corporation)
S3 Te.Service; C:\Program Files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe [126976 2012-07-25] (Microsoft Corporation) [File not signed]
S3 VSStandardCollectorService140; C:\Program Files (x86)\Microsoft Visual Studio 14.0\Team Tools\DiagnosticsHub\Collector\StandardCollector.Service.exe [108776 2016-09-06] (Microsoft Corporation)
R2 WavesSysSvc; C:\Program Files\Waves\MaxxAudio\WavesSysSvc64.exe [613296 2015-12-22] (Waves Audio Ltd.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2015-07-22] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3833248 2016-02-08] (Intel® Corporation)
S3 Dell.CommandPowerManager.Service; C:\Windows\system32\dllhost.exe /Processid:{C200BA2A-A16C-412F-A6C9-A910DDD4E826}
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 btmaux; C:\Windows\System32\DRIVERS\btmaux.sys [141800 2015-10-13] (Motorola Solutions, Inc.)
R3 btmhsf; C:\Windows\System32\DRIVERS\btmhsf.sys [1545704 2015-10-16] (Motorola Solutions, Inc.)
R1 cewd64f; C:\Windows\system32\Drivers\cewd64f.sys [44600 2017-01-23] () [File not signed]
R1 cewd64r; C:\Windows\system32\Drivers\cewd64r.sys [55352 2017-01-23] () [File not signed]
R3 DellRctl; C:\Windows\System32\DRIVERS\DellRctl.sys [37792 2016-04-27] ()
R3 dptf_acpi; C:\Windows\System32\DRIVERS\dptf_acpi.sys [55784 2015-10-30] (Intel Corporation)
R3 dptf_cpu; C:\Windows\System32\DRIVERS\dptf_cpu.sys [52200 2015-10-30] (Intel Corporation)
R3 e1dexpress; C:\Windows\System32\DRIVERS\e1d62x64.sys [502256 2015-10-06] (Intel Corporation)
R3 esif_lf; C:\Windows\System32\DRIVERS\esif_lf.sys [260072 2015-10-30] (Intel Corporation)
R0 iaStorF; C:\Windows\System32\drivers\iaStorF.sys [31712 2015-11-24] (Intel Corporation)
R3 ibtusb; C:\Windows\System32\DRIVERS\ibtusb.sys [306448 2016-02-20] (Intel Corporation)
R3 IntcAzAudAddService; C:\Windows\System32\drivers\RTDVHD64.sys [2677504 2016-04-14] (Realtek Semiconductor Corp.)
S3 InvProtectDrv; C:\Program Files (x86)\Invincea\Enterprise\X64\InvProtectDrv64.sys [50696 2014-07-30] (Invincea, Inc.)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [179456 2015-08-31] (Intel Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [274696 2015-02-25] (Microsoft Corporation)
R1 MpKsl49da1096; c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{5EE5B76F-EDA7-46E7-997C-198A2C3A5305}\MpKsl49da1096.sys [44928 2017-06-20] (Microsoft Corporation)
S3 NETwNs64; C:\Windows\System32\DRIVERS\Netwsw04.sys [3370248 2016-02-27] (Intel Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124560 2015-02-25] (Microsoft Corporation)
S3 prepdrvr; C:\Windows\System32\DRIVERS\prepdrv.sys [26984 2015-10-27] (Microsoft Corporation)
S4 RsFx0201; C:\Windows\System32\DRIVERS\RsFx0201.sys [337088 2014-05-15] (Microsoft Corporation)
R3 RTSPER; C:\Windows\System32\DRIVERS\RtsPer.sys [758488 2015-08-04] (Realsil Semiconductor Corporation)
S3 SboxDrv; C:\Program Files (x86)\Invincea\Enterprise\Sandbox\SboxDrv.sys [183304 2014-07-30] (Invincea, Inc.)
R3 ST_ACCEL; C:\Windows\System32\DRIVERS\ST_Accel.sys [103088 2015-07-27] (STMicroelectronics)
R0 tib; C:\Windows\System32\DRIVERS\tib.sys [1119672 2017-06-19] (Acronis)
R0 tib_mounter; C:\Windows\System32\DRIVERS\tib_mounter.sys [183224 2017-06-19] (Acronis)
R3 usb3Hub; C:\Windows\System32\DRIVERS\usb3Hub.sys [212056 2015-01-14] (Windows ® Win 7 DDK provider)
S3 vpnva; C:\Windows\System32\DRIVERS\vpnva64-6.sys [52592 2016-02-17] (Cisco Systems, Inc.)
R0 vsock; C:\Windows\System32\drivers\vsock.sys [93248 2016-09-30] (VMware, Inc.)
S3 VSPerfDrv110; C:\Program Files (x86)\Microsoft Visual Studio 11.0\Team Tools\Performance Tools\x64\VSPerfDrv110.sys [70264 2012-07-13] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
U4 npcap_wifi; no ImagePath
S1 ZAM; \??\C:\Windows\System32\drivers\zam64.sys [X]
S1 ZAM_Guard; \??\C:\Windows\System32\drivers\zamguard64.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-06-21 14:47 - 2017-06-21 14:47 - 00000000 ____D C:\FRST
2017-06-20 15:01 - 2017-06-20 15:01 - 00000000 ____D C:\testfile
2017-06-20 09:16 - 2017-06-20 09:16 - 00000180 _____ C:\Windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2017-06-20 09:12 - 2017-06-20 09:12 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Intel Corporation
2017-06-20 09:11 - 2017-06-20 09:11 - 00112728 _____ C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2017-06-20 09:11 - 2017-06-20 09:11 - 00001415 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2017-06-20 09:11 - 2017-06-20 09:11 - 00000020 ___SH C:\Users\Administrator\ntuser.ini
2017-06-20 09:11 - 2017-06-20 09:11 - 00000000 _SHDL C:\Users\Administrator\My Documents
2017-06-20 09:11 - 2017-06-20 09:11 - 00000000 _SHDL C:\Users\Administrator\Documents\My Videos
2017-06-20 09:11 - 2017-06-20 09:11 - 00000000 _SHDL C:\Users\Administrator\Documents\My Pictures
2017-06-20 09:11 - 2017-06-20 09:11 - 00000000 _SHDL C:\Users\Administrator\Documents\My Music
2017-06-20 09:11 - 2017-06-20 09:11 - 00000000 __SHD C:\Users\Administrator\IntelGraphicsProfiles
2017-06-20 09:11 - 2017-06-20 09:11 - 00000000 ____D C:\Users\Administrator\Documents\My Received Files
2017-06-20 09:11 - 2017-06-20 09:11 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Intel
2017-06-20 09:11 - 2017-06-20 09:11 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Apple Computer
2017-06-20 09:11 - 2017-06-20 09:11 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Adobe
2017-06-20 09:11 - 2017-06-20 09:11 - 00000000 ____D C:\Users\Administrator\AppData\Local\Google
2017-06-20 09:11 - 2017-06-20 09:11 - 00000000 ____D C:\Users\Administrator
2017-06-20 09:11 - 2016-08-26 11:06 - 00002102 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2017-06-20 09:11 - 2010-11-21 02:16 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Media Center Programs
2017-06-19 15:42 - 2017-06-19 15:42 - 01119672 _____ (Acronis) C:\Windows\system32\Drivers\tib.sys
2017-06-19 15:42 - 2017-06-19 15:42 - 00233760 _____ (Acronis) C:\Windows\system32\Drivers\snapman.sys
2017-06-19 15:42 - 2017-06-19 15:42 - 00183224 _____ (Acronis) C:\Windows\system32\Drivers\tib_mounter.sys
2017-06-19 15:42 - 2017-06-19 15:42 - 00098592 _____ (Acronis) C:\Windows\system32\Drivers\fltsrv.sys
2017-06-19 15:39 - 2017-06-20 14:00 - 00000000 ____D C:\ProgramData\Acronis
2017-06-19 15:39 - 2017-06-19 15:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acronis
2017-06-19 15:39 - 2017-06-19 15:39 - 00000020 ___SH C:\Users\Acronis Agent User\ntuser.ini
2017-06-19 15:39 - 2017-06-19 15:39 - 00000000 _SHDL C:\Users\Acronis Agent User\My Documents
2017-06-19 15:39 - 2017-06-19 15:39 - 00000000 _SHDL C:\Users\Acronis Agent User\Documents\My Videos
2017-06-19 15:39 - 2017-06-19 15:39 - 00000000 _SHDL C:\Users\Acronis Agent User\Documents\My Pictures
2017-06-19 15:39 - 2017-06-19 15:39 - 00000000 _SHDL C:\Users\Acronis Agent User\Documents\My Music
2017-06-19 15:39 - 2017-06-19 15:39 - 00000000 ____D C:\Windows\Acronis
2017-06-19 15:39 - 2017-06-19 15:39 - 00000000 ____D C:\Users\Acronis Agent User
2017-06-19 15:39 - 2017-06-19 15:39 - 00000000 ____D C:\Program Files (x86)\Acronis
2017-06-19 15:39 - 2016-08-26 11:06 - 00002102 _____ C:\Users\Acronis Agent User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2017-06-19 15:39 - 2010-11-21 02:16 - 00000000 ____D C:\Users\Acronis Agent User\AppData\Roaming\Media Center Programs
2017-06-19 15:36 - 2017-06-19 15:37 - 04991968 _____ (Acronis) C:\Windows\acroinst.exe
2017-06-19 15:06 - 2017-06-19 15:06 - 00000000 ____D C:\Users\iswar.ramamoorthy.UF-PEORIA.001\AppData\Local\ElevatedDiagnostics
2017-06-19 14:51 - 2017-06-19 14:51 - 00036754 _____ C:\ComboFix.txt
2017-06-14 09:28 - 2017-06-19 14:13 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-06-14 09:28 - 2017-06-19 14:13 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2017-06-14 09:03 - 2017-06-14 09:03 - 00000000 ____D C:\Program Files (x86)\Secunia
2017-06-14 08:30 - 2017-06-14 08:39 - 00000000 ____D C:\ProgramData\Emsisoft
2017-06-14 08:29 - 2017-06-14 08:44 - 00000000 ____D C:\Program Files\Emsisoft Anti-Malware
2017-06-14 08:17 - 2017-06-14 08:17 - 00000000 ____D C:\OneDriveTemp
2017-06-13 16:34 - 2011-06-26 01:45 - 00256000 _____ C:\Windows\PEV.exe
2017-06-13 16:34 - 2010-11-07 12:20 - 00208896 _____ C:\Windows\MBR.exe
2017-06-13 16:34 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2017-06-13 16:34 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2017-06-13 16:34 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2017-06-13 16:34 - 2000-08-30 19:00 - 00098816 _____ C:\Windows\sed.exe
2017-06-13 16:34 - 2000-08-30 19:00 - 00080412 _____ C:\Windows\grep.exe
2017-06-13 16:34 - 2000-08-30 19:00 - 00068096 _____ C:\Windows\zip.exe
2017-06-13 16:33 - 2017-06-19 14:51 - 00000000 ____D C:\Qoobox
2017-06-13 16:33 - 2017-06-13 16:33 - 05659512 ____R (Swearware) C:\Users\svcadmin\Downloads\ComboFix.exe
2017-06-13 16:32 - 2017-06-13 16:32 - 00000000 ____D C:\Users\svcadmin\AppData\Local\CrashDumps
2017-06-13 10:12 - 2017-06-20 11:18 - 00000000 ____D C:\Users\iswar.ramamoorthy.UF-PEORIA.001\Documents\ticketsystem
2017-06-13 10:05 - 2017-06-14 08:13 - 00882688 _____ C:\Users\iswar.ramamoorthy.UF-PEORIA.001\Documents\TPS2.xls
2017-06-13 09:27 - 2017-06-13 09:28 - 00000000 ____D C:\Users\iswar.ramamoorthy.UF-PEORIA.001\Downloads\ssis
2017-06-13 09:27 - 2017-06-13 09:27 - 00000000 ____D C:\Program Files (x86)\MSECache
2017-06-12 15:47 - 2017-06-12 15:47 - 00001552 _____ C:\Users\iswar.ramamoorthy.UF-PEORIA.001\Downloads\setup.log.full
2017-06-12 15:13 - 2017-06-12 15:13 - 00000000 ____D C:\Windows\pss
2017-06-12 15:01 - 2017-06-19 13:49 - 00002646 _____ C:\Users\iswar.ramamoorthy.UF-PEORIA.001\Desktop\Rkill.txt
2017-06-12 10:06 - 2017-06-12 10:06 - 00000000 ____D C:\Users\iswar.ramamoorthy.UF-PEORIA.001\Documents\Virtual Machines
2017-06-09 15:05 - 2017-06-09 15:05 - 00001503 _____ C:\DelFix.txt
2017-06-08 14:57 - 2017-06-13 09:20 - 00280915 _____ C:\Users\iswar.ramamoorthy.UF-PEORIA.001\Documents\TPS2.xlsx
2017-06-08 13:23 - 2017-06-08 13:23 - 07070840 _____ (Tim Kosse) C:\Users\iswar.ramamoorthy.UF-PEORIA.001\Downloads\FileZilla_3.26.1_win64-setup.exe
2017-06-08 08:31 - 2017-06-08 08:31 - 00000000 ____D C:\ProgramData\Sophos
2017-06-07 09:37 - 2017-06-07 13:35 - 00172561 _____ C:\Users\iswar.ramamoorthy.UF-PEORIA.001\Documents\TPS.xlsx
2017-06-07 08:23 - 2017-06-19 14:32 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2017-06-07 08:03 - 2017-06-07 09:35 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-06-06 13:59 - 2017-06-07 09:37 - 00238119 _____ C:\Windows\ZAM_Guard.krnl.trace
2017-06-06 13:59 - 2017-06-06 14:07 - 00021745 _____ C:\Windows\ZAM.krnl.trace
2017-06-06 13:52 - 2017-06-06 13:52 - 23657399 _____ C:\Users\iswar.ramamoorthy.UF-PEORIA.001\Downloads\Maintenance.7z
2017-06-06 13:11 - 2017-06-06 13:11 - 00000000 ____D C:\Users\iswar.ramamoorthy.UF-PEORIA.001\AppData\Roaming\Winsent Messenger
2017-06-06 13:10 - 2017-06-06 14:41 - 00000000 ____D C:\Program Files (x86)\Winsent Messenger
2017-06-06 13:10 - 2017-06-06 13:10 - 00000000 ____D C:\ProgramData\Winsent Messenger
2017-06-06 12:48 - 2017-06-06 12:48 - 00000000 ____D C:\ProgramData\HitmanPro
2017-06-06 12:31 - 2017-06-07 09:39 - 00000000 ____D C:\Program Files (x86)\Zemana AntiMalware
2017-06-06 12:31 - 2017-06-06 12:31 - 00000000 ____D C:\Users\iswar.ramamoorthy.UF-PEORIA.001\AppData\Local\Zemana
2017-06-02 10:30 - 2017-06-02 10:30 - 00015445 _____ C:\Users\iswar.ramamoorthy.UF-PEORIA.001\usr.txt
2017-06-01 09:43 - 2017-06-19 16:04 - 00000000 ____D C:\Users\iswar.ramamoorthy.UF-PEORIA.001\Documents\pragma
2017-05-31 16:55 - 2017-05-31 16:55 - 00150046 _____ C:\Users\iswar.ramamoorthy.UF-PEORIA.001\Desktop\Copy of TPS.xlsx
2017-05-26 15:41 - 2017-06-05 13:16 - 00000000 ____D C:\Users\iswar.ramamoorthy.UF-PEORIA.001\Downloads\Pragma Server
2017-05-26 10:53 - 2017-06-19 14:08 - 00000000 ____D C:\Users\iswar.ramamoorthy.UF-PEORIA.001\Downloads\Maintenance
2017-05-26 09:55 - 2017-05-26 09:55 - 00000000 ____D C:\Users\svcadmin\AppData\Roaming\Apple Computer
2017-05-26 09:30 - 2017-05-26 09:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Orbital Services
2017-05-26 09:30 - 2017-05-26 09:30 - 00000000 ____D C:\Program Files (x86)\OrbitalServices
2017-05-26 08:37 - 2017-05-26 08:37 - 141015434 _____ C:\Users\iswar.ramamoorthy.UF-PEORIA.001\Downloads\AdbeRdr11000_mui_Std.zip
2017-05-25 16:39 - 2017-06-19 14:44 - 01317444 _____ C:\Windows\ntbtlog.txt
2017-05-25 15:52 - 2017-05-25 15:52 - 09742760 _____ (Piriform Ltd) C:\Users\iswar.ramamoorthy.UF-PEORIA.001\Downloads\cc_setup530.exe
2017-05-25 15:49 - 2017-05-25 15:49 - 63364552 _____ (Malwarebytes ) C:\Users\iswar.ramamoorthy.UF-PEORIA.001\Downloads\mb3-setup-consumer-3.1.2.1733-1.0.122-1.0.1976.exe
2017-05-25 14:35 - 2017-05-25 14:35 - 00000000 ____D C:\Users\iswar.ramamoorthy.UF-PEORIA.001\AppData\Roaming\Microsoft FxCop
2017-05-25 13:43 - 2017-05-25 13:43 - 00082114 _____ C:\Users\iswar.ramamoorthy.UF-PEORIA.001\Downloads\nbtscan_1.5.1.tar.gz
2017-05-25 13:36 - 2017-05-25 13:36 - 00489685 _____ C:\Users\iswar.ramamoorthy.UF-PEORIA.001\Downloads\nbtscan1_5_1.zip
2017-05-25 12:48 - 2017-05-25 12:49 - 02823905 _____ C:\Users\iswar.ramamoorthy.UF-PEORIA.001\Downloads\PSTools.zip
2017-05-24 15:23 - 2017-05-24 16:16 - 00000443 _____ C:\Windows\system32\Drivers\etc\hosts.ics
2017-05-24 15:05 - 2017-05-26 09:35 - 00000000 ____D C:\Program Files\Npcap
2017-05-24 14:50 - 2017-05-24 14:52 - 00019476 _____ C:\Users\iswar.ramamoorthy.UF-PEORIA.001\names.txt
2017-05-24 14:30 - 2017-05-24 16:21 - 00000000 ____D C:\Users\iswar.ramamoorthy.UF-PEORIA.001\Documents\Maintenance
2017-05-22 15:00 - 2017-05-22 15:00 - 00000000 ____D C:\Users\iswar.ramamoorthy.UF-PEORIA.001\Documents\Heart Technologies
2017-05-22 09:21 - 2017-05-22 09:21 - 00005319 _____ C:\Users\iswar.ramamoorthy.UF-PEORIA.001\Downloads\helpdesk_unifac_com.pem
2017-05-22 08:52 - 2017-05-22 15:46 - 00000000 ____D C:\ProgramData\scre..tion_2c2536e5112611c9_0006.0001_ba9e070ec56eb92f
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-06-21 14:47 - 2017-05-02 13:19 - 00000000 __SHD C:\ProgramData\SAM
2017-06-21 13:41 - 2016-08-31 08:59 - 00023092 __RSH C:\ProgramData\ntuser.pol
2017-06-21 13:29 - 2016-08-31 08:58 - 00000128 _____ C:\Windows\system32\config\netlogon.ftl
2017-06-21 11:12 - 2016-08-31 09:04 - 00000000 ____D C:\Windows\ccmcache
2017-06-20 11:05 - 2017-03-09 11:57 - 00000000 ____D C:\Users\iswar.ramamoorthy.UF-PEORIA.001\Documents\Visual Studio 2015
2017-06-20 10:18 - 2016-12-16 13:41 - 00002012 ____H C:\Users\iswar.ramamoorthy.UF-PEORIA.001\Documents\Default.rdp
2017-06-20 09:16 - 2017-04-19 11:25 - 00017040 _____ C:\Windows\SysWOW64\CovenantEyesProxyOff.ini
2017-06-20 09:16 - 2017-04-19 11:25 - 00017040 _____ C:\Windows\system32\CovenantEyesProxyOff.ini
2017-06-20 09:11 - 2009-07-13 23:57 - 00001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2017-06-19 16:28 - 2016-12-16 14:03 - 00000000 ____D C:\Users\iswar.ramamoorthy.UF-PEORIA.001\AppData\Local\VMware
2017-06-19 16:17 - 2017-05-02 13:19 - 00000000 __SHD C:\Windows\sysnchrb
2017-06-19 15:53 - 2009-07-14 00:13 - 01216044 _____ C:\Windows\system32\PerfStringBackup.INI
2017-06-19 15:53 - 2009-07-13 23:45 - 00021088 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-06-19 15:53 - 2009-07-13 23:45 - 00021088 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-06-19 15:53 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\inf
2017-06-19 15:51 - 2016-12-16 14:03 - 00000000 ____D C:\Users\iswar.ramamoorthy.UF-PEORIA.001\AppData\Roaming\VMware
2017-06-19 15:51 - 2016-08-31 09:04 - 00000569 _____ C:\Windows\SMSCFG.ini
2017-06-19 15:50 - 2016-11-29 11:06 - 00000000 ____D C:\Users\svcadmin\AppData\Local\VMware
2017-06-19 15:49 - 2016-11-29 11:06 - 00000000 ____D C:\Users\svcadmin\AppData\Roaming\VMware
2017-06-19 15:48 - 2016-10-17 09:55 - 00000000 __SHD C:\Users\svcadmin\IntelGraphicsProfiles
2017-06-19 15:48 - 2016-08-31 10:08 - 00000000 ____D C:\ProgramData\VMware
2017-06-19 15:48 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-06-19 15:06 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system32\NDF
2017-06-19 14:51 - 2016-12-27 15:52 - 00000000 ____D C:\Users\iswar.ramamoorthy.UF-PEORIA.001\AppData\Local\Apps\2.0
2017-06-19 14:47 - 2009-07-13 21:34 - 00000215 _____ C:\Windows\system.ini
2017-06-19 14:12 - 2009-07-14 00:08 - 00032596 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2017-06-19 14:09 - 2016-12-27 13:24 - 00000000 ____D C:\Users\iswar.ramamoorthy.UF-PEORIA.001\AppData\Local\CrashDumps
2017-06-19 11:30 - 2017-05-02 13:19 - 00000542 ___SH C:\Windows\SysWOW64\syssam.dat
2017-06-14 08:23 - 2017-03-13 14:45 - 00000000 ___RD C:\Users\iswar.ramamoorthy.UF-PEORIA.001\OneDrive - United Facilities, Inc
2017-06-14 08:11 - 2016-12-20 13:01 - 00000000 ____D C:\Users\iswar.ramamoorthy.UF-PEORIA.001\Documents\SQL Server Management Studio
2017-06-12 11:26 - 2016-12-27 15:52 - 00000000 ____D C:\Users\iswar.ramamoorthy.UF-PEORIA.001\AppData\Local\Deployment
2017-06-08 13:37 - 2017-01-24 14:11 - 00000000 ____D C:\Users\iswar.ramamoorthy.UF-PEORIA.001\AppData\Roaming\FileZilla
2017-06-08 13:31 - 2017-03-15 14:17 - 00000600 _____ C:\Users\iswar.ramamoorthy.UF-PEORIA.001\AppData\Local\PUTTY.RND
2017-06-08 13:25 - 2017-04-11 12:41 - 00000000 ____D C:\Users\iswar.ramamoorthy.UF-PEORIA.001\AppData\Local\FileZilla
2017-06-08 13:23 - 2016-10-18 11:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2017-06-08 13:23 - 2016-10-18 11:28 - 00000000 ____D C:\Program Files (x86)\FileZilla FTP Client
2017-06-06 15:51 - 2017-01-05 14:21 - 00000000 ____D C:\Windows\System32\Tasks\Games
2017-06-06 13:59 - 2016-12-16 11:09 - 00000000 ____D C:\Users\iswar.ramamoorthy.UF-PEORIA.001
2017-06-06 13:55 - 2016-12-19 16:53 - 00000000 ____D C:\Users\MSSQLFDLauncher
2017-06-06 13:55 - 2016-11-30 13:24 - 00000000 ____D C:\Users\MSSQLFDLauncher$MSSQLSERVER2012
2017-06-06 13:54 - 2017-03-14 14:23 - 00000000 ____D C:\Windows\erdnt
2017-06-06 13:54 - 2016-12-19 16:54 - 00000000 ____D C:\Users\ReportServer
2017-06-06 13:54 - 2016-12-19 16:54 - 00000000 ____D C:\Users\MSSQLServerOLAPService
2017-06-06 13:54 - 2016-12-19 16:53 - 00000000 ____D C:\Users\MSSQLSERVER
2017-06-06 13:54 - 2016-12-19 16:14 - 00000000 ____D C:\Users\SQLAgent$MSSQLSERVER2012
2017-06-06 13:54 - 2016-11-30 13:25 - 00000000 ____D C:\Users\ReportServer$MSSQLSERVER2012
2017-06-06 13:54 - 2016-11-30 13:25 - 00000000 ____D C:\Users\MSOLAP$MSSQLSERVER2012
2017-06-06 13:54 - 2016-11-30 13:24 - 00000000 ____D C:\Users\MSSQL$MSSQLSERVER2012
2017-06-06 13:54 - 2016-11-30 13:24 - 00000000 ____D C:\Users\MsDtsServer110
2017-06-06 13:54 - 2016-10-18 09:47 - 00000000 ____D C:\Users\jorge.castro
2017-06-06 13:54 - 2016-10-18 08:41 - 00000000 ____D C:\Virtual Machines
2017-06-06 13:54 - 2016-10-17 10:04 - 00000000 ____D C:\Users\ed.ishmael
2017-06-06 13:54 - 2016-10-17 09:55 - 00000000 ____D C:\Users\svcadmin
2017-06-06 13:54 - 2016-08-31 09:37 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2017-06-06 13:54 - 2016-08-31 09:36 - 00000000 ____D C:\Program Files\Microsoft Security Client
2017-06-06 13:54 - 2016-08-31 09:04 - 00000000 ____D C:\Windows\CCM
2017-06-06 13:54 - 2016-08-31 09:00 - 00000000 ____D C:\Windows\ccmsetup
2017-06-06 13:54 - 2016-08-30 16:14 - 00000000 ____D C:\Users\ITuser
2017-06-06 13:54 - 2016-08-26 10:55 - 00000000 ____D C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform
2017-06-06 13:54 - 2016-08-26 10:53 - 00000000 ___HD C:\Windows\system32\WLANProfiles
2017-06-06 13:54 - 2015-07-22 15:20 - 00000000 ___SD C:\Windows\system32\GWX
2017-06-06 13:54 - 2009-07-13 22:20 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2017-06-06 13:54 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\security
2017-06-06 13:54 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\registration
2017-06-06 08:08 - 2016-11-04 16:38 - 00000000 ____D C:\Windows\system32\appmgmt
2017-05-31 21:05 - 2010-11-20 22:27 - 00565416 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2017-05-30 11:25 - 2017-01-11 11:44 - 00000000 ____D C:\Users\iswar.ramamoorthy.UF-PEORIA.001\Documents\Personal
2017-05-30 09:40 - 2016-08-31 09:52 - 00000000 ____D C:\IS
2017-05-26 09:38 - 2016-10-18 13:59 - 00000000 ____D C:\Program Files (x86)\Microsoft SDKs
2017-05-26 09:29 - 2017-02-28 10:27 - 00000000 ____D C:\Users\iswar.ramamoorthy.UF-PEORIA.001\Downloads\Kash
2017-05-25 16:31 - 2016-08-26 10:38 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2017-05-25 14:40 - 2017-03-23 11:39 - 00000000 ____D C:\Users\iswar.ramamoorthy.UF-PEORIA.001\Documents\Networking
2017-05-25 14:40 - 2017-02-13 10:45 - 00000000 ____D C:\Users\iswar.ramamoorthy.UF-PEORIA.001\Documents\Visual Studio 2012
2017-05-25 14:40 - 2016-12-16 11:13 - 00000000 ____D C:\Users\iswar.ramamoorthy.UF-PEORIA.001\Documents\Visual Studio 2010
2017-05-24 15:42 - 2017-05-04 09:53 - 00000000 ____D C:\Users\iswar.ramamoorthy.UF-PEORIA.001\AppData\Roaming\airtame-application
 
==================== Files in the root of some directories =======
 
2017-03-15 14:17 - 2017-06-08 13:31 - 0000600 _____ () C:\Users\iswar.ramamoorthy.UF-PEORIA.001\AppData\Local\PUTTY.RND
2017-02-28 12:20 - 2017-02-28 12:20 - 0000870 _____ () C:\Users\iswar.ramamoorthy.UF-PEORIA.001\AppData\Local\recently-used.xbel
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-06-12 08:07
 
==================== End of FRST.txt ============================


BC AdBot (Login to Remove)

 


#2 iswar

iswar
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:10:51 AM

Posted 21 June 2017 - 03:51 PM

I have run Zemana, Malwarebytes, JRT, CCleaner, Combofix, rKill but to no avail; my original post is in this link;

https://www.bleepingcomputer.com/forums/t/648664/browser-hijack-unwanted-homepage/

I would like to eliminate this unnecessary pop up coming up on my internet explorer browser.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 21-06-2017 01
Ran by iswar.ramamoorthy (administrator) on CORPLOANER-02 (21-06-2017 14:47:18)
Running from C:\Users\iswar.ramamoorthy.UF-PEORIA.001\Downloads\Maintenance\bleepingComputer\Next Steps
Loaded Profiles: Acronis Agent User & iswar.ramamoorthy & ReportServer$MSSQLSERVER2012 & MsDtsServer110 & MSOLAP$MSSQLSERVER2012 & MSSQL$MSSQLSERVER2012 & MSSQLFDLauncher$MSSQLSERVER2012 & MSSQLServerOLAPService & ReportServer & MSSQLFDLauncher & MSSQLSERVER (Available Profiles: ITuser & Acronis Agent User & Administrator & iswar.ramamoorthy & Jorge.Castro & ed.ishmael & svcadmin & SQLAgent$MSSQLSERVER2012 & ReportServer$MSSQLSERVER2012 & MsDtsServer110 & MSOLAP$MSSQLSERVER2012 & MSSQL$MSSQLSERVER2012 & MSSQLFDLauncher$MSSQLSERVER2012 & MSSQLServerOLAPService & ReportServer & MSSQLFDLauncher & MSSQLSERVER)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Broadcom Corporation) C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
(Broadcom Corporation) C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Agent\agent.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\HidMonitorSvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Acronis) C:\Program Files (x86)\Acronis\ARSM\arsm.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
() C:\Program Files\CE\CovenantEyesCommService.exe
(CovenantEyes) C:\Program Files\CE\CovenantEyesProxy.exe
() C:\dell\Sytem64Folder\DellRctlService.exe
(Intel Corporation) C:\Windows\SysWOW64\esif_uf.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\110\DTS\Binn\MsDtsSrvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSAS11.MSSQLSERVER2012\OLAP\bin\msmdsrv.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL11.MSSQLSERVER2012\MSSQL\Binn\sqlservr.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\Binn\sqlservr.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSAS11.MSSQLSERVER\OLAP\bin\msmdsrv.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSRS11.MSSQLSERVER\Reporting Services\ReportServer\bin\ReportingServicesService.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSRS11.MSSQLSERVER2012\Reporting Services\ReportServer\bin\ReportingServicesService.exe
(Microsoft Corporation) C:\Windows\System32\Locator.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(Waves Audio Ltd.) C:\Program Files\Waves\MaxxAudio\WavesSysSvc64.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
() C:\Program Files\CE\authServer.exe
(Intel) C:\Program Files\Intel Corporation\USB over IP\bin\UoipService.exe
(Acronis) C:\Program Files (x86)\Acronis\BackupAndRecovery\mms.exe
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\Binn\fdlauncher.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL11.MSSQLSERVER2012\MSSQL\Binn\fdlauncher.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\Binn\fdhost.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL11.MSSQLSERVER2012\MSSQL\Binn\fdhost.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(Microsoft Corporation) C:\Windows\CCM\CcmExec.exe
(Microsoft Corporation) C:\Windows\CCM\RemCtrl\CmRcService.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
() C:\Windows\sysnchrb\amsvc.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Intel Corporation) C:\Windows\temp\DPTF\esif_assist_64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
() C:\Windows\sysnchrb\swsys.exe
() C:\Windows\sysnchrb\samimpl.exe
() C:\Windows\sysnchrb\x64\samimpl64.exe
() C:\Windows\sysnchrb\samimpl.exe
() C:\Windows\sysnchrb\x64\samimpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Waves Audio Ltd.) C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
() C:\Program Files\Intel Corporation\Intel WiDi\WRU.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
() C:\Program Files\CE\CovenantEyes.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
() C:\Program Files\CE\CovenantEyesHelper.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Microsoft Corporation) C:\Windows\CCM\SCNotification.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VsHub\1.0.0.0\VsHub.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VsHub\1.0.0.0\Microsoft.VsHub.Server.HttpHost.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\devenv.exe
(Mythicsoft Ltd) C:\Program Files\Mythicsoft\Agent Ransack\AgentRansack.exe
(Microsoft Corporation) C:\Windows\System32\mstsc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\BackupAndRecovery\Common\act.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\BackupAndRecovery\Common\service_process.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [323040 2015-11-17] (Intel Corporation)
HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [736552 2015-05-29] (Alps Electric Co., Ltd.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8853248 2016-04-14] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_MAXX6] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1419008 2016-04-14] (Realtek Semiconductor)
HKLM\...\Run: [WavesSvc] => C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe [718256 2015-12-22] (Waves Audio Ltd.)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [IntelPROSet] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [4879264 2016-02-08] (Intel® Corporation)
HKLM\...\Run: [Intel® WiDi Receiver Updater] => C:\Program Files\Intel Corporation\Intel WiDi\WRU.exe [89600 2015-10-27] ()
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1332328 2015-06-03] (Microsoft Corporation)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [303928 2017-03-22] (Apple Inc.)
HKLM\...\Run: [Covenant Eyes] => C:\Program Files\CE\CovenantEyes.exe [13681560 2017-02-15] ()
HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [403688 2014-08-17] (Acronis)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [AcronisTibMounterMonitor] => C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe [1102184 2013-01-22] (Acronis)
HKLM-x32\...\Run: [BackupAndRecoveryMonitor.exe] => C:\Program Files (x86)\Acronis\BackupAndRecovery\BackupAndRecoveryMonitor.exe [1530584 2014-08-17] (Acronis)
HKLM\...\Policies\Explorer: [HideSCAHealth] 0
GroupPolicy: Restriction <======= ATTENTION
GroupPolicy\User: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog9 01 C:\Windows\SysWOW64\CovenantEyesProxy.dll [372120 2017-01-23] (CovenantEyes)
Winsock: Catalog9 02 C:\Windows\SysWOW64\CovenantEyesProxy.dll [372120 2017-01-23] (CovenantEyes)
Winsock: Catalog9 03 C:\Windows\SysWOW64\CovenantEyesProxy.dll [372120 2017-01-23] (CovenantEyes)
Winsock: Catalog9 04 C:\Windows\SysWOW64\CovenantEyesProxy.dll [372120 2017-01-23] (CovenantEyes)
Winsock: Catalog9 18 C:\Windows\SysWOW64\CovenantEyesProxy.dll [372120 2017-01-23] (CovenantEyes)
Winsock: Catalog9-x64 01 C:\Windows\system32\CovenantEyesProxy64.dll [487320 2017-01-23] (CovenantEyes)
Winsock: Catalog9-x64 02 C:\Windows\system32\CovenantEyesProxy64.dll [487320 2017-01-23] (CovenantEyes)
Winsock: Catalog9-x64 03 C:\Windows\system32\CovenantEyesProxy64.dll [487320 2017-01-23] (CovenantEyes)
Winsock: Catalog9-x64 04 C:\Windows\system32\CovenantEyesProxy64.dll [487320 2017-01-23] (CovenantEyes)
Winsock: Catalog9-x64 18 C:\Windows\system32\CovenantEyesProxy64.dll [487320 2017-01-23] (CovenantEyes)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.14
Tcpip\..\Interfaces\{00277C44-9A97-44A9-B749-B1F9F5A91EDF}: [DhcpNameServer] 192.168.0.14
Tcpip\..\Interfaces\{8A4CFDA7-5432-4DC8-BC20-888AE7907B51}: [DhcpNameServer] 192.168.0.14

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-606747145-813497703-1801674531-11638\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-606747145-813497703-1801674531-11638\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-606747145-813497703-1801674531-11638\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-606747145-813497703-1801674531-11638 -> DefaultScope {73BBEA00-1443-4ED8-AB63-8BDE3002F58D} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKU\S-1-5-21-606747145-813497703-1801674531-11638 -> {73BBEA00-1443-4ED8-AB63-8BDE3002F58D} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKU\S-1-5-21-606747145-813497703-1801674531-11638 -> {A177B729-4FA0-49F5-A935-51340D0F66BD} URL =
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2017-05-05] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_101\bin\ssv.dll [2016-08-30] (Oracle Corporation)
BHO: Covenant Eyes for Internet Explorer -> {927BD2E1-2287-49D2-AE71-95F492CE662E} -> C:\Program Files\CE\extensions\ie\x64\IEExtension.dll [2017-02-15] (Covenant Eyes)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\URLREDIR.DLL [2017-05-05] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2017-05-05] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-08-30] (Oracle Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2017-05-05] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\URLREDIR.DLL [2017-05-05] (Microsoft Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2017-05-05] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-08-30] (Oracle Corporation)
DPF: HKLM-x32 {649C29F2-1216-4653-90FF-3471EAEE432D} hxxp://192.168.0.42:7001/MagicInfo/did/net/VNCViewer/SEVncViewerAdapter.cab
DPF: HKLM-x32 {CD3A34EE-5669-4794-923B-AFCF4989A0C3} hxxp://192.168.0.42:7001/MagicInfo/did/net/uVending/AUAxUploader.cab
DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} hxxps://hearttech.webex.com/client/WBXclient-32.0.7-2/webex/ieatgpc1.cab
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-05-05] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-05-05] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-05-05] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-05-05] (Microsoft Corporation)

FireFox:
========
FF Extension: (Java Console) - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} [2016-12-16] [not signed]
FF Extension: (Java Console) - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2016-08-31] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [firefox-integrated-extension@covenanteyes.com] - C:\Program Files\CE\extensions\firefox\firefox-integrated-extension@covenanteyes.com
FF Extension: (Covenant Eyes) - C:\Program Files\CE\extensions\firefox\firefox-integrated-extension@covenanteyes.com [2017-04-19]
FF Plugin: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-08-30] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-08-30] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50906.0\npctrl.dll [2017-03-09] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MIF5BA~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-08-24] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-08-24] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.101.2 -> C:\Windows\SysWOW64\npdeployJava1.dll [2016-08-30] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-08-30] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-08-30] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2017-05-05] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50906.0\npctrl.dll [2017-03-09] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-05-05] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-01] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-01] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-04] (Adobe Systems Inc.)

Chrome:
=======
CHR Profile: C:\Users\iswar.ramamoorthy.UF-PEORIA.001\AppData\Local\Google\Chrome\User Data\Default [2017-06-21]
CHR Extension: (No Name) - C:\Users\iswar.ramamoorthy.UF-PEORIA.001\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-12-16]
CHR Extension: (No Name) - C:\Users\iswar.ramamoorthy.UF-PEORIA.001\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-12-16]
CHR Extension: (No Name) - C:\Users\iswar.ramamoorthy.UF-PEORIA.001\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-12-16]
CHR Extension: (Covenant Eyes for Google Chrome™) - C:\Users\iswar.ramamoorthy.UF-PEORIA.001\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfegkegffcbgpfmemahhkgnbkocmbain [2017-06-05]
CHR Extension: (No Name) - C:\Users\iswar.ramamoorthy.UF-PEORIA.001\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-12-16]
CHR Extension: (Revolver - Tabs) - C:\Users\iswar.ramamoorthy.UF-PEORIA.001\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlknooajieciikpedpldejhhijacnbda [2017-01-03]
CHR Extension: (No Name) - C:\Users\iswar.ramamoorthy.UF-PEORIA.001\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-12-16]
CHR Extension: (No Name) - C:\Users\iswar.ramamoorthy.UF-PEORIA.001\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-12-16]
CHR Extension: (Chrome Web Store Payments) - C:\Users\iswar.ramamoorthy.UF-PEORIA.001\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-09]
CHR Extension: (No Name) - C:\Users\iswar.ramamoorthy.UF-PEORIA.001\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-12-16]
CHR Extension: (Chrome Media Router) - C:\Users\iswar.ramamoorthy.UF-PEORIA.001\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-05-12]
CHR HKLM-x32\...\Chrome\Extension: [bfegkegffcbgpfmemahhkgnbkocmbain] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AcronisAgent; C:\Program Files (x86)\Common Files\Acronis\Agent\agent.exe [2046968 2012-12-29] (Acronis)
R2 ApHidMonitorService; C:\Program Files\DellTPad\HidMonitorSvc.exe [96000 2015-09-25] (Alps Electric Co., Ltd.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-03-17] (Apple Inc.)
R2 ARSM; C:\Program Files (x86)\Acronis\ARSM\arsm.exe [5931240 2014-08-17] (Acronis)
R2 Auth Service; C:\Program Files\CE\authServer.exe [6382488 2017-02-15] ()
R2 CcmExec; C:\Windows\CCM\CcmExec.exe [1775288 2015-10-27] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3294912 2017-05-05] (Microsoft Corporation)
R2 CmRcService; C:\Windows\CCM\RemCtrl\CmRcService.exe [672440 2015-10-27] (Microsoft Corporation)
R2 CovenantEyesCommService; C:\Program Files\CE\CovenantEyesCommService.exe [7119768 2017-02-15] ()
R2 CovenantEyesProxy; C:\Program Files\CE\CovenantEyesProxy.exe [5245336 2017-01-23] (CovenantEyes)
S3 dcpm-notify; C:\Program Files\Dell\CommandPowerManager\NotifyService.exe [94136 2016-06-02] (Dell Inc.)
S4 dcu-oobe; C:\Program Files (x86)\Dell\CommandUpdate\OobeService.exe [84408 2016-06-07] (Dell Inc.)
R2 DellRctlService; c:\Dell\Sytem64Folder\DellRctlService.exe [389120 2016-05-03] () [File not signed]
R2 esifsvc; C:\Windows\SysWOW64\esif_uf.exe [1392792 2015-10-30] (Intel Corporation)
S3 fussvc; C:\Program Files (x86)\Windows Kits\8.0\App Certification Kit\fussvc.exe [139776 2012-07-25] (Microsoft Corporation) [File not signed]
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [19424 2015-11-17] (Intel Corporation)
R2 iBtSiva; C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe [171640 2016-02-27] (Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [356336 2016-06-23] (Intel Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel® Corporation)
S3 Intel® WiDi SAM; C:\Program Files (x86)\Intel Corporation\Intel WiDi\Intel® Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe [19088 2015-09-17] (Intel Corporation)
R2 IntelUSBoverIP; C:\Program Files\Intel Corporation\USB over IP\bin\UoipService.exe [395744 2015-01-14] (Intel)
S3 InvProtectSvc; C:\Program Files (x86)\Invincea\Enterprise\X64\InvProtectSvc64.exe [2672328 2014-07-30] (Invincea, Inc.)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [207648 2015-09-04] (Intel Corporation)
S3 lpasvc; C:\Program Files\Microsoft Policy Platform\policyHost.exe [50352 2015-09-25] (Microsoft Corporation)
S3 lppsvc; C:\Program Files\Microsoft Policy Platform\policyHost.exe [50352 2015-09-25] (Microsoft Corporation)
R2 MMS; C:\Program Files (x86)\Acronis\BackupAndRecovery\mms.exe [11186280 2014-08-17] (Acronis)
R2 MsDtsServer110; C:\Program Files\Microsoft SQL Server\110\DTS\Binn\MsDtsSrvr.exe [218816 2014-05-15] (Microsoft Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-06-03] (Microsoft Corporation)
R2 MSOLAP$MSSQLSERVER2012; C:\Program Files\Microsoft SQL Server\MSAS11.MSSQLSERVER2012\OLAP\bin\msmdsrv.exe [80044736 2014-05-15] (Microsoft Corporation)
R2 MSSQL$MSSQLSERVER2012; C:\Program Files\Microsoft SQL Server\MSSQL11.MSSQLSERVER2012\MSSQL\Binn\sqlservr.exe [194240 2014-05-15] (Microsoft Corporation)
R3 MSSQLFDLauncher; C:\Program Files\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\Binn\fdlauncher.exe [50368 2014-05-15] (Microsoft Corporation)
R3 MSSQLFDLauncher$MSSQLSERVER2012; C:\Program Files\Microsoft SQL Server\MSSQL11.MSSQLSERVER2012\MSSQL\Binn\fdlauncher.exe [50368 2014-05-15] (Microsoft Corporation)
R2 MSSQLSERVER; C:\Program Files\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\Binn\sqlservr.exe [194240 2014-05-15] (Microsoft Corporation)
R2 MSSQLServerOLAPService; C:\Program Files\Microsoft SQL Server\MSAS11.MSSQLSERVER\OLAP\bin\msmdsrv.exe [80044736 2014-05-15] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268192 2016-02-08] ()
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-01-18] (Hewlett-Packard) [File not signed]
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-06-03] (Microsoft Corporation)
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-01-18] (Hewlett-Packard) [File not signed]
R2 ReportServer; C:\Program Files\Microsoft SQL Server\MSRS11.MSSQLSERVER\Reporting Services\ReportServer\bin\ReportingServicesService.exe [2454720 2014-05-15] (Microsoft Corporation)
R2 ReportServer$MSSQLSERVER2012; C:\Program Files\Microsoft SQL Server\MSRS11.MSSQLSERVER2012\Reporting Services\ReportServer\bin\ReportingServicesService.exe [2454720 2014-05-15] (Microsoft Corporation)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [310016 2016-04-14] (Realtek Semiconductor)
R2 Samsvc; C:\Windows\sysnchrb\amsvc.exe [3844472 2016-10-04] ()
S3 SboxSvc; C:\Program Files (x86)\Invincea\Enterprise\Sandbox\SboxSvc.exe [173256 2014-07-30] (Invincea, Inc.)
S3 smstsmgr; C:\Windows\CCM\TSManager.exe [317624 2015-10-27] (Microsoft Corporation)
S3 SQL Server Distributed Replay Client; C:\Program Files (x86)\Microsoft SQL Server\110\Tools\DReplayClient\DReplayClient.exe [137304 2012-02-11] (Microsoft Corporation)
S3 SQL Server Distributed Replay Controller; C:\Program Files (x86)\Microsoft SQL Server\110\Tools\DReplayController\DReplayController.exe [342104 2012-02-11] (Microsoft Corporation)
S3 SQLAgent$MSSQLSERVER2012; C:\Program Files\Microsoft SQL Server\MSSQL11.MSSQLSERVER2012\MSSQL\Binn\SQLAGENT.EXE [613056 2014-05-15] (Microsoft Corporation)
S3 SQLSERVERAGENT; C:\Program Files\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\Binn\SQLAGENT.EXE [613056 2014-05-15] (Microsoft Corporation)
S3 Te.Service; C:\Program Files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe [126976 2012-07-25] (Microsoft Corporation) [File not signed]
S3 VSStandardCollectorService140; C:\Program Files (x86)\Microsoft Visual Studio 14.0\Team Tools\DiagnosticsHub\Collector\StandardCollector.Service.exe [108776 2016-09-06] (Microsoft Corporation)
R2 WavesSysSvc; C:\Program Files\Waves\MaxxAudio\WavesSysSvc64.exe [613296 2015-12-22] (Waves Audio Ltd.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2015-07-22] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3833248 2016-02-08] (Intel® Corporation)
S3 Dell.CommandPowerManager.Service; C:\Windows\system32\dllhost.exe /Processid:{C200BA2A-A16C-412F-A6C9-A910DDD4E826}

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 btmaux; C:\Windows\System32\DRIVERS\btmaux.sys [141800 2015-10-13] (Motorola Solutions, Inc.)
R3 btmhsf; C:\Windows\System32\DRIVERS\btmhsf.sys [1545704 2015-10-16] (Motorola Solutions, Inc.)
R1 cewd64f; C:\Windows\system32\Drivers\cewd64f.sys [44600 2017-01-23] () [File not signed]
R1 cewd64r; C:\Windows\system32\Drivers\cewd64r.sys [55352 2017-01-23] () [File not signed]
R3 DellRctl; C:\Windows\System32\DRIVERS\DellRctl.sys [37792 2016-04-27] ()
R3 dptf_acpi; C:\Windows\System32\DRIVERS\dptf_acpi.sys [55784 2015-10-30] (Intel Corporation)
R3 dptf_cpu; C:\Windows\System32\DRIVERS\dptf_cpu.sys [52200 2015-10-30] (Intel Corporation)
R3 e1dexpress; C:\Windows\System32\DRIVERS\e1d62x64.sys [502256 2015-10-06] (Intel Corporation)
R3 esif_lf; C:\Windows\System32\DRIVERS\esif_lf.sys [260072 2015-10-30] (Intel Corporation)
R0 iaStorF; C:\Windows\System32\drivers\iaStorF.sys [31712 2015-11-24] (Intel Corporation)
R3 ibtusb; C:\Windows\System32\DRIVERS\ibtusb.sys [306448 2016-02-20] (Intel Corporation)
R3 IntcAzAudAddService; C:\Windows\System32\drivers\RTDVHD64.sys [2677504 2016-04-14] (Realtek Semiconductor Corp.)
S3 InvProtectDrv; C:\Program Files (x86)\Invincea\Enterprise\X64\InvProtectDrv64.sys [50696 2014-07-30] (Invincea, Inc.)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [179456 2015-08-31] (Intel Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [274696 2015-02-25] (Microsoft Corporation)
R1 MpKsl49da1096; c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{5EE5B76F-EDA7-46E7-997C-198A2C3A5305}\MpKsl49da1096.sys [44928 2017-06-20] (Microsoft Corporation)
S3 NETwNs64; C:\Windows\System32\DRIVERS\Netwsw04.sys [3370248 2016-02-27] (Intel Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124560 2015-02-25] (Microsoft Corporation)
S3 prepdrvr; C:\Windows\System32\DRIVERS\prepdrv.sys [26984 2015-10-27] (Microsoft Corporation)
S4 RsFx0201; C:\Windows\System32\DRIVERS\RsFx0201.sys [337088 2014-05-15] (Microsoft Corporation)
R3 RTSPER; C:\Windows\System32\DRIVERS\RtsPer.sys [758488 2015-08-04] (Realsil Semiconductor Corporation)
S3 SboxDrv; C:\Program Files (x86)\Invincea\Enterprise\Sandbox\SboxDrv.sys [183304 2014-07-30] (Invincea, Inc.)
R3 ST_ACCEL; C:\Windows\System32\DRIVERS\ST_Accel.sys [103088 2015-07-27] (STMicroelectronics)
R0 tib; C:\Windows\System32\DRIVERS\tib.sys [1119672 2017-06-19] (Acronis)
R0 tib_mounter; C:\Windows\System32\DRIVERS\tib_mounter.sys [183224 2017-06-19] (Acronis)
R3 usb3Hub; C:\Windows\System32\DRIVERS\usb3Hub.sys [212056 2015-01-14] (Windows ® Win 7 DDK provider)
S3 vpnva; C:\Windows\System32\DRIVERS\vpnva64-6.sys [52592 2016-02-17] (Cisco Systems, Inc.)
R0 vsock; C:\Windows\System32\drivers\vsock.sys [93248 2016-09-30] (VMware, Inc.)
S3 VSPerfDrv110; C:\Program Files (x86)\Microsoft Visual Studio 11.0\Team Tools\Performance Tools\x64\VSPerfDrv110.sys [70264 2012-07-13] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
U4 npcap_wifi; no ImagePath
S1 ZAM; \??\C:\Windows\System32\drivers\zam64.sys [X]
S1 ZAM_Guard; \??\C:\Windows\System32\drivers\zamguard64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-06-21 14:47 - 2017-06-21 14:47 - 00000000 ____D C:\FRST
2017-06-20 15:01 - 2017-06-20 15:01 - 00000000 ____D C:\testfile
2017-06-20 09:16 - 2017-06-20 09:16 - 00000180 _____ C:\Windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2017-06-20 09:12 - 2017-06-20 09:12 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Intel Corporation
2017-06-20 09:11 - 2017-06-20 09:11 - 00112728 _____ C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2017-06-20 09:11 - 2017-06-20 09:11 - 00001415 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2017-06-20 09:11 - 2017-06-20 09:11 - 00000020 ___SH C:\Users\Administrator\ntuser.ini
2017-06-20 09:11 - 2017-06-20 09:11 - 00000000 _SHDL C:\Users\Administrator\My Documents
2017-06-20 09:11 - 2017-06-20 09:11 - 00000000 _SHDL C:\Users\Administrator\Documents\My Videos
2017-06-20 09:11 - 2017-06-20 09:11 - 00000000 _SHDL C:\Users\Administrator\Documents\My Pictures
2017-06-20 09:11 - 2017-06-20 09:11 - 00000000 _SHDL C:\Users\Administrator\Documents\My Music
2017-06-20 09:11 - 2017-06-20 09:11 - 00000000 __SHD C:\Users\Administrator\IntelGraphicsProfiles
2017-06-20 09:11 - 2017-06-20 09:11 - 00000000 ____D C:\Users\Administrator\Documents\My Received Files
2017-06-20 09:11 - 2017-06-20 09:11 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Intel
2017-06-20 09:11 - 2017-06-20 09:11 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Apple Computer
2017-06-20 09:11 - 2017-06-20 09:11 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Adobe
2017-06-20 09:11 - 2017-06-20 09:11 - 00000000 ____D C:\Users\Administrator\AppData\Local\Google
2017-06-20 09:11 - 2017-06-20 09:11 - 00000000 ____D C:\Users\Administrator
2017-06-20 09:11 - 2016-08-26 11:06 - 00002102 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2017-06-20 09:11 - 2010-11-21 02:16 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Media Center Programs
2017-06-19 15:42 - 2017-06-19 15:42 - 01119672 _____ (Acronis) C:\Windows\system32\Drivers\tib.sys
2017-06-19 15:42 - 2017-06-19 15:42 - 00233760 _____ (Acronis) C:\Windows\system32\Drivers\snapman.sys
2017-06-19 15:42 - 2017-06-19 15:42 - 00183224 _____ (Acronis) C:\Windows\system32\Drivers\tib_mounter.sys
2017-06-19 15:42 - 2017-06-19 15:42 - 00098592 _____ (Acronis) C:\Windows\system32\Drivers\fltsrv.sys
2017-06-19 15:39 - 2017-06-20 14:00 - 00000000 ____D C:\ProgramData\Acronis
2017-06-19 15:39 - 2017-06-19 15:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acronis
2017-06-19 15:39 - 2017-06-19 15:39 - 00000020 ___SH C:\Users\Acronis Agent User\ntuser.ini
2017-06-19 15:39 - 2017-06-19 15:39 - 00000000 _SHDL C:\Users\Acronis Agent User\My Documents
2017-06-19 15:39 - 2017-06-19 15:39 - 00000000 _SHDL C:\Users\Acronis Agent User\Documents\My Videos
2017-06-19 15:39 - 2017-06-19 15:39 - 00000000 _SHDL C:\Users\Acronis Agent User\Documents\My Pictures
2017-06-19 15:39 - 2017-06-19 15:39 - 00000000 _SHDL C:\Users\Acronis Agent User\Documents\My Music
2017-06-19 15:39 - 2017-06-19 15:39 - 00000000 ____D C:\Windows\Acronis
2017-06-19 15:39 - 2017-06-19 15:39 - 00000000 ____D C:\Users\Acronis Agent User
2017-06-19 15:39 - 2017-06-19 15:39 - 00000000 ____D C:\Program Files (x86)\Acronis
2017-06-19 15:39 - 2016-08-26 11:06 - 00002102 _____ C:\Users\Acronis Agent User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2017-06-19 15:39 - 2010-11-21 02:16 - 00000000 ____D C:\Users\Acronis Agent User\AppData\Roaming\Media Center Programs
2017-06-19 15:36 - 2017-06-19 15:37 - 04991968 _____ (Acronis) C:\Windows\acroinst.exe
2017-06-19 15:06 - 2017-06-19 15:06 - 00000000 ____D C:\Users\iswar.ramamoorthy.UF-PEORIA.001\AppData\Local\ElevatedDiagnostics
2017-06-19 14:51 - 2017-06-19 14:51 - 00036754 _____ C:\ComboFix.txt
2017-06-14 09:28 - 2017-06-19 14:13 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-06-14 09:28 - 2017-06-19 14:13 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2017-06-14 09:03 - 2017-06-14 09:03 - 00000000 ____D C:\Program Files (x86)\Secunia
2017-06-14 08:30 - 2017-06-14 08:39 - 00000000 ____D C:\ProgramData\Emsisoft
2017-06-14 08:29 - 2017-06-14 08:44 - 00000000 ____D C:\Program Files\Emsisoft Anti-Malware
2017-06-14 08:17 - 2017-06-14 08:17 - 00000000 ____D C:\OneDriveTemp
2017-06-13 16:34 - 2011-06-26 01:45 - 00256000 _____ C:\Windows\PEV.exe
2017-06-13 16:34 - 2010-11-07 12:20 - 00208896 _____ C:\Windows\MBR.exe
2017-06-13 16:34 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2017-06-13 16:34 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2017-06-13 16:34 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2017-06-13 16:34 - 2000-08-30 19:00 - 00098816 _____ C:\Windows\sed.exe
2017-06-13 16:34 - 2000-08-30 19:00 - 00080412 _____ C:\Windows\grep.exe
2017-06-13 16:34 - 2000-08-30 19:00 - 00068096 _____ C:\Windows\zip.exe
2017-06-13 16:33 - 2017-06-19 14:51 - 00000000 ____D C:\Qoobox
2017-06-13 16:33 - 2017-06-13 16:33 - 05659512 ____R (Swearware) C:\Users\svcadmin\Downloads\ComboFix.exe
2017-06-13 16:32 - 2017-06-13 16:32 - 00000000 ____D C:\Users\svcadmin\AppData\Local\CrashDumps
2017-06-13 10:12 - 2017-06-20 11:18 - 00000000 ____D C:\Users\iswar.ramamoorthy.UF-PEORIA.001\Documents\ticketsystem
2017-06-13 10:05 - 2017-06-14 08:13 - 00882688 _____ C:\Users\iswar.ramamoorthy.UF-PEORIA.001\Documents\TPS2.xls
2017-06-13 09:27 - 2017-06-13 09:28 - 00000000 ____D C:\Users\iswar.ramamoorthy.UF-PEORIA.001\Downloads\ssis
2017-06-13 09:27 - 2017-06-13 09:27 - 00000000 ____D C:\Program Files (x86)\MSECache
2017-06-12 15:47 - 2017-06-12 15:47 - 00001552 _____ C:\Users\iswar.ramamoorthy.UF-PEORIA.001\Downloads\setup.log.full
2017-06-12 15:13 - 2017-06-12 15:13 - 00000000 ____D C:\Windows\pss
2017-06-12 15:01 - 2017-06-19 13:49 - 00002646 _____ C:\Users\iswar.ramamoorthy.UF-PEORIA.001\Desktop\Rkill.txt
2017-06-12 10:06 - 2017-06-12 10:06 - 00000000 ____D C:\Users\iswar.ramamoorthy.UF-PEORIA.001\Documents\Virtual Machines
2017-06-09 15:05 - 2017-06-09 15:05 - 00001503 _____ C:\DelFix.txt
2017-06-08 14:57 - 2017-06-13 09:20 - 00280915 _____ C:\Users\iswar.ramamoorthy.UF-PEORIA.001\Documents\TPS2.xlsx
2017-06-08 13:23 - 2017-06-08 13:23 - 07070840 _____ (Tim Kosse) C:\Users\iswar.ramamoorthy.UF-PEORIA.001\Downloads\FileZilla_3.26.1_win64-setup.exe
2017-06-08 08:31 - 2017-06-08 08:31 - 00000000 ____D C:\ProgramData\Sophos
2017-06-07 09:37 - 2017-06-07 13:35 - 00172561 _____ C:\Users\iswar.ramamoorthy.UF-PEORIA.001\Documents\TPS.xlsx
2017-06-07 08:23 - 2017-06-19 14:32 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2017-06-07 08:03 - 2017-06-07 09:35 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-06-06 13:59 - 2017-06-07 09:37 - 00238119 _____ C:\Windows\ZAM_Guard.krnl.trace
2017-06-06 13:59 - 2017-06-06 14:07 - 00021745 _____ C:\Windows\ZAM.krnl.trace
2017-06-06 13:52 - 2017-06-06 13:52 - 23657399 _____ C:\Users\iswar.ramamoorthy.UF-PEORIA.001\Downloads\Maintenance.7z
2017-06-06 13:11 - 2017-06-06 13:11 - 00000000 ____D C:\Users\iswar.ramamoorthy.UF-PEORIA.001\AppData\Roaming\Winsent Messenger
2017-06-06 13:10 - 2017-06-06 14:41 - 00000000 ____D C:\Program Files (x86)\Winsent Messenger
2017-06-06 13:10 - 2017-06-06 13:10 - 00000000 ____D C:\ProgramData\Winsent Messenger
2017-06-06 12:48 - 2017-06-06 12:48 - 00000000 ____D C:\ProgramData\HitmanPro
2017-06-06 12:31 - 2017-06-07 09:39 - 00000000 ____D C:\Program Files (x86)\Zemana AntiMalware
2017-06-06 12:31 - 2017-06-06 12:31 - 00000000 ____D C:\Users\iswar.ramamoorthy.UF-PEORIA.001\AppData\Local\Zemana
2017-06-02 10:30 - 2017-06-02 10:30 - 00015445 _____ C:\Users\iswar.ramamoorthy.UF-PEORIA.001\usr.txt
2017-06-01 09:43 - 2017-06-19 16:04 - 00000000 ____D C:\Users\iswar.ramamoorthy.UF-PEORIA.001\Documents\pragma
2017-05-31 16:55 - 2017-05-31 16:55 - 00150046 _____ C:\Users\iswar.ramamoorthy.UF-PEORIA.001\Desktop\Copy of TPS.xlsx
2017-05-26 15:41 - 2017-06-05 13:16 - 00000000 ____D C:\Users\iswar.ramamoorthy.UF-PEORIA.001\Downloads\Pragma Server
2017-05-26 10:53 - 2017-06-19 14:08 - 00000000 ____D C:\Users\iswar.ramamoorthy.UF-PEORIA.001\Downloads\Maintenance
2017-05-26 09:55 - 2017-05-26 09:55 - 00000000 ____D C:\Users\svcadmin\AppData\Roaming\Apple Computer
2017-05-26 09:30 - 2017-05-26 09:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Orbital Services
2017-05-26 09:30 - 2017-05-26 09:30 - 00000000 ____D C:\Program Files (x86)\OrbitalServices
2017-05-26 08:37 - 2017-05-26 08:37 - 141015434 _____ C:\Users\iswar.ramamoorthy.UF-PEORIA.001\Downloads\AdbeRdr11000_mui_Std.zip
2017-05-25 16:39 - 2017-06-19 14:44 - 01317444 _____ C:\Windows\ntbtlog.txt
2017-05-25 15:52 - 2017-05-25 15:52 - 09742760 _____ (Piriform Ltd) C:\Users\iswar.ramamoorthy.UF-PEORIA.001\Downloads\cc_setup530.exe
2017-05-25 15:49 - 2017-05-25 15:49 - 63364552 _____ (Malwarebytes ) C:\Users\iswar.ramamoorthy.UF-PEORIA.001\Downloads\mb3-setup-consumer-3.1.2.1733-1.0.122-1.0.1976.exe
2017-05-25 14:35 - 2017-05-25 14:35 - 00000000 ____D C:\Users\iswar.ramamoorthy.UF-PEORIA.001\AppData\Roaming\Microsoft FxCop
2017-05-25 13:43 - 2017-05-25 13:43 - 00082114 _____ C:\Users\iswar.ramamoorthy.UF-PEORIA.001\Downloads\nbtscan_1.5.1.tar.gz
2017-05-25 13:36 - 2017-05-25 13:36 - 00489685 _____ C:\Users\iswar.ramamoorthy.UF-PEORIA.001\Downloads\nbtscan1_5_1.zip
2017-05-25 12:48 - 2017-05-25 12:49 - 02823905 _____ C:\Users\iswar.ramamoorthy.UF-PEORIA.001\Downloads\PSTools.zip
2017-05-24 15:23 - 2017-05-24 16:16 - 00000443 _____ C:\Windows\system32\Drivers\etc\hosts.ics
2017-05-24 15:05 - 2017-05-26 09:35 - 00000000 ____D C:\Program Files\Npcap
2017-05-24 14:50 - 2017-05-24 14:52 - 00019476 _____ C:\Users\iswar.ramamoorthy.UF-PEORIA.001\names.txt
2017-05-24 14:30 - 2017-05-24 16:21 - 00000000 ____D C:\Users\iswar.ramamoorthy.UF-PEORIA.001\Documents\Maintenance
2017-05-22 15:00 - 2017-05-22 15:00 - 00000000 ____D C:\Users\iswar.ramamoorthy.UF-PEORIA.001\Documents\Heart Technologies
2017-05-22 09:21 - 2017-05-22 09:21 - 00005319 _____ C:\Users\iswar.ramamoorthy.UF-PEORIA.001\Downloads\helpdesk_unifac_com.pem
2017-05-22 08:52 - 2017-05-22 15:46 - 00000000 ____D C:\ProgramData\scre..tion_2c2536e5112611c9_0006.0001_ba9e070ec56eb92f

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-06-21 14:47 - 2017-05-02 13:19 - 00000000 __SHD C:\ProgramData\SAM
2017-06-21 13:41 - 2016-08-31 08:59 - 00023092 __RSH C:\ProgramData\ntuser.pol
2017-06-21 13:29 - 2016-08-31 08:58 - 00000128 _____ C:\Windows\system32\config\netlogon.ftl
2017-06-21 11:12 - 2016-08-31 09:04 - 00000000 ____D C:\Windows\ccmcache
2017-06-20 11:05 - 2017-03-09 11:57 - 00000000 ____D C:\Users\iswar.ramamoorthy.UF-PEORIA.001\Documents\Visual Studio 2015
2017-06-20 10:18 - 2016-12-16 13:41 - 00002012 ____H C:\Users\iswar.ramamoorthy.UF-PEORIA.001\Documents\Default.rdp
2017-06-20 09:16 - 2017-04-19 11:25 - 00017040 _____ C:\Windows\SysWOW64\CovenantEyesProxyOff.ini
2017-06-20 09:16 - 2017-04-19 11:25 - 00017040 _____ C:\Windows\system32\CovenantEyesProxyOff.ini
2017-06-20 09:11 - 2009-07-13 23:57 - 00001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2017-06-19 16:28 - 2016-12-16 14:03 - 00000000 ____D C:\Users\iswar.ramamoorthy.UF-PEORIA.001\AppData\Local\VMware
2017-06-19 16:17 - 2017-05-02 13:19 - 00000000 __SHD C:\Windows\sysnchrb
2017-06-19 15:53 - 2009-07-14 00:13 - 01216044 _____ C:\Windows\system32\PerfStringBackup.INI
2017-06-19 15:53 - 2009-07-13 23:45 - 00021088 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-06-19 15:53 - 2009-07-13 23:45 - 00021088 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-06-19 15:53 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\inf
2017-06-19 15:51 - 2016-12-16 14:03 - 00000000 ____D C:\Users\iswar.ramamoorthy.UF-PEORIA.001\AppData\Roaming\VMware
2017-06-19 15:51 - 2016-08-31 09:04 - 00000569 _____ C:\Windows\SMSCFG.ini
2017-06-19 15:50 - 2016-11-29 11:06 - 00000000 ____D C:\Users\svcadmin\AppData\Local\VMware
2017-06-19 15:49 - 2016-11-29 11:06 - 00000000 ____D C:\Users\svcadmin\AppData\Roaming\VMware
2017-06-19 15:48 - 2016-10-17 09:55 - 00000000 __SHD C:\Users\svcadmin\IntelGraphicsProfiles
2017-06-19 15:48 - 2016-08-31 10:08 - 00000000 ____D C:\ProgramData\VMware
2017-06-19 15:48 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-06-19 15:06 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system32\NDF
2017-06-19 14:51 - 2016-12-27 15:52 - 00000000 ____D C:\Users\iswar.ramamoorthy.UF-PEORIA.001\AppData\Local\Apps\2.0
2017-06-19 14:47 - 2009-07-13 21:34 - 00000215 _____ C:\Windows\system.ini
2017-06-19 14:12 - 2009-07-14 00:08 - 00032596 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2017-06-19 14:09 - 2016-12-27 13:24 - 00000000 ____D C:\Users\iswar.ramamoorthy.UF-PEORIA.001\AppData\Local\CrashDumps
2017-06-19 11:30 - 2017-05-02 13:19 - 00000542 ___SH C:\Windows\SysWOW64\syssam.dat
2017-06-14 08:23 - 2017-03-13 14:45 - 00000000 ___RD C:\Users\iswar.ramamoorthy.UF-PEORIA.001\OneDrive - United Facilities, Inc
2017-06-14 08:11 - 2016-12-20 13:01 - 00000000 ____D C:\Users\iswar.ramamoorthy.UF-PEORIA.001\Documents\SQL Server Management Studio
2017-06-12 11:26 - 2016-12-27 15:52 - 00000000 ____D C:\Users\iswar.ramamoorthy.UF-PEORIA.001\AppData\Local\Deployment
2017-06-08 13:37 - 2017-01-24 14:11 - 00000000 ____D C:\Users\iswar.ramamoorthy.UF-PEORIA.001\AppData\Roaming\FileZilla
2017-06-08 13:31 - 2017-03-15 14:17 - 00000600 _____ C:\Users\iswar.ramamoorthy.UF-PEORIA.001\AppData\Local\PUTTY.RND
2017-06-08 13:25 - 2017-04-11 12:41 - 00000000 ____D C:\Users\iswar.ramamoorthy.UF-PEORIA.001\AppData\Local\FileZilla
2017-06-08 13:23 - 2016-10-18 11:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2017-06-08 13:23 - 2016-10-18 11:28 - 00000000 ____D C:\Program Files (x86)\FileZilla FTP Client
2017-06-06 15:51 - 2017-01-05 14:21 - 00000000 ____D C:\Windows\System32\Tasks\Games
2017-06-06 13:59 - 2016-12-16 11:09 - 00000000 ____D C:\Users\iswar.ramamoorthy.UF-PEORIA.001
2017-06-06 13:55 - 2016-12-19 16:53 - 00000000 ____D C:\Users\MSSQLFDLauncher
2017-06-06 13:55 - 2016-11-30 13:24 - 00000000 ____D C:\Users\MSSQLFDLauncher$MSSQLSERVER2012
2017-06-06 13:54 - 2017-03-14 14:23 - 00000000 ____D C:\Windows\erdnt
2017-06-06 13:54 - 2016-12-19 16:54 - 00000000 ____D C:\Users\ReportServer
2017-06-06 13:54 - 2016-12-19 16:54 - 00000000 ____D C:\Users\MSSQLServerOLAPService
2017-06-06 13:54 - 2016-12-19 16:53 - 00000000 ____D C:\Users\MSSQLSERVER
2017-06-06 13:54 - 2016-12-19 16:14 - 00000000 ____D C:\Users\SQLAgent$MSSQLSERVER2012
2017-06-06 13:54 - 2016-11-30 13:25 - 00000000 ____D C:\Users\ReportServer$MSSQLSERVER2012
2017-06-06 13:54 - 2016-11-30 13:25 - 00000000 ____D C:\Users\MSOLAP$MSSQLSERVER2012
2017-06-06 13:54 - 2016-11-30 13:24 - 00000000 ____D C:\Users\MSSQL$MSSQLSERVER2012
2017-06-06 13:54 - 2016-11-30 13:24 - 00000000 ____D C:\Users\MsDtsServer110
2017-06-06 13:54 - 2016-10-18 09:47 - 00000000 ____D C:\Users\jorge.castro
2017-06-06 13:54 - 2016-10-18 08:41 - 00000000 ____D C:\Virtual Machines
2017-06-06 13:54 - 2016-10-17 10:04 - 00000000 ____D C:\Users\ed.ishmael
2017-06-06 13:54 - 2016-10-17 09:55 - 00000000 ____D C:\Users\svcadmin
2017-06-06 13:54 - 2016-08-31 09:37 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2017-06-06 13:54 - 2016-08-31 09:36 - 00000000 ____D C:\Program Files\Microsoft Security Client
2017-06-06 13:54 - 2016-08-31 09:04 - 00000000 ____D C:\Windows\CCM
2017-06-06 13:54 - 2016-08-31 09:00 - 00000000 ____D C:\Windows\ccmsetup
2017-06-06 13:54 - 2016-08-30 16:14 - 00000000 ____D C:\Users\ITuser
2017-06-06 13:54 - 2016-08-26 10:55 - 00000000 ____D C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform
2017-06-06 13:54 - 2016-08-26 10:53 - 00000000 ___HD C:\Windows\system32\WLANProfiles
2017-06-06 13:54 - 2015-07-22 15:20 - 00000000 ___SD C:\Windows\system32\GWX
2017-06-06 13:54 - 2009-07-13 22:20 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2017-06-06 13:54 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\security
2017-06-06 13:54 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\registration
2017-06-06 08:08 - 2016-11-04 16:38 - 00000000 ____D C:\Windows\system32\appmgmt
2017-05-31 21:05 - 2010-11-20 22:27 - 00565416 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2017-05-30 11:25 - 2017-01-11 11:44 - 00000000 ____D C:\Users\iswar.ramamoorthy.UF-PEORIA.001\Documents\Personal
2017-05-30 09:40 - 2016-08-31 09:52 - 00000000 ____D C:\IS
2017-05-26 09:38 - 2016-10-18 13:59 - 00000000 ____D C:\Program Files (x86)\Microsoft SDKs
2017-05-26 09:29 - 2017-02-28 10:27 - 00000000 ____D C:\Users\iswar.ramamoorthy.UF-PEORIA.001\Downloads\Kash
2017-05-25 16:31 - 2016-08-26 10:38 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2017-05-25 14:40 - 2017-03-23 11:39 - 00000000 ____D C:\Users\iswar.ramamoorthy.UF-PEORIA.001\Documents\Networking
2017-05-25 14:40 - 2017-02-13 10:45 - 00000000 ____D C:\Users\iswar.ramamoorthy.UF-PEORIA.001\Documents\Visual Studio 2012
2017-05-25 14:40 - 2016-12-16 11:13 - 00000000 ____D C:\Users\iswar.ramamoorthy.UF-PEORIA.001\Documents\Visual Studio 2010
2017-05-24 15:42 - 2017-05-04 09:53 - 00000000 ____D C:\Users\iswar.ramamoorthy.UF-PEORIA.001\AppData\Roaming\airtame-application

==================== Files in the root of some directories =======

2017-03-15 14:17 - 2017-06-08 13:31 - 0000600 _____ () C:\Users\iswar.ramamoorthy.UF-PEORIA.001\AppData\Local\PUTTY.RND
2017-02-28 12:20 - 2017-02-28 12:20 - 0000870 _____ () C:\Users\iswar.ramamoorthy.UF-PEORIA.001\AppData\Local\recently-used.xbel

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-06-12 08:07

==================== End of FRST.txt ============================

 

 

Attached Files



#3 nasdaq

nasdaq

  • Malware Response Team
  • 40,238 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:51 AM

Posted 22 June 2017 - 08:22 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

This protection should always be updated
AV: System Center Endpoint Protection (Enabled - Out of date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.

Please copy the entire contents of the code box below to a new file.
 
Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKLM-x32\...\Run: [] => [X]
GroupPolicy: Restriction <======= ATTENTION
GroupPolicy\User: Restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-606747145-813497703-1801674531-11638\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
FF Extension: (Java Console) - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} [2016-12-16] [not signed]
FF Extension: (Java Console) - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2016-08-31] [not signed]
CHR Extension: (Chrome Web Store Payments) - C:\Users\iswar.ramamoorthy.UF-PEORIA.001\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-09]
CHR Extension: (Chrome Media Router) - C:\Users\iswar.ramamoorthy.UF-PEORIA.001\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-05-12]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
U4 npcap_wifi; no ImagePath
S1 ZAM; \??\C:\Windows\System32\drivers\zam64.sys [X]
S1 ZAM_Guard; \??\C:\Windows\System32\drivers\zamguard64.sys [X]
AlternateDataStreams: C:\Windows\SysWOW64\MSIHANDLE:1020 [0]
AlternateDataStreams: C:\Windows\SysWOW64\MSIHANDLE:1071 [0]
AlternateDataStreams: C:\Windows\SysWOW64\MSIHANDLE:1169 [0]

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
---

Reset the browsers that you use and have been compromised.

How To:
https://www.howtogeek.com/171924/how-to-reset-your-web-browser-to-its-default-settings/
===

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.

You can manually check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

Be careful not to install malware posing as Java update!
Important read this blog.
http://blog.trendmicro.com/trendlabs-security-intelligence/malware-poses-as-an-update-for-java-0-day-fix/

Quoted from the page.
"In light of the recent events surrounding Java, users must seriously consider their use of Java. Do they really need it? If yes, make sure that users follow the steps we recommended and get the security update directly from the official oracle website." at:
http://www.oracle.com/technetwork/java/javase/downloads/index.html

How to disable Java in your browsers
http://www.infoworld.com/t/web-browsers/how-disable-java-in-your-browsers-210882

If still present after these updates remove these old version(s) via the Control Panel > Programs > Programs and Features.
Java 8 Update 101 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180101F0}) (Version: 8.0.1010.13 - Oracle Corporation)
Java 8 Update 101 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180101F0}) (Version: 8.0.1010.13 - Oracle Corporation)
Java™ 6 Update 17 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216017F0}) (Version: 6.0.170 - Sun Microsystems, Inc.)
Java™ 6 Update 37 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216037FF}) (Version: 6.0.370 - Oracle)
===


Please post the log and let me know what problem persists with this computer.

#4 iswar

iswar
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:10:51 AM

Posted 22 June 2017 - 01:33 PM

Fix result of Farbar Recovery Scan Tool (x64) Version: 21-06-2017 01
Ran by iswar.ramamoorthy (22-06-2017 13:20:50) Run:1
Running from C:\Users\iswar.ramamoorthy.UF-PEORIA.001\Downloads\Maintenance\bleepingComputer\Next Steps
Loaded Profiles: Acronis Agent User & iswar.ramamoorthy & ReportServer$MSSQLSERVER2012 & MsDtsServer110 & MSOLAP$MSSQLSERVER2012 & MSSQL$MSSQLSERVER2012 & MSSQLFDLauncher$MSSQLSERVER2012 & MSSQLServerOLAPService & ReportServer & MSSQLFDLauncher & MSSQLSERVER (Available Profiles: ITuser & Acronis Agent User & Administrator & iswar.ramamoorthy & Jorge.Castro & ed.ishmael & svcadmin & SQLAgent$MSSQLSERVER2012 & ReportServer$MSSQLSERVER2012 & MsDtsServer110 & MSOLAP$MSSQLSERVER2012 & MSSQL$MSSQLSERVER2012 & MSSQLFDLauncher$MSSQLSERVER2012 & MSSQLServerOLAPService & ReportServer & MSSQLFDLauncher & MSSQLSERVER)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
Start
 
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
 
HKLM-x32\...\Run: [] => [X]
GroupPolicy: Restriction <======= ATTENTION
GroupPolicy\User: Restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-606747145-813497703-1801674531-11638\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
FF Extension: (Java Console) - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} [2016-12-16] [not signed]
FF Extension: (Java Console) - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2016-08-31] [not signed]
CHR Extension: (Chrome Web Store Payments) -
C:\Users\iswar.ramamoorthy.UF-PEORIA.001\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-09]
CHR Extension: (Chrome Media Router) - C:\Users\iswar.ramamoorthy.UF-PEORIA.001\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-05-12]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
U4 npcap_wifi; no ImagePath
S1 ZAM; \??\C:\Windows\System32\drivers\zam64.sys [X]
S1 ZAM_Guard; \??\C:\Windows\System32\drivers\zamguard64.sys [X]
AlternateDataStreams: C:\Windows\SysWOW64\MSIHANDLE:1020 [0]
AlternateDataStreams: C:\Windows\SysWOW64\MSIHANDLE:1071 [0]
AlternateDataStreams: C:\Windows\SysWOW64\MSIHANDLE:1169 [0]
 
End
*****************
 
Restore point was successfully created.
Processes closed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
C:\Windows\system32\GroupPolicy\Machine => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
C:\Windows\SysWOW64\GroupPolicy\GPT.ini => moved successfully
C:\Windows\system32\GroupPolicy\User => moved successfully
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => key removed successfully
HKU\S-1-5-21-606747145-813497703-1801674531-11638\SOFTWARE\Policies\Microsoft\Internet Explorer => key removed successfully
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} => moved successfully
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} => moved successfully
CHR Extension: (Chrome Web Store Payments) - => not found
"C:\Users\iswar.ramamoorthy.UF-PEORIA.001\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-09]" => not found.
C:\Users\iswar.ramamoorthy.UF-PEORIA.001\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm => moved successfully
HKLM\System\CurrentControlSet\Services\catchme => key removed successfully
catchme => service removed successfully
HKLM\System\CurrentControlSet\Services\npcap_wifi => key removed successfully
npcap_wifi => service removed successfully
HKLM\System\CurrentControlSet\Services\ZAM => key removed successfully
ZAM => service removed successfully
HKLM\System\CurrentControlSet\Services\ZAM_Guard => key removed successfully
ZAM_Guard => service removed successfully
C:\Windows\SysWOW64\MSIHANDLE => ":1020" ADS removed successfully.
C:\Windows\SysWOW64\MSIHANDLE => ":1071" ADS removed successfully.
C:\Windows\SysWOW64\MSIHANDLE => ":1169" ADS removed successfully.
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 116509062 B
Java, Flash, Steam htmlcache => 291 B
Windows/system/drivers => 7229579 B
Edge => 0 B
Chrome => 251839404 B
Firefox => 0 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 16802 B
systemprofile32 => 33186 B
LocalService => 1421312 B
NetworkService => 1512438 B
ITuser => 87081 B
Acronis Agent User => 0 B
Administrator => 78399 B
Iswar.Ramamoorthy => 0 B
iswar.ramamoorthy.UF-PEORIA.001 => 67665961 B
jorge.castro => 0 B
Iswar.Ramamoorthy.UF-PEORIA => 0 B
iswar.ramamoorthy.UF-PEORIA.000 => 0 B
ed.ishmael => 0 B
svcadmin => 196098 B
SQLAgent$MSSQLSERVER2012 => 0 B
ReportServer$MSSQLSERVER2012 => 0 B
MsDtsServer110 => 0 B
MSOLAP$MSSQLSERVER2012 => 0 B
MSSQL$MSSQLSERVER2012 => 0 B
MSSQLFDLauncher$MSSQLSERVER2012 => 0 B
MSSQLServerOLAPService => 0 B
ReportServer => 0 B
MSSQLFDLauncher => 0 B
MSSQLSERVER => 0 B
 
RecycleBin => 29374327 B
EmptyTemp: => 461.9 MB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 13:21:33 ====
 
It will be sometime next week when system center will be updated. Issue with the LAN here., Java version- I need the older version for a particular software to run on my IE browser. The browser has been reset, as of now I have disabled shockwave and pictures.
 
Thanks

Edited by iswar, 22 June 2017 - 02:54 PM.


#5 nasdaq

nasdaq

  • Malware Response Team
  • 40,238 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:51 AM

Posted 23 June 2017 - 07:28 AM

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/


https://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
Simple and easy ways to keep your computer safe and secure on the Internet.
===

#6 iswar

iswar
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:10:51 AM

Posted 23 June 2017 - 08:15 AM

It still popped up today. I think I will just create a new login profile, hopefully that stops it. Thanks for all the help.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users