Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

ZeroAccess rootkit? contained a virus and was deleted error


  • This topic is locked This topic is locked
26 replies to this topic

#1 art_vandelay

art_vandelay

  • Members
  • 139 posts
  • OFFLINE
  •  
  • Local time:12:30 PM

Posted 25 February 2015 - 12:48 AM

Greetings,

 

I cannot download any file from any source...email attachment or otherwise. 

 

Here is the FRST log and I've attached the Addition.txt file.

 

Thank you for your help!

 

art_vandelay

 

 

FRST Log

===================================

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-02-2015
Ran by lindholm (administrator) on GEORGE-L on 24-02-2015 21:42:17
Running from C:\
Loaded Profiles: lindholm (Available profiles: UpdatusUser & glindholm & lindholm & DefaultAppPool)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(UPEK Inc.) C:\Program Files\Common Files\SPBA\upeksvr.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZCfgSvc7.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Broadcom Corporation) C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
(Broadcom Corporation) C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
(Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Dell Inc.) C:\Program Files\Dell\Feature Enhancement Pack\DFEPService.exe
(Microsoft Corporation) C:\Windows\System32\inetsrv\inetinfo.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareService.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\110\DTS\Binn\MsDtsSrvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\Binn\sqlservr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSAS11.MSSQLSERVER\OLAP\bin\msmdsrv.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
() C:\Windows\SysWOW64\srvany.exe
(O2Micro.) C:\Windows\SysWOW64\SDIOAssist.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Microsoft Corporation) C:\Windows\System32\TCPSVCS.EXE
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
() C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
(Dell Inc.) C:\Program Files\Dell\Feature Enhancement Pack\DFEPApplication.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareTray.exe
(Microsoft) C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Creative Technology Ltd) C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\Binn\SQLAGENT.EXE
(Google Inc.) C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Microsoft Corporation) C:\Windows\System32\PrintIsolationHost.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [TdmNotify] => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe [257392 2011-05-27] (Wave Systems Corp.)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [525312 2011-01-25] (IDT, Inc.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1332296 2015-01-30] (Microsoft Corporation)
HKLM\...\Run: [IntelPROSet] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1934608 2010-12-23] (Intel® Corporation)
HKLM\...\Run: [FreeFallProtection] => C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe [686704 2011-07-25] ()
HKLM\...\Run: [DFEPApplication] => c:\Program Files\Dell\Feature Enhancement Pack\DFEPApplication.exe [7077272 2011-08-24] (Dell Inc.)
HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [611192 2011-07-20] (Alps Electric Co., Ltd.)
HKLM\...\Run: [nwiz] => C:\Program Files\NVIDIA Corporation\nview\nwiz.exe [2041192 2013-03-11] ()
HKLM\...\Run: [AdAwareTray] => C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareTray.exe [7715160 2014-06-03] ()
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe [112408 2011-08-08] (Intel Corporation)
HKLM-x32\...\Run: [Dell Webcam Central] => C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [462974 2011-12-16] (Creative Technology Ltd)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot% <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir% <====== ATTENTION
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-163096287-206452579-3000308475-1017\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-05-04] (Google Inc.)
AppInit_DLLs: C:\Windows\System32\nvinitx.dll => C:\Windows\System32\nvinitx.dll [245872 2013-03-11] (NVIDIA Corporation)
AppInit_DLLs:  C:\Windows\System32\nvinitx.dll => C:\Windows\System32\nvinitx.dll [245872 2013-03-11] (NVIDIA Corporation)
AppInit_DLLs-x32: c:\Windows\SysWOW64\nvinit.dll => c:\Windows\SysWOW64\nvinit.dll [201576 2013-03-11] (NVIDIA Corporation)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Settings.lnk
ShortcutTarget: Smart Settings.lnk -> C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe (Microsoft)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Settings.lnk
ShortcutTarget: Smart Settings.lnk -> C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe (Microsoft)
Startup: C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Settings.lnk
ShortcutTarget: Smart Settings.lnk -> C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe (Microsoft)
Startup: C:\Users\glindholm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Settings.lnk
ShortcutTarget: Smart Settings.lnk -> C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe (Microsoft)
Startup: C:\Users\glindholm.PGT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\lindholm\AppData\Roaming\Dropbox\bin\Dropbox.exe (No File)
Startup: C:\Users\glindholm.PGT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Photosmart 6520 series (Network).lnk
ShortcutTarget: Monitor Ink Alerts - HP Photosmart 6520 series (Network).lnk -> C:\Program Files\HP\HP Photosmart 6520 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
Startup: C:\Users\glindholm.PGT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Settings.lnk
ShortcutTarget: Smart Settings.lnk -> C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe (Microsoft)
Startup: C:\Users\lindholm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Settings.lnk
ShortcutTarget: Smart Settings.lnk -> C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe (Microsoft)
Startup: C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Settings.lnk
ShortcutTarget: Smart Settings.lnk -> C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe (Microsoft)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [EnabledUnlockedFDEIconOverlay] -> {30D3C2AF-9709-4D05-9CF4-13335F3C1E4A} => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll (Wave Systems Corp.)
ShellIconOverlayIdentifiers: [UninitializedFdeIconOverlay] -> {CF08DA3E-C97D-4891-A66B-E39B28DD270F} => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll (Wave Systems Corp.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} =>  No File
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-163096287-206452579-3000308475-1017\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-163096287-206452579-3000308475-1017\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-163096287-206452579-3000308475-1017\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {6A16311E-13BF-44C8-987A-6B9D2AFFE2F9} URL = http://www.bing.com/search?q={searchTerms}&form=DLRDF8&pc=MDDR&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {6A16311E-13BF-44C8-987A-6B9D2AFFE2F9} URL = http://www.bing.com/search?q={searchTerms}&form=DLRDF8&pc=MDDR&src=IE-SearchBox
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: No Name -> {C4401D0E-088C-4AD4-B14A-8D6B1181A5E4} ->  No File
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-163096287-206452579-3000308475-1017 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
DPF: HKLM-x32 {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://qtinstall.apple.com/qtactivex/qtplugin.cab
DPF: HKLM-x32 {55963676-2F5E-4BAF-AC28-CF26AA587566} https://65.117.82.194/CACHE/stc/1/binaries/vpnweb.cab
DPF: HKLM-x32 {6EEFD7B1-B26C-440D-B55A-1EC677189F30} https://12.106.72.18:4433/NELX.cab
DPF: HKLM-x32 {B79C81C0-7650-4CAB-8466-E14C6A31EBAD} https://12.106.72.18:4433/SWTSC.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 01 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 01 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76

FireFox:
========
FF ProfilePath: C:\Users\lindholm\AppData\Roaming\Mozilla\Firefox\Profiles\w37mq273.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [giacfgjdclhnmkacnfbaljbmpnelflol] - C:\Program Files (x86)\iVIDI.org plugin\ividiplg.crx [2012-11-05]
CHR HKLM-x32\...\Chrome\Extension: [kpdhgpkkloealnjnmepfhanpcleldbef] - C:\Program Files (x86)\Unitech LLC\ividi\1.8.23.0\ividi.crx [Not Found]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 DFEPService; c:\Program Files\Dell\Feature Enhancement Pack\DFEPService.exe [2279320 2011-08-24] (Dell Inc.)
R2 IISADMIN; C:\Windows\system32\inetsrv\inetinfo.exe [15872 2010-11-20] (Microsoft Corporation)
R2 LavasoftAdAwareService11; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareService.exe [706864 2014-06-03] ()
R2 MsDtsServer110; C:\Program Files\Microsoft SQL Server\110\DTS\Binn\MsDtsSrvr.exe [218200 2012-02-11] (Microsoft Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2015-01-30] (Microsoft Corporation)
R2 MSSQLSERVER; C:\Program Files\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\Binn\sqlservr.exe [191064 2012-02-11] (Microsoft Corporation)
R2 MSSQLServerOLAPService; C:\Program Files\Microsoft SQL Server\MSAS11.MSSQLSERVER\OLAP\bin\msmdsrv.exe [61538904 2012-02-11] (Microsoft Corporation)
S4 msvsmon90; C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe [4737024 2008-07-29] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [50688 2011-04-13] (Hewlett-Packard) [File not signed]
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366512 2015-01-30] (Microsoft Corporation)
R2 O2SDIOAssist; c:\Windows\SysWOW64\srvany.exe [8192 2003-04-18] () [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [66048 2011-04-13] (Hewlett-Packard) [File not signed]
R2 simptcp; C:\Windows\SysWOW64\tcpsvcs.exe [9216 2009-07-13] (Microsoft Corporation)
R2 SQLSERVERAGENT; C:\Program Files\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\Binn\SQLAGENT.EXE [597080 2012-02-11] (Microsoft Corporation)
S2 tcsd_win32.exe; C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe [1633280 2011-02-17] () [File not signed]
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-20] (Microsoft Corporation)
R2 Wave Authentication Manager Service; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe [1600000 2011-07-01] (Wave Systems Corp.) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
S3 WMSVC; C:\Windows\system32\inetsrv\wmsvc.exe [10752 2009-07-13] (Microsoft Corporation)
R2 ZcfgSvc7; C:\Program Files\Intel\WiFi\bin\ZCfgSvc7.exe [992256 2010-12-23] (Intel® Corporation) [File not signed]
S2 cfb41c29; No ImagePath

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 HBtnKey; C:\Windows\system32\drivers\HBtnKey.sys [20424 2011-07-19] (Dell Inc.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [274696 2014-11-15] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124560 2014-11-15] (Microsoft Corporation)
R1 nvkflt; C:\Windows\System32\DRIVERS\nvkflt.sys [284448 2013-03-11] (NVIDIA Corporation)
S3 NxDrv; C:\Windows\System32\DRIVERS\NxDrv.sys [24264 2011-07-28] (SonicWALL Inc.)
R1 RsFx0200; C:\Windows\System32\DRIVERS\RsFx0200.sys [334936 2012-02-11] (Microsoft Corporation)
S3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [389240 2014-04-22] (BitDefender S.R.L.)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] (Apple, Inc.) [File not signed]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S2 iPodDrv; \??\C:\Windows\system32\drivers\iPodDrv.sys [X]
S3 NSNDIS5; \??\C:\Windows\system32\NSNDIS5.SYS [X]
S3 SWVNIC; system32\DRIVERS\swvnic.sys [X]
S0 vmci; system32\DRIVERS\vmci.sys [X]
S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [X]
S3 vpnva; system32\DRIVERS\vpnva64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-24 21:42 - 2015-02-24 21:42 - 00024031 _____ () C:\FRST.txt
2015-02-24 21:41 - 2015-02-24 21:42 - 00000000 ____D () C:\FRST
2015-02-24 21:39 - 2015-02-24 21:39 - 02087424 _____ (Farbar) C:\FRST64.exe
2015-02-24 21:20 - 2015-02-24 21:20 - 00088512 _____ () C:\ComboFix.txt
2015-02-24 20:59 - 2015-02-24 20:59 - 05611903 ____R (Swearware) C:\ComboFix.exe
2015-02-24 18:02 - 2015-02-24 18:04 - 00003082 _____ () C:\Users\lindholm\Desktop\Rkill.txt
2015-02-24 18:00 - 2015-02-24 17:42 - 01943800 _____ (Bleeping Computer, LLC) C:\rkill.com
2015-02-06 08:04 - 2015-02-06 08:04 - 00000000 ____D () C:\Users\lindholm\Tracing
2015-02-06 08:02 - 2015-02-23 15:44 - 00000000 ____D () C:\Users\lindholm\AppData\Roaming\Skype
2015-02-06 08:02 - 2015-02-06 08:02 - 00000000 ____D () C:\Users\lindholm\AppData\Local\Skype
2015-02-06 07:58 - 2015-02-06 07:58 - 00000000 ____D () C:\Users\lindholm\AppData\Local\Apps\2.0
2015-02-06 07:58 - 2015-02-06 07:56 - 01548384 _____ (Skype Technologies S.A.) C:\Users\lindholm\Desktop\SkypeSetup.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-24 21:38 - 2009-07-13 20:45 - 00021312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-24 21:38 - 2009-07-13 20:45 - 00021312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-24 21:37 - 2012-04-18 11:19 - 01952498 _____ () C:\Windows\WindowsUpdate.log
2015-02-24 21:33 - 2012-07-12 21:06 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-24 21:32 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\system32\inetsrv
2015-02-24 21:30 - 2012-05-01 22:26 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-24 21:30 - 2012-04-18 11:17 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-02-24 21:30 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-24 21:30 - 2009-07-13 20:51 - 00152019 _____ () C:\Windows\setupact.log
2015-02-24 21:29 - 2010-11-20 19:47 - 00519912 _____ () C:\Windows\PFRO.log
2015-02-24 21:20 - 2012-08-09 08:14 - 00000000 ____D () C:\Qoobox
2015-02-24 21:17 - 2009-07-13 18:34 - 00000215 _____ () C:\Windows\system.ini
2015-02-24 20:54 - 2012-05-01 22:26 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-24 20:53 - 2014-06-12 08:18 - 00000546 _____ () C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-1757981266-1409082233-839522115-1223.job
2015-02-24 12:16 - 2012-04-18 11:47 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-02-24 12:14 - 2012-08-12 07:32 - 00002119 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2015-02-24 12:14 - 2012-08-12 07:32 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2015-02-24 12:14 - 2012-08-12 07:32 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2015-02-24 12:14 - 2012-04-18 15:47 - 00001945 _____ () C:\Windows\epplauncher.mif
2015-02-24 12:13 - 2013-07-12 09:00 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-23 17:33 - 2012-07-12 21:06 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-02-23 17:33 - 2012-04-18 09:31 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-23 17:33 - 2012-04-18 09:31 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-23 16:31 - 2012-04-25 08:18 - 00000000 ____D () C:\Users\DefaultAppPool
2015-02-23 16:31 - 2012-04-18 11:41 - 00000000 ____D () C:\Users\glindholm.PGT
2015-02-23 16:31 - 2012-04-18 11:08 - 00000000 ____D () C:\Users\glindholm
2015-02-23 15:47 - 2014-11-02 13:08 - 00000000 ____D () C:\Users\lindholm
2015-02-23 15:44 - 2014-06-11 12:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ad-Aware Antivirus
2015-02-23 15:44 - 2014-04-15 18:38 - 00000000 ____D () C:\ProgramData\pdf995
2015-02-23 15:44 - 2013-11-15 18:21 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-02-23 15:44 - 2013-11-15 18:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-02-23 15:44 - 2013-11-15 18:20 - 00000000 ____D () C:\ProgramData\Skype
2015-02-23 15:44 - 2012-07-14 21:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-02-23 15:44 - 2012-04-18 09:31 - 00000000 ____D () C:\Windows\system32\Macromed
2015-02-23 15:44 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\AppCompat
2015-02-23 15:43 - 2012-04-18 11:55 - 00000000 ____D () C:\Program Files (x86)\Microsoft Visual Studio
2015-02-23 15:43 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\registration
2015-02-11 11:27 - 2012-04-18 11:38 - 00000120 _____ () C:\Windows\system32\config\netlogon.ftl
2015-02-06 07:55 - 2013-09-16 17:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-02-06 07:49 - 2012-05-01 22:26 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-06 07:49 - 2012-05-01 22:26 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-02-06 07:44 - 2012-04-18 11:39 - 00017176 __RSH () C:\ProgramData\ntuser.pol
2015-01-29 17:49 - 2012-04-19 07:32 - 116773704 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

==================== Files in the root of some directories =======

2014-03-08 16:14 - 2014-03-08 16:14 - 0000057 _____ () C:\ProgramData\Ament.ini

ZeroAccess:
C:\Windows\Installer\{609be93d-b5e3-4f17-88ec-d2ea189bd7aa}

ZeroAccess:
C:\Users\glindholm.PGT\AppData\Local\{609be93d-b5e3-4f17-88ec-d2ea189bd7aa}

Some zero byte size files/folders:
==========================
C:\Windows\System32\sxshared.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-02-23 16:25

==================== End Of Log ============================

 

Attached Files



BC AdBot (Login to Remove)

 


#2 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:09:30 PM

Posted 25 February 2015 - 04:38 AM

Hi & :welcome: to Bleeping Computer Forums!
My name is Jürgen and I will be assisting you with your Malware related problems. :warrior:

Before we move on, please read the following points carefully: :exclame:
  • My native language isn't English. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.
  • Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 5 days from this initial or any subsequent post, then this thread will be closed.
  • If I don't reply within 24 hours please PM me!
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
Step 1

esetza1.png

Please download Sirefef-Cleaner (by ESET) and save it to your Desktop.
  • Right-click on esetza1a.PNG and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • If security notifications appear, click Continue or Run.
  • The message "Win32/Sirefef.EV found in your system" will be displayed If an infection is found. Press Y on your keyboard to remove the infection.
  • Once the tool has run, you will be prompted to restore system services after you restart your computer. Press Y on your keyboard to restore system services and restart your computer.
  • The tool will produce also a log in the same directory the tool was run from. Please copy and paste the log in your next reply.
esetza3.png
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#3 art_vandelay

art_vandelay
  • Topic Starter

  • Members
  • 139 posts
  • OFFLINE
  •  
  • Local time:12:30 PM

Posted 25 February 2015 - 10:06 AM

OK, ran the tool.  However, even the .zip file of the log is too large (196 kb) to attach.  Please advise.

 



#4 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:09:30 PM

Posted 25 February 2015 - 10:40 AM

Hi, very good. Please upload the log here http://www.filedropper.com/. and send me via PM the Download-Link.
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#5 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:09:30 PM

Posted 25 February 2015 - 11:22 AM

Hi,
thank you very much! :thumbup2:
 
warning.gif Malware Warning

If your computer was used for online banking, has credit card information or other sensitive data, using a non-infected computer/device you should immediately change all account information (including those used for banking, Email, eBay, Paypal, online forums, etc).
 
 
warning.gif Multiple Anti-Virus Software

I see that you're running more than one antivirus program at the same time.
This is a bad idea.
Using more than one AV will not give you any better protection, but may cause interferences between them, slow your machine or even completely block your OS. You should choose only one to stay, and remove any others. Think carefully and stay with only one AV. It should be done before any other steps in malware removal will be taken.

Please uninstall all but one using the tools you may find in the following link: Uninstallers (removal tools) for common Windows antivirus software.

Step 1

Please uninstall some programs:

  • Windows 7w7.png: Click on the hidden2.png button, open Control Panel and click Uninstall a program.
  • Search and select the following programs one by one and click on Uninstall: WS-Supporter 1.80
  • Reboot your computer.

Step 2

Please download adwcleaner.png AdwCleaner (by Xplode) and save it to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select "Run As Administrator"
  • Click on the Scan button.
  • After the scan has finished, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • After rebooting, a log file (that is saved in C:\AdwCleaner[S#].txt) will open automatically.
    Copy and paste the contents of that logfile in your next reply.

Step 3

Please download and install mbam.pngMalwarebytes Anti-Malware

  • Please open Malwarebytes Anti-Malware.
  • Please update the database by clicking on the "Update Now" button.
  • Following the update and click "Settings" [1] and go to "Detection and Protection" [2]
  • Make sure "Scan for Rootkits" is checked.
  • Click on Dashboard [3], then click on Scan Now [4] to start the scan.
    :exclame: If Malware or Potentially Unwanted Programs [PUPs] are found, you will receive a prompt so that you can decide what you want to do. I suggest "Quarantine All" [5]. Then click the button: Apply Actions. [6]
  • A window with an option to view the detailed log will appear.
    mbamlog.png
  • Click on "View detailed log".
  • After viewing the results, please click on the "Copy to Clipboard" button and then OK.
  • Return to our forum. Paste your log into your next reply.

mbameng.gif

Step 4

frst.pngfrstscan.png

Start FRST with administator privileges.

  • Make sure the following option is checked: addition.png
  • Press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
    Please copy and paste these logs in your next reply.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#6 art_vandelay

art_vandelay
  • Topic Starter

  • Members
  • 139 posts
  • OFFLINE
  •  
  • Local time:12:30 PM

Posted 25 February 2015 - 05:22 PM

AdwCleaner Log

===========================

# AdwCleaner v4.111 - Logfile created 25/02/2015 at 12:25:21
# Updated 18/02/2015 by Xplode
# Database : 2015-02-18.3 [Server]
# Operating system : Windows 7 Professional Service Pack 1 (x64)
# Username : lindholm - GEORGE-L
# Running from : C:\Users\lindholm\Desktop\AdwCleaner.exe
# Option : Cleaning

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\SetApp
Folder Deleted : C:\ProgramData\b23e6b8190eda0ab
Folder Deleted : C:\Users\Administrator\AppData\Local\torch
Folder Deleted : C:\Users\glindholm\AppData\Local\torch
Folder Deleted : C:\Users\glindholm.PGT\AppData\Local\iLivid
Folder Deleted : C:\Users\glindholm.PGT\AppData\Local\PackageAware
Folder Deleted : C:\Users\Guest\AppData\Local\torch
Folder Deleted : C:\Users\UpdatusUser\AppData\Local\torch
Folder Deleted : C:\Users\glindholm.PGT\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Folder Deleted : C:\Users\glindholm.PGT\AppData\Local\Google\Chrome\User Data\Default\Extensions\giacfgjdclhnmkacnfbaljbmpnelflol
File Deleted : C:\Users\glindholm.PGT\AppData\Roaming\LiveSupport.exe_log.txt
File Deleted : C:\Users\glindholm.PGT\AppData\Roaming\regsvr32.exe_log.txt
File Deleted : C:\Users\glindholm.PGT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iLivid.lnk

***** [ Scheduled tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\kpdhgpkkloealnjnmepfhanpcleldbef
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\giacfgjdclhnmkacnfbaljbmpnelflol
Key Deleted : HKLM\SOFTWARE\Classes\AppID\SelectionLinks.DLL
Key Deleted : HKLM\SOFTWARE\Classes\iLivid.torrent
Key Deleted : HKLM\SOFTWARE\Classes\SelectionLinks.SelectionLinksBHO.1
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{685F23D9-FCFD-475C-B56A-362645945C5A}
Key Deleted : HKCU\Software\AppDataLow\Software\adawarebp
Key Deleted : HKLM\SOFTWARE\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
Key Deleted : HKLM\SOFTWARE\{77D46E27-0E41-4478-87A6-AABE6FBCF252}
Key Deleted : HKLM\SOFTWARE\WS-Enabler
Key Deleted : [x64] HKLM\SOFTWARE\Description

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17344

-\\ Mozilla Firefox v33.0.3 (x86 en-US)

-\\ Google Chrome v40.0.2214.115

[C:\Users\glindholm.PGT\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://websearch.pur-esult.info/?l=1&q={searchTerms}&pid=724&r=2014/02/08&hid=6244955472035189094&lg=EN&cc=US
[C:\Users\glindholm.PGT\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
[C:\Users\glindholm.PGT\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}

*************************

AdwCleaner[R0].txt - [8411 bytes] - [17/02/2014 10:08:34]
AdwCleaner[R1].txt - [3091 bytes] - [25/02/2015 12:13:05]
AdwCleaner[S0].txt - [7724 bytes] - [17/02/2014 10:21:28]
AdwCleaner[S1].txt - [3068 bytes] - [25/02/2015 12:25:21]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [3127  bytes] ##########

 

MalwareBytes Log

==============================

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 2/25/2015
Scan Time: 12:34:47 PM
Logfile: MBAMLog.txt
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2015.02.25.06
Rootkit Database: v2015.02.25.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: lindholm

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 587596
Time Elapsed: 29 min, 56 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 27
PUP.Optional.Ominent.A, HKLM\SOFTWARE\CLASSES\APPID\{9A246976-806F-4B2E-B3B9-A9A58F5685AA}, Quarantined, [3b6e66bca2e857df8ddb67af61a233cd],
PUP.Optional.Ominent.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{9A246976-806F-4B2E-B3B9-A9A58F5685AA}, Quarantined, [3b6e66bca2e857df8ddb67af61a233cd],
PUP.Optional.FaceThemes, HKLM\SOFTWARE\CLASSES\APPID\{F85FA3F2-D2C8-4D4D-BB1C-3181E691AF2B}, Quarantined, [69403de5e4a6ba7cf2afbf5dfb084cb4],
PUP.Optional.FaceThemes, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{F85FA3F2-D2C8-4D4D-BB1C-3181E691AF2B}, Quarantined, [69403de5e4a6ba7cf2afbf5dfb084cb4],
PUP.FaceThemes, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{2A28729E-2280-4986-BDB4-EC2623EAFBA4}, Quarantined, [7c2d8b974149cf67435f93896c97d030],
Trojan.BHO, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{F90A5A0D-CD98-49CC-9AA7-9CD11C7478BF}, Quarantined, [5b4e4fd306844ee81176ac72748f768a],
Trojan.BHO, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{F90A5A0D-CD98-49CC-9AA7-9CD11C7478BF}, Quarantined, [5b4e4fd306844ee81176ac72748f768a],
PUP.Optional.iVIDI.A, HKLM\SOFTWARE\CLASSES\esrv.ividiESrvc, Quarantined, [644576ac2e5c79bdb19c26bd788bf60a],
PUP.Optional.iVIDI.A, HKLM\SOFTWARE\CLASSES\esrv.ividiESrvc.1, Quarantined, [e5c461c118722a0c4b0236add231d42c],
PUP.Optional.Ividi.A, HKLM\SOFTWARE\CLASSES\ividi.ividiappCore, Quarantined, [456441e1b9d1b97dbbb839add0334eb2],
PUP.Optional.Ividi.A, HKLM\SOFTWARE\CLASSES\ividi.ividiappCore.1, Quarantined, [f4b57ea45b2f0333c1b2588e06fda55b],
PUP.Optional.weDownload.A, HKLM\SOFTWARE\WOW6432NODE\weDownload Ltd, Quarantined, [7138bc66c6c46accf29ec91cd2317b85],
PUP.Optional.iVIDI.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\esrv.ividiESrvc, Quarantined, [733636ec444691a587c635aef310ca36],
PUP.Optional.iVIDI.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\esrv.ividiESrvc.1, Quarantined, [5752e939206abd79103d786b31d242be],
PUP.Optional.Ividi.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ividi.ividiappCore, Quarantined, [3d6cd2504743092d32418165d52e956b],
PUP.Optional.Ividi.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ividi.ividiappCore.1, Quarantined, [cddc78aa36545fd75122edf98d7626da],
PUP.Optional.Ividi.A, HKU\S-1-5-21-163096287-206452579-3000308475-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\iVIDI Plugin, Quarantined, [0e9b75adbdcd989ef583d214a55e6e92],
PUP.Optional.Ividi.A, HKU\S-1-5-21-163096287-206452579-3000308475-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\iVIDI.org, Quarantined, [1099c45e8109ac8a2a4fc620877cbc44],
PUP.Optional.Ividi.A, HKU\S-1-5-21-163096287-206452579-3000308475-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\UNITECH LLC\ividi, Quarantined, [eebb40e2c8c288ae3e390ed8669d28d8],
PUP.Optional.Ividi.A, HKU\S-1-5-21-163096287-206452579-3000308475-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\iVIDI Plugin, Quarantined, [bced25fd008ab48288f0a1452bd86799],
PUP.Optional.Ividi.A, HKU\S-1-5-21-163096287-206452579-3000308475-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\iVIDI.org, Quarantined, [47629d85e8a2af87c9b063838f74d62a],
PUP.Optional.Ividi.A, HKU\S-1-5-21-163096287-206452579-3000308475-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\UNITECH LLC\ividi, Quarantined, [9118a67ce9a1ab8bcdaa2bbb56ad946c],
PUP.Optional.Ividi.A, HKU\S-1-5-21-1757981266-1409082233-839522115-1223-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\iVIDI Plugin, Quarantined, [dacfdd458bff4aece89009dd907348b8],
PUP.Optional.Ividi.A, HKU\S-1-5-21-1757981266-1409082233-839522115-1223-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\iVIDI.org, Quarantined, [8920f131f09a90a61267d214798a6799],
PUP.Optional.weDownload.A, HKU\S-1-5-21-1757981266-1409082233-839522115-1223-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\weDownload Ltd, Quarantined, [e9c09c86fd8de452583711d44fb4b848],
PUP.Optional.Getsavin.A, HKU\S-1-5-21-1757981266-1409082233-839522115-1223-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\GetSavin, Quarantined, [f0b972b0fa90ca6cc021a00ca85b2ed2],
PUP.Optional.ReMarkable.A, HKU\S-1-5-21-1757981266-1409082233-839522115-1223-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Re_Markable, Quarantined, [a80173af8cfea39385c9fadf6d968f71],

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 1
PUP.Optional.Ividi.A, C:\Program Files (x86)\iVIDI.org plugin, Quarantined, [4960ef33602a2a0c11693030a65dba46],

Files: 3
PUP.Optional.IVidi.A, C:\Program Files (x86)\iVIDI.org plugin\IEhelperActiveX.dll, Quarantined, [8a1fa77bb7d372c451f5f34749b746ba],
PUP.Optional.Ividi.A, C:\Program Files (x86)\iVIDI.org plugin\ividiplg.crx, Quarantined, [4960ef33602a2a0c11693030a65dba46],
PUP.Optional.Ividi.A, C:\Program Files (x86)\iVIDI.org plugin\uninst.exe, Quarantined, [4960ef33602a2a0c11693030a65dba46],

Physical Sectors: 0
(No malicious items detected)

(end)



#7 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:09:30 PM

Posted 25 February 2015 - 05:37 PM

:thumbup2:


regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#8 art_vandelay

art_vandelay
  • Topic Starter

  • Members
  • 139 posts
  • OFFLINE
  •  
  • Local time:12:30 PM

Posted 26 February 2015 - 11:20 AM

I realized that I missed running FRST again as step 4 of your last instructions.  here is the FRST log:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-02-2015 01
Ran by lindholm (administrator) on GEORGE-L on 26-02-2015 08:14:14
Running from C:\
Loaded Profiles: lindholm (Available profiles: UpdatusUser & glindholm & lindholm & glindholm & DefaultAppPool)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZCfgSvc7.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(UPEK Inc.) C:\Program Files\Common Files\SPBA\upeksvr.exe
(Broadcom Corporation) C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
(Broadcom Corporation) C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
(Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Dell Inc.) C:\Program Files\Dell\Feature Enhancement Pack\DFEPService.exe
(Microsoft Corporation) C:\Windows\System32\inetsrv\inetinfo.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\110\DTS\Binn\MsDtsSrvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\Binn\sqlservr.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSAS11.MSSQLSERVER\OLAP\bin\msmdsrv.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
() C:\Windows\SysWOW64\srvany.exe
(O2Micro.) C:\Windows\SysWOW64\SDIOAssist.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Microsoft Corporation) C:\Windows\System32\TCPSVCS.EXE
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\Binn\SQLAGENT.EXE
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
() C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
(Dell Inc.) C:\Program Files\Dell\Feature Enhancement Pack\DFEPApplication.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Microsoft) C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Creative Technology Ltd) C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Google Inc.) C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [TdmNotify] => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe [257392 2011-05-27] (Wave Systems Corp.)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [525312 2011-01-25] (IDT, Inc.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1332296 2015-01-30] (Microsoft Corporation)
HKLM\...\Run: [IntelPROSet] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1934608 2010-12-23] (Intel® Corporation)
HKLM\...\Run: [FreeFallProtection] => C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe [686704 2011-07-25] ()
HKLM\...\Run: [DFEPApplication] => c:\Program Files\Dell\Feature Enhancement Pack\DFEPApplication.exe [7077272 2011-08-24] (Dell Inc.)
HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [611192 2011-07-20] (Alps Electric Co., Ltd.)
HKLM\...\Run: [nwiz] => C:\Program Files\NVIDIA Corporation\nview\nwiz.exe [2041192 2013-03-11] ()
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe [112408 2011-08-08] (Intel Corporation)
HKLM-x32\...\Run: [Dell Webcam Central] => C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [462974 2011-12-16] (Creative Technology Ltd)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot% <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir% <====== ATTENTION
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-163096287-206452579-3000308475-1017\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-05-04] (Google Inc.)
AppInit_DLLs: C:\Windows\System32\nvinitx.dll => C:\Windows\System32\nvinitx.dll [245872 2013-03-11] (NVIDIA Corporation)
AppInit_DLLs:  C:\Windows\System32\nvinitx.dll => C:\Windows\System32\nvinitx.dll [245872 2013-03-11] (NVIDIA Corporation)
AppInit_DLLs-x32: c:\windows\syswow64\nvinit.dll => c:\windows\syswow64\nvinit.dll [201576 2013-03-11] (NVIDIA Corporation)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Settings.lnk
ShortcutTarget: Smart Settings.lnk -> C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe (Microsoft)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Settings.lnk
ShortcutTarget: Smart Settings.lnk -> C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe (Microsoft)
Startup: C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Settings.lnk
ShortcutTarget: Smart Settings.lnk -> C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe (Microsoft)
Startup: C:\Users\glindholm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Settings.lnk
ShortcutTarget: Smart Settings.lnk -> C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe (Microsoft)
Startup: C:\Users\glindholm.PGT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\lindholm\AppData\Roaming\Dropbox\bin\Dropbox.exe (No File)
Startup: C:\Users\glindholm.PGT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Photosmart 6520 series (Network).lnk
ShortcutTarget: Monitor Ink Alerts - HP Photosmart 6520 series (Network).lnk -> C:\Program Files\HP\HP Photosmart 6520 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
Startup: C:\Users\glindholm.PGT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Settings.lnk
ShortcutTarget: Smart Settings.lnk -> C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe (Microsoft)
Startup: C:\Users\lindholm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Settings.lnk
ShortcutTarget: Smart Settings.lnk -> C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe (Microsoft)
Startup: C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Settings.lnk
ShortcutTarget: Smart Settings.lnk -> C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe (Microsoft)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [EnabledUnlockedFDEIconOverlay] -> {30D3C2AF-9709-4D05-9CF4-13335F3C1E4A} => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll (Wave Systems Corp.)
ShellIconOverlayIdentifiers: [UninitializedFdeIconOverlay] -> {CF08DA3E-C97D-4891-A66B-E39B28DD270F} => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll (Wave Systems Corp.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} =>  No File
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-163096287-206452579-3000308475-1017\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-163096287-206452579-3000308475-1017\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-163096287-206452579-3000308475-1017\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM -> {6A16311E-13BF-44C8-987A-6B9D2AFFE2F9} URL = http://www.bing.com/search?q={searchTerms}&form=DLRDF8&pc=MDDR&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {6A16311E-13BF-44C8-987A-6B9D2AFFE2F9} URL = http://www.bing.com/search?q={searchTerms}&form=DLRDF8&pc=MDDR&src=IE-SearchBox
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: No Name -> {C4401D0E-088C-4AD4-B14A-8D6B1181A5E4} ->  No File
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-163096287-206452579-3000308475-1017 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
DPF: HKLM-x32 {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://qtinstall.apple.com/qtactivex/qtplugin.cab
DPF: HKLM-x32 {55963676-2F5E-4BAF-AC28-CF26AA587566} https://65.117.82.194/CACHE/stc/1/binaries/vpnweb.cab
DPF: HKLM-x32 {6EEFD7B1-B26C-440D-B55A-1EC677189F30} https://12.106.72.18:4433/NELX.cab
DPF: HKLM-x32 {B79C81C0-7650-4CAB-8466-E14C6A31EBAD} https://12.106.72.18:4433/SWTSC.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 01 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 01 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Tcpip\Parameters: [DhcpNameServer] 192.168.20.7 192.168.20.10

FireFox:
========
FF ProfilePath: C:\Users\lindholm\AppData\Roaming\Mozilla\Firefox\Profiles\w37mq273.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 DFEPService; c:\Program Files\Dell\Feature Enhancement Pack\DFEPService.exe [2279320 2011-08-24] (Dell Inc.)
R2 IISADMIN; C:\Windows\system32\inetsrv\inetinfo.exe [15872 2010-11-20] (Microsoft Corporation)
R2 MsDtsServer110; C:\Program Files\Microsoft SQL Server\110\DTS\Binn\MsDtsSrvr.exe [218200 2012-02-11] (Microsoft Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2015-01-30] (Microsoft Corporation)
R2 MSSQLSERVER; C:\Program Files\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\Binn\sqlservr.exe [191064 2012-02-11] (Microsoft Corporation)
R2 MSSQLServerOLAPService; C:\Program Files\Microsoft SQL Server\MSAS11.MSSQLSERVER\OLAP\bin\msmdsrv.exe [61538904 2012-02-11] (Microsoft Corporation)
S4 msvsmon90; C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe [4737024 2008-07-29] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [50688 2011-04-13] (Hewlett-Packard) [File not signed]
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366512 2015-01-30] (Microsoft Corporation)
R2 O2SDIOAssist; c:\Windows\SysWOW64\srvany.exe [8192 2003-04-18] () [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [66048 2011-04-13] (Hewlett-Packard) [File not signed]
R2 simptcp; C:\Windows\SysWOW64\tcpsvcs.exe [9216 2009-07-13] (Microsoft Corporation)
R2 SQLSERVERAGENT; C:\Program Files\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\Binn\SQLAGENT.EXE [597080 2012-02-11] (Microsoft Corporation)
S2 tcsd_win32.exe; C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe [1633280 2011-02-17] () [File not signed]
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-20] (Microsoft Corporation)
R2 Wave Authentication Manager Service; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe [1600000 2011-07-01] (Wave Systems Corp.) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
S3 WMSVC; C:\Windows\system32\inetsrv\wmsvc.exe [10752 2009-07-13] (Microsoft Corporation)
R2 ZcfgSvc7; C:\Program Files\Intel\WiFi\bin\ZCfgSvc7.exe [992256 2010-12-23] (Intel® Corporation) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 HBtnKey; C:\Windows\system32\drivers\HBtnKey.sys [20424 2011-07-19] (Dell Inc.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [274696 2014-11-15] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124560 2014-11-15] (Microsoft Corporation)
R1 nvkflt; C:\Windows\System32\DRIVERS\nvkflt.sys [284448 2013-03-11] (NVIDIA Corporation)
S3 NxDrv; C:\Windows\System32\DRIVERS\NxDrv.sys [24264 2011-07-28] (SonicWALL Inc.)
R1 RsFx0200; C:\Windows\System32\DRIVERS\RsFx0200.sys [334936 2012-02-11] (Microsoft Corporation)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] (Apple, Inc.) [File not signed]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S2 iPodDrv; \??\C:\Windows\system32\drivers\iPodDrv.sys [X]
S3 NSNDIS5; \??\C:\Windows\system32\NSNDIS5.SYS [X]
S3 SWVNIC; system32\DRIVERS\swvnic.sys [X]
S0 vmci; system32\DRIVERS\vmci.sys [X]
S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [X]
S3 vpnva; system32\DRIVERS\vpnva64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-26 08:14 - 2015-02-26 08:14 - 00000000 ____D () C:\FRST-OlderVersion
2015-02-25 12:34 - 2015-02-25 14:17 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-25 12:33 - 2015-02-25 12:33 - 00001104 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-02-25 12:33 - 2015-02-25 12:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-02-25 12:33 - 2015-02-25 12:33 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-02-25 12:33 - 2015-02-25 12:33 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-02-25 12:33 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-02-25 12:33 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-02-25 12:33 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-02-25 12:08 - 2015-02-25 12:08 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\lindholm\Desktop\mbam-setup-2.0.4.1028.exe
2015-02-25 12:08 - 2015-02-25 12:08 - 02126848 _____ () C:\Users\lindholm\Desktop\AdwCleaner.exe
2015-02-25 09:47 - 2015-02-25 09:47 - 00000000 ____D () C:\Users\lindholm\AppData\Roaming\LavasoftStatistics
2015-02-25 06:46 - 2015-02-25 06:46 - 00000000 ____D () C:\Users\lindholm\AppData\Local\tem
2015-02-25 06:46 - 2009-07-13 17:39 - 00328704 _____ (Microsoft Corporation) C:\Windows\system32\Services.exe
2015-02-25 06:45 - 2015-02-25 06:46 - 00581244 _____ () C:\Users\lindholm\Desktop\ESETSirefefCleaner.exe_20150225.064551.6848.log
2015-02-25 06:45 - 2015-02-25 06:46 - 00197272 _____ () C:\Users\lindholm\Desktop\ESETSirefefCleaner.exe_20150225.064551.6848.zip
2015-02-25 06:45 - 2015-02-25 06:42 - 00368992 _____ (ESET) C:\Users\lindholm\Desktop\ESETSirefefCleaner.exe
2015-02-24 21:43 - 2015-02-24 21:44 - 00049968 _____ () C:\Addition.txt
2015-02-24 21:42 - 2015-02-26 08:14 - 00023324 _____ () C:\FRST.txt
2015-02-24 21:41 - 2015-02-26 08:14 - 00000000 ____D () C:\FRST
2015-02-24 21:39 - 2015-02-26 08:14 - 02087936 _____ (Farbar) C:\FRST64.exe
2015-02-24 21:20 - 2015-02-24 21:20 - 00088512 _____ () C:\ComboFix.txt
2015-02-24 20:59 - 2015-02-24 20:59 - 05611903 ____R (Swearware) C:\ComboFix.exe
2015-02-24 18:02 - 2015-02-24 18:04 - 00003082 _____ () C:\Users\lindholm\Desktop\Rkill.txt
2015-02-24 18:00 - 2015-02-24 17:42 - 01943800 _____ (Bleeping Computer, LLC) C:\rkill.com
2015-02-06 08:04 - 2015-02-06 08:04 - 00000000 ____D () C:\Users\lindholm\Tracing
2015-02-06 08:02 - 2015-02-23 15:44 - 00000000 ____D () C:\Users\lindholm\AppData\Roaming\Skype
2015-02-06 08:02 - 2015-02-06 08:02 - 00000000 ____D () C:\Users\lindholm\AppData\Local\Skype
2015-02-06 07:58 - 2015-02-25 06:44 - 00000000 ____D () C:\Users\lindholm\AppData\Local\Apps\2.0
2015-02-06 07:58 - 2015-02-06 07:56 - 01548384 _____ (Skype Technologies S.A.) C:\Users\lindholm\Desktop\SkypeSetup.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-26 07:54 - 2012-05-01 22:26 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-26 07:54 - 2012-05-01 22:26 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-26 07:52 - 2014-06-12 08:18 - 00000546 _____ () C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-1757981266-1409082233-839522115-1223.job
2015-02-26 07:33 - 2012-07-12 21:06 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-25 19:21 - 2009-07-13 20:45 - 00021312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-25 19:21 - 2009-07-13 20:45 - 00021312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-25 15:50 - 2012-04-18 11:19 - 01607671 _____ () C:\Windows\WindowsUpdate.log
2015-02-25 14:10 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\system32\inetsrv
2015-02-25 14:08 - 2012-04-18 11:38 - 00000120 _____ () C:\Windows\system32\config\netlogon.ftl
2015-02-25 14:08 - 2012-04-18 11:17 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-02-25 14:08 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-25 14:08 - 2009-07-13 20:51 - 00152299 _____ () C:\Windows\setupact.log
2015-02-25 14:07 - 2010-11-20 19:47 - 00522022 _____ () C:\Windows\PFRO.log
2015-02-25 14:07 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\LiveKernelReports
2015-02-25 12:25 - 2014-02-17 10:08 - 00000000 ____D () C:\AdwCleaner
2015-02-25 09:54 - 2009-07-13 21:13 - 01135306 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-24 21:20 - 2012-08-09 08:14 - 00000000 ____D () C:\Qoobox
2015-02-24 21:17 - 2009-07-13 18:34 - 00000215 _____ () C:\Windows\system.ini
2015-02-24 12:16 - 2012-04-18 11:47 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-02-24 12:14 - 2012-08-12 07:32 - 00002119 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2015-02-24 12:14 - 2012-08-12 07:32 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2015-02-24 12:14 - 2012-08-12 07:32 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2015-02-24 12:14 - 2012-04-18 15:47 - 00001945 _____ () C:\Windows\epplauncher.mif
2015-02-24 12:13 - 2013-07-12 09:00 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-23 17:33 - 2012-07-12 21:06 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-02-23 17:33 - 2012-04-18 09:31 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-23 17:33 - 2012-04-18 09:31 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-23 16:31 - 2012-04-25 08:18 - 00000000 ____D () C:\Users\DefaultAppPool
2015-02-23 16:31 - 2012-04-18 11:41 - 00000000 ____D () C:\Users\glindholm.PGT
2015-02-23 16:31 - 2012-04-18 11:08 - 00000000 ____D () C:\Users\glindholm
2015-02-23 15:47 - 2014-11-02 13:08 - 00000000 ____D () C:\Users\lindholm
2015-02-23 15:44 - 2014-04-15 18:38 - 00000000 ____D () C:\ProgramData\pdf995
2015-02-23 15:44 - 2013-11-15 18:21 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-02-23 15:44 - 2013-11-15 18:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-02-23 15:44 - 2013-11-15 18:20 - 00000000 ____D () C:\ProgramData\Skype
2015-02-23 15:44 - 2012-07-14 21:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-02-23 15:44 - 2012-04-18 09:31 - 00000000 ____D () C:\Windows\system32\Macromed
2015-02-23 15:44 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\AppCompat
2015-02-23 15:43 - 2012-04-18 11:55 - 00000000 ____D () C:\Program Files (x86)\Microsoft Visual Studio
2015-02-23 15:43 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\registration
2015-02-06 07:55 - 2013-09-16 17:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-02-06 07:49 - 2012-05-01 22:26 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-06 07:49 - 2012-05-01 22:26 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-02-06 07:44 - 2012-04-18 11:39 - 00017176 __RSH () C:\ProgramData\ntuser.pol
2015-01-29 17:49 - 2012-04-19 07:32 - 116773704 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

==================== Files in the root of some directories =======

2014-03-08 16:14 - 2014-03-08 16:14 - 0000057 _____ () C:\ProgramData\Ament.ini

ZeroAccess:
C:\Users\glindholm.PGT\AppData\Local\{609be93d-b5e3-4f17-88ec-d2ea189bd7aa}

Some content of TEMP:
====================
C:\Users\lindholm\AppData\Local\temp\ESETSirefefCleaner.exe
C:\Users\lindholm\AppData\Local\temp\Quarantine.exe
C:\Users\lindholm\AppData\Local\temp\sqlite3.dll

Some zero byte size files/folders:
==========================
C:\Windows\System32\sxshared.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-02-23 16:25

==================== End Of Log ============================



#9 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:09:30 PM

Posted 26 February 2015 - 11:26 AM

The Addition.txt is missing. Please rerun FRST.

Step 1

frst.pngfrstscan.png

Start FRST with administator privileges.

  • Make sure the following option is checked: addition.png
  • Press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
    Please copy and paste these logs in your next reply.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#10 art_vandelay

art_vandelay
  • Topic Starter

  • Members
  • 139 posts
  • OFFLINE
  •  
  • Local time:12:30 PM

Posted 26 February 2015 - 11:54 AM

FRST LOG

=======================

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-02-2015 01
Ran by lindholm (administrator) on GEORGE-L on 26-02-2015 08:42:50
Running from C:\
Loaded Profiles: lindholm (Available profiles: UpdatusUser & glindholm & lindholm & glindholm & DefaultAppPool)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZCfgSvc7.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(UPEK Inc.) C:\Program Files\Common Files\SPBA\upeksvr.exe
(Broadcom Corporation) C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
(Broadcom Corporation) C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
(Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Dell Inc.) C:\Program Files\Dell\Feature Enhancement Pack\DFEPService.exe
(Microsoft Corporation) C:\Windows\System32\inetsrv\inetinfo.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\110\DTS\Binn\MsDtsSrvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\Binn\sqlservr.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSAS11.MSSQLSERVER\OLAP\bin\msmdsrv.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
() C:\Windows\SysWOW64\srvany.exe
(O2Micro.) C:\Windows\SysWOW64\SDIOAssist.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Microsoft Corporation) C:\Windows\System32\TCPSVCS.EXE
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\Binn\SQLAGENT.EXE
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
() C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
(Dell Inc.) C:\Program Files\Dell\Feature Enhancement Pack\DFEPApplication.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Microsoft) C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Creative Technology Ltd) C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Google Inc.) C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
(Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [TdmNotify] => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe [257392 2011-05-27] (Wave Systems Corp.)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [525312 2011-01-25] (IDT, Inc.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1332296 2015-01-30] (Microsoft Corporation)
HKLM\...\Run: [IntelPROSet] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1934608 2010-12-23] (Intel® Corporation)
HKLM\...\Run: [FreeFallProtection] => C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe [686704 2011-07-25] ()
HKLM\...\Run: [DFEPApplication] => c:\Program Files\Dell\Feature Enhancement Pack\DFEPApplication.exe [7077272 2011-08-24] (Dell Inc.)
HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [611192 2011-07-20] (Alps Electric Co., Ltd.)
HKLM\...\Run: [nwiz] => C:\Program Files\NVIDIA Corporation\nview\nwiz.exe [2041192 2013-03-11] ()
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe [112408 2011-08-08] (Intel Corporation)
HKLM-x32\...\Run: [Dell Webcam Central] => C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [462974 2011-12-16] (Creative Technology Ltd)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot% <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir% <====== ATTENTION
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-163096287-206452579-3000308475-1017\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-05-04] (Google Inc.)
AppInit_DLLs: C:\Windows\System32\nvinitx.dll => C:\Windows\System32\nvinitx.dll [245872 2013-03-11] (NVIDIA Corporation)
AppInit_DLLs:  C:\Windows\System32\nvinitx.dll => C:\Windows\System32\nvinitx.dll [245872 2013-03-11] (NVIDIA Corporation)
AppInit_DLLs-x32: c:\windows\syswow64\nvinit.dll => c:\windows\syswow64\nvinit.dll [201576 2013-03-11] (NVIDIA Corporation)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Settings.lnk
ShortcutTarget: Smart Settings.lnk -> C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe (Microsoft)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Settings.lnk
ShortcutTarget: Smart Settings.lnk -> C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe (Microsoft)
Startup: C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Settings.lnk
ShortcutTarget: Smart Settings.lnk -> C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe (Microsoft)
Startup: C:\Users\glindholm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Settings.lnk
ShortcutTarget: Smart Settings.lnk -> C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe (Microsoft)
Startup: C:\Users\glindholm.PGT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\lindholm\AppData\Roaming\Dropbox\bin\Dropbox.exe (No File)
Startup: C:\Users\glindholm.PGT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Photosmart 6520 series (Network).lnk
ShortcutTarget: Monitor Ink Alerts - HP Photosmart 6520 series (Network).lnk -> C:\Program Files\HP\HP Photosmart 6520 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
Startup: C:\Users\glindholm.PGT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Settings.lnk
ShortcutTarget: Smart Settings.lnk -> C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe (Microsoft)
Startup: C:\Users\lindholm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Settings.lnk
ShortcutTarget: Smart Settings.lnk -> C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe (Microsoft)
Startup: C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Settings.lnk
ShortcutTarget: Smart Settings.lnk -> C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe (Microsoft)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [EnabledUnlockedFDEIconOverlay] -> {30D3C2AF-9709-4D05-9CF4-13335F3C1E4A} => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll (Wave Systems Corp.)
ShellIconOverlayIdentifiers: [UninitializedFdeIconOverlay] -> {CF08DA3E-C97D-4891-A66B-E39B28DD270F} => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll (Wave Systems Corp.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} =>  No File
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-163096287-206452579-3000308475-1017\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-163096287-206452579-3000308475-1017\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-163096287-206452579-3000308475-1017\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM -> {6A16311E-13BF-44C8-987A-6B9D2AFFE2F9} URL = http://www.bing.com/search?q={searchTerms}&form=DLRDF8&pc=MDDR&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {6A16311E-13BF-44C8-987A-6B9D2AFFE2F9} URL = http://www.bing.com/search?q={searchTerms}&form=DLRDF8&pc=MDDR&src=IE-SearchBox
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: No Name -> {C4401D0E-088C-4AD4-B14A-8D6B1181A5E4} ->  No File
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-163096287-206452579-3000308475-1017 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
DPF: HKLM-x32 {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://qtinstall.apple.com/qtactivex/qtplugin.cab
DPF: HKLM-x32 {55963676-2F5E-4BAF-AC28-CF26AA587566} https://65.117.82.194/CACHE/stc/1/binaries/vpnweb.cab
DPF: HKLM-x32 {6EEFD7B1-B26C-440D-B55A-1EC677189F30} https://12.106.72.18:4433/NELX.cab
DPF: HKLM-x32 {B79C81C0-7650-4CAB-8466-E14C6A31EBAD} https://12.106.72.18:4433/SWTSC.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 01 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 01 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Tcpip\Parameters: [DhcpNameServer] 192.168.20.7 192.168.20.10

FireFox:
========
FF ProfilePath: C:\Users\lindholm\AppData\Roaming\Mozilla\Firefox\Profiles\w37mq273.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 DFEPService; c:\Program Files\Dell\Feature Enhancement Pack\DFEPService.exe [2279320 2011-08-24] (Dell Inc.)
R2 IISADMIN; C:\Windows\system32\inetsrv\inetinfo.exe [15872 2010-11-20] (Microsoft Corporation)
R2 MsDtsServer110; C:\Program Files\Microsoft SQL Server\110\DTS\Binn\MsDtsSrvr.exe [218200 2012-02-11] (Microsoft Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2015-01-30] (Microsoft Corporation)
R2 MSSQLSERVER; C:\Program Files\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\Binn\sqlservr.exe [191064 2012-02-11] (Microsoft Corporation)
R2 MSSQLServerOLAPService; C:\Program Files\Microsoft SQL Server\MSAS11.MSSQLSERVER\OLAP\bin\msmdsrv.exe [61538904 2012-02-11] (Microsoft Corporation)
S4 msvsmon90; C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe [4737024 2008-07-29] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [50688 2011-04-13] (Hewlett-Packard) [File not signed]
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366512 2015-01-30] (Microsoft Corporation)
R2 O2SDIOAssist; c:\Windows\SysWOW64\srvany.exe [8192 2003-04-18] () [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [66048 2011-04-13] (Hewlett-Packard) [File not signed]
R2 simptcp; C:\Windows\SysWOW64\tcpsvcs.exe [9216 2009-07-13] (Microsoft Corporation)
R2 SQLSERVERAGENT; C:\Program Files\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\Binn\SQLAGENT.EXE [597080 2012-02-11] (Microsoft Corporation)
S2 tcsd_win32.exe; C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe [1633280 2011-02-17] () [File not signed]
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-20] (Microsoft Corporation)
R2 Wave Authentication Manager Service; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe [1600000 2011-07-01] (Wave Systems Corp.) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
S3 WMSVC; C:\Windows\system32\inetsrv\wmsvc.exe [10752 2009-07-13] (Microsoft Corporation)
R2 ZcfgSvc7; C:\Program Files\Intel\WiFi\bin\ZCfgSvc7.exe [992256 2010-12-23] (Intel® Corporation) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 HBtnKey; C:\Windows\system32\drivers\HBtnKey.sys [20424 2011-07-19] (Dell Inc.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [274696 2014-11-15] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124560 2014-11-15] (Microsoft Corporation)
R1 nvkflt; C:\Windows\System32\DRIVERS\nvkflt.sys [284448 2013-03-11] (NVIDIA Corporation)
S3 NxDrv; C:\Windows\System32\DRIVERS\NxDrv.sys [24264 2011-07-28] (SonicWALL Inc.)
R1 RsFx0200; C:\Windows\System32\DRIVERS\RsFx0200.sys [334936 2012-02-11] (Microsoft Corporation)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] (Apple, Inc.) [File not signed]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S2 iPodDrv; \??\C:\Windows\system32\drivers\iPodDrv.sys [X]
S3 NSNDIS5; \??\C:\Windows\system32\NSNDIS5.SYS [X]
S3 SWVNIC; system32\DRIVERS\swvnic.sys [X]
S0 vmci; system32\DRIVERS\vmci.sys [X]
S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [X]
S3 vpnva; system32\DRIVERS\vpnva64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-26 08:42 - 2015-02-26 08:43 - 00023340 _____ () C:\FRST.txt
2015-02-26 08:14 - 2015-02-26 08:14 - 00000000 ____D () C:\FRST-OlderVersion
2015-02-25 12:34 - 2015-02-25 14:17 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-25 12:33 - 2015-02-25 12:33 - 00001104 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-02-25 12:33 - 2015-02-25 12:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-02-25 12:33 - 2015-02-25 12:33 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-02-25 12:33 - 2015-02-25 12:33 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-02-25 12:33 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-02-25 12:33 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-02-25 12:33 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-02-25 12:08 - 2015-02-25 12:08 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\lindholm\Desktop\mbam-setup-2.0.4.1028.exe
2015-02-25 12:08 - 2015-02-25 12:08 - 02126848 _____ () C:\Users\lindholm\Desktop\AdwCleaner.exe
2015-02-25 09:47 - 2015-02-25 09:47 - 00000000 ____D () C:\Users\lindholm\AppData\Roaming\LavasoftStatistics
2015-02-25 06:46 - 2015-02-25 06:46 - 00000000 ____D () C:\Users\lindholm\AppData\Local\tem
2015-02-25 06:46 - 2009-07-13 17:39 - 00328704 _____ (Microsoft Corporation) C:\Windows\system32\Services.exe
2015-02-25 06:45 - 2015-02-25 06:46 - 00581244 _____ () C:\Users\lindholm\Desktop\ESETSirefefCleaner.exe_20150225.064551.6848.log
2015-02-25 06:45 - 2015-02-25 06:46 - 00197272 _____ () C:\Users\lindholm\Desktop\ESETSirefefCleaner.exe_20150225.064551.6848.zip
2015-02-25 06:45 - 2015-02-25 06:42 - 00368992 _____ (ESET) C:\Users\lindholm\Desktop\ESETSirefefCleaner.exe
2015-02-24 21:41 - 2015-02-26 08:42 - 00000000 ____D () C:\FRST
2015-02-24 21:39 - 2015-02-26 08:14 - 02087936 _____ (Farbar) C:\FRST64.exe
2015-02-24 21:20 - 2015-02-24 21:20 - 00088512 _____ () C:\ComboFix.txt
2015-02-24 20:59 - 2015-02-24 20:59 - 05611903 ____R (Swearware) C:\ComboFix.exe
2015-02-24 18:02 - 2015-02-24 18:04 - 00003082 _____ () C:\Users\lindholm\Desktop\Rkill.txt
2015-02-24 18:00 - 2015-02-24 17:42 - 01943800 _____ (Bleeping Computer, LLC) C:\rkill.com
2015-02-06 08:04 - 2015-02-06 08:04 - 00000000 ____D () C:\Users\lindholm\Tracing
2015-02-06 08:02 - 2015-02-23 15:44 - 00000000 ____D () C:\Users\lindholm\AppData\Roaming\Skype
2015-02-06 08:02 - 2015-02-06 08:02 - 00000000 ____D () C:\Users\lindholm\AppData\Local\Skype
2015-02-06 07:58 - 2015-02-25 06:44 - 00000000 ____D () C:\Users\lindholm\AppData\Local\Apps\2.0
2015-02-06 07:58 - 2015-02-06 07:56 - 01548384 _____ (Skype Technologies S.A.) C:\Users\lindholm\Desktop\SkypeSetup.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-26 08:33 - 2012-07-12 21:06 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-26 08:03 - 2012-04-18 11:19 - 01607671 _____ () C:\Windows\WindowsUpdate.log
2015-02-26 07:54 - 2012-05-01 22:26 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-26 07:54 - 2012-05-01 22:26 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-26 07:52 - 2014-06-12 08:18 - 00000546 _____ () C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-1757981266-1409082233-839522115-1223.job
2015-02-25 19:21 - 2009-07-13 20:45 - 00021312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-25 19:21 - 2009-07-13 20:45 - 00021312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-25 14:10 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\system32\inetsrv
2015-02-25 14:08 - 2012-04-18 11:38 - 00000120 _____ () C:\Windows\system32\config\netlogon.ftl
2015-02-25 14:08 - 2012-04-18 11:17 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-02-25 14:08 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-25 14:08 - 2009-07-13 20:51 - 00152299 _____ () C:\Windows\setupact.log
2015-02-25 14:07 - 2010-11-20 19:47 - 00522022 _____ () C:\Windows\PFRO.log
2015-02-25 14:07 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\LiveKernelReports
2015-02-25 12:25 - 2014-02-17 10:08 - 00000000 ____D () C:\AdwCleaner
2015-02-25 09:54 - 2009-07-13 21:13 - 01135306 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-24 21:20 - 2012-08-09 08:14 - 00000000 ____D () C:\Qoobox
2015-02-24 21:17 - 2009-07-13 18:34 - 00000215 _____ () C:\Windows\system.ini
2015-02-24 12:16 - 2012-04-18 11:47 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-02-24 12:14 - 2012-08-12 07:32 - 00002119 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2015-02-24 12:14 - 2012-08-12 07:32 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2015-02-24 12:14 - 2012-08-12 07:32 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2015-02-24 12:14 - 2012-04-18 15:47 - 00001945 _____ () C:\Windows\epplauncher.mif
2015-02-24 12:13 - 2013-07-12 09:00 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-23 17:33 - 2012-07-12 21:06 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-02-23 17:33 - 2012-04-18 09:31 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-23 17:33 - 2012-04-18 09:31 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-23 16:31 - 2012-04-25 08:18 - 00000000 ____D () C:\Users\DefaultAppPool
2015-02-23 16:31 - 2012-04-18 11:41 - 00000000 ____D () C:\Users\glindholm.PGT
2015-02-23 16:31 - 2012-04-18 11:08 - 00000000 ____D () C:\Users\glindholm
2015-02-23 15:47 - 2014-11-02 13:08 - 00000000 ____D () C:\Users\lindholm
2015-02-23 15:44 - 2014-04-15 18:38 - 00000000 ____D () C:\ProgramData\pdf995
2015-02-23 15:44 - 2013-11-15 18:21 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-02-23 15:44 - 2013-11-15 18:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-02-23 15:44 - 2013-11-15 18:20 - 00000000 ____D () C:\ProgramData\Skype
2015-02-23 15:44 - 2012-07-14 21:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-02-23 15:44 - 2012-04-18 09:31 - 00000000 ____D () C:\Windows\system32\Macromed
2015-02-23 15:44 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\AppCompat
2015-02-23 15:43 - 2012-04-18 11:55 - 00000000 ____D () C:\Program Files (x86)\Microsoft Visual Studio
2015-02-23 15:43 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\registration
2015-02-06 07:55 - 2013-09-16 17:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-02-06 07:49 - 2012-05-01 22:26 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-06 07:49 - 2012-05-01 22:26 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-02-06 07:44 - 2012-04-18 11:39 - 00017176 __RSH () C:\ProgramData\ntuser.pol
2015-01-29 17:49 - 2012-04-19 07:32 - 116773704 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

==================== Files in the root of some directories =======

2014-03-08 16:14 - 2014-03-08 16:14 - 0000057 _____ () C:\ProgramData\Ament.ini

ZeroAccess:
C:\Users\glindholm.PGT\AppData\Local\{609be93d-b5e3-4f17-88ec-d2ea189bd7aa}

Some content of TEMP:
====================
C:\Users\lindholm\AppData\Local\temp\ESETSirefefCleaner.exe
C:\Users\lindholm\AppData\Local\temp\Quarantine.exe
C:\Users\lindholm\AppData\Local\temp\sqlite3.dll

Some zero byte size files/folders:
==========================
C:\Windows\System32\sxshared.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-02-23 16:25

==================== End Of Log ============================

 

 

addition log

================================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-02-2015 01
Ran by lindholm at 2015-02-26 08:43:21
Running from C:\
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Disabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Disabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0014-0000-0000-0000000FF1CE}_PRO_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
2007 Microsoft Office Suite Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
64 Bit HP CIO Components Installer (Version: 8.2.4 - Hewlett-Packard) Hidden
AccelerometerP11 (HKLM-x32\...\{87434D51-51DB-4109-B68F-A829ECDCF380}) (Version: 2.00.10.33 - STMicroelectronics)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.2.0.2070 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader X (10.1.9) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.9 - Adobe Systems Incorporated)
Amazon Add to Wish List IE Extension 1.2 (HKLM-x32\...\Amazon Add to Wish List IE Extension) (Version: 1.2 - Amazon)
BioAPI Framework (Version: 1.0.2 - Dell Inc.) Hidden
Crystal Reports Basic for Visual Studio 2008 (HKLM-x32\...\{AA467959-A1D6-4F45-90CD-11DC57733F32}) (Version: 10.5.0.0 - Business Objects)
Crystal Reports Basic Runtime for Visual Studio 2008 (x64) (HKLM\...\{2BFA9B05-7418-4EDE-A6FC-620427BAAAA3}) (Version: 10.5.0.0 - Business Objects)
Custom (Version: 01.00.00.000 - Wave Systems Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Backup and Recovery Manager (HKLM\...\{50B4B603-A4C6-4739-AE96-6C76A0F8A388}) (Version: 1.3.1 - Dell Inc.)
Dell Client System Update (HKLM-x32\...\{2B2B45B1-3CA0-4F8D-BBB3-AC77ED46A0FE}) (Version: 1.2.2 - Dell Inc.)
Dell ControlVault Host Components Installer 64 bit (Version: 2.1.6.214 - Broadcom Corporation) Hidden
Dell Data Protection | Access (HKLM-x32\...\{A7D91856-258D-4C87-8041-B170851CE432}) (Version: 2.1.00001.002 - Dell Inc.)
Dell Data Protection | Access (Version: 02.01.01.002 - Wave Systems Corp) Hidden
Dell Data Protection | Access | Drivers (HKLM-x32\...\{4E4E65EE-C456-45AC-B5AD-C62C3A325BD0}) (Version: 2.01.018 - Dell Inc.)
Dell Data Protection | Access | Middleware (HKLM-x32\...\{841CBDD5-4BB5-403E-AEE3-2FADC3890BE8}) (Version: 2.01.010 - Dell Inc.)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Feature Enhancement Pack (HKLM\...\{992D1CE7-A20F-4AB0-9D9D-AFC3418844DA}) (Version: 2.1.000 - Dell)
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.1208.101.125 - ALPS ELECTRIC CO., LTD.)
Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 1.40.54 - Creative Technology Ltd)
DellAccess (Version: 01.01.00.072 - Wave Systems Corp.) Hidden
EMBASSY Security Center (Version: 04.03.00.121 - Wave Systems Corp.) Hidden
Gemalto (Version: 01.64.01.0010 - Wave Systems Corp) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.115 - Google Inc.)
Google Drive (HKLM-x32\...\{65EACBB4-B0B8-4A5B-AE46-22DBE15C70B5}) (Version: 1.19.8406.6504 - Google, Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
H&R Block Basic + Efile 2012 (HKLM-x32\...\{89D20029-0578-4D8D-979A-695C8D868868}) (Version: 12.02.7803 - HRB Technology, LLC.)
H&R Block Basic + Efile 2013 (HKLM-x32\...\{FDF789BA-0A3F-45B1-AFC3-FB424AFEB3D0}) (Version: 13.02.6502 - HRB Technology, LLC.)
HP Photosmart 6520 series Basic Device Software (HKLM\...\{1151BCF8-3246-4E34-9C17-22E66318C41C}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Photosmart 6520 series Help (HKLM-x32\...\{D3293275-1002-41F5-BC37-099B4251FF5B}) (Version: 28.0.0 - Hewlett Packard)
HP Update (HKLM-x32\...\{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}) (Version: 5.003.003.001 - Hewlett-Packard)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Identity Protection Technology 1.1.2.0 (HKLM-x32\...\{C01A86F5-56E7-101F-9BC9-E3F1025EB779}) (Version: 1.1.2.0 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® Network Connections 16.5.2.0 (HKLM\...\PROSetDX) (Version: 16.5.2.0 - Dell)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2418 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{4C1CCA11-0D08-4D5E-8444-2D9FB48BCABF}) (Version: 14.00.20110 - Intel Corporation)
iSEEK AnswerWorks English Runtime (HKLM-x32\...\{18A8E78B-9EF2-496E-B310-BCD8E4C1DAB3}) (Version: 010.000.0101 - Vantage Linguistics)
Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.550 - Oracle)
Java™ 6 Update 37 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216037FF}) (Version: 6.0.370 - Oracle)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Compact Framework 2.0 SP2 (HKLM-x32\...\{EDDF99D9-9FE3-4871-A7DB-D1522C51EE9A}) (Version: 2.0.7045 - Microsoft Corporation)
Microsoft .NET Compact Framework 3.5 (HKLM-x32\...\{291B3A3B-F808-45B8-8113-DF232FCB6C82}) (Version: 3.5.7283 - Microsoft Corporation)
Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Device Emulator (64 bit) version 3.0 - ENU (HKLM\...\{EF8B1A2E-9CCB-3AB2-91E3-4EEDAB1294E1}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Document Explorer 2008 (HKLM-x32\...\Microsoft Document Explorer 2008) (Version:  - Microsoft Corporation)
Microsoft Help Viewer 1.1 (HKLM\...\Microsoft Help Viewer 1.1) (Version: 1.1.40219 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
Microsoft Office 2003 Web Components (HKLM-x32\...\{90120000-00A4-0409-0000-0000000FF1CE}) (Version: 12.0.6213.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Professional 2007 (HKLM-x32\...\PRO) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Report Viewer 2012 Runtime (HKLM-x32\...\{9CCE40CE-A9E6-4916-8729-B008558EEF3F}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft Report Viewer Redistributable 2008 SP1 (HKLM-x32\...\Microsoft Report Viewer Redistributable 2008 (KB971119)) (Version:  - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.7.205.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Management Objects (HKLM-x32\...\{83F2B8F4-5CF3-4BE9-9772-9543EAE4AC5F}) (Version: 10.51.2500.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files  (HKLM\...\{B40EE88B-400A-4266-A17B-E3DE64E94431}) (Version: 10.1.2731.0 - Microsoft Corporation)
Microsoft SQL Server 2012 (64-bit) (HKLM\...\Microsoft SQL Server SQLServer2012) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework  (HKLM\...\{A007BD05-ECFD-4F64-89F6-7E95F91F0DFB}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects  (HKLM-x32\...\{DA1C1761-5F4F-4332-AB9D-29EDF3F8EA0A}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects  (x64) (HKLM\...\{FA0A244E-F3C2-4589-B42A-3D522DE79A42}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client  (HKLM\...\{49D665A2-4C2A-476E-9AB8-FCC425F526FC}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Policies  (HKLM-x32\...\{DC487E40-046E-42A9-9C7C-5D2B1A7EB211}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Setup (English) (HKLM\...\{8CB0713F-CFE0-445D-BCB2-538465860E1A}) (Version: 11.1.3128.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL Compiler Service  (HKLM\...\{BEB0F91E-F2EA-48A1-B938-7857ABF2A93D}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL ScriptDom  (HKLM\...\{0E8670B8-3965-4930-ADA6-570348B67153}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 T-SQL Language Service  (HKLM\...\{CC8B009A-98C9-497F-99AF-CEBE35D8C0CF}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server Data Tools – Database Projects – Web installer entry point (HKLM-x32\...\{F3BBC56F-2282-4464-952F-A89772181F30}) (Version: 10.3.20116.0 - Microsoft Corporation)
Microsoft SQL Server Database Publishing Wizard 1.3 (HKLM-x32\...\{9A33B83D-FFC4-44CF-BEEF-632DECEF2FCD}) (Version: 10.0.1600.22 - Microsoft Corporation)
Microsoft SQL Server Native Client (HKLM\...\{9ACF3FDB-C8E6-444C-8C64-13A221F7BFFD}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM-x32\...\{C3F6F200-6D7B-4879-B9EE-700C0CE1FCDA}) (Version: 10.51.2500.0 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (HKLM-x32\...\{E2082604-4BA5-44BB-BBFB-AF0F3CB8C6AB}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (x64) (HKLM\...\{F1949145-EB64-4DE7-9D81-E6D27937146C}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Runtime - 10.0.40219 (HKLM-x32\...\{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2008 Professional Edition - ENU (HKLM-x32\...\Microsoft Visual Studio 2008 Professional Edition - ENU) (Version:  - Microsoft Corporation)
Microsoft Visual Studio 2008 Professional Edition - ENU Service Pack 1 (KB945140) (HKLM-x32\...\{D7DAD1E4-45F4-3B2B-899A-EA728167EC4F}.KB945140) (Version: 1 - Microsoft Corporation)
Microsoft Visual Studio 2008 Remote Debugger - ENU (HKLM\...\Microsoft Visual Studio 2008 Remote Debugger - ENU) (Version:  - Microsoft Corporation)
Microsoft Visual Studio 2008 Remote Debugger - ENU Service Pack 1 (KB945140) (HKLM-x32\...\{64D5BBC6-5270-3711-AA39-31C1087AF4E6}.KB945140) (Version: 1 - Microsoft Corporation)
Microsoft Visual Studio 2008 Shell (integrated mode) - ENU (HKLM-x32\...\{BA0C9AAF-1327-3F06-B49C-349B4BE8F740}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual Studio 2010 Shell (Integrated) - ENU (HKLM-x32\...\{012D26C3-E12A-3BDA-8ECE-DF14E721A507}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Shell (Isolated) - ENU (HKLM-x32\...\{D64B6984-242F-32BC-B008-752806E5FC44}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 - ENU (HKLM-x32\...\{4ECF4BDC-8387-329A-ABE9-CF5798F84BB2}) (Version: 9.0.35191 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications Design-Time 3.0 (HKLM-x32\...\{5A03C202-08B4-3F1D-9A60-A4F53EF1B636}) (Version: 10.0.40220 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications x64 Runtime 3.0 (HKLM\...\{F14401A9-F0A0-33CC-8444-F60823A60DEB}) (Version: 10.0.40220 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications x86 Runtime 3.0 (HKLM-x32\...\{191A6F65-6878-398D-A272-EF011B80F371}) (Version: 10.0.40220 - Microsoft Corporation)
Microsoft Visual Studio Web Authoring Component (HKLM-x32\...\VisualWebDeveloper) (Version: 12.0.4518.1066 - Microsoft Corporation)
Microsoft VSS Writer for SQL Server 2012 (HKLM\...\{3E0DD83F-BE4C-4478-86A0-AD0D79D1353E}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft Windows SDK for Visual Studio 2008 .NET Framework Tools - enu (HKLM\...\{29C93182-34F6-3275-A18D-59326851CD57}) (Version: 3.5.21022 - Microsoft Corporation)
Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries (HKLM\...\{5DE154DF-A55E-4FA5-BE59-32E78FCACF3E}) (Version: 6.1.5288.17011 - Microsoft Corporation)
Microsoft Windows SDK for Visual Studio 2008 SDK Reference Assemblies and IntelliSense (HKLM\...\{9aa5f39c-a8de-46b0-919a-0248f8bc8490}) (Version: 6.1.5288.17011 - Microsoft Corporation)
Microsoft Windows SDK for Visual Studio 2008 SP1 Tools (HKLM\...\{62EED300-E841-4083-A1D6-60B906271804}) (Version: 6.1.5294.17011 - Microsoft Corporation)
Microsoft Windows SDK for Visual Studio 2008 SP1 Win32 Tools (HKLM\...\{A992BBAA-723D-4574-A07F-983BF8FAA3E1}) (Version: 6.1.5294.17011 - Microsoft Corporation)
Mozilla Firefox 33.0.3 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 33.0.3 (x86 en-US)) (Version: 33.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 33.0.2 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NTRU TCG Software Stack (Version: 2.1.36 - Security Innovation, Inc.) Hidden
NVIDIA 3D Vision Driver 311.00 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 311.00 - NVIDIA Corporation)
NVIDIA Graphics Driver 311.00 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 311.00 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.18.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.18.0 - NVIDIA Corporation)
NVIDIA nView 136.53 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView) (Version: 136.53 - NVIDIA Corporation)
O2Micro Flash Memory Card Windows Driver (HKLM-x32\...\InstallShield_{0CB3B7EE-52C7-4136-AF40-605567D90318}) (Version: 3.0.07.23 - O2Micro International LTD.)
O2Micro Flash Memory Card Windows Driver (x32 Version: 3.0.07.23 - O2Micro International LTD.) Hidden
PC-CCID (Version: 2.0.0 - Gemalto) Hidden
Pdf995 (installed by H&R Block) (HKLM-x32\...\Pdf995) (Version:  - )
PdfEdit995 (installed by H&R Block) (HKLM-x32\...\PdfEdit995) (Version:  - )
PL-2303 USB-to-Serial (HKLM-x32\...\{A9111573-EF12-4D80-A5B9-55F620D5BCA1}) (Version: 1.00.000 - Prolific Technology INC)
Preboot Manager (Version: 03.03.00.074 - Wave Systems Corp.) Hidden
Prerequisites for SSDT  (HKLM-x32\...\{9169C939-ED01-446A-BD0C-29873BAF4E48}) (Version: 11.0.2100.60 - Microsoft Corporation)
Private Information Manager (Version: 07.01.00.022 - Wave Systems Corp.) Hidden
PuTTY version 0.62 (HKLM-x32\...\PuTTY_is1) (Version: 0.62 - Simon Tatham)
Quicken 2012 (HKLM-x32\...\{0A1E0BDA-5E8F-436d-8BE5-7E97C5CB899D}) (Version: 21.1.7.18 - Intuit)
SAP Crystal Reports runtime engine for .NET Framework 4 (64-bit) (HKLM\...\{C306FE94-98CC-4727-9D85-2BA9EB3078CD}) (Version: 13.0.2.469 - SAP)
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
SPBA 5.9 (Version: 5.9.4.6686 - UPEK Inc.) Hidden
SQL Server 2012 Analysis Services (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 BI Development Studio (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 Client Tools (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 Common Files (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 Database Engine Services (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 Database Engine Shared (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 Integration Services (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 Management Studio (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 SQL Data Quality Common (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server Browser for SQL Server 2012 (HKLM-x32\...\{4B9E6EB0-0EED-4E74-9479-F982C3254F71}) (Version: 11.0.2100.60 - Microsoft Corporation)
Sql Server Customer Experience Improvement Program (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
Trillian (HKLM-x32\...\Trillian) (Version:  - Cerulean Studios, LLC)
Trusted Drive Manager (Version: 4.1.1.312 - Wave Systems Corp.) Hidden
UltraEdit 16.30 (HKLM-x32\...\{EE1EB497-5F0B-4DEF-910B-165707AB09FA}) (Version: 16.30.4 - IDM Computer Solutions, Inc.)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0014-0000-0000-0000000FF1CE}_PRO_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0021-0000-0000-0000000FF1CE}_VisualWebDeveloper_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Upek Touchchip Fingerprint Reader (Version: 1.2.004 - Dell Inc.) Hidden
VC Runtimes MSI (x32 Version: 9.0.21022 - Microsoft) Hidden
Visual C++ 2008 IA64 Runtime - v9.0.30729.01 (HKLM-x32\...\{22E23C71-C27A-3F30-8849-BB6129E50679}.vc_i64runtime_30729_01) (Version: 9.0.30729.01 - Microsoft Corporation)
Visual C++ 2008 x64 Runtime - v9.0.30729.01 (HKLM-x32\...\{0DF3AE91-E533-3960-8516-B23737F8B7A2}.vc_x64runtime_30729_01) (Version: 9.0.30729.01 - Microsoft Corporation)
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (HKLM-x32\...\{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01) (Version: 9.0.30729.01 - Microsoft Corporation)
Visual C++ 2008 x86 Runtime - v9.0.30729.4148 (HKLM-x32\...\{7B33F480-496D-334A-BAC2-205DEC0CBC2D}.vc_x86runtime_30729_4148) (Version: 9.0.30729.4148 - Microsoft Corporation)
Visual C++ 2008 x86 Runtime - v9.0.30729.6161 (HKLM-x32\...\{3F8D9A47-9C50-3F46-8F12-B92DD5CA0A2E}.vc_x86runtime_30729_6161) (Version: 9.0.30729.6161 - Microsoft Corporation)
Visual Studio .NET Prerequisites - English (HKLM\...\{D3E39E77-0EB4-36FB-B97A-8C8AB21B9A45}) (Version: 9.0.30729 - Microsoft Corporation)
Visual Studio 2005 Tools for Office Second Edition Runtime (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version:  - Microsoft Corporation)
Visual Studio 2010 Prerequisites - English (HKLM\...\{662014D2-0450-37ED-ABAE-157C88127BEB}) (Version: 10.0.40219 - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM-x32\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation)
Wave Infrastructure Installer (Version: 07.67.17.0010 - Wave Systems Corp) Hidden
Wave Support Software Installer (Version: 05.13.00.033 - Wave Systems Corp) Hidden
WebM Media Foundation Components (HKLM-x32\...\webmmf) (Version: 1.0.1.2 - WebM Project)
Windows Driver Package - Dell Inc. PBADRV System  (09/11/2009 1.0.1.6) (HKLM\...\9512AA21B791B05A54E27065C45BBC417AB282DF) (Version: 09/11/2009 1.0.1.6 - Dell Inc.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Mobile 5.0 SDK R2 for Pocket PC (HKLM-x32\...\{6C9F6D23-E9AD-43C9-B43A-011562AAF876}) (Version: 5.00.1700.5.14343.06 - Microsoft Corporation)
Windows Mobile 5.0 SDK R2 for Smartphone (HKLM-x32\...\{9656F3AC-6BA9-43F0-ABED-F214B5DAB27B}) (Version: 5.00.1700.5.14343.06 - Microsoft Corporation)
Windows Mobile Device Center (HKLM\...\{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}) (Version: 6.1.6965.0 - Microsoft Corporation)
Windows Mobile Device Center Driver Update (HKLM\...\{92DBCA36-9B41-4DD1-941A-AED149DD37F0}) (Version: 6.1.6965.0 - Microsoft Corporation)
Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

==================== Restore Points  =========================

10-11-2014 21:43:04 Scheduled Checkpoint
16-11-2014 19:42:09 Windows Update
16-11-2014 19:48:31 Windows Update
30-11-2014 15:58:03 Windows Update
05-12-2014 10:04:14 Windows Update
19-12-2014 16:07:25 Scheduled Checkpoint
06-02-2015 07:58:28 Windows Update
11-02-2015 11:44:10 Windows Update
11-02-2015 12:00:20 Windows Update
11-02-2015 14:48:59 Windows Update
18-02-2015 19:22:24 Windows Update
18-02-2015 21:17:20 Windows Update
23-02-2015 15:40:34 Restore Operation
23-02-2015 15:48:54 Windows Update
24-02-2015 12:02:49 Windows Update
25-02-2015 05:44:00 Windows Update
25-02-2015 09:46:47 AA11
25-02-2015 12:00:13 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 18:34 - 2015-02-24 21:17 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {028D57E7-7794-4FB9-A6B7-E9D479ECCE0F} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft)
Task: {14B2A94C-0934-4C29-B0D5-8535C3E43E8F} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {38052F7C-67CA-4DB2-8D1A-0333D3C58BBA} - System32\Tasks\G2MUpdateTask-S-1-5-21-1757981266-1409082233-839522115-1223 => C:\Program Files (x86)\Citrix\GoToMeeting\1865\g2mupdate.exe [2014-11-02] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {3959F670-A7EC-437E-B981-8DB547AFF7BB} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {53FB5B6E-9F40-4584-9B19-F9C264383FC5} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {86FA2855-3D73-444D-B598-94136D2945E3} - System32\Tasks\fba_NetBackup => C:\Program Files (x86)\Softland\FBackup 4\fbaSchedStarter.exe
Task: {91AE8120-5118-4622-9302-89B335819A6E} - System32\Tasks\Dell\Client System Update => C:\Program Files (x86)\Dell\ClientSystemUpdate\DellClientSystemUpdate.exe [2011-05-26] (Dell Inc.)
Task: {96B8A468-0FDD-4809-BB8D-575450E7EE7C} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {CAA95909-B650-45EB-B2D9-E3BDD5607FCE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-05-01] (Google Inc.)
Task: {E37042AC-ACF6-4782-B9CA-CF14121EE45D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-05-01] (Google Inc.)
Task: {F971CD8D-C6C6-4B76-8624-301EA78B0577} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-23] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-1757981266-1409082233-839522115-1223.job => C:\Program Files (x86)\Citrix\GoToMeeting\1865\g2mupdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

2010-12-23 10:33 - 2010-12-23 10:33 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
2013-05-04 08:19 - 2013-01-10 13:36 - 00087328 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-04-15 18:38 - 2012-04-26 14:51 - 00040448 _____ () C:\Windows\System32\pdf995mon64.dll
2012-04-18 09:46 - 2003-04-18 18:06 - 00008192 _____ () c:\Windows\SysWOW64\srvany.exe
2012-04-17 18:15 - 2011-06-10 10:36 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2010-12-23 10:33 - 2010-12-23 10:33 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\LIBEAY32.dll
2012-04-18 09:45 - 2011-07-25 06:43 - 00686704 _____ () C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:0CFF5F08

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-163096287-206452579-3000308475-1017\Control Panel\Desktop\\Wallpaper -> C:\Users\lindholm\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.20.7 - 192.168.20.10

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

==================== Accounts: =============================

Administrator (S-1-5-21-163096287-206452579-3000308475-500 - Administrator - Disabled)
glindholm (S-1-5-21-163096287-206452579-3000308475-1001 - Administrator - Enabled) => C:\Users\glindholm
Guest (S-1-5-21-163096287-206452579-3000308475-501 - Limited - Enabled)
lindholm (S-1-5-21-163096287-206452579-3000308475-1017 - Administrator - Enabled) => C:\Users\lindholm
UpdatusUser (S-1-5-21-163096287-206452579-3000308475-1000 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Faulty Device Manager Devices =============

Name: iPodDrv
Description: iPodDrv
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: iPodDrv
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Intel® 82579LM Gigabit Network Connection
Description: Intel® 82579LM Gigabit Network Connection
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel
Service: e1cexpress
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

==================== Event log errors: =========================

Application errors:
==================
Error: (02/25/2015 02:08:52 PM) (Source: SQLSERVERAGENT) (EventID: 324) (User: )
Description: OpenSQLServerInstanceRegKey:GetRegKeyAccessMask failed (reason: 2).

Error: (02/25/2015 02:08:52 PM) (Source: SQLSERVERAGENT) (EventID: 324) (User: )
Description: OpenSQLServerInstanceRegKey:GetRegKeyAccessMask failed (reason: 2).

Error: (02/25/2015 02:08:20 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/25/2015 00:28:37 PM) (Source: SQLSERVERAGENT) (EventID: 324) (User: )
Description: OpenSQLServerInstanceRegKey:GetRegKeyAccessMask failed (reason: 2).

Error: (02/25/2015 00:28:36 PM) (Source: SQLSERVERAGENT) (EventID: 324) (User: )
Description: OpenSQLServerInstanceRegKey:GetRegKeyAccessMask failed (reason: 2).

Error: (02/25/2015 00:27:31 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/25/2015 09:53:55 AM) (Source: SQLSERVERAGENT) (EventID: 324) (User: )
Description: OpenSQLServerInstanceRegKey:GetRegKeyAccessMask failed (reason: 2).

Error: (02/25/2015 09:53:54 AM) (Source: SQLSERVERAGENT) (EventID: 324) (User: )
Description: OpenSQLServerInstanceRegKey:GetRegKeyAccessMask failed (reason: 2).

Error: (02/25/2015 09:53:20 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/25/2015 06:49:13 AM) (Source: SQLSERVERAGENT) (EventID: 324) (User: )
Description: OpenSQLServerInstanceRegKey:GetRegKeyAccessMask failed (reason: 2).

System errors:
=============
Error: (02/25/2015 02:08:22 PM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1055) (User: NT AUTHORITY)
Description: The processing of Group Policy failed. Windows could not resolve the computer name. This could be caused by one of more of the following:
a) Name Resolution failure on the current domain controller.
B) Active Directory Replication Latency (an account created on another domain controller has not replicated to the current domain controller).

Error: (02/25/2015 02:08:20 PM) (Source: NETLOGON) (EventID: 5719) (User: )
Description: This computer was not able to set up a secure session with a domain
controller in domain PGT due to the following:
%%1311

This may lead to authentication problems. Make sure that this
computer is connected to the network. If the problem persists,
please contact your domain administrator.

 

ADDITIONAL INFO

If this computer is a domain controller for the specified domain, it
sets up the secure session to the primary domain controller emulator in the specified
domain. Otherwise, this computer sets up the secure session to any domain controller
in the specified domain.

Error: (02/25/2015 00:27:25 PM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1055) (User: NT AUTHORITY)
Description: The processing of Group Policy failed. Windows could not resolve the computer name. This could be caused by one of more of the following:
a) Name Resolution failure on the current domain controller.
B) Active Directory Replication Latency (an account created on another domain controller has not replicated to the current domain controller).

Error: (02/25/2015 00:27:23 PM) (Source: NETLOGON) (EventID: 5719) (User: )
Description: This computer was not able to set up a secure session with a domain
controller in domain PGT due to the following:
%%1311

This may lead to authentication problems. Make sure that this
computer is connected to the network. If the problem persists,
please contact your domain administrator.

 

ADDITIONAL INFO

If this computer is a domain controller for the specified domain, it
sets up the secure session to the primary domain controller emulator in the specified
domain. Otherwise, this computer sets up the secure session to any domain controller
in the specified domain.

Error: (02/25/2015 00:03:36 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x800700c1: Update for Windows 7 for x64-based Systems (KB3006137).

Error: (02/25/2015 00:00:37 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x800700c1: Update for Windows 7 for x64-based Systems (KB3009736).

Error: (02/25/2015 09:53:15 AM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1055) (User: NT AUTHORITY)
Description: The processing of Group Policy failed. Windows could not resolve the computer name. This could be caused by one of more of the following:
a) Name Resolution failure on the current domain controller.
B) Active Directory Replication Latency (an account created on another domain controller has not replicated to the current domain controller).

Error: (02/25/2015 09:53:14 AM) (Source: NETLOGON) (EventID: 5719) (User: )
Description: This computer was not able to set up a secure session with a domain
controller in domain PGT due to the following:
%%1311

This may lead to authentication problems. Make sure that this
computer is connected to the network. If the problem persists,
please contact your domain administrator.

 

ADDITIONAL INFO

If this computer is a domain controller for the specified domain, it
sets up the secure session to the primary domain controller emulator in the specified
domain. Otherwise, this computer sets up the secure session to any domain controller
in the specified domain.

Error: (02/25/2015 06:47:51 AM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1055) (User: NT AUTHORITY)
Description: The processing of Group Policy failed. Windows could not resolve the computer name. This could be caused by one of more of the following:
a) Name Resolution failure on the current domain controller.
B) Active Directory Replication Latency (an account created on another domain controller has not replicated to the current domain controller).

Error: (02/25/2015 06:47:49 AM) (Source: NETLOGON) (EventID: 5719) (User: )
Description: This computer was not able to set up a secure session with a domain
controller in domain PGT due to the following:
%%1311

This may lead to authentication problems. Make sure that this
computer is connected to the network. If the problem persists,
please contact your domain administrator.

 

ADDITIONAL INFO

If this computer is a domain controller for the specified domain, it
sets up the secure session to the primary domain controller emulator in the specified
domain. Otherwise, this computer sets up the secure session to any domain controller
in the specified domain.

Microsoft Office Sessions:
=========================
Error: (05/08/2014 01:45:52 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6691.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 345651 seconds with 30000 seconds of active time.  This session ended with a crash.

Error: (12/11/2013 01:43:24 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6680.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 107346 seconds with 9420 seconds of active time.  This session ended with a crash.

Error: (09/13/2013 09:09:00 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6680.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 244901 seconds with 12120 seconds of active time.  This session ended with a crash.

Error: (02/20/2013 00:04:02 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 19534 seconds with 1200 seconds of active time.  This session ended with a crash.

CodeIntegrity Errors:
===================================
  Date: 2015-02-24 21:15:31.584
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-02-24 21:15:31.460
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-02-24 21:15:31.335
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-02-24 21:15:31.210
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-02-17 12:50:51.455
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-02-17 12:50:51.364
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-02-17 12:50:51.273
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-02-17 12:50:51.181
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2012-08-10 09:13:49.355
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2012-08-10 09:13:49.343
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

Processor: Intel® Core™ i5-2430M CPU @ 2.40GHz
Percentage of memory in use: 32%
Total physical RAM: 8072.9 MB
Available physical RAM: 5469.1 MB
Total Pagefile: 16143.98 MB
Available Pagefile: 12881.08 MB
Total Virtual: 8192 MB
Available Virtual: 8191.86 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:447.42 GB) (Free:342.32 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: 889D2E70)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=18.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=447.4 GB) - (Type=07 NTFS)

==================== End Of Log ============================



#11 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:09:30 PM

Posted 26 February 2015 - 12:00 PM

Thank you!

Step 1

frst.pngfrstfix.png

Press thew7.png + R on your keyboard at the same time. Type notepad and click OK.

  • Copy the entire content of the codebox below and paste into the notepad document:
    CloseProcesses:
    HKLM-x32\...\Run: [] => [X]
    HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot% <====== ATTENTION
    HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir% <====== ATTENTION
    Startup: C:\Users\glindholm.PGT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
    File: "C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe" 
    ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
    ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
    ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} =>  No File
    ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} =>  No File
    ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
    ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} =>  No File
    ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
    ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} =>  No File
    ShellIconOverlayIdentifiers-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
    ShellIconOverlayIdentifiers-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
    ShellIconOverlayIdentifiers-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} =>  No File
    ShellIconOverlayIdentifiers-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} =>  No File
    ShellIconOverlayIdentifiers-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
    ShellIconOverlayIdentifiers-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} =>  No File
    ShellIconOverlayIdentifiers-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
    ShellIconOverlayIdentifiers-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} =>  No File
    GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKU\S-1-5-21-163096287-206452579-3000308475-1017\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    BHO-x32: No Name -> {C4401D0E-088C-4AD4-B14A-8D6B1181A5E4} ->  No File
    Winsock: Catalog5 01 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
    Winsock: Catalog5-x64 01 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
    cmd: type "C:\ComboFix.txt"
    C:\Users\glindholm.PGT\AppData\Local\{609be93d-b5e3-4f17-88ec-d2ea189bd7aa}
    AlternateDataStreams: C:\ProgramData\Temp:0CFF5F08
    CreateRestorePoint:
    EmptyTemp:
    
  • Click File, Save As and type fixlist.txt as the File Name.

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please post it to your reply.

After the Reboot:

Step 2

frst.pngfrstscan.png

Start FRST with administator privileges.

  • Press the Scan button.
  • When finished, FRST will produce a log (FRST.txt) in the same directory the tool was run from.
    Please copy and paste the log in your next reply.

Step 3

Please download fss.pngFarbar Service Scanner and run it on the computer with the issue.

  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#12 art_vandelay

art_vandelay
  • Topic Starter

  • Members
  • 139 posts
  • OFFLINE
  •  
  • Local time:12:30 PM

Posted 26 February 2015 - 01:16 PM

FixLog.txt

======================================

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 25-02-2015 01
Ran by lindholm at 2015-02-26 09:06:22 Run:1
Running from C:\
Loaded Profiles: lindholm (Available profiles: UpdatusUser & glindholm & lindholm & glindholm & DefaultAppPool)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
CloseProcesses:
HKLM-x32\...\Run: [] => [X]
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot% <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir% <====== ATTENTION
Startup: C:\Users\glindholm.PGT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
File: "C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe"
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} =>  No File
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-163096287-206452579-3000308475-1017\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO-x32: No Name -> {C4401D0E-088C-4AD4-B14A-8D6B1181A5E4} ->  No File
Winsock: Catalog5 01 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 01 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
cmd: type "C:\ComboFix.txt"
C:\Users\glindholm.PGT\AppData\Local\{609be93d-b5e3-4f17-88ec-d2ea189bd7aa}
AlternateDataStreams: C:\ProgramData\Temp:0CFF5F08
CreateRestorePoint:
EmptyTemp:
*****************

Processes closed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
C:\Users\glindholm.PGT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk => Moved successfully.

========================= File: "C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe" ========================

MD5: 586CBBFC7162FF4B6B4CE3864A6FDD7C
Creation and modification date: 2011-08-24 13:13 - 2011-08-24 13:13
Size: 0494488
Attributes: ----A
Company Name: Microsoft
Internal Name: SmartSettings.exe
Original Name: SmartSettings.exe
Product Name: DellSmartSettings
Description: DellSmartSettings
File Version: 2.1.0.551
Product Version: 2.1.0.551
Copyright: Copyright © Dell Inc. 2011. All rights reserved.

====== End Of File: ======

"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\"DropboxExt1"" => Key deleted successfully.
HKCR\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => Key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\"DropboxExt2"" => Key deleted successfully.
HKCR\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => Key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\"DropboxExt3"" => Key deleted successfully.
HKCR\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => Key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\"DropboxExt4"" => Key deleted successfully.
HKCR\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => Key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\"DropboxExt5"" => Key deleted successfully.
HKCR\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => Key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\"DropboxExt6"" => Key deleted successfully.
HKCR\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => Key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\"DropboxExt7"" => Key deleted successfully.
HKCR\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => Key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\"DropboxExt8"" => Key deleted successfully.
HKCR\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => Key not found.
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\"DropboxExt1"" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => Key not found.
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\"DropboxExt2"" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => Key not found.
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\"DropboxExt3"" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => Key not found.
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\"DropboxExt4"" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => Key not found.
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\"DropboxExt5"" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => Key not found.
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\"DropboxExt6"" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => Key not found.
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\"DropboxExt7"" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => Key not found.
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\"DropboxExt8"" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => Key not found.
C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKU\S-1-5-21-163096287-206452579-3000308475-1017\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C4401D0E-088C-4AD4-B14A-8D6B1181A5E4}" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{C4401D0E-088C-4AD4-B14A-8D6B1181A5E4} => Key not found.
Winsock: Catalog5 entry 000000000001\\LibraryPath  was set successfully to %SystemRoot%\system32\NLAapi.dll
Winsock: Catalog5-x64 entry 000000000001\\LibraryPath  was set successfully to %SystemRoot%\system32\NLAapi.dll

=========  type "C:\ComboFix.txt" =========

ComboFix 15-02-16.01 - lindholm 02/24/2015  21:06:42.5.4 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.8073.5377 [GMT -8:00]
Running from: C:\ComboFix.exe
AV: Ad-Aware Antivirus *Disabled/Outdated* {D87B6541-12A1-DAEA-0033-9B8057AAB996}
AV: Microsoft Security Essentials *Enabled/Updated* {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
FW: Ad-Aware Firewall *Disabled* {E040E464-58CE-DBB2-2B6C-32B5A979FEED}
SP: Ad-Aware Antivirus *Disabled/Outdated* {631A84A5-349B-D564-3A83-A0F22C2DF32B}
SP: Microsoft Security Essentials *Enabled/Updated* {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Thumbs.db
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\akpdacgklifkhdhlmcgfjjpjipggeeag
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\akpdacgklifkhdhlmcgfjjpjipggeeag\2.1\background.html
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\akpdacgklifkhdhlmcgfjjpjipggeeag\2.1\content.js
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\akpdacgklifkhdhlmcgfjjpjipggeeag\2.1\lsdb.js
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\akpdacgklifkhdhlmcgfjjpjipggeeag\2.1\manifest.json
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\akpdacgklifkhdhlmcgfjjpjipggeeag\2.1\newtab.html
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\akpdacgklifkhdhlmcgfjjpjipggeeag\2.1\YkaBTtl.js
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bhjooekfblcbbahnjedijbkjecjnfbec
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bhjooekfblcbbahnjedijbkjecjnfbec\2.7\background.html
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bhjooekfblcbbahnjedijbkjecjnfbec\2.7\content.js
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bhjooekfblcbbahnjedijbkjecjnfbec\2.7\lsdb.js
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bhjooekfblcbbahnjedijbkjecjnfbec\2.7\manifest.json
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bhjooekfblcbbahnjedijbkjecjnfbec\2.7\V96U.js
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cplklnmnlbnpmjogncfgfijoopmnlemp
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cplklnmnlbnpmjogncfgfijoopmnlemp\234\aP7kbK.js
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cplklnmnlbnpmjogncfgfijoopmnlemp\234\background.html
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cplklnmnlbnpmjogncfgfijoopmnlemp\234\content.js
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cplklnmnlbnpmjogncfgfijoopmnlemp\234\lsdb.js
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cplklnmnlbnpmjogncfgfijoopmnlemp\234\manifest.json
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dikaecffohogeipimnfigdkegajemmdm
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dikaecffohogeipimnfigdkegajemmdm\1.1\background.html
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dikaecffohogeipimnfigdkegajemmdm\1.1\content.js
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dikaecffohogeipimnfigdkegajemmdm\1.1\icon48.png
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dikaecffohogeipimnfigdkegajemmdm\1.1\j1Z0rFzXVHS.js
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dikaecffohogeipimnfigdkegajemmdm\1.1\lsdb.js
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dikaecffohogeipimnfigdkegajemmdm\1.1\manifest.json
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ijgbldojgommhpnafndgccfpicoehehl
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ijgbldojgommhpnafndgccfpicoehehl\1.0\background.html
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ijgbldojgommhpnafndgccfpicoehehl\1.0\BnIGe8d.js
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ijgbldojgommhpnafndgccfpicoehehl\1.0\content.js
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ijgbldojgommhpnafndgccfpicoehehl\1.0\lsdb.js
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ijgbldojgommhpnafndgccfpicoehehl\1.0\manifest.json
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\akpdacgklifkhdhlmcgfjjpjipggeeag
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\akpdacgklifkhdhlmcgfjjpjipggeeag\2.1\background.html
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\akpdacgklifkhdhlmcgfjjpjipggeeag\2.1\content.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\akpdacgklifkhdhlmcgfjjpjipggeeag\2.1\lsdb.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\akpdacgklifkhdhlmcgfjjpjipggeeag\2.1\manifest.json
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\akpdacgklifkhdhlmcgfjjpjipggeeag\2.1\newtab.html
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\akpdacgklifkhdhlmcgfjjpjipggeeag\2.1\YkaBTtl.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bhjooekfblcbbahnjedijbkjecjnfbec
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bhjooekfblcbbahnjedijbkjecjnfbec\2.7\background.html
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bhjooekfblcbbahnjedijbkjecjnfbec\2.7\content.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bhjooekfblcbbahnjedijbkjecjnfbec\2.7\lsdb.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bhjooekfblcbbahnjedijbkjecjnfbec\2.7\manifest.json
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bhjooekfblcbbahnjedijbkjecjnfbec\2.7\V96U.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cplklnmnlbnpmjogncfgfijoopmnlemp
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cplklnmnlbnpmjogncfgfijoopmnlemp\234\aP7kbK.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cplklnmnlbnpmjogncfgfijoopmnlemp\234\background.html
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cplklnmnlbnpmjogncfgfijoopmnlemp\234\content.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cplklnmnlbnpmjogncfgfijoopmnlemp\234\lsdb.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cplklnmnlbnpmjogncfgfijoopmnlemp\234\manifest.json
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dikaecffohogeipimnfigdkegajemmdm
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dikaecffohogeipimnfigdkegajemmdm\1.1\background.html
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dikaecffohogeipimnfigdkegajemmdm\1.1\content.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dikaecffohogeipimnfigdkegajemmdm\1.1\icon48.png
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dikaecffohogeipimnfigdkegajemmdm\1.1\j1Z0rFzXVHS.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dikaecffohogeipimnfigdkegajemmdm\1.1\lsdb.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dikaecffohogeipimnfigdkegajemmdm\1.1\manifest.json
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ijgbldojgommhpnafndgccfpicoehehl
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ijgbldojgommhpnafndgccfpicoehehl\1.0\background.html
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ijgbldojgommhpnafndgccfpicoehehl\1.0\BnIGe8d.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ijgbldojgommhpnafndgccfpicoehehl\1.0\content.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ijgbldojgommhpnafndgccfpicoehehl\1.0\lsdb.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ijgbldojgommhpnafndgccfpicoehehl\1.0\manifest.json
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\akpdacgklifkhdhlmcgfjjpjipggeeag
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\akpdacgklifkhdhlmcgfjjpjipggeeag\2.1\background.html
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\akpdacgklifkhdhlmcgfjjpjipggeeag\2.1\content.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\akpdacgklifkhdhlmcgfjjpjipggeeag\2.1\lsdb.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\akpdacgklifkhdhlmcgfjjpjipggeeag\2.1\manifest.json
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\akpdacgklifkhdhlmcgfjjpjipggeeag\2.1\newtab.html
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\akpdacgklifkhdhlmcgfjjpjipggeeag\2.1\YkaBTtl.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhjooekfblcbbahnjedijbkjecjnfbec
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhjooekfblcbbahnjedijbkjecjnfbec\2.7\background.html
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhjooekfblcbbahnjedijbkjecjnfbec\2.7\content.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhjooekfblcbbahnjedijbkjecjnfbec\2.7\lsdb.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhjooekfblcbbahnjedijbkjecjnfbec\2.7\manifest.json
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhjooekfblcbbahnjedijbkjecjnfbec\2.7\V96U.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\cplklnmnlbnpmjogncfgfijoopmnlemp
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\cplklnmnlbnpmjogncfgfijoopmnlemp\234\aP7kbK.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\cplklnmnlbnpmjogncfgfijoopmnlemp\234\background.html
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\cplklnmnlbnpmjogncfgfijoopmnlemp\234\content.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\cplklnmnlbnpmjogncfgfijoopmnlemp\234\lsdb.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\cplklnmnlbnpmjogncfgfijoopmnlemp\234\manifest.json
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\dikaecffohogeipimnfigdkegajemmdm
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\dikaecffohogeipimnfigdkegajemmdm\1.1\background.html
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\dikaecffohogeipimnfigdkegajemmdm\1.1\content.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\dikaecffohogeipimnfigdkegajemmdm\1.1\icon48.png
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\dikaecffohogeipimnfigdkegajemmdm\1.1\j1Z0rFzXVHS.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\dikaecffohogeipimnfigdkegajemmdm\1.1\lsdb.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\dikaecffohogeipimnfigdkegajemmdm\1.1\manifest.json
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijgbldojgommhpnafndgccfpicoehehl
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijgbldojgommhpnafndgccfpicoehehl\1.0\background.html
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijgbldojgommhpnafndgccfpicoehehl\1.0\BnIGe8d.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijgbldojgommhpnafndgccfpicoehehl\1.0\content.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijgbldojgommhpnafndgccfpicoehehl\1.0\lsdb.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijgbldojgommhpnafndgccfpicoehehl\1.0\manifest.json
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\akpdacgklifkhdhlmcgfjjpjipggeeag
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\akpdacgklifkhdhlmcgfjjpjipggeeag\2.1\background.html
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\akpdacgklifkhdhlmcgfjjpjipggeeag\2.1\content.js
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\akpdacgklifkhdhlmcgfjjpjipggeeag\2.1\lsdb.js
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\akpdacgklifkhdhlmcgfjjpjipggeeag\2.1\manifest.json
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\akpdacgklifkhdhlmcgfjjpjipggeeag\2.1\newtab.html
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\akpdacgklifkhdhlmcgfjjpjipggeeag\2.1\YkaBTtl.js
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\bhjooekfblcbbahnjedijbkjecjnfbec
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\bhjooekfblcbbahnjedijbkjecjnfbec\2.7\background.html
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\bhjooekfblcbbahnjedijbkjecjnfbec\2.7\content.js
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\bhjooekfblcbbahnjedijbkjecjnfbec\2.7\lsdb.js
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\bhjooekfblcbbahnjedijbkjecjnfbec\2.7\manifest.json
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\bhjooekfblcbbahnjedijbkjecjnfbec\2.7\V96U.js
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\cplklnmnlbnpmjogncfgfijoopmnlemp
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\cplklnmnlbnpmjogncfgfijoopmnlemp\234\aP7kbK.js
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\cplklnmnlbnpmjogncfgfijoopmnlemp\234\background.html
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\cplklnmnlbnpmjogncfgfijoopmnlemp\234\content.js
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\cplklnmnlbnpmjogncfgfijoopmnlemp\234\lsdb.js
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\cplklnmnlbnpmjogncfgfijoopmnlemp\234\manifest.json
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\dikaecffohogeipimnfigdkegajemmdm
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\dikaecffohogeipimnfigdkegajemmdm\1.1\background.html
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\dikaecffohogeipimnfigdkegajemmdm\1.1\content.js
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\dikaecffohogeipimnfigdkegajemmdm\1.1\icon48.png
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\dikaecffohogeipimnfigdkegajemmdm\1.1\j1Z0rFzXVHS.js
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\dikaecffohogeipimnfigdkegajemmdm\1.1\lsdb.js
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\dikaecffohogeipimnfigdkegajemmdm\1.1\manifest.json
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\ijgbldojgommhpnafndgccfpicoehehl
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\ijgbldojgommhpnafndgccfpicoehehl\1.0\background.html
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\ijgbldojgommhpnafndgccfpicoehehl\1.0\BnIGe8d.js
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\ijgbldojgommhpnafndgccfpicoehehl\1.0\content.js
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\ijgbldojgommhpnafndgccfpicoehehl\1.0\lsdb.js
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\ijgbldojgommhpnafndgccfpicoehehl\1.0\manifest.json
c:\users\glindholm.PGT\AppData\Local\Google\Chrome\User Data\Default\Preferences
c:\users\glindholm\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\akpdacgklifkhdhlmcgfjjpjipggeeag
c:\users\glindholm\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\akpdacgklifkhdhlmcgfjjpjipggeeag\2.1\background.html
c:\users\glindholm\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\akpdacgklifkhdhlmcgfjjpjipggeeag\2.1\content.js
c:\users\glindholm\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\akpdacgklifkhdhlmcgfjjpjipggeeag\2.1\lsdb.js
c:\users\glindholm\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\akpdacgklifkhdhlmcgfjjpjipggeeag\2.1\manifest.json
c:\users\glindholm\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\akpdacgklifkhdhlmcgfjjpjipggeeag\2.1\newtab.html
c:\users\glindholm\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\akpdacgklifkhdhlmcgfjjpjipggeeag\2.1\YkaBTtl.js
c:\users\glindholm\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bhjooekfblcbbahnjedijbkjecjnfbec
c:\users\glindholm\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bhjooekfblcbbahnjedijbkjecjnfbec\2.7\background.html
c:\users\glindholm\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bhjooekfblcbbahnjedijbkjecjnfbec\2.7\content.js
c:\users\glindholm\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bhjooekfblcbbahnjedijbkjecjnfbec\2.7\lsdb.js
c:\users\glindholm\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bhjooekfblcbbahnjedijbkjecjnfbec\2.7\manifest.json
c:\users\glindholm\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bhjooekfblcbbahnjedijbkjecjnfbec\2.7\V96U.js
c:\users\glindholm\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cplklnmnlbnpmjogncfgfijoopmnlemp
c:\users\glindholm\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cplklnmnlbnpmjogncfgfijoopmnlemp\234\aP7kbK.js
c:\users\glindholm\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cplklnmnlbnpmjogncfgfijoopmnlemp\234\background.html
c:\users\glindholm\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cplklnmnlbnpmjogncfgfijoopmnlemp\234\content.js
c:\users\glindholm\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cplklnmnlbnpmjogncfgfijoopmnlemp\234\lsdb.js
c:\users\glindholm\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cplklnmnlbnpmjogncfgfijoopmnlemp\234\manifest.json
c:\users\glindholm\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dikaecffohogeipimnfigdkegajemmdm
c:\users\glindholm\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dikaecffohogeipimnfigdkegajemmdm\1.1\background.html
c:\users\glindholm\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dikaecffohogeipimnfigdkegajemmdm\1.1\content.js
c:\users\glindholm\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dikaecffohogeipimnfigdkegajemmdm\1.1\icon48.png
c:\users\glindholm\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dikaecffohogeipimnfigdkegajemmdm\1.1\j1Z0rFzXVHS.js
c:\users\glindholm\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dikaecffohogeipimnfigdkegajemmdm\1.1\lsdb.js
c:\users\glindholm\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dikaecffohogeipimnfigdkegajemmdm\1.1\manifest.json
c:\users\glindholm\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ijgbldojgommhpnafndgccfpicoehehl
c:\users\glindholm\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ijgbldojgommhpnafndgccfpicoehehl\1.0\background.html
c:\users\glindholm\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ijgbldojgommhpnafndgccfpicoehehl\1.0\BnIGe8d.js
c:\users\glindholm\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ijgbldojgommhpnafndgccfpicoehehl\1.0\content.js
c:\users\glindholm\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ijgbldojgommhpnafndgccfpicoehehl\1.0\lsdb.js
c:\users\glindholm\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ijgbldojgommhpnafndgccfpicoehehl\1.0\manifest.json
c:\users\glindholm\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\akpdacgklifkhdhlmcgfjjpjipggeeag
c:\users\glindholm\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\akpdacgklifkhdhlmcgfjjpjipggeeag\2.1\background.html
c:\users\glindholm\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\akpdacgklifkhdhlmcgfjjpjipggeeag\2.1\content.js
c:\users\glindholm\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\akpdacgklifkhdhlmcgfjjpjipggeeag\2.1\lsdb.js
c:\users\glindholm\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\akpdacgklifkhdhlmcgfjjpjipggeeag\2.1\manifest.json
c:\users\glindholm\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\akpdacgklifkhdhlmcgfjjpjipggeeag\2.1\newtab.html
c:\users\glindholm\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\akpdacgklifkhdhlmcgfjjpjipggeeag\2.1\YkaBTtl.js
c:\users\glindholm\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bhjooekfblcbbahnjedijbkjecjnfbec
c:\users\glindholm\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bhjooekfblcbbahnjedijbkjecjnfbec\2.7\background.html
c:\users\glindholm\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bhjooekfblcbbahnjedijbkjecjnfbec\2.7\content.js
c:\users\glindholm\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bhjooekfblcbbahnjedijbkjecjnfbec\2.7\lsdb.js
c:\users\glindholm\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bhjooekfblcbbahnjedijbkjecjnfbec\2.7\manifest.json
c:\users\glindholm\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bhjooekfblcbbahnjedijbkjecjnfbec\2.7\V96U.js
c:\users\glindholm\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cplklnmnlbnpmjogncfgfijoopmnlemp
c:\users\glindholm\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cplklnmnlbnpmjogncfgfijoopmnlemp\234\aP7kbK.js
c:\users\glindholm\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cplklnmnlbnpmjogncfgfijoopmnlemp\234\background.html
c:\users\glindholm\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cplklnmnlbnpmjogncfgfijoopmnlemp\234\content.js
c:\users\glindholm\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cplklnmnlbnpmjogncfgfijoopmnlemp\234\lsdb.js
c:\users\glindholm\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cplklnmnlbnpmjogncfgfijoopmnlemp\234\manifest.json
c:\users\glindholm\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dikaecffohogeipimnfigdkegajemmdm
c:\users\glindholm\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dikaecffohogeipimnfigdkegajemmdm\1.1\background.html
c:\users\glindholm\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dikaecffohogeipimnfigdkegajemmdm\1.1\content.js
c:\users\glindholm\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dikaecffohogeipimnfigdkegajemmdm\1.1\icon48.png
c:\users\glindholm\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dikaecffohogeipimnfigdkegajemmdm\1.1\j1Z0rFzXVHS.js
c:\users\glindholm\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dikaecffohogeipimnfigdkegajemmdm\1.1\lsdb.js
c:\users\glindholm\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dikaecffohogeipimnfigdkegajemmdm\1.1\manifest.json
c:\users\glindholm\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ijgbldojgommhpnafndgccfpicoehehl
c:\users\glindholm\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ijgbldojgommhpnafndgccfpicoehehl\1.0\background.html
c:\users\glindholm\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ijgbldojgommhpnafndgccfpicoehehl\1.0\BnIGe8d.js
c:\users\glindholm\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ijgbldojgommhpnafndgccfpicoehehl\1.0\content.js
c:\users\glindholm\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ijgbldojgommhpnafndgccfpicoehehl\1.0\lsdb.js
c:\users\glindholm\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ijgbldojgommhpnafndgccfpicoehehl\1.0\manifest.json
c:\users\glindholm\AppData\Local\Google\Chrome\User Data\Default\Extensions\akpdacgklifkhdhlmcgfjjpjipggeeag
c:\users\glindholm\AppData\Local\Google\Chrome\User Data\Default\Extensions\akpdacgklifkhdhlmcgfjjpjipggeeag\2.1\background.html
c:\users\glindholm\AppData\Local\Google\Chrome\User Data\Default\Extensions\akpdacgklifkhdhlmcgfjjpjipggeeag\2.1\content.js
c:\users\glindholm\AppData\Local\Google\Chrome\User Data\Default\Extensions\akpdacgklifkhdhlmcgfjjpjipggeeag\2.1\lsdb.js
c:\users\glindholm\AppData\Local\Google\Chrome\User Data\Default\Extensions\akpdacgklifkhdhlmcgfjjpjipggeeag\2.1\manifest.json
c:\users\glindholm\AppData\Local\Google\Chrome\User Data\Default\Extensions\akpdacgklifkhdhlmcgfjjpjipggeeag\2.1\newtab.html
c:\users\glindholm\AppData\Local\Google\Chrome\User Data\Default\Extensions\akpdacgklifkhdhlmcgfjjpjipggeeag\2.1\YkaBTtl.js
c:\users\glindholm\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhjooekfblcbbahnjedijbkjecjnfbec
c:\users\glindholm\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhjooekfblcbbahnjedijbkjecjnfbec\2.7\background.html
c:\users\glindholm\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhjooekfblcbbahnjedijbkjecjnfbec\2.7\content.js
c:\users\glindholm\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhjooekfblcbbahnjedijbkjecjnfbec\2.7\lsdb.js
c:\users\glindholm\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhjooekfblcbbahnjedijbkjecjnfbec\2.7\manifest.json
c:\users\glindholm\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhjooekfblcbbahnjedijbkjecjnfbec\2.7\V96U.js
c:\users\glindholm\AppData\Local\Google\Chrome\User Data\Default\Extensions\cplklnmnlbnpmjogncfgfijoopmnlemp
c:\users\glindholm\AppData\Local\Google\Chrome\User Data\Default\Extensions\cplklnmnlbnpmjogncfgfijoopmnlemp\234\aP7kbK.js
c:\users\glindholm\AppData\Local\Google\Chrome\User Data\Default\Extensions\cplklnmnlbnpmjogncfgfijoopmnlemp\234\background.html
c:\users\glindholm\AppData\Local\Google\Chrome\User Data\Default\Extensions\cplklnmnlbnpmjogncfgfijoopmnlemp\234\content.js
c:\users\glindholm\AppData\Local\Google\Chrome\User Data\Default\Extensions\cplklnmnlbnpmjogncfgfijoopmnlemp\234\lsdb.js
c:\users\glindholm\AppData\Local\Google\Chrome\User Data\Default\Extensions\cplklnmnlbnpmjogncfgfijoopmnlemp\234\manifest.json
c:\users\glindholm\AppData\Local\Google\Chrome\User Data\Default\Extensions\dikaecffohogeipimnfigdkegajemmdm
c:\users\glindholm\AppData\Local\Google\Chrome\User Data\Default\Extensions\dikaecffohogeipimnfigdkegajemmdm\1.1\background.html
c:\users\glindholm\AppData\Local\Google\Chrome\User Data\Default\Extensions\dikaecffohogeipimnfigdkegajemmdm\1.1\content.js
c:\users\glindholm\AppData\Local\Google\Chrome\User Data\Default\Extensions\dikaecffohogeipimnfigdkegajemmdm\1.1\icon48.png
c:\users\glindholm\AppData\Local\Google\Chrome\User Data\Default\Extensions\dikaecffohogeipimnfigdkegajemmdm\1.1\j1Z0rFzXVHS.js
c:\users\glindholm\AppData\Local\Google\Chrome\User Data\Default\Extensions\dikaecffohogeipimnfigdkegajemmdm\1.1\lsdb.js
c:\users\glindholm\AppData\Local\Google\Chrome\User Data\Default\Extensions\dikaecffohogeipimnfigdkegajemmdm\1.1\manifest.json
c:\users\glindholm\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijgbldojgommhpnafndgccfpicoehehl
c:\users\glindholm\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijgbldojgommhpnafndgccfpicoehehl\1.0\background.html
c:\users\glindholm\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijgbldojgommhpnafndgccfpicoehehl\1.0\BnIGe8d.js
c:\users\glindholm\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijgbldojgommhpnafndgccfpicoehehl\1.0\content.js
c:\users\glindholm\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijgbldojgommhpnafndgccfpicoehehl\1.0\lsdb.js
c:\users\glindholm\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijgbldojgommhpnafndgccfpicoehehl\1.0\manifest.json
c:\users\glindholm\AppData\Local\Torch\User Data\Default\Extensions\akpdacgklifkhdhlmcgfjjpjipggeeag
c:\users\glindholm\AppData\Local\Torch\User Data\Default\Extensions\akpdacgklifkhdhlmcgfjjpjipggeeag\2.1\background.html
c:\users\glindholm\AppData\Local\Torch\User Data\Default\Extensions\akpdacgklifkhdhlmcgfjjpjipggeeag\2.1\content.js
c:\users\glindholm\AppData\Local\Torch\User Data\Default\Extensions\akpdacgklifkhdhlmcgfjjpjipggeeag\2.1\lsdb.js
c:\users\glindholm\AppData\Local\Torch\User Data\Default\Extensions\akpdacgklifkhdhlmcgfjjpjipggeeag\2.1\manifest.json
c:\users\glindholm\AppData\Local\Torch\User Data\Default\Extensions\akpdacgklifkhdhlmcgfjjpjipggeeag\2.1\newtab.html
c:\users\glindholm\AppData\Local\Torch\User Data\Default\Extensions\akpdacgklifkhdhlmcgfjjpjipggeeag\2.1\YkaBTtl.js
c:\users\glindholm\AppData\Local\Torch\User Data\Default\Extensions\bhjooekfblcbbahnjedijbkjecjnfbec
c:\users\glindholm\AppData\Local\Torch\User Data\Default\Extensions\bhjooekfblcbbahnjedijbkjecjnfbec\2.7\background.html
c:\users\glindholm\AppData\Local\Torch\User Data\Default\Extensions\bhjooekfblcbbahnjedijbkjecjnfbec\2.7\content.js
c:\users\glindholm\AppData\Local\Torch\User Data\Default\Extensions\bhjooekfblcbbahnjedijbkjecjnfbec\2.7\lsdb.js
c:\users\glindholm\AppData\Local\Torch\User Data\Default\Extensions\bhjooekfblcbbahnjedijbkjecjnfbec\2.7\manifest.json
c:\users\glindholm\AppData\Local\Torch\User Data\Default\Extensions\bhjooekfblcbbahnjedijbkjecjnfbec\2.7\V96U.js
c:\users\glindholm\AppData\Local\Torch\User Data\Default\Extensions\cplklnmnlbnpmjogncfgfijoopmnlemp
c:\users\glindholm\AppData\Local\Torch\User Data\Default\Extensions\cplklnmnlbnpmjogncfgfijoopmnlemp\234\aP7kbK.js
c:\users\glindholm\AppData\Local\Torch\User Data\Default\Extensions\cplklnmnlbnpmjogncfgfijoopmnlemp\234\background.html
c:\users\glindholm\AppData\Local\Torch\User Data\Default\Extensions\cplklnmnlbnpmjogncfgfijoopmnlemp\234\content.js
c:\users\glindholm\AppData\Local\Torch\User Data\Default\Extensions\cplklnmnlbnpmjogncfgfijoopmnlemp\234\lsdb.js
c:\users\glindholm\AppData\Local\Torch\User Data\Default\Extensions\cplklnmnlbnpmjogncfgfijoopmnlemp\234\manifest.json
c:\users\glindholm\AppData\Local\Torch\User Data\Default\Extensions\dikaecffohogeipimnfigdkegajemmdm
c:\users\glindholm\AppData\Local\Torch\User Data\Default\Extensions\dikaecffohogeipimnfigdkegajemmdm\1.1\background.html
c:\users\glindholm\AppData\Local\Torch\User Data\Default\Extensions\dikaecffohogeipimnfigdkegajemmdm\1.1\content.js
c:\users\glindholm\AppData\Local\Torch\User Data\Default\Extensions\dikaecffohogeipimnfigdkegajemmdm\1.1\icon48.png
c:\users\glindholm\AppData\Local\Torch\User Data\Default\Extensions\dikaecffohogeipimnfigdkegajemmdm\1.1\j1Z0rFzXVHS.js
c:\users\glindholm\AppData\Local\Torch\User Data\Default\Extensions\dikaecffohogeipimnfigdkegajemmdm\1.1\lsdb.js
c:\users\glindholm\AppData\Local\Torch\User Data\Default\Extensions\dikaecffohogeipimnfigdkegajemmdm\1.1\manifest.json
c:\users\glindholm\AppData\Local\Torch\User Data\Default\Extensions\ijgbldojgommhpnafndgccfpicoehehl
c:\users\glindholm\AppData\Local\Torch\User Data\Default\Extensions\ijgbldojgommhpnafndgccfpicoehehl\1.0\background.html
c:\users\glindholm\AppData\Local\Torch\User Data\Default\Extensions\ijgbldojgommhpnafndgccfpicoehehl\1.0\BnIGe8d.js
c:\users\glindholm\AppData\Local\Torch\User Data\Default\Extensions\ijgbldojgommhpnafndgccfpicoehehl\1.0\content.js
c:\users\glindholm\AppData\Local\Torch\User Data\Default\Extensions\ijgbldojgommhpnafndgccfpicoehehl\1.0\lsdb.js
c:\users\glindholm\AppData\Local\Torch\User Data\Default\Extensions\ijgbldojgommhpnafndgccfpicoehehl\1.0\manifest.json
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\akpdacgklifkhdhlmcgfjjpjipggeeag
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\akpdacgklifkhdhlmcgfjjpjipggeeag\2.1\background.html
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\akpdacgklifkhdhlmcgfjjpjipggeeag\2.1\content.js
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\akpdacgklifkhdhlmcgfjjpjipggeeag\2.1\lsdb.js
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\akpdacgklifkhdhlmcgfjjpjipggeeag\2.1\manifest.json
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\akpdacgklifkhdhlmcgfjjpjipggeeag\2.1\newtab.html
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\akpdacgklifkhdhlmcgfjjpjipggeeag\2.1\YkaBTtl.js
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bhjooekfblcbbahnjedijbkjecjnfbec
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bhjooekfblcbbahnjedijbkjecjnfbec\2.7\background.html
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bhjooekfblcbbahnjedijbkjecjnfbec\2.7\content.js
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bhjooekfblcbbahnjedijbkjecjnfbec\2.7\lsdb.js
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bhjooekfblcbbahnjedijbkjecjnfbec\2.7\manifest.json
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bhjooekfblcbbahnjedijbkjecjnfbec\2.7\V96U.js
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cplklnmnlbnpmjogncfgfijoopmnlemp
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cplklnmnlbnpmjogncfgfijoopmnlemp\234\aP7kbK.js
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cplklnmnlbnpmjogncfgfijoopmnlemp\234\background.html
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cplklnmnlbnpmjogncfgfijoopmnlemp\234\content.js
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cplklnmnlbnpmjogncfgfijoopmnlemp\234\lsdb.js
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cplklnmnlbnpmjogncfgfijoopmnlemp\234\manifest.json
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dikaecffohogeipimnfigdkegajemmdm
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dikaecffohogeipimnfigdkegajemmdm\1.1\background.html
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dikaecffohogeipimnfigdkegajemmdm\1.1\content.js
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dikaecffohogeipimnfigdkegajemmdm\1.1\icon48.png
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dikaecffohogeipimnfigdkegajemmdm\1.1\j1Z0rFzXVHS.js
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dikaecffohogeipimnfigdkegajemmdm\1.1\lsdb.js
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dikaecffohogeipimnfigdkegajemmdm\1.1\manifest.json
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ijgbldojgommhpnafndgccfpicoehehl
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ijgbldojgommhpnafndgccfpicoehehl\1.0\background.html
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ijgbldojgommhpnafndgccfpicoehehl\1.0\BnIGe8d.js
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ijgbldojgommhpnafndgccfpicoehehl\1.0\content.js
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ijgbldojgommhpnafndgccfpicoehehl\1.0\lsdb.js
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ijgbldojgommhpnafndgccfpicoehehl\1.0\manifest.json
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\akpdacgklifkhdhlmcgfjjpjipggeeag
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\akpdacgklifkhdhlmcgfjjpjipggeeag\2.1\background.html
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\akpdacgklifkhdhlmcgfjjpjipggeeag\2.1\content.js
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\akpdacgklifkhdhlmcgfjjpjipggeeag\2.1\lsdb.js
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\akpdacgklifkhdhlmcgfjjpjipggeeag\2.1\manifest.json
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\akpdacgklifkhdhlmcgfjjpjipggeeag\2.1\newtab.html
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\akpdacgklifkhdhlmcgfjjpjipggeeag\2.1\YkaBTtl.js
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bhjooekfblcbbahnjedijbkjecjnfbec
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bhjooekfblcbbahnjedijbkjecjnfbec\2.7\background.html
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bhjooekfblcbbahnjedijbkjecjnfbec\2.7\content.js
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bhjooekfblcbbahnjedijbkjecjnfbec\2.7\lsdb.js
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bhjooekfblcbbahnjedijbkjecjnfbec\2.7\manifest.json
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bhjooekfblcbbahnjedijbkjecjnfbec\2.7\V96U.js
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cplklnmnlbnpmjogncfgfijoopmnlemp
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cplklnmnlbnpmjogncfgfijoopmnlemp\234\aP7kbK.js
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cplklnmnlbnpmjogncfgfijoopmnlemp\234\background.html
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cplklnmnlbnpmjogncfgfijoopmnlemp\234\content.js
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cplklnmnlbnpmjogncfgfijoopmnlemp\234\lsdb.js
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cplklnmnlbnpmjogncfgfijoopmnlemp\234\manifest.json
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dikaecffohogeipimnfigdkegajemmdm
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dikaecffohogeipimnfigdkegajemmdm\1.1\background.html
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dikaecffohogeipimnfigdkegajemmdm\1.1\content.js
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dikaecffohogeipimnfigdkegajemmdm\1.1\icon48.png
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dikaecffohogeipimnfigdkegajemmdm\1.1\j1Z0rFzXVHS.js
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dikaecffohogeipimnfigdkegajemmdm\1.1\lsdb.js
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dikaecffohogeipimnfigdkegajemmdm\1.1\manifest.json
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ijgbldojgommhpnafndgccfpicoehehl
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ijgbldojgommhpnafndgccfpicoehehl\1.0\background.html
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ijgbldojgommhpnafndgccfpicoehehl\1.0\BnIGe8d.js
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ijgbldojgommhpnafndgccfpicoehehl\1.0\content.js
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ijgbldojgommhpnafndgccfpicoehehl\1.0\lsdb.js
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ijgbldojgommhpnafndgccfpicoehehl\1.0\manifest.json
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\akpdacgklifkhdhlmcgfjjpjipggeeag
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\akpdacgklifkhdhlmcgfjjpjipggeeag\2.1\background.html
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\akpdacgklifkhdhlmcgfjjpjipggeeag\2.1\content.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\akpdacgklifkhdhlmcgfjjpjipggeeag\2.1\lsdb.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\akpdacgklifkhdhlmcgfjjpjipggeeag\2.1\manifest.json
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\akpdacgklifkhdhlmcgfjjpjipggeeag\2.1\newtab.html
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\akpdacgklifkhdhlmcgfjjpjipggeeag\2.1\YkaBTtl.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhjooekfblcbbahnjedijbkjecjnfbec
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhjooekfblcbbahnjedijbkjecjnfbec\2.7\background.html
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhjooekfblcbbahnjedijbkjecjnfbec\2.7\content.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhjooekfblcbbahnjedijbkjecjnfbec\2.7\lsdb.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhjooekfblcbbahnjedijbkjecjnfbec\2.7\manifest.json
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhjooekfblcbbahnjedijbkjecjnfbec\2.7\V96U.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\cplklnmnlbnpmjogncfgfijoopmnlemp
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\cplklnmnlbnpmjogncfgfijoopmnlemp\234\aP7kbK.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\cplklnmnlbnpmjogncfgfijoopmnlemp\234\background.html
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\cplklnmnlbnpmjogncfgfijoopmnlemp\234\content.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\cplklnmnlbnpmjogncfgfijoopmnlemp\234\lsdb.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\cplklnmnlbnpmjogncfgfijoopmnlemp\234\manifest.json
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\dikaecffohogeipimnfigdkegajemmdm
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\dikaecffohogeipimnfigdkegajemmdm\1.1\background.html
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\dikaecffohogeipimnfigdkegajemmdm\1.1\content.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\dikaecffohogeipimnfigdkegajemmdm\1.1\icon48.png
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\dikaecffohogeipimnfigdkegajemmdm\1.1\j1Z0rFzXVHS.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\dikaecffohogeipimnfigdkegajemmdm\1.1\lsdb.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\dikaecffohogeipimnfigdkegajemmdm\1.1\manifest.json
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijgbldojgommhpnafndgccfpicoehehl
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijgbldojgommhpnafndgccfpicoehehl\1.0\background.html
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijgbldojgommhpnafndgccfpicoehehl\1.0\BnIGe8d.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijgbldojgommhpnafndgccfpicoehehl\1.0\content.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijgbldojgommhpnafndgccfpicoehehl\1.0\lsdb.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijgbldojgommhpnafndgccfpicoehehl\1.0\manifest.json
c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\akpdacgklifkhdhlmcgfjjpjipggeeag
c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\akpdacgklifkhdhlmcgfjjpjipggeeag\2.1\background.html
c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\akpdacgklifkhdhlmcgfjjpjipggeeag\2.1\content.js
c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\akpdacgklifkhdhlmcgfjjpjipggeeag\2.1\lsdb.js
c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\akpdacgklifkhdhlmcgfjjpjipggeeag\2.1\manifest.json
c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\akpdacgklifkhdhlmcgfjjpjipggeeag\2.1\newtab.html
c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\akpdacgklifkhdhlmcgfjjpjipggeeag\2.1\YkaBTtl.js
c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\bhjooekfblcbbahnjedijbkjecjnfbec
c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\bhjooekfblcbbahnjedijbkjecjnfbec\2.7\background.html
c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\bhjooekfblcbbahnjedijbkjecjnfbec\2.7\content.js
c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\bhjooekfblcbbahnjedijbkjecjnfbec\2.7\lsdb.js
c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\bhjooekfblcbbahnjedijbkjecjnfbec\2.7\manifest.json
c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\bhjooekfblcbbahnjedijbkjecjnfbec\2.7\V96U.js
c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\cplklnmnlbnpmjogncfgfijoopmnlemp
c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\cplklnmnlbnpmjogncfgfijoopmnlemp\234\aP7kbK.js
c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\cplklnmnlbnpmjogncfgfijoopmnlemp\234\background.html
c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\cplklnmnlbnpmjogncfgfijoopmnlemp\234\content.js
c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\cplklnmnlbnpmjogncfgfijoopmnlemp\234\lsdb.js
c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\cplklnmnlbnpmjogncfgfijoopmnlemp\234\manifest.json
c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\dikaecffohogeipimnfigdkegajemmdm
c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\dikaecffohogeipimnfigdkegajemmdm\1.1\background.html
c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\dikaecffohogeipimnfigdkegajemmdm\1.1\content.js
c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\dikaecffohogeipimnfigdkegajemmdm\1.1\icon48.png
c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\dikaecffohogeipimnfigdkegajemmdm\1.1\j1Z0rFzXVHS.js
c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\dikaecffohogeipimnfigdkegajemmdm\1.1\lsdb.js
c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\dikaecffohogeipimnfigdkegajemmdm\1.1\manifest.json
c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\ijgbldojgommhpnafndgccfpicoehehl
c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\ijgbldojgommhpnafndgccfpicoehehl\1.0\background.html
c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\ijgbldojgommhpnafndgccfpicoehehl\1.0\BnIGe8d.js
c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\ijgbldojgommhpnafndgccfpicoehehl\1.0\content.js
c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\ijgbldojgommhpnafndgccfpicoehehl\1.0\lsdb.js
c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\ijgbldojgommhpnafndgccfpicoehehl\1.0\manifest.json
c:\users\UpdatusUser\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\akpdacgklifkhdhlmcgfjjpjipggeeag
c:\users\UpdatusUser\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\akpdacgklifkhdhlmcgfjjpjipggeeag\2.1\background.html
c:\users\UpdatusUser\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\akpdacgklifkhdhlmcgfjjpjipggeeag\2.1\content.js
c:\users\UpdatusUser\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\akpdacgklifkhdhlmcgfjjpjipggeeag\2.1\lsdb.js
c:\users\UpdatusUser\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\akpdacgklifkhdhlmcgfjjpjipggeeag\2.1\manifest.json
c:\users\UpdatusUser\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\akpdacgklifkhdhlmcgfjjpjipggeeag\2.1\newtab.html
c:\users\UpdatusUser\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\akpdacgklifkhdhlmcgfjjpjipggeeag\2.1\YkaBTtl.js
c:\users\UpdatusUser\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bhjooekfblcbbahnjedijbkjecjnfbec
c:\users\UpdatusUser\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bhjooekfblcbbahnjedijbkjecjnfbec\2.7\background.html
c:\users\UpdatusUser\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bhjooekfblcbbahnjedijbkjecjnfbec\2.7\content.js
c:\users\UpdatusUser\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bhjooekfblcbbahnjedijbkjecjnfbec\2.7\lsdb.js
c:\users\UpdatusUser\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bhjooekfblcbbahnjedijbkjecjnfbec\2.7\manifest.json
c:\users\UpdatusUser\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bhjooekfblcbbahnjedijbkjecjnfbec\2.7\V96U.js
c:\users\UpdatusUser\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cplklnmnlbnpmjogncfgfijoopmnlemp
c:\users\UpdatusUser\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cplklnmnlbnpmjogncfgfijoopmnlemp\234\aP7kbK.js
c:\users\UpdatusUser\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cplklnmnlbnpmjogncfgfijoopmnlemp\234\background.html
c:\users\UpdatusUser\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cplklnmnlbnpmjogncfgfijoopmnlemp\234\content.js
c:\users\UpdatusUser\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cplklnmnlbnpmjogncfgfijoopmnlemp\234\lsdb.js
c:\users\UpdatusUser\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cplklnmnlbnpmjogncfgfijoopmnlemp\234\manifest.json
c:\users\UpdatusUser\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dikaecffohogeipimnfigdkegajemmdm
c:\users\UpdatusUser\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dikaecffohogeipimnfigdkegajemmdm\1.1\background.html
c:\users\UpdatusUser\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dikaecffohogeipimnfigdkegajemmdm\1.1\content.js
c:\users\UpdatusUser\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dikaecffohogeipimnfigdkegajemmdm\1.1\icon48.png
c:\users\UpdatusUser\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dikaecffohogeipimnfigdkegajemmdm\1.1\j1Z0rFzXVHS.js
c:\users\UpdatusUser\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dikaecffohogeipimnfigdkegajemmdm\1.1\lsdb.js
c:\users\UpdatusUser\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dikaecffohogeipimnfigdkegajemmdm\1.1\manifest.json
c:\users\UpdatusUser\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ijgbldojgommhpnafndgccfpicoehehl
c:\users\UpdatusUser\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ijgbldojgommhpnafndgccfpicoehehl\1.0\background.html
c:\users\UpdatusUser\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ijgbldojgommhpnafndgccfpicoehehl\1.0\BnIGe8d.js
c:\users\UpdatusUser\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ijgbldojgommhpnafndgccfpicoehehl\1.0\content.js
c:\users\UpdatusUser\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ijgbldojgommhpnafndgccfpicoehehl\1.0\lsdb.js
c:\users\UpdatusUser\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ijgbldojgommhpnafndgccfpicoehehl\1.0\manifest.json
c:\users\UpdatusUser\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\akpdacgklifkhdhlmcgfjjpjipggeeag
c:\users\UpdatusUser\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\akpdacgklifkhdhlmcgfjjpjipggeeag\2.1\background.html
c:\users\UpdatusUser\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\akpdacgklifkhdhlmcgfjjpjipggeeag\2.1\content.js
c:\users\UpdatusUser\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\akpdacgklifkhdhlmcgfjjpjipggeeag\2.1\lsdb.js
c:\users\UpdatusUser\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\akpdacgklifkhdhlmcgfjjpjipggeeag\2.1\manifest.json
c:\users\UpdatusUser\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\akpdacgklifkhdhlmcgfjjpjipggeeag\2.1\newtab.html
c:\users\UpdatusUser\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\akpdacgklifkhdhlmcgfjjpjipggeeag\2.1\YkaBTtl.js
c:\users\UpdatusUser\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bhjooekfblcbbahnjedijbkjecjnfbec
c:\users\UpdatusUser\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bhjooekfblcbbahnjedijbkjecjnfbec\2.7\background.html
c:\users\UpdatusUser\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bhjooekfblcbbahnjedijbkjecjnfbec\2.7\content.js
c:\users\UpdatusUser\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bhjooekfblcbbahnjedijbkjecjnfbec\2.7\lsdb.js
c:\users\UpdatusUser\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bhjooekfblcbbahnjedijbkjecjnfbec\2.7\manifest.json
c:\users\UpdatusUser\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bhjooekfblcbbahnjedijbkjecjnfbec\2.7\V96U.js
c:\users\UpdatusUser\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cplklnmnlbnpmjogncfgfijoopmnlemp
c:\users\UpdatusUser\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cplklnmnlbnpmjogncfgfijoopmnlemp\234\aP7kbK.js
c:\users\UpdatusUser\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cplklnmnlbnpmjogncfgfijoopmnlemp\234\background.html
c:\users\UpdatusUser\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cplklnmnlbnpmjogncfgfijoopmnlemp\234\content.js
c:\users\UpdatusUser\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cplklnmnlbnpmjogncfgfijoopmnlemp\234\lsdb.js
c:\users\UpdatusUser\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cplklnmnlbnpmjogncfgfijoopmnlemp\234\manifest.json
c:\users\UpdatusUser\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dikaecffohogeipimnfigdkegajemmdm
c:\users\UpdatusUser\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dikaecffohogeipimnfigdkegajemmdm\1.1\background.html
c:\users\UpdatusUser\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dikaecffohogeipimnfigdkegajemmdm\1.1\content.js
c:\users\UpdatusUser\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dikaecffohogeipimnfigdkegajemmdm\1.1\icon48.png
c:\users\UpdatusUser\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dikaecffohogeipimnfigdkegajemmdm\1.1\j1Z0rFzXVHS.js
c:\users\UpdatusUser\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dikaecffohogeipimnfigdkegajemmdm\1.1\lsdb.js
c:\users\UpdatusUser\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dikaecffohogeipimnfigdkegajemmdm\1.1\manifest.json
c:\users\UpdatusUser\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ijgbldojgommhpnafndgccfpicoehehl
c:\users\UpdatusUser\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ijgbldojgommhpnafndgccfpicoehehl\1.0\background.html
c:\users\UpdatusUser\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ijgbldojgommhpnafndgccfpicoehehl\1.0\BnIGe8d.js
c:\users\UpdatusUser\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ijgbldojgommhpnafndgccfpicoehehl\1.0\content.js
c:\users\UpdatusUser\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ijgbldojgommhpnafndgccfpicoehehl\1.0\lsdb.js
c:\users\UpdatusUser\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ijgbldojgommhpnafndgccfpicoehehl\1.0\manifest.json
c:\users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\akpdacgklifkhdhlmcgfjjpjipggeeag
c:\users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\akpdacgklifkhdhlmcgfjjpjipggeeag\2.1\background.html
c:\users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\akpdacgklifkhdhlmcgfjjpjipggeeag\2.1\content.js
c:\users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\akpdacgklifkhdhlmcgfjjpjipggeeag\2.1\lsdb.js
c:\users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\akpdacgklifkhdhlmcgfjjpjipggeeag\2.1\manifest.json
c:\users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\akpdacgklifkhdhlmcgfjjpjipggeeag\2.1\newtab.html
c:\users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\akpdacgklifkhdhlmcgfjjpjipggeeag\2.1\YkaBTtl.js
c:\users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhjooekfblcbbahnjedijbkjecjnfbec
c:\users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhjooekfblcbbahnjedijbkjecjnfbec\2.7\background.html
c:\users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhjooekfblcbbahnjedijbkjecjnfbec\2.7\content.js
c:\users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhjooekfblcbbahnjedijbkjecjnfbec\2.7\lsdb.js
c:\users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhjooekfblcbbahnjedijbkjecjnfbec\2.7\manifest.json
c:\users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhjooekfblcbbahnjedijbkjecjnfbec\2.7\V96U.js
c:\users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\cplklnmnlbnpmjogncfgfijoopmnlemp
c:\users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\cplklnmnlbnpmjogncfgfijoopmnlemp\234\aP7kbK.js
c:\users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\cplklnmnlbnpmjogncfgfijoopmnlemp\234\background.html
c:\users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\cplklnmnlbnpmjogncfgfijoopmnlemp\234\content.js
c:\users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\cplklnmnlbnpmjogncfgfijoopmnlemp\234\lsdb.js
c:\users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\cplklnmnlbnpmjogncfgfijoopmnlemp\234\manifest.json
c:\users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\dikaecffohogeipimnfigdkegajemmdm
c:\users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\dikaecffohogeipimnfigdkegajemmdm\1.1\background.html
c:\users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\dikaecffohogeipimnfigdkegajemmdm\1.1\content.js
c:\users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\dikaecffohogeipimnfigdkegajemmdm\1.1\icon48.png
c:\users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\dikaecffohogeipimnfigdkegajemmdm\1.1\j1Z0rFzXVHS.js
c:\users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\dikaecffohogeipimnfigdkegajemmdm\1.1\lsdb.js
c:\users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\dikaecffohogeipimnfigdkegajemmdm\1.1\manifest.json
c:\users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijgbldojgommhpnafndgccfpicoehehl
c:\users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijgbldojgommhpnafndgccfpicoehehl\1.0\background.html
c:\users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijgbldojgommhpnafndgccfpicoehehl\1.0\BnIGe8d.js
c:\users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijgbldojgommhpnafndgccfpicoehehl\1.0\content.js
c:\users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijgbldojgommhpnafndgccfpicoehehl\1.0\lsdb.js
c:\users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijgbldojgommhpnafndgccfpicoehehl\1.0\manifest.json
c:\users\UpdatusUser\AppData\Local\Torch\User Data\Default\Extensions\akpdacgklifkhdhlmcgfjjpjipggeeag
c:\users\UpdatusUser\AppData\Local\Torch\User Data\Default\Extensions\akpdacgklifkhdhlmcgfjjpjipggeeag\2.1\background.html
c:\users\UpdatusUser\AppData\Local\Torch\User Data\Default\Extensions\akpdacgklifkhdhlmcgfjjpjipggeeag\2.1\content.js
c:\users\UpdatusUser\AppData\Local\Torch\User Data\Default\Extensions\akpdacgklifkhdhlmcgfjjpjipggeeag\2.1\lsdb.js
c:\users\UpdatusUser\AppData\Local\Torch\User Data\Default\Extensions\akpdacgklifkhdhlmcgfjjpjipggeeag\2.1\manifest.json
c:\users\UpdatusUser\AppData\Local\Torch\User Data\Default\Extensions\akpdacgklifkhdhlmcgfjjpjipggeeag\2.1\newtab.html
c:\users\UpdatusUser\AppData\Local\Torch\User Data\Default\Extensions\akpdacgklifkhdhlmcgfjjpjipggeeag\2.1\YkaBTtl.js
c:\users\UpdatusUser\AppData\Local\Torch\User Data\Default\Extensions\bhjooekfblcbbahnjedijbkjecjnfbec
c:\users\UpdatusUser\AppData\Local\Torch\User Data\Default\Extensions\bhjooekfblcbbahnjedijbkjecjnfbec\2.7\background.html
c:\users\UpdatusUser\AppData\Local\Torch\User Data\Default\Extensions\bhjooekfblcbbahnjedijbkjecjnfbec\2.7\content.js
c:\users\UpdatusUser\AppData\Local\Torch\User Data\Default\Extensions\bhjooekfblcbbahnjedijbkjecjnfbec\2.7\lsdb.js
c:\users\UpdatusUser\AppData\Local\Torch\User Data\Default\Extensions\bhjooekfblcbbahnjedijbkjecjnfbec\2.7\manifest.json
c:\users\UpdatusUser\AppData\Local\Torch\User Data\Default\Extensions\bhjooekfblcbbahnjedijbkjecjnfbec\2.7\V96U.js
c:\users\UpdatusUser\AppData\Local\Torch\User Data\Default\Extensions\cplklnmnlbnpmjogncfgfijoopmnlemp
c:\users\UpdatusUser\AppData\Local\Torch\User Data\Default\Extensions\cplklnmnlbnpmjogncfgfijoopmnlemp\234\aP7kbK.js
c:\users\UpdatusUser\AppData\Local\Torch\User Data\Default\Extensions\cplklnmnlbnpmjogncfgfijoopmnlemp\234\background.html
c:\users\UpdatusUser\AppData\Local\Torch\User Data\Default\Extensions\cplklnmnlbnpmjogncfgfijoopmnlemp\234\content.js
c:\users\UpdatusUser\AppData\Local\Torch\User Data\Default\Extensions\cplklnmnlbnpmjogncfgfijoopmnlemp\234\lsdb.js
c:\users\UpdatusUser\AppData\Local\Torch\User Data\Default\Extensions\cplklnmnlbnpmjogncfgfijoopmnlemp\234\manifest.json
c:\users\UpdatusUser\AppData\Local\Torch\User Data\Default\Extensions\dikaecffohogeipimnfigdkegajemmdm
c:\users\UpdatusUser\AppData\Local\Torch\User Data\Default\Extensions\dikaecffohogeipimnfigdkegajemmdm\1.1\background.html
c:\users\UpdatusUser\AppData\Local\Torch\User Data\Default\Extensions\dikaecffohogeipimnfigdkegajemmdm\1.1\content.js
c:\users\UpdatusUser\AppData\Local\Torch\User Data\Default\Extensions\dikaecffohogeipimnfigdkegajemmdm\1.1\icon48.png
c:\users\UpdatusUser\AppData\Local\Torch\User Data\Default\Extensions\dikaecffohogeipimnfigdkegajemmdm\1.1\j1Z0rFzXVHS.js
c:\users\UpdatusUser\AppData\Local\Torch\User Data\Default\Extensions\dikaecffohogeipimnfigdkegajemmdm\1.1\lsdb.js
c:\users\UpdatusUser\AppData\Local\Torch\User Data\Default\Extensions\dikaecffohogeipimnfigdkegajemmdm\1.1\manifest.json
c:\users\UpdatusUser\AppData\Local\Torch\User Data\Default\Extensions\ijgbldojgommhpnafndgccfpicoehehl
c:\users\UpdatusUser\AppData\Local\Torch\User Data\Default\Extensions\ijgbldojgommhpnafndgccfpicoehehl\1.0\background.html
c:\users\UpdatusUser\AppData\Local\Torch\User Data\Default\Extensions\ijgbldojgommhpnafndgccfpicoehehl\1.0\BnIGe8d.js
c:\users\UpdatusUser\AppData\Local\Torch\User Data\Default\Extensions\ijgbldojgommhpnafndgccfpicoehehl\1.0\content.js
c:\users\UpdatusUser\AppData\Local\Torch\User Data\Default\Extensions\ijgbldojgommhpnafndgccfpicoehehl\1.0\lsdb.js
c:\users\UpdatusUser\AppData\Local\Torch\User Data\Default\Extensions\ijgbldojgommhpnafndgccfpicoehehl\1.0\manifest.json
c:\windows\Fonts\calibri.ttf
c:\windows\Fonts\LBRITEDI.TTF
c:\windows\Fonts\segoeuii.ttf
c:\windows\Fonts\timesi.ttf
.
.
(((((((((((((((((((((((((   Files Created from 2015-01-25 to 2015-02-25  )))))))))))))))))))))))))))))))
.
.
2015-02-25 05:17 . 2015-02-25 05:17 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2015-02-25 05:17 . 2015-02-25 05:17 -------- d-----w- c:\users\Public\AppData\Local\temp
2015-02-25 05:17 . 2015-02-25 05:17 -------- d-----w- c:\users\glindholm.PGT\AppData\Local\temp
2015-02-25 05:17 . 2015-02-25 05:17 -------- d-----w- c:\users\glindholm\AppData\Local\temp
2015-02-25 05:17 . 2015-02-25 05:17 -------- d-----w- c:\users\DefaultAppPool\AppData\Local\temp
2015-02-25 05:17 . 2015-02-25 05:17 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-02-25 02:25 . 2015-01-29 09:07 11910896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A84D6242-87B5-4AC6-85D5-B9F6D95C7017}\mpengine.dll
2015-02-25 02:00 . 2015-02-25 01:42 1943800 ----a-w- C:\rkill.com
2015-02-23 23:59 . 2014-11-01 20:07 1188440 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{16B4C1AC-FA23-4AFE-8FE6-07F3AF0DF1EF}\gapaengine.dll
2015-02-23 23:57 . 2015-01-29 09:07 11910896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2015-02-06 16:04 . 2015-02-06 16:04 -------- d-----w- c:\users\lindholm\Tracing
2015-02-06 16:02 . 2015-02-06 16:02 -------- d-----w- c:\users\lindholm\AppData\Local\Skype
2015-02-06 16:02 . 2015-02-23 23:44 -------- d-----w- c:\users\lindholm\AppData\Roaming\Skype
2015-02-06 15:58 . 2015-02-06 15:58 -------- d-----w- c:\users\lindholm\AppData\Local\Apps
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-02-24 01:33 . 2012-04-18 17:31 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-02-24 01:33 . 2012-04-18 17:31 701616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2015-01-30 01:49 . 2012-04-19 15:32 116773704 ----a-w- c:\windows\system32\MRT.exe
2014-12-31 11:14 . 2010-11-21 03:27 298120 ------w- c:\windows\system32\MpSigStub.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-05-04 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IMSS"="c:\program files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe" [2011-08-09 112408]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2011-12-16 462974]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-08-21 959176]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2011-10-28 49208]
.
c:\users\glindholm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Smart Settings.lnk - c:\program files\Dell\Feature Enhancement Pack\SmartSettings.exe [2011-8-24 494488]
.
c:\users\lindholm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Smart Settings.lnk - c:\program files\Dell\Feature Enhancement Pack\SmartSettings.exe [2011-8-24 494488]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Smart Settings.lnk - c:\program files\Dell\Feature Enhancement Pack\SmartSettings.exe [2011-8-24 494488]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"DisableCAD"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"RequireSignedAppInit_DLLs"=0 (0x0)
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R0 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys;c:\windows\SYSNATIVE\DRIVERS\vmci.sys [x]
R2 cfb41c29;WS-Supporter; [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 iPodDrv;iPodDrv;c:\windows\system32\drivers\iPodDrv.sys;c:\windows\SYSNATIVE\drivers\iPodDrv.sys [x]
R2 O2SDIOAssist;O2SDIOAssist;c:\windows\SysWOW64\srvany.exe;c:\windows\SysWOW64\srvany.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys;c:\windows\SYSNATIVE\drivers\Impcd.sys [x]
R3 netvsc;netvsc;c:\windows\system32\DRIVERS\netvsc60.sys;c:\windows\SYSNATIVE\DRIVERS\netvsc60.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 NxDrv;SonicWALL NetExtender Adapter;c:\windows\system32\DRIVERS\NxDrv.sys;c:\windows\SYSNATIVE\DRIVERS\NxDrv.sys [x]
R3 O2MDRRDR;O2MDRRDR;c:\windows\system32\drivers\O2MDRw7x64.sys;c:\windows\SYSNATIVE\drivers\O2MDRw7x64.sys [x]
R3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 SWVNIC;SonicWALL Virtual Miniport;c:\windows\system32\DRIVERS\swvnic.sys;c:\windows\SYSNATIVE\DRIVERS\swvnic.sys [x]
R3 SynthVid;SynthVid;c:\windows\system32\DRIVERS\VMBusVideoM.sys;c:\windows\SYSNATIVE\DRIVERS\VMBusVideoM.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
R3 WMSVC;Web Management Service;c:\windows\system32\inetsrv\wmsvc.exe;c:\windows\SYSNATIVE\inetsrv\wmsvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
S0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdcfltn.sys;c:\windows\SYSNATIVE\DRIVERS\stdcfltn.sys [x]
S1 nvkflt;nvkflt;c:\windows\system32\DRIVERS\nvkflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvkflt.sys [x]
S1 RsFx0200;RsFx0200 Driver;c:\windows\system32\DRIVERS\RsFx0200.sys;c:\windows\SYSNATIVE\DRIVERS\RsFx0200.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe;c:\program files\IDT\WDM\AESTSr64.exe [x]
S2 Credential Vault Host Control Service;Credential Vault Host Control Service;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe [x]
S2 Credential Vault Host Storage;Credential Vault Host Storage;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe [x]
S2 DFEPService;Dell Feature Enhancement Pack Service;c:\program files\Dell\Feature Enhancement Pack\DFEPService.exe;c:\program files\Dell\Feature Enhancement Pack\DFEPService.exe [x]
S2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe;c:\windows\SYSNATIVE\IProsetMonitor.exe [x]
S2 jhi_service;Intel® Identity Protection Technology Host Interface Service;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe [x]
S2 LavasoftAdAwareService11;Ad-Aware Service 11;c:\program files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareService.exe;c:\program files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareService.exe [x]
S2 MsDtsServer110;SQL Server Integration Services 11.0;c:\program files\Microsoft SQL Server\110\DTS\Binn\MsDtsSrvr.exe;c:\program files\Microsoft SQL Server\110\DTS\Binn\MsDtsSrvr.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S2 Wave Authentication Manager Service;Wave Authentication Manager Service;c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe;c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe [x]
S2 ZcfgSvc7;Intel® PROSet/Wireless ZeroConfig Service;c:\program files\Intel\WiFi\bin\ZCfgSvc7.exe;c:\program files\Intel\WiFi\bin\ZCfgSvc7.exe [x]
S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\accelern.sys;c:\windows\SYSNATIVE\DRIVERS\accelern.sys [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys;c:\windows\SYSNATIVE\DRIVERS\CtClsFlt.sys [x]
S3 cvusbdrv;Dell ControlVault;c:\windows\system32\Drivers\cvusbdrv.sys;c:\windows\SYSNATIVE\Drivers\cvusbdrv.sys [x]
S3 O2MDFRDR;O2MDFRDR;c:\windows\system32\DRIVERS\O2MDFw7x64.sys;c:\windows\SYSNATIVE\DRIVERS\O2MDFw7x64.sys [x]
S3 O2SDJRDR;O2SDJRDR;c:\windows\system32\DRIVERS\o2sdjw7x64.sys;c:\windows\SYSNATIVE\DRIVERS\o2sdjw7x64.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - NISDRV
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
iissvcs REG_MULTI_SZ    w3svc was
apphost REG_MULTI_SZ    apphostsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-02-24 04:55 1084744 ----a-w- c:\program files (x86)\Google\Chrome\Application\40.0.2214.115\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2015-02-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-18 01:33]
.
2015-02-25 c:\windows\Tasks\G2MUpdateTask-S-1-5-21-1757981266-1409082233-839522115-1223.job
- c:\program files (x86)\Citrix\GoToMeeting\1865\g2mupdate.exe [2014-11-02 19:53]
.
2015-02-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-02 06:25]
.
2015-02-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-02 06:25]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnabledUnlockedFDEIconOverlay]
@="{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}"
[HKEY_CLASSES_ROOT\CLSID\{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}]
2011-05-27 22:46 139128 ----a-w- c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2015-01-16 00:59 776520 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2015-01-16 00:59 776520 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2015-01-16 00:59 776520 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2015-01-16 00:59 776520 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2015-01-16 00:59 776520 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UninitializedFdeIconOverlay]
@="{CF08DA3E-C97D-4891-A66B-E39B28DD270F}"
[HKEY_CLASSES_ROOT\CLSID\{CF08DA3E-C97D-4891-A66B-E39B28DD270F}]
2011-05-27 22:46 139128 ----a-w- c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]
"TdmNotify"="c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe" [2011-05-27 257392]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-01-25 525312]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-06-28 416024]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2015-01-30 1332296]
"IntelPROSet"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-12-23 1934608]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-06-28 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-06-28 392472]
"FreeFallProtection"="c:\program files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe" [2011-07-25 686704]
"DFEPApplication"="c:\program files\Dell\Feature Enhancement Pack\DFEPApplication.exe" [2011-08-24 7077272]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2011-07-20 611192]
"nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2013-03-11 2041192]
"AdAwareTray"="c:\program files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareTray.exe" [2014-06-03 7715160]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll c:\windows\System32\nvinitx.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
DPF: {B79C81C0-7650-4CAB-8466-E14C6A31EBAD} - hxxps://12.106.72.18:4433/SWTSC.cab
FF - ProfilePath - c:\users\lindholm\AppData\Roaming\Mozilla\Firefox\Profiles\w37mq273.default\
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{C4401D0E-088C-4AD4-B14A-8D6B1181A5E4} - (no file)
Toolbar-Locked - (no file)
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDD-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDE-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDF-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EE0-A251-47B7-93E1-CDD82E34AF8B} - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDD-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDE-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDF-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EE0-A251-47B7-93E1-CDD82E34AF8B} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_305_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_305_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_305_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_305_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.16"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B9A09F18-45AB-4F09-A117-A4ADDA8FA8C8}]
@Denied: (A) (Everyone)
"Solution"="{36eb6792-3a29-43b3-8cd0-f67d266fb426}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane\0]
"Key"="ActionsPane"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\8.0\\ActionsPane.xsd"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2015-02-24  21:20:47
ComboFix-quarantined-files.txt  2015-02-25 05:20
ComboFix2.txt  2014-02-17 21:08
ComboFix3.txt  2012-08-09 17:17
.
Pre-Run: 367,341,088,768 bytes free
Post-Run: 368,038,289,408 bytes free
.
- - End Of File - - B420B191EF3C1B3BF169DABA3B445553

========= End of CMD: =========

C:\Users\glindholm.PGT\AppData\Local\{609be93d-b5e3-4f17-88ec-d2ea189bd7aa} => Moved successfully.
C:\ProgramData\Temp => ":0CFF5F08" ADS removed successfully.
Restore point was successfully created.
EmptyTemp: => Removed 2.7 GB temporary data.

The system needed a reboot.

==== End of Fixlog 09:08:04 ====

 

 

FRST Log 

================================

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-02-2015 01
Ran by lindholm (administrator) on GEORGE-L on 26-02-2015 09:50:09
Running from C:\
Loaded Profiles: lindholm (Available profiles: UpdatusUser & glindholm & lindholm & glindholm & DefaultAppPool)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(UPEK Inc.) C:\Program Files\Common Files\SPBA\upeksvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZCfgSvc7.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Broadcom Corporation) C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
(Broadcom Corporation) C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
(Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Dell Inc.) C:\Program Files\Dell\Feature Enhancement Pack\DFEPService.exe
(Microsoft Corporation) C:\Windows\System32\inetsrv\inetinfo.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\110\DTS\Binn\MsDtsSrvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\Binn\sqlservr.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSAS11.MSSQLSERVER\OLAP\bin\msmdsrv.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
() C:\Windows\SysWOW64\srvany.exe
(O2Micro.) C:\Windows\SysWOW64\SDIOAssist.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Microsoft Corporation) C:\Windows\System32\TCPSVCS.EXE
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\Binn\SQLAGENT.EXE
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
() C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
(Dell Inc.) C:\Program Files\Dell\Feature Enhancement Pack\DFEPApplication.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Microsoft) C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Creative Technology Ltd) C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Google Inc.) C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [TdmNotify] => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe [257392 2011-05-27] (Wave Systems Corp.)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [525312 2011-01-25] (IDT, Inc.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1332296 2015-01-30] (Microsoft Corporation)
HKLM\...\Run: [IntelPROSet] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1934608 2010-12-23] (Intel® Corporation)
HKLM\...\Run: [FreeFallProtection] => C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe [686704 2011-07-25] ()
HKLM\...\Run: [DFEPApplication] => c:\Program Files\Dell\Feature Enhancement Pack\DFEPApplication.exe [7077272 2011-08-24] (Dell Inc.)
HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [611192 2011-07-20] (Alps Electric Co., Ltd.)
HKLM\...\Run: [nwiz] => C:\Program Files\NVIDIA Corporation\nview\nwiz.exe [2041192 2013-03-11] ()
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe [112408 2011-08-08] (Intel Corporation)
HKLM-x32\...\Run: [Dell Webcam Central] => C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [462974 2011-12-16] (Creative Technology Ltd)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-163096287-206452579-3000308475-1017\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-05-04] (Google Inc.)
AppInit_DLLs: C:\Windows\System32\nvinitx.dll => C:\Windows\System32\nvinitx.dll [245872 2013-03-11] (NVIDIA Corporation)
AppInit_DLLs:  C:\Windows\System32\nvinitx.dll => C:\Windows\System32\nvinitx.dll [245872 2013-03-11] (NVIDIA Corporation)
AppInit_DLLs-x32: c:\windows\syswow64\nvinit.dll => c:\windows\syswow64\nvinit.dll [201576 2013-03-11] (NVIDIA Corporation)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Settings.lnk
ShortcutTarget: Smart Settings.lnk -> C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe (Microsoft)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Settings.lnk
ShortcutTarget: Smart Settings.lnk -> C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe (Microsoft)
Startup: C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Settings.lnk
ShortcutTarget: Smart Settings.lnk -> C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe (Microsoft)
Startup: C:\Users\glindholm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Settings.lnk
ShortcutTarget: Smart Settings.lnk -> C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe (Microsoft)
Startup: C:\Users\glindholm.PGT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Photosmart 6520 series (Network).lnk
ShortcutTarget: Monitor Ink Alerts - HP Photosmart 6520 series (Network).lnk -> C:\Program Files\HP\HP Photosmart 6520 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
Startup: C:\Users\glindholm.PGT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Settings.lnk
ShortcutTarget: Smart Settings.lnk -> C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe (Microsoft)
Startup: C:\Users\lindholm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Settings.lnk
ShortcutTarget: Smart Settings.lnk -> C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe (Microsoft)
Startup: C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Settings.lnk
ShortcutTarget: Smart Settings.lnk -> C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe (Microsoft)
ShellIconOverlayIdentifiers: [EnabledUnlockedFDEIconOverlay] -> {30D3C2AF-9709-4D05-9CF4-13335F3C1E4A} => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll (Wave Systems Corp.)
ShellIconOverlayIdentifiers: [UninitializedFdeIconOverlay] -> {CF08DA3E-C97D-4891-A66B-E39B28DD270F} => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll (Wave Systems Corp.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-163096287-206452579-3000308475-1017\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-163096287-206452579-3000308475-1017\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM -> {6A16311E-13BF-44C8-987A-6B9D2AFFE2F9} URL = http://www.bing.com/search?q={searchTerms}&form=DLRDF8&pc=MDDR&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {6A16311E-13BF-44C8-987A-6B9D2AFFE2F9} URL = http://www.bing.com/search?q={searchTerms}&form=DLRDF8&pc=MDDR&src=IE-SearchBox
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-163096287-206452579-3000308475-1017 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
DPF: HKLM-x32 {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://qtinstall.apple.com/qtactivex/qtplugin.cab
DPF: HKLM-x32 {55963676-2F5E-4BAF-AC28-CF26AA587566} https://65.117.82.194/CACHE/stc/1/binaries/vpnweb.cab
DPF: HKLM-x32 {6EEFD7B1-B26C-440D-B55A-1EC677189F30} https://12.106.72.18:4433/NELX.cab
DPF: HKLM-x32 {B79C81C0-7650-4CAB-8466-E14C6A31EBAD} https://12.106.72.18:4433/SWTSC.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.20.7 192.168.20.10

FireFox:
========
FF ProfilePath: C:\Users\lindholm\AppData\Roaming\Mozilla\Firefox\Profiles\w37mq273.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 DFEPService; c:\Program Files\Dell\Feature Enhancement Pack\DFEPService.exe [2279320 2011-08-24] (Dell Inc.)
R2 IISADMIN; C:\Windows\system32\inetsrv\inetinfo.exe [15872 2010-11-20] (Microsoft Corporation)
R2 MsDtsServer110; C:\Program Files\Microsoft SQL Server\110\DTS\Binn\MsDtsSrvr.exe [218200 2012-02-11] (Microsoft Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2015-01-30] (Microsoft Corporation)
R2 MSSQLSERVER; C:\Program Files\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\Binn\sqlservr.exe [191064 2012-02-11] (Microsoft Corporation)
R2 MSSQLServerOLAPService; C:\Program Files\Microsoft SQL Server\MSAS11.MSSQLSERVER\OLAP\bin\msmdsrv.exe [61538904 2012-02-11] (Microsoft Corporation)
S4 msvsmon90; C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe [4737024 2008-07-29] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [50688 2011-04-13] (Hewlett-Packard) [File not signed]
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366512 2015-01-30] (Microsoft Corporation)
R2 O2SDIOAssist; c:\Windows\SysWOW64\srvany.exe [8192 2003-04-18] () [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [66048 2011-04-13] (Hewlett-Packard) [File not signed]
R2 simptcp; C:\Windows\SysWOW64\tcpsvcs.exe [9216 2009-07-13] (Microsoft Corporation)
R2 SQLSERVERAGENT; C:\Program Files\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\Binn\SQLAGENT.EXE [597080 2012-02-11] (Microsoft Corporation)
S2 tcsd_win32.exe; C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe [1633280 2011-02-17] () [File not signed]
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-20] (Microsoft Corporation)
R2 Wave Authentication Manager Service; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe [1600000 2011-07-01] (Wave Systems Corp.) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
S3 WMSVC; C:\Windows\system32\inetsrv\wmsvc.exe [10752 2009-07-13] (Microsoft Corporation)
R2 ZcfgSvc7; C:\Program Files\Intel\WiFi\bin\ZCfgSvc7.exe [992256 2010-12-23] (Intel® Corporation) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 HBtnKey; C:\Windows\system32\drivers\HBtnKey.sys [20424 2011-07-19] (Dell Inc.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [274696 2014-11-15] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124560 2014-11-15] (Microsoft Corporation)
R1 nvkflt; C:\Windows\System32\DRIVERS\nvkflt.sys [284448 2013-03-11] (NVIDIA Corporation)
S3 NxDrv; C:\Windows\System32\DRIVERS\NxDrv.sys [24264 2011-07-28] (SonicWALL Inc.)
R1 RsFx0200; C:\Windows\System32\DRIVERS\RsFx0200.sys [334936 2012-02-11] (Microsoft Corporation)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] (Apple, Inc.) [File not signed]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S2 iPodDrv; \??\C:\Windows\system32\drivers\iPodDrv.sys [X]
S3 NSNDIS5; \??\C:\Windows\system32\NSNDIS5.SYS [X]
S3 SWVNIC; system32\DRIVERS\swvnic.sys [X]
S0 vmci; system32\DRIVERS\vmci.sys [X]
S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [X]
S3 vpnva; system32\DRIVERS\vpnva64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-26 08:42 - 2015-02-26 09:50 - 00020060 _____ () C:\FRST.txt
2015-02-26 08:14 - 2015-02-26 08:14 - 00000000 ____D () C:\FRST-OlderVersion
2015-02-25 12:34 - 2015-02-25 14:17 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-25 12:33 - 2015-02-25 12:33 - 00001104 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-02-25 12:33 - 2015-02-25 12:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-02-25 12:33 - 2015-02-25 12:33 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-02-25 12:33 - 2015-02-25 12:33 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-02-25 12:33 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-02-25 12:33 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-02-25 12:33 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-02-25 12:08 - 2015-02-25 12:08 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\lindholm\Desktop\mbam-setup-2.0.4.1028.exe
2015-02-25 12:08 - 2015-02-25 12:08 - 02126848 _____ () C:\Users\lindholm\Desktop\AdwCleaner.exe
2015-02-25 09:47 - 2015-02-25 09:47 - 00000000 ____D () C:\Users\lindholm\AppData\Roaming\LavasoftStatistics
2015-02-25 06:46 - 2015-02-25 06:46 - 00000000 ____D () C:\Users\lindholm\AppData\Local\tem
2015-02-25 06:46 - 2009-07-13 17:39 - 00328704 _____ (Microsoft Corporation) C:\Windows\system32\Services.exe
2015-02-25 06:45 - 2015-02-25 06:46 - 00581244 _____ () C:\Users\lindholm\Desktop\ESETSirefefCleaner.exe_20150225.064551.6848.log
2015-02-25 06:45 - 2015-02-25 06:46 - 00197272 _____ () C:\Users\lindholm\Desktop\ESETSirefefCleaner.exe_20150225.064551.6848.zip
2015-02-25 06:45 - 2015-02-25 06:42 - 00368992 _____ (ESET) C:\Users\lindholm\Desktop\ESETSirefefCleaner.exe
2015-02-24 21:41 - 2015-02-26 09:50 - 00000000 ____D () C:\FRST
2015-02-24 21:39 - 2015-02-26 08:14 - 02087936 _____ (Farbar) C:\FRST64.exe
2015-02-24 21:20 - 2015-02-24 21:20 - 00088512 _____ () C:\ComboFix.txt
2015-02-24 20:59 - 2015-02-24 20:59 - 05611903 ____R (Swearware) C:\ComboFix.exe
2015-02-24 18:02 - 2015-02-24 18:04 - 00003082 _____ () C:\Users\lindholm\Desktop\Rkill.txt
2015-02-24 18:00 - 2015-02-24 17:42 - 01943800 _____ (Bleeping Computer, LLC) C:\rkill.com
2015-02-06 08:04 - 2015-02-06 08:04 - 00000000 ____D () C:\Users\lindholm\Tracing
2015-02-06 08:02 - 2015-02-23 15:44 - 00000000 ____D () C:\Users\lindholm\AppData\Roaming\Skype
2015-02-06 08:02 - 2015-02-06 08:02 - 00000000 ____D () C:\Users\lindholm\AppData\Local\Skype
2015-02-06 07:58 - 2015-02-25 06:44 - 00000000 ____D () C:\Users\lindholm\AppData\Local\Apps\2.0
2015-02-06 07:58 - 2015-02-06 07:56 - 01548384 _____ (Skype Technologies S.A.) C:\Users\lindholm\Desktop\SkypeSetup.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-26 09:47 - 2012-05-01 22:26 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-26 09:47 - 2012-04-18 11:19 - 01671719 _____ () C:\Windows\WindowsUpdate.log
2015-02-26 09:33 - 2012-07-12 21:06 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-26 09:17 - 2009-07-13 20:45 - 00021312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-26 09:17 - 2009-07-13 20:45 - 00021312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-26 09:11 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\system32\inetsrv
2015-02-26 09:10 - 2012-04-18 11:38 - 00000120 _____ () C:\Windows\system32\config\netlogon.ftl
2015-02-26 09:09 - 2012-04-18 11:17 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-02-26 09:09 - 2010-11-20 19:47 - 00522368 _____ () C:\Windows\PFRO.log
2015-02-26 09:09 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-26 09:09 - 2009-07-13 20:51 - 00152355 _____ () C:\Windows\setupact.log
2015-02-26 09:06 - 2009-07-13 19:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2015-02-26 08:54 - 2012-05-01 22:26 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-26 08:52 - 2014-06-12 08:18 - 00000546 _____ () C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-1757981266-1409082233-839522115-1223.job
2015-02-25 14:07 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\LiveKernelReports
2015-02-25 12:25 - 2014-02-17 10:08 - 00000000 ____D () C:\AdwCleaner
2015-02-25 09:54 - 2009-07-13 21:13 - 01135306 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-24 21:20 - 2012-08-09 08:14 - 00000000 ____D () C:\Qoobox
2015-02-24 21:17 - 2009-07-13 18:34 - 00000215 _____ () C:\Windows\system.ini
2015-02-24 12:16 - 2012-04-18 11:47 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-02-24 12:14 - 2012-08-12 07:32 - 00002119 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2015-02-24 12:14 - 2012-08-12 07:32 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2015-02-24 12:14 - 2012-08-12 07:32 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2015-02-24 12:14 - 2012-04-18 15:47 - 00001945 _____ () C:\Windows\epplauncher.mif
2015-02-24 12:13 - 2013-07-12 09:00 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-23 17:33 - 2012-07-12 21:06 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-02-23 17:33 - 2012-04-18 09:31 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-23 17:33 - 2012-04-18 09:31 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-23 16:31 - 2012-04-25 08:18 - 00000000 ____D () C:\Users\DefaultAppPool
2015-02-23 16:31 - 2012-04-18 11:41 - 00000000 ____D () C:\Users\glindholm.PGT
2015-02-23 16:31 - 2012-04-18 11:08 - 00000000 ____D () C:\Users\glindholm
2015-02-23 15:47 - 2014-11-02 13:08 - 00000000 ____D () C:\Users\lindholm
2015-02-23 15:44 - 2014-04-15 18:38 - 00000000 ____D () C:\ProgramData\pdf995
2015-02-23 15:44 - 2013-11-15 18:21 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-02-23 15:44 - 2013-11-15 18:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-02-23 15:44 - 2013-11-15 18:20 - 00000000 ____D () C:\ProgramData\Skype
2015-02-23 15:44 - 2012-07-14 21:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-02-23 15:44 - 2012-04-18 09:31 - 00000000 ____D () C:\Windows\system32\Macromed
2015-02-23 15:44 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\AppCompat
2015-02-23 15:43 - 2012-04-18 11:55 - 00000000 ____D () C:\Program Files (x86)\Microsoft Visual Studio
2015-02-23 15:43 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\registration
2015-02-06 07:55 - 2013-09-16 17:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-02-06 07:49 - 2012-05-01 22:26 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-06 07:49 - 2012-05-01 22:26 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-02-06 07:44 - 2012-04-18 11:39 - 00017176 __RSH () C:\ProgramData\ntuser.pol
2015-01-29 17:49 - 2012-04-19 07:32 - 116773704 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

==================== Files in the root of some directories =======

2014-03-08 16:14 - 2014-03-08 16:14 - 0000057 _____ () C:\ProgramData\Ament.ini

Some zero byte size files/folders:
==========================
C:\Windows\System32\sxshared.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-02-23 16:25

==================== End Of Log ============================

 

 

Fss Log

========================================================

Farbar Service Scanner Version: 17-01-2015
Ran by lindholm (administrator) on 26-02-2015 at 10:10:56
Running from "C:\Users\lindholm\Desktop"
Microsoft Windows 7 Professional  Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============

Firewall Disabled Policy:
==================

System Restore:
============
SDRSVC Service is not running. Checking service configuration:
The start type of SDRSVC service is OK.
The ImagePath of SDRSVC service is OK.
The ServiceDll of SDRSVC service is OK.

System Restore Policy:
========================

Action Center:
============

Action Center Notification Icon =====> Unable to open HKLM\...\ShellServiceObjects\{F56F6FDD-AA9D-4618-A949-C1B91AF43B1A} key. The key does not exist.

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.

Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1

Other Services:
==============

File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed

**** End of log ****



#13 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:09:30 PM

Posted 26 February 2015 - 01:22 PM

OK. :)

Let's do a final check up:

Step 1


Don't remove on your own anything that HitmanPro detects!
This scanner, as it is a really good for checking, has been known for deleting files instead of curing them, which in some cases may render the machine unbootable.
Any removals will be done manually after careful analysis of the scan results!


Please download hitmanpro_32.pngHitmanPro 32-bit / HitmanPro 64-bit by SurfRight and save it to your desktop.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.
  • Right-click onhitmanpro.pngicon and select admin.PNGRun as Administrator to start the tool.
  • If the program won't run please run it while holding down the left CTRL key until it's loaded!
  • Click on the Next button (1). You must agree with the terms of EULA (2 - if asked).
  • Check the box beside "No, I only want to perform a one-time scan to check this computer" and click on the Next button. (3)
  • The program will start to scan the computer. It would only take several minutes.
  • When the scan is done click on Save Log (4) and close HitmanPro! (5)
  • Copy and paste the content of the log file in your next reply.
hitman.gif


Step 2

Please downloadesetlogo.pngOnline Scanner and save it to your Desktop.
  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start installer.pngwith administartor privileges.
  • Select the option Yes, I accept the Terms of Use and click on Start.
  • Choose the following settings:
settings.png
  • Click on Start. The virus signature database will begin to download. This may take some time.
  • When completed the Online Scan will begin automatically.
    Note: This scan might take a long time! Please be patient.
  • When completed select Uninstall application on close if you so wish, but make sure you copy the logfile first!
  • Now click on Finish
  • A log filelog.pngis created at logpath.png
    Copy and paste the content of this log file in your next reply.
esetlog.png
Note: Do not forget to re-enable your antivirus application after running the above scan!
eset.gif

lesestoff.png

Can you please tell me which problems still persist now?
How is the computer running

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#14 art_vandelay

art_vandelay
  • Topic Starter

  • Members
  • 139 posts
  • OFFLINE
  •  
  • Local time:12:30 PM

Posted 26 February 2015 - 07:25 PM

HitManPro log

===================

HitmanPro 3.7.9.238
www.hitmanpro.com
   Computer name . . . . : GEORGE-L
   Windows . . . . . . . : 6.1.1.7601.X64/4
   User name . . . . . . : GEORGE-L\lindholm
   UAC . . . . . . . . . : Disabled
   License . . . . . . . : Free
   Scan date . . . . . . : 2015-02-26 10:35:07
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 6m 36s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No
   Threats . . . . . . . : 0
   Traces  . . . . . . . : 44
   Objects scanned . . . : 2,171,666
   Files scanned . . . . : 35,882
   Remnants scanned  . . : 574,051 files / 1,561,733 keys
Suspicious files ____________________________________________________________
   C:\FRST-OlderVersion\FRST64.exe
      Size . . . . . . . : 2,087,424 bytes
      Age  . . . . . . . : 1.5 days (2015-02-24 21:39:34)
      Entropy  . . . . . : 7.5
      SHA-256  . . . . . : AACE4BA78B9819BE542565C57E531035C613D0DA46B22EC7B4C90718A753EF8D
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 24.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.
   C:\FRST64.exe
      Size . . . . . . . : 2,087,936 bytes
      Age  . . . . . . . : 0.1 days (2015-02-26 08:14:04)
      Entropy  . . . . . : 7.5
      SHA-256  . . . . . : 552DE6F30FD0E9BEF5519659E35FD23FD20645DE092DBA24F8551CCEBE000FD1
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 24.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.
      Forensic Cluster
          0.0s C:\FRST64.exe
          1.8s C:\FRST-OlderVersion\
          1.8s C:\FRST-OlderVersion\
          1.8s C:\FRST-OlderVersion\
          1.8s C:\FRST-OlderVersion\
          1.8s C:\FRST-OlderVersion\
          1.8s C:\FRST-OlderVersion\
          1.8s C:\FRST-OlderVersion\
          1.8s C:\FRST-OlderVersion\
          1.8s C:\FRST-OlderVersion\
          1.8s C:\FRST-OlderVersion\
          1.8s C:\FRST-OlderVersion\
   C:\Users\lindholm\Desktop\FSS.exe
      Size . . . . . . . : 415,232 bytes
      Age  . . . . . . . : 0.0 days (2015-02-26 10:10:01)
      Entropy  . . . . . : 7.9
      SHA-256  . . . . . : CF5F35213C6434469F1B4F614A2366A2A88F3CBC7C9965A458F64545A76C5AC1
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 24.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.
      References
         HKU\S-1-5-21-163096287-206452579-3000308475-1017\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\C:\Users\lindholm\Desktop\FSS.exe

Potential Unwanted Programs _________________________________________________
   HKLM\SOFTWARE\Classes\.torrent\iLivid.torrent_backup (iLivid)
   HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{AD11DADE-C597-45D9-D8C5-1D2EB0B89613}\ (MultiPlug)
   HKU\.DEFAULT\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}\ (PCOptimizerPro)
   HKU\S-1-5-18\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}\ (PCOptimizerPro)
   HKU\S-1-5-19\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}\ (PCOptimizerPro)
   HKU\S-1-5-20\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}\ (PCOptimizerPro)
Cookies _____________________________________________________________________
   C:\Users\glindholm.PGT\AppData\Local\Google\Chrome\User Data\Default\Cookies:a1.interclick.com
   C:\Users\glindholm.PGT\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.360yield.com
   C:\Users\glindholm.PGT\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.mlnadvertising.com
   C:\Users\glindholm.PGT\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.adk2.com
   C:\Users\glindholm.PGT\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.pointroll.com
   C:\Users\glindholm.PGT\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.pubmatic.com
   C:\Users\glindholm.PGT\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.yahoo.com
   C:\Users\glindholm.PGT\AppData\Local\Google\Chrome\User Data\Default\Cookies:adtechus.com
   C:\Users\glindholm.PGT\AppData\Local\Google\Chrome\User Data\Default\Cookies:advertising.com
   C:\Users\glindholm.PGT\AppData\Local\Google\Chrome\User Data\Default\Cookies:atdmt.com
   C:\Users\glindholm.PGT\AppData\Local\Google\Chrome\User Data\Default\Cookies:burstnet.com
   C:\Users\glindholm.PGT\AppData\Local\Google\Chrome\User Data\Default\Cookies:casalemedia.com
   C:\Users\glindholm.PGT\AppData\Local\Google\Chrome\User Data\Default\Cookies:doubleclick.net
   C:\Users\glindholm.PGT\AppData\Local\Google\Chrome\User Data\Default\Cookies:fastclick.net
   C:\Users\glindholm.PGT\AppData\Local\Google\Chrome\User Data\Default\Cookies:in.getclicky.com
   C:\Users\glindholm.PGT\AppData\Local\Google\Chrome\User Data\Default\Cookies:interclick.com
   C:\Users\glindholm.PGT\AppData\Local\Google\Chrome\User Data\Default\Cookies:media6degrees.com
   C:\Users\glindholm.PGT\AppData\Local\Google\Chrome\User Data\Default\Cookies:mediaplex.com
   C:\Users\glindholm.PGT\AppData\Local\Google\Chrome\User Data\Default\Cookies:oracle.112.2o7.net
   C:\Users\glindholm.PGT\AppData\Local\Google\Chrome\User Data\Default\Cookies:pointroll.com
   C:\Users\glindholm.PGT\AppData\Local\Google\Chrome\User Data\Default\Cookies:questionmarket.com
   C:\Users\glindholm.PGT\AppData\Local\Google\Chrome\User Data\Default\Cookies:realmedia.com
   C:\Users\glindholm.PGT\AppData\Local\Google\Chrome\User Data\Default\Cookies:revsci.net
   C:\Users\glindholm.PGT\AppData\Local\Google\Chrome\User Data\Default\Cookies:ru4.com
   C:\Users\glindholm.PGT\AppData\Local\Google\Chrome\User Data\Default\Cookies:serving-sys.com
   C:\Users\glindholm.PGT\AppData\Local\Google\Chrome\User Data\Default\Cookies:smartadserver.com
   C:\Users\glindholm.PGT\AppData\Local\Google\Chrome\User Data\Default\Cookies:zedo.com
   C:\Users\lindholm\AppData\Roaming\Microsoft\Windows\Cookies\1YMPTMDC.txt
   C:\Users\lindholm\AppData\Roaming\Microsoft\Windows\Cookies\5I1KFMFF.txt
   C:\Users\lindholm\AppData\Roaming\Microsoft\Windows\Cookies\6Y1V9NYV.txt
   C:\Users\lindholm\AppData\Roaming\Microsoft\Windows\Cookies\8WEO1DZS.txt
   C:\Users\lindholm\AppData\Roaming\Microsoft\Windows\Cookies\AW1WPWQO.txt
   C:\Users\lindholm\AppData\Roaming\Microsoft\Windows\Cookies\FTMFR78K.txt
   C:\Users\lindholm\AppData\Roaming\Microsoft\Windows\Cookies\SBZO15SV.txt

 

OnlineScannerLog

===============================================

C:\Users\All Users\InstallMate\{92576B51-B0F2-4890-AA7B-F8D049B449A7}\Custom.dll Win32/InstalleRex.M potentially unwanted application 
C:\AdwCleaner\Quarantine\C\Program Files (x86)\OApps\SelectionLinks.dll.vir a variant of Win32/AdWare.Facetheme.F application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Unitech LLC\ividi\1.8.23.0\ividiApp.dll.vir a variant of Win32/Toolbar.Montiera.A potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Unitech LLC\ividi\1.8.23.0\ividiEng.dll.vir a variant of Win32/Toolbar.Montiera.U potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Unitech LLC\ividi\1.8.23.0\ividisrv.exe.vir a variant of Win32/Toolbar.Montiera.A potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Unitech LLC\ividi\1.8.23.0\uninstall.exe.vir Win32/Toolbar.Montiera.B potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Unitech LLC\ividi\1.8.23.0\bh\ividi.dll.vir a variant of Win32/Toolbar.Escort.A potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\YoutubeAdblocker\74cLR.dll.vir a variant of Win32/AdWare.MultiPlug.N application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\YoutubeAdblocker\74cLR.x64.dll.vir a variant of Win64/Adware.MultiPlug.A application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\ProgramData\greatsaaver\z_NI8.exe.vir a variant of Win32/AdWare.MultiPlug.T application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\ProgramData\SeaRch-NewiTeab\QmrPX2.exe.vir a variant of Win32/AdWare.MultiPlug.T application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\ProgramData\YoutubeAdblocker\lSyLgsZPe.exe.vir a variant of Win32/AdWare.MultiPlug.T application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\glindholm.PGT\AppData\Local\iLivid\Helper.dll.vir a variant of Win32/Toolbar.SearchSuite.P potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\glindholm.PGT\AppData\Local\iLivid\Uninstall.exe.vir a variant of Win32/Toolbar.SearchSuite.G potentially unwanted application deleted - quarantined
C:\ProgramData\InstallMate\{92576B51-B0F2-4890-AA7B-F8D049B449A7}\Custom.dll Win32/InstalleRex.M potentially unwanted application deleted - quarantined
C:\Qoobox\Quarantine\C\Users\glindholm.PGT\AppData\Local\yhrczuokfc.exe.vir a variant of Win32/Kryptik.AJOM trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Users\glindholm.PGT\AppData\Local\{609be93d-b5e3-4f17-88ec-d2ea189bd7aa}\n.vir Win64/Sirefef.W trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Users\glindholm.PGT\AppData\Local\{609be93d-b5e3-4f17-88ec-d2ea189bd7aa}\U\00000004.@.vir Win64/Conedex.C trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Users\glindholm.PGT\AppData\Local\{609be93d-b5e3-4f17-88ec-d2ea189bd7aa}\U\00000008.@.vir Win64/Agent.BA trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Users\glindholm.PGT\AppData\Local\{609be93d-b5e3-4f17-88ec-d2ea189bd7aa}\U\000000cb.@.vir Win64/Conedex.B trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Users\glindholm.PGT\AppData\Local\{609be93d-b5e3-4f17-88ec-d2ea189bd7aa}\U\80000000.@.vir Win64/Sirefef.AP trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Users\glindholm.PGT\AppData\Local\{609be93d-b5e3-4f17-88ec-d2ea189bd7aa}\U\80000032.@.vir a variant of Win32/Sirefef.GC trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Users\glindholm.PGT\AppData\Local\{609be93d-b5e3-4f17-88ec-d2ea189bd7aa}\U\80000064.@.vir a variant of Win64/Sirefef.BK trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Windows\Installer\{609be93d-b5e3-4f17-88ec-d2ea189bd7aa}\n.vir Win64/Sirefef.W trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Windows\Installer\{609be93d-b5e3-4f17-88ec-d2ea189bd7aa}\U\00000004.@.vir Win64/Conedex.C trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Windows\Installer\{609be93d-b5e3-4f17-88ec-d2ea189bd7aa}\U\00000008.@.vir Win64/Agent.BA trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Windows\Installer\{609be93d-b5e3-4f17-88ec-d2ea189bd7aa}\U\000000cb.@.vir Win64/Conedex.B trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Windows\Installer\{609be93d-b5e3-4f17-88ec-d2ea189bd7aa}\U\80000000.@.vir Win64/Sirefef.AP trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Windows\Installer\{609be93d-b5e3-4f17-88ec-d2ea189bd7aa}\U\80000032.@.vir a variant of Win32/Sirefef.GC trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Windows\Installer\{609be93d-b5e3-4f17-88ec-d2ea189bd7aa}\U\80000064.@.vir a variant of Win64/Sirefef.BK trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Windows\System32\services.exe.vir Win64/Patched.B.Gen trojan deleted - quarantined
C:\Users\glindholm.PGT\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7\70899b87-5e230545 Java/Exploit.CVE-2013-0422.CV trojan cleaned by deleting - quarantined
 



#15 art_vandelay

art_vandelay
  • Topic Starter

  • Members
  • 139 posts
  • OFFLINE
  •  
  • Local time:12:30 PM

Posted 26 February 2015 - 07:34 PM

I'm still getting the "....contained a virus and was deleted" error when I try to download an attachment.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users