Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows Firewall error 0x6D9 and Windows update not running


  • This topic is locked This topic is locked
44 replies to this topic

#1 DaisyComet

DaisyComet

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:04:08 PM

Posted 13 March 2015 - 10:25 PM

when attempting to do Windows update or open Windows Firewall receiving errors. attached a screen shot of the messages. Is there a virus/malware that my current anti-virus software is not picking up?

Attached Files


Edited by Orange Blossom, 14 March 2015 - 03:21 PM.
Moved to AII from Windows 7. ~ OB Moved to log forum. ~ OB


BC AdBot (Login to Remove)

 


#2 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:11:08 PM

Posted 14 March 2015 - 03:09 PM

Hi & :welcome: to Bleeping Computer Forums!
My name is Jürgen and I will be assisting you with your Malware related problems. :warrior:

Before we move on, please read the following points carefully: :exclame:
  • My native language isn't English. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.
  • Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 5 days from this initial or any subsequent post, then this thread will be closed.
  • If I don't reply within 24 hours please PM me!
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
Step 1

Please run a FRST scan. This will help us diagnose your problem.

frst.pngfrstscan.png
Please download Farbar Recovery Scan Tool and save it to your Desktop.
(If you are not sure which version (32-/64-bit) applies to your system, download and try to start both of them as just the right one will run.)
  • Start FRST with administator privileges.
  • Make sure the option Addition.txt is checked and press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
  • Please copy and paste these logs in your next reply.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#3 DaisyComet

DaisyComet
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:04:08 PM

Posted 15 March 2015 - 05:52 PM

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-15 17:44 - 2015-03-15 17:45 - 00038297 _____ () C:\Users\Tromm\Desktop\FRST.txt
2015-03-15 17:44 - 2015-03-15 17:44 - 02095616 _____ (Farbar) C:\Users\Tromm\Desktop\FRST64.exe
2015-03-15 17:44 - 2015-03-15 17:44 - 00000000 ____D () C:\FRST
2015-03-13 21:20 - 2015-03-14 22:30 - 00000112 _____ () C:\Windows\setupact.log
2015-03-13 21:20 - 2015-03-13 21:20 - 00000000 _____ () C:\Windows\setuperr.log
2015-03-13 20:20 - 2015-03-13 20:25 - 564744309 _____ () C:\Users\Tromm\Downloads\Windows6.1-KB947821-v34-x64.msu
2015-03-04 17:18 - 2015-03-04 17:18 - 00253278 _____ () C:\Users\Tromm\Downloads\Test Event Logs - Extended System Test.html
2015-03-03 23:45 - 2015-03-03 23:45 - 00002028 _____ () C:\Users\Public\Desktop\Adobe Acrobat X Pro.lnk
2015-03-03 18:53 - 2015-03-03 18:53 - 13087456 _____ (Microsoft Corporation) C:\Users\Tromm\Downloads\Silverlight_x64.exe
2015-03-03 17:41 - 2015-03-03 17:41 - 06431728 _____ (Microsoft Corporation) C:\Users\Tromm\Downloads\OSGS14-WindowsUpgradeAssistant-32bitand64bit-ClientSKU-4141411.exe
2015-03-03 17:31 - 2015-03-03 17:31 - 58130592 _____ (Microsoft Corporation) C:\Users\Tromm\Downloads\EIE11_EN-US_WOL_WIN764.EXE
2015-03-03 16:37 - 2015-03-03 16:37 - 00003160 _____ () C:\Windows\System32\Tasks\{804F0A93-A4F4-4ECF-90E3-55415B9716DE}
2015-03-02 13:54 - 2015-03-02 13:54 - 00000000 ____D () C:\Users\Tromm\AppData\Local\{1EE75EEA-F34C-418F-863D-D12C7EFFB9F2}
2015-03-02 13:53 - 2015-03-02 13:54 - 50230019 _____ (Total Seminars, LLC ) C:\Users\Tromm\Downloads\aplus_demo_2012.exe
2015-03-02 00:16 - 2015-02-27 12:21 - 00300444 _____ () C:\Users\Tromm\Documents\The Siberian crater saga is more widespread — and scarier — than anyone thought.mht
2015-02-23 21:12 - 2015-03-13 21:21 - 00000000 ____D () C:\Users\Tromm\Desktop\k
2015-02-23 20:56 - 2015-02-23 20:56 - 00000000 ____D () C:\Users\Tromm\Documents\Adobe
2015-02-16 14:11 - 2015-02-16 14:12 - 00000000 ____D () C:\Users\Tromm\AppData\Local\{7C2C591C-B58B-476C-8F77-512390BBF0F3}

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-15 17:40 - 2012-09-01 22:48 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1272866869-2122429395-3008059543-1001UA.job
2015-03-15 17:39 - 2012-08-26 16:58 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-15 17:35 - 2013-11-21 14:06 - 00000000 ___RD () C:\Users\Tromm\Dropbox
2015-03-15 17:35 - 2013-11-21 14:04 - 00000000 ____D () C:\Users\Tromm\AppData\Roaming\Dropbox
2015-03-15 17:35 - 2012-07-13 08:58 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-03-15 17:35 - 2010-04-02 18:23 - 00000000 ____D () C:\Users\Tromm\AppData\Local\Adobe
2015-03-15 17:34 - 2014-10-23 06:02 - 00000000 ___RD () C:\Users\Tromm\ShareFile
2015-03-15 17:34 - 2014-09-30 14:11 - 00000430 _____ () C:\Windows\Tasks\BeFrugal.com Toolbar.job
2015-03-15 17:34 - 2014-08-22 09:39 - 00000562 _____ () C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-1272866869-2122429395-3008059543-1001.job
2015-03-15 17:34 - 2010-03-28 19:09 - 00000000 ____D () C:\Users\Tromm\AppData\Local\SoftThinks
2015-03-15 17:34 - 2010-03-04 14:16 - 00000000 ____D () C:\Users\Default\AppData\Local\SoftThinks
2015-03-15 17:34 - 2010-03-04 14:16 - 00000000 ____D () C:\Users\Default User\AppData\Local\SoftThinks
2015-03-15 17:34 - 2010-03-04 13:58 - 00000000 ____D () C:\Program Files (x86)\Dell DataSafe Local Backup
2015-03-14 22:37 - 2009-07-13 23:45 - 00014256 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-14 22:37 - 2009-07-13 23:45 - 00014256 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-14 22:34 - 2009-07-14 00:13 - 00726270 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-14 22:33 - 2009-07-14 00:10 - 02159707 _____ () C:\Windows\WindowsUpdate.log
2015-03-14 22:30 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-13 22:41 - 2013-08-08 10:23 - 00864256 ___SH () C:\Users\Tromm\Desktop\Thumbs.db
2015-03-13 20:54 - 2009-07-13 22:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2015-03-13 15:40 - 2012-09-01 22:48 - 00000856 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1272866869-2122429395-3008059543-1001Core.job
2015-03-13 08:19 - 2014-09-13 09:17 - 00003950 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{B29F1BB3-29D5-4B99-8DC4-7D628027E3C9}
2015-03-12 15:50 - 2015-02-10 17:02 - 00003484 _____ () C:\Windows\System32\Tasks\PCDEventLauncherTask
2015-03-12 12:40 - 2012-08-26 16:59 - 00002185 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-03-11 10:29 - 2013-11-21 14:06 - 00001027 _____ () C:\Users\Tromm\Desktop\Dropbox.lnk
2015-03-11 10:29 - 2013-11-21 14:04 - 00000000 ____D () C:\Users\Tromm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-03-10 10:22 - 2014-08-27 17:41 - 00000000 ____D () C:\Users\Tromm\Desktop\Miscellanous File
2015-03-09 23:56 - 2014-09-22 13:09 - 00000000 ____D () C:\Users\Tromm\Downloads\Misc File
2015-03-09 22:53 - 2015-01-16 22:47 - 00000000 ____D () C:\Users\Tromm\AppData\Local\300ABEF4-6E7B-4B1E-A9DF-B26C4A6BFE6E.aplzod
2015-03-09 13:49 - 2014-08-22 09:39 - 00003600 _____ () C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-1272866869-2122429395-3008059543-1001
2015-03-04 16:45 - 2010-03-04 13:59 - 00000000 ____D () C:\ProgramData\PCDr
2015-03-03 23:51 - 2013-08-10 18:45 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-03-03 23:45 - 2012-02-05 13:31 - 00002465 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller X.lnk
2015-03-03 23:45 - 2012-02-05 13:31 - 00002453 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat X Pro.lnk
2015-03-03 23:45 - 2012-02-05 13:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe LiveCycle ES2
2015-03-03 19:02 - 2014-08-21 10:24 - 00000000 ____D () C:\ProgramData\Oracle
2015-03-03 19:01 - 2013-03-20 23:23 - 00000000 ____D () C:\Program Files (x86)\Java
2015-03-03 18:58 - 2014-10-18 10:16 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-03-03 18:55 - 2013-03-14 03:02 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-03-03 18:55 - 2013-03-14 03:02 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2015-03-03 18:53 - 2013-03-14 03:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-03-03 17:32 - 2014-10-06 18:11 - 00007153 _____ () C:\Windows\IE11_main.log
2015-03-03 11:19 - 2010-03-04 15:38 - 00601800 _____ () C:\Windows\PFRO.log
2015-03-03 01:43 - 2014-09-24 14:30 - 00000000 ___RD () C:\Users\Lauren\Desktop\English Papers
2015-03-02 14:32 - 2014-09-24 14:21 - 00127824 _____ () C:\Users\Lauren\AppData\Local\GDIPFONTCACHEV1.DAT
2015-03-02 14:04 - 2010-03-28 19:09 - 00127824 _____ () C:\Users\Tromm\AppData\Local\GDIPFONTCACHEV1.DAT
2015-03-02 13:58 - 2009-07-13 23:45 - 00468800 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-27 19:06 - 2015-01-20 13:46 - 00000000 ____D () C:\Program Files (x86)\Microsoft Windows 7 Upgrade Advisor
2015-02-27 19:06 - 2014-09-24 14:20 - 00000000 ____D () C:\Users\Lauren
2015-02-27 19:06 - 2012-02-05 13:21 - 00000000 ____D () C:\Users\Tromm\AppData\Local\Akamai
2015-02-27 19:06 - 2010-03-28 19:09 - 00000000 ____D () C:\Users\Tromm
2015-02-27 19:06 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-02-27 19:06 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\registration
2015-02-27 12:18 - 2015-02-08 01:42 - 00000000 ____D () C:\Users\Tromm\Desktop\Photoshop
2015-02-23 20:56 - 2010-03-28 19:13 - 00000000 ____D () C:\Users\Tromm\AppData\Roaming\Adobe
2015-02-16 14:12 - 2010-10-25 19:53 - 00000000 ____D () C:\Users\Tromm\AppData\Local\Windows Live
2015-02-14 11:04 - 2014-10-02 12:46 - 00000000 ____D () C:\Users\Tromm\Documents\Tax Files

==================== Files in the root of some directories =======

2013-05-25 15:31 - 2013-10-14 12:42 - 0000258 _____ () C:\Users\Tromm\AppData\Roaming\ANICONFIG_{660FC58E-0900-4342-B021-2873F6FA8BE1}.ini
2013-05-25 15:39 - 2013-11-19 17:59 - 0003284 _____ () C:\Users\Tromm\AppData\Roaming\ANIWZCS{660FC58E-0900-4342-B021-2873F6FA8BE1}
2014-10-16 21:47 - 2014-10-16 21:47 - 0000093 _____ () C:\Users\Tromm\AppData\Roaming\ARCompanion.log
2010-04-29 15:48 - 2010-04-29 15:50 - 8658813 _____ () C:\Users\Tromm\AppData\Roaming\DataSafeDotNet.exe
2015-01-17 13:02 - 2015-01-20 13:38 - 0000115 _____ () C:\Users\Tromm\AppData\Roaming\LogFile.txt
2011-06-12 12:16 - 2011-06-19 12:37 - 0012032 ___SH () C:\Users\Tromm\AppData\Local\dmnl8x0wg7864d2gc7ys3jwch87q680g6u3
2011-07-13 18:38 - 2011-08-09 16:48 - 0000000 _____ () C:\Users\Tromm\AppData\Local\Fqaqu.bin
2011-07-13 18:38 - 2011-08-09 16:48 - 0000120 _____ () C:\Users\Tromm\AppData\Local\Qguseyesuba.dat
2010-11-08 21:40 - 2010-11-08 21:40 - 0000017 _____ () C:\Users\Tromm\AppData\Local\resmon.resmoncfg
2011-06-12 12:16 - 2011-06-19 12:37 - 0012032 ___SH () C:\ProgramData\dmnl8x0wg7864d2gc7ys3jwch87q680g6u3
2011-12-30 18:24 - 2011-12-30 18:25 - 0000319 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
ZeroAccess:
C:\Users\Tromm\AppData\Local\Google\Desktop\Install
ZeroAccess:
C:\Program Files (x86)\Google\Desktop\Install

Some content of TEMP:
====================
C:\Users\Tromm\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp9y65ij.dll
C:\Users\Tromm\AppData\Local\Temp\InstallFlashPlayer.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-03-15 00:20

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015
Ran by Tromm at 2015-03-15 17:45:35
Running from C:\Users\Tromm\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: SecureIT Antivirus (Enabled - Up to date) {291887FF-280F-ED84-F703-7F28ACD0749F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: SecureIT Antivirus (Enabled - Up to date) {9279661B-0E35-E20A-CDB3-445AD7573E22}
FW: SecureIT Firewall (Disabled) {112306DA-6260-ECDC-DC5C-D61D520333E4}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Acrobat.com (HKLM-x32\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated)
Acrobat.com (x32 Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Adobe Acrobat X Pro - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000005}) (Version: 10.1.13 - Adobe Systems)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 15.0.0.293 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 2.9.0.465 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Photoshop Lightroom 5.7.1 64-bit (HKLM\...\{BC86B82C-8C0E-4408-9AC1-6B0F2D636963}) (Version: 5.7.1 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Akamai NetSession Interface (HKU\S-1-5-21-1272866869-2122429395-3008059543-1001\...\Akamai) (Version:  - Akamai Technologies, Inc)
ANIWZCS2 Service (HKLM-x32\...\{4C590030-7469-453E-8589-D15DA9D03F52}) (Version:  - )
Apple Application Support (32-bit) (HKLM-x32\...\{2FE00055-C4F3-4F7A-AEDD-E198D54CF12F}) (Version: 3.1.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{28791292-D18D-42FA-AE66-3D3D20AA8618}) (Version: 3.1.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{5ED7462B-EF58-4757-B609-53755021EC34}) (Version: 8.1.0.18 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Ask Toolbar (HKLM-x32\...\{86D4B82A-ABED-442A-BE86-96357B70F4FE}) (Version: 1.15.15.0 - Ask.com) <==== ATTENTION
Ask Toolbar Updater (HKU\S-1-5-21-1272866869-2122429395-3008059543-1001\...\{79A765E1-C399-405B-85AF-466F52E918B0}) (Version: 1.2.4.36191 - Ask.com) <==== ATTENTION
Autodesk Algor Simulation Professional 2011 (HKLM\...\Autodesk Algor Simulation Professional 2011) (Version: 2011.00.00.0111 - Autodesk, Inc.)
Autodesk Algor Simulation Professional 2011 (Version: 2011.00.00.0111 - Autodesk, Inc.) Hidden
Banctec Service Agreement (HKLM-x32\...\{42D68A86-DB1C-4256-B8C9-5D0D92919AF5}) (Version: 2.0.0 - Dell Inc.)
BeFrugal.com Shopping toolbar (HKLM-x32\...\BeFrugal.com Toolbar_is1) (Version: 2013.3.16.9 - BeFrugal.com)
Bing Bar (HKLM-x32\...\{D322A9E3-758B-4D60-A7C4-65C88FD378D0}) (Version: 7.2.241.0 - Microsoft Corporation)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Canon MG6100 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG6100_series) (Version:  - Canon Inc.)
Canon MP Navigator EX 4.0 (HKLM-x32\...\MP Navigator EX 4.0) (Version:  - )
Citrix Online Launcher (HKLM-x32\...\{3D5F07C3-1B93-47F8-9F8A-DE8E47BF1669}) (Version: 1.0.209 - Citrix)
Citrix Receiver (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 14.1.200.13 - Citrix Systems, Inc.)
Citrix ShareFile Sync (HKLM-x32\...\{af06ea67-6e5b-4a49-81dc-b3aea9b43e01}) (Version: 2.13.217.2 - Citrix Systems, Inc.)
Citrix ShareFile Sync (Version: 2.13.217.2 - Citrix Systems, Inc.) Hidden
Coupon Printer for Windows (HKLM-x32\...\Coupon Printer for Windows5.0.1.2) (Version: 5.0.1.2 - Coupons.com Incorporated)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 9.4.60 - Dell)
Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.60 - Dell)
Dell Dock (HKLM\...\{E60B7350-EA5F-41E0-9D6F-E508781E36D2}) (Version: 2.0.0 - Dell)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Dell Remote Access (HKLM-x32\...\{F66A31D9-7831-4FBA-BA02-C411C0047CC5}) (Version: 1.3.0.0 - Dell Inc.)
Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.0.6584.52 - Dell)
DirectXInstallService (x32 Version: 9.0.2 - Roxio) Hidden
D-Link RangeBooster N DWA-140 (HKLM-x32\...\{D7D2F494-89E3-42ED-8A2B-75BDD9B464CB}) (Version:  - D-Link)
Dropbox (HKU\S-1-5-21-1272866869-2122429395-3008059543-1001\...\Dropbox) (Version: 3.2.9 - Dropbox, Inc.)
EMC 10 Content (x32 Version: 1.0.035 - Roxo, Inc.) Hidden
EMCGadgets64 (Version: 1.0.302 - Sonic) Hidden
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 41.0.2272.89 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Talk Plugin (HKLM-x32\...\{C77CC230-7417-3F01-B70D-52583DC9FEC9}) (Version: 5.40.2.0 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6227.252 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
GoToAssist 8.0.0.514 (HKLM-x32\...\GoToAssist) (Version:  - )
GoToMeeting 7.1.2.2417 (HKU\S-1-5-21-1272866869-2122429395-3008059543-1001\...\GoToMeeting) (Version: 7.1.2.2417 - CitrixOnline)
iCloud (HKLM\...\{309768A4-A2BB-4930-A5A2-8169678C9B4C}) (Version: 4.0.6.28 - Apple Inc.)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
iSEEK AnswerWorks English Runtime (HKLM-x32\...\{18A8E78B-9EF2-496E-B310-BCD8E4C1DAB3}) (Version: 010.000.0101 - Vantage Linguistics)
iSEEK AnswerWorks English Runtime (HKLM-x32\...\{9E5A03E3-6246-4920-9630-0527D5DA9B07}) (Version: 009.000.0002 - Vantage Linguistics)
iTunes (HKLM\...\{7B8D4E8A-EA2B-4A71-BFEB-A4AAAB87C5D0}) (Version: 12.1.0.71 - Apple Inc.)
Java 8 Update 40 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISER) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0409-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable - KB2467175 (HKLM-x32\...\{a0fe116e-9a8a-466f-aee0-625cb7c207e3}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{052bac4a-6f79-46d4-a024-1ce1b4f73cd4}) (Version: 8.0.58299 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.9 - NVIDIA Corporation)
Online Plug-in (x32 Version: 14.1.200.13 - Citrix Systems, Inc.) Hidden
PowerDVD DX (HKLM-x32\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 8.3.5424 - CyberLink Corp.)
Quicken 2012 (HKLM-x32\...\{0A1E0BDA-5E8F-436d-8BE5-7E97C5CB899D}) (Version: 21.1.7.18 - Intuit)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5951 - Realtek Semiconductor Corp.)
Roxio Easy CD and DVD Burning (HKLM-x32\...\{537BF16E-7412-448C-95D8-846E85A1D817}) (Version: 10.3 - Roxio)
Roxio File Backup (Version: 1.3.0 - Roxio) Hidden
SecureIT (HKLM\...\SecureIT_is1) (Version: 20140801 - SecurityCoverage, Inc.)
Self-service Plug-in (x32 Version: 4.1.200.588 - Citrix Systems, Inc.) Hidden
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
ShareFile Desktop Widget (HKLM-x32\...\ShareFileDesktop.17AF2FD64D6611D25BF6B31FA23B5F4BC1AA06EC.1) (Version: 2.26.1 - ShareFile, LLC)
ShareFile Desktop Widget (x32 Version: 2.26.1 - ShareFile, LLC) Hidden
Sonic CinePlayer Decoder Pack (x32 Version: 4.3.0 - Sonic Solutions) Hidden
Spelling Dictionaries Support For Adobe Reader 9 (HKLM-x32\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
TelevisionFanatic Toolbar (HKLM-x32\...\TelevisionFanaticbar Uninstall) (Version:  - Mindspark Interactive Network) <==== ATTENTION
Total Tester A+ 2012  Web Demo v6.1.1 (HKLM-x32\...\{E86FA896-BC44-4EFC-8E2D-137053E3FC4E}) (Version: 12.4.0000 - Total Seminars, LLC)
Total Tester A+ 2012 Demo (HKLM-x32\...\{3B1C2CAF-BF10-4B28-A0FA-A6A57B1AB411}) (Version: 12.4.0000 - Total Seminars, LLC)
TurboTax 2009 (HKLM-x32\...\TurboTax 2009) (Version:  - Intuit, Inc)
TurboTax 2010 (HKLM-x32\...\TurboTax 2010) (Version:  - Intuit, Inc)
TurboTax 2011 (HKLM-x32\...\TurboTax 2011) (Version:  - Intuit, Inc)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
VD64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden
Windows 7 Upgrade Advisor (HKLM-x32\...\{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}) (Version: 2.0.5000.0 - Microsoft Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1272866869-2122429395-3008059543-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Tromm\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1272866869-2122429395-3008059543-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Tromm\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-1272866869-2122429395-3008059543-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\Tromm\AppData\Local\Citrix\GoToMeeting\1468\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-1272866869-2122429395-3008059543-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Tromm\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-1272866869-2122429395-3008059543-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Tromm\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1272866869-2122429395-3008059543-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Tromm\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-1272866869-2122429395-3008059543-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Tromm\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1272866869-2122429395-3008059543-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Tromm\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1272866869-2122429395-3008059543-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tromm\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1272866869-2122429395-3008059543-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tromm\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1272866869-2122429395-3008059543-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tromm\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1272866869-2122429395-3008059543-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tromm\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1272866869-2122429395-3008059543-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tromm\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1272866869-2122429395-3008059543-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tromm\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1272866869-2122429395-3008059543-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tromm\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1272866869-2122429395-3008059543-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tromm\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

==================== Restore Points  =========================

10-03-2015 00:35:10 Scheduled Checkpoint
13-03-2015 20:36:23 Installed Microsoft Fix it 50123

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {00E3A2E5-4A05-4A0A-9DF4-18DA18FCDB7D} - System32\Tasks\{48B6E6E4-73C8-43F7-ABF4-93B14150F2ED} => C:\Program Files\SecureIT\bin\bin32\SCManagementConsole.exe [2013-10-21] ()
Task: {0D45C906-66FD-45C1-A60A-F472860DFBFC} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1272866869-2122429395-3008059543-1001UA => C:\Users\Tromm\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-26] (Google Inc.)
Task: {0DC3D9E9-0CA3-4498-9892-632A667CD1FA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-21] (Google Inc.)
Task: {1533AAFA-BEA5-4FFD-BDEA-E9D4C6085065} - System32\Tasks\Scheduled Update for Ask Toolbar => C:\Program Files (x86)\Ask.com\UpdateTask.exe [2013-02-08] () <==== ATTENTION
Task: {2970380F-B837-4092-BC72-BAF681184862} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-21] (Google Inc.)
Task: {3C65E90A-AD4A-40DC-9AC7-1F17E4A5EA89} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1272866869-2122429395-3008059543-1001Core => C:\Users\Tromm\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-26] (Google Inc.)
Task: {485E1A3E-4CA3-47A8-9DB9-359DFE7C54EA} - System32\Tasks\G2MUpdateTask-S-1-5-21-1272866869-2122429395-3008059543-1001 => C:\Users\Tromm\AppData\Local\Citrix\GoToMeeting\2417\g2mupdate.exe [2015-03-09] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {609CBCF1-AEB2-4C8A-B799-0B6313619760} - System32\Tasks\AdobeAAMUpdater-1.0-LENTINI-FAMILY-Tromm => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2014-09-19] (Adobe Systems Incorporated)
Task: {881DFE8A-CFD2-4B88-ACC0-3D5F50B1CBA6} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-05] (Adobe Systems Incorporated)
Task: {AC1EFD8D-1C00-42FC-8A2E-462923E8EEF2} - System32\Tasks\{8F0717B7-D0F9-4F3D-9E61-2EDBBF85AE47} => Chrome.exe http://ui.skype.com/ui/0/6.1.0.129.272/en/abandoninstall?source=lightinstaller&amp;page=tsProgressBar
Task: {CEEB6EB9-556C-453C-B983-84932733C193} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {D3E5CD4D-3B99-4283-852F-921AA732A4C2} - System32\Tasks\{804F0A93-A4F4-4ECF-90E3-55415B9716DE} => Chrome.exe http://ui.skype.com/ui/0/6.1.0.129.272/en/abandoninstall?source=lightinstaller&amp;page=tsMain
Task: {D77F644B-5673-4A7E-B0A0-96AC122511CB} - System32\Tasks\BeFrugal.com Toolbar => C:\Program Files (x86)\Common Files\BeFrugal.com\Toolbar\BFHP.exe [2014-12-17] (Capital Intellect, Inc.)
Task: {E26C1313-D183-4DC6-84B8-FA59AD7FA1B7} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2014-12-01] (Apple Inc.)
Task: {E5838793-8659-46AF-8D4C-CB1A99AEC004} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Dell\SupportAssist\sessionchecker.exe [2015-02-03] (PC-Doctor, Inc.)
Task: {EC82080C-6D4B-403F-99BE-77DB70FD27FF} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell\SupportAssist\uaclauncher.exe [2015-02-03] (PC-Doctor, Inc.)
Task: {F145E147-8632-42BB-B669-21D1F3D2B1C7} - System32\Tasks\{23118F40-2DD9-4D7E-9BA8-0FC970E181EB} => C:\Users\Tromm\Desktop\Adobe Acrobat X\WindowsInstaller-KB893803-v2-x86.exe [2010-10-25] (Microsoft Corporation)
Task: {F5E7F3EA-D2A4-49D5-A484-87FE6BC3DEFE} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\BeFrugal.com Toolbar.job => C:\Program Files (x86)\Common Files\BeFrugal.com\Toolbar\BFHP.exe9C:\Program Files (x86)\Common Files\BeFrugal.com\ToolbarBeFrugal.com
Task: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-1272866869-2122429395-3008059543-1001.job => C:\Users\Tromm\AppData\Local\Citrix\GoToMeeting\2417\g2mupdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1272866869-2122429395-3008059543-1001Core.job => C:\Users\Tromm\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1272866869-2122429395-3008059543-1001UA.job => C:\Users\Tromm\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

2013-05-25 15:30 - 2009-07-07 20:10 - 00151552 _____ () C:\Windows\SysWOW64\ANIWConnService.exe
2015-01-20 23:35 - 2015-01-20 23:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-01-20 23:35 - 2015-01-20 23:35 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-08-23 15:31 - 2014-08-23 15:19 - 00243712 _____ () C:\Program Files\SecureIT\bin\bdfltlib.dll
2014-08-23 15:31 - 2014-08-23 15:19 - 00156936 _____ () C:\Program Files\SecureIT\bin\bdfwcore.dll
2014-08-23 15:31 - 2010-10-06 20:22 - 00816640 _____ () C:\Program Files\SecureIT\database\x64\antispam\ashttpbr.mdl
2014-08-23 15:31 - 2010-10-06 20:22 - 00633344 _____ () C:\Program Files\SecureIT\database\x64\antispam\ashttpdsp.mdl
2014-08-23 15:31 - 2010-10-06 20:22 - 02551808 _____ () C:\Program Files\SecureIT\database\x64\antispam\ashttpf.mdl
2014-08-23 15:31 - 2010-10-06 20:22 - 02552832 _____ () C:\Program Files\SecureIT\database\x64\antispam\ashttpfr.mdl
2014-08-23 15:31 - 2010-10-06 20:22 - 02438144 _____ () C:\Program Files\SecureIT\database\x64\antispam\ashttpph.mdl
2014-08-23 15:31 - 2010-10-06 20:22 - 00916992 _____ () C:\Program Files\SecureIT\database\x64\antispam\ashttprbl.mdl
2014-12-19 16:57 - 2014-12-19 16:57 - 01039008 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
2014-10-30 17:33 - 2014-10-30 17:33 - 00289608 _____ () C:\Program Files\Citrix\ShareFile\Sync\libSFSyncEngine64.dll
2014-10-30 17:33 - 2014-10-30 17:33 - 00140104 _____ () C:\Program Files\Citrix\ShareFile\Sync\libSFIPC64.dll
2014-08-23 15:31 - 2013-10-10 12:53 - 05219696 _____ () C:\Program Files\SecureIT\bin\bin32\SCControlPanel.exe
2010-03-04 13:58 - 2011-08-18 11:05 - 02751808 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
2013-02-14 04:30 - 2013-02-14 04:30 - 00472576 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_64\VistaBridgeLibrary\009f9ab4705eb4c48a2aeb5433dfb430\VistaBridgeLibrary.ni.dll
2014-12-19 16:57 - 2014-12-19 16:57 - 05979808 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
2010-04-02 18:52 - 2010-04-02 18:52 - 00854016 _____ () C:\Windows\assembly\GAC_32\System.Data.SQLite\1.0.61.0__db937bc2d44ff139\System.Data.SQLite.dll
2010-04-02 18:52 - 2010-04-02 18:52 - 00471040 _____ () C:\Windows\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\5.0.104.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Reporter.dll
2011-01-04 20:09 - 2011-01-04 20:09 - 00476520 _____ () C:\Windows\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\5.0.136.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Reporter.dll
2014-08-23 15:31 - 2011-02-25 21:47 - 01533899 _____ () C:\Program Files\SecureIT\bin\bin32\libeay32.dll
2014-08-23 15:31 - 2011-02-25 21:47 - 00314053 _____ () C:\Program Files\SecureIT\bin\bin32\ssleay32.dll
2014-10-30 17:33 - 2014-10-30 17:33 - 00246088 _____ () C:\Program Files\Citrix\ShareFile\Sync\libSFSyncEngine.dll
2014-10-30 17:33 - 2014-10-30 17:33 - 00114504 _____ () C:\Program Files\Citrix\ShareFile\Sync\libSFIPC.dll
2015-01-20 23:35 - 2015-01-20 23:35 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2015-03-04 17:08 - 2015-03-04 17:08 - 00750080 _____ () C:\Users\Tromm\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-03-15 17:35 - 2015-03-15 17:35 - 00043008 _____ () c:\users\tromm\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp9y65ij.dll
2015-03-04 17:08 - 2015-03-04 17:08 - 00047616 _____ () C:\Users\Tromm\AppData\Roaming\Dropbox\bin\libEGL.dll
2015-03-04 17:08 - 2015-03-04 17:08 - 00865280 _____ () C:\Users\Tromm\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2015-03-04 17:07 - 2015-03-04 17:07 - 00200704 _____ () C:\Users\Tromm\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2013-05-25 15:30 - 2009-06-01 14:23 - 00315392 _____ () C:\Program Files (x86)\ANI\ANIWZCS2 Service\ANIOApi.dll
2013-05-25 15:29 - 2009-06-01 14:23 - 00315392 _____ () C:\Program Files (x86)\D-Link\DWA-140 revB\ANIOApi.dll
2015-01-07 22:27 - 2015-01-07 22:27 - 36730032 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CEF\libcef.dll
2014-10-30 17:33 - 2014-10-30 17:33 - 00639080 _____ () C:\Program Files\Citrix\ShareFile\Sync\sqlite3.DLL
2014-10-30 17:33 - 2014-10-30 17:33 - 00114504 _____ () C:\Program Files\Citrix\ShareFile\Sync\libSfIpc.dll
2015-01-07 22:27 - 2015-01-07 22:27 - 00746160 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CEF\libglesv2.dll
2015-01-07 22:27 - 2015-01-07 22:27 - 00136368 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CEF\libegl.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1272866869-2122429395-3008059543-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Tromm\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
DNS Servers: 66.90.130.101 - 216.82.201.11

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: CouponPrinterService => 2
MSCONFIG\startupreg: BFHP => C:\Program Files (x86)\Common Files\BeFrugal.com\Toolbar\BFHP.exe

==================== Accounts: =============================

Administrator (S-1-5-21-1272866869-2122429395-3008059543-500 - Administrator - Disabled)
Guest (S-1-5-21-1272866869-2122429395-3008059543-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1272866869-2122429395-3008059543-1004 - Limited - Enabled)
Lauren (S-1-5-21-1272866869-2122429395-3008059543-1005 - Limited - Enabled) => C:\Users\Lauren
Tromm (S-1-5-21-1272866869-2122429395-3008059543-1001 - Administrator - Enabled) => C:\Users\Tromm

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (03/13/2015 10:58:00 PM) (Source: Application Error) (EventID: 1005) (User: )
Description: Windows cannot access the file  for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program F-Secure BlackLight because of this error.

Program: F-Secure BlackLight
File:

The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
 - It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
 - It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.

Additional Data
Error value: 00000000
Disk type: 0

Error: (03/13/2015 10:58:00 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: fsbl.exe, version: 2.2.1092.0, time stamp: 0x48a543e2
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000096
Fault offset: 0x000cfe98
Faulting process id: 0x3b74
Faulting application start time: 0xfsbl.exe0
Faulting application path: fsbl.exe1
Faulting module path: fsbl.exe2
Report Id: fsbl.exe3

Error: (03/13/2015 10:57:35 PM) (Source: Application Error) (EventID: 1005) (User: )
Description: Windows cannot access the file  for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program F-Secure BlackLight because of this error.

Program: F-Secure BlackLight
File:

The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
 - It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
 - It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.

Additional Data
Error value: 00000000
Disk type: 0

Error: (03/13/2015 10:57:35 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: fsbl.exe, version: 2.2.1092.0, time stamp: 0x48a543e2
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000096
Fault offset: 0x000cfe98
Faulting process id: 0x3bc4
Faulting application start time: 0xfsbl.exe0
Faulting application path: fsbl.exe1
Faulting module path: fsbl.exe2
Report Id: fsbl.exe3

Error: (03/13/2015 10:52:35 PM) (Source: Application Error) (EventID: 1005) (User: )
Description: Windows cannot access the file  for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program F-Secure BlackLight because of this error.

Program: F-Secure BlackLight
File:

The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
 - It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
 - It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.

Additional Data
Error value: 00000000
Disk type: 0

Error: (03/13/2015 10:52:35 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: fsbl.exe, version: 2.2.1092.0, time stamp: 0x48a543e2
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000096
Fault offset: 0x000cfe98
Faulting process id: 0x968
Faulting application start time: 0xfsbl.exe0
Faulting application path: fsbl.exe1
Faulting module path: fsbl.exe2
Report Id: fsbl.exe3

Error: (03/13/2015 10:50:21 PM) (Source: Application Error) (EventID: 1005) (User: )
Description: Windows cannot access the file  for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program F-Secure BlackLight because of this error.

Program: F-Secure BlackLight
File:

The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
 - It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
 - It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.

Additional Data
Error value: 00000000
Disk type: 0

Error: (03/13/2015 10:50:21 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: fsbl.exe, version: 2.2.1092.0, time stamp: 0x48a543e2
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000096
Fault offset: 0x000cfe98
Faulting process id: 0x30d8
Faulting application start time: 0xfsbl.exe0
Faulting application path: fsbl.exe1
Faulting module path: fsbl.exe2
Report Id: fsbl.exe3

Error: (03/13/2015 10:50:00 PM) (Source: Application Error) (EventID: 1005) (User: )
Description: Windows cannot access the file  for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program F-Secure BlackLight because of this error.

Program: F-Secure BlackLight
File:

The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
 - It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
 - It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.

Additional Data
Error value: 00000000
Disk type: 0

Error: (03/13/2015 10:50:00 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: fsbl.exe, version: 2.2.1092.0, time stamp: 0x48a543e2
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000096
Fault offset: 0x000cfe98
Faulting process id: 0x3ba4
Faulting application start time: 0xfsbl.exe0
Faulting application path: fsbl.exe1
Faulting module path: fsbl.exe2
Report Id: fsbl.exe3

System errors:
=============
Error: (03/15/2015 05:35:06 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.

Error: (03/15/2015 05:34:49 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error:
%%-2147024891

Error: (03/15/2015 05:34:49 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error:
%%-2147024891

Error: (03/14/2015 10:30:12 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
RxFilter

Error: (03/14/2015 10:30:11 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Defender service terminated with the following error:
%%126

Error: (03/14/2015 10:30:11 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Computer Browser service terminated with the following error:
%%1060

Error: (03/14/2015 10:30:11 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The SessionLauncher service failed to start due to the following error:
%%2

Error: (03/14/2015 10:30:11 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.

Error: (03/14/2015 10:30:11 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The McAfee SiteAdvisor Service service failed to start due to the following error:
%%2

Error: (03/14/2015 10:30:11 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.

Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Processor: Intel® Core™ i7 CPU 920 @ 2.67GHz
Percentage of memory in use: 39%
Total physical RAM: 6134.99 MB
Available physical RAM: 3738.38 MB
Total Pagefile: 12268.11 MB
Available Pagefile: 9084.68 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:922.35 GB) (Free:821.94 GB) NTFS
Drive d: (AEM_ECP2T_v9.0) (CDROM) (Total:0.13 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 9974F6BF)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=9.1 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=922.3 GB) - (Type=07 NTFS)



#4 DaisyComet

DaisyComet
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:04:08 PM

Posted 15 March 2015 - 05:54 PM

Thank you Jürgen for your help :-)



#5 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:11:08 PM

Posted 16 March 2015 - 02:49 AM

You are welcome. Please post the complete FRST.txt log.
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#6 DaisyComet

DaisyComet
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:04:08 PM

Posted 16 March 2015 - 12:56 PM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by Tromm (administrator) on LENTINI-FAMILY on 15-03-2015 17:44:56
Running from C:\Users\Tromm\Desktop
Loaded Profiles: Tromm (Available profiles: Tromm & Lauren)
Platform: Windows 7 Professional (X64) OS Language: English (United States)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(SecurityCoverage, Inc.) C:\Program Files\SecureIT\bin\SCManager.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
() C:\Windows\SysWOW64\ANIWConnService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(ShareFile) C:\Program Files\Citrix\ShareFile\Sync\SyncUpdateService.exe
(Dell Inc.) C:\Program Files (x86)\Common Files\Dell\Advanced Networking Service\hnm_svc.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
(COMPANYVERS_NAME) C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64barsvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(SecurityCoverage, Inc.) C:\Program Files\SecureIT\bin\SCFileMonitor.exe
(SecurityCoverage, Inc.) C:\Program Files\SecureIT\bin\SCFirewall.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler64.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\SeaPort.EXE
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Capital Intellect, Inc.) C:\Program Files (x86)\Common Files\BeFrugal.com\Toolbar\BFHP.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
() C:\Program Files\SecureIT\bin\bin32\SCControlPanel.exe
(ShareFile) C:\Program Files\Citrix\ShareFile\Sync\ShareFileSyncMonitor.exe
() C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Akamai Technologies, Inc.) C:\Users\Tromm\AppData\Local\Akamai\netsession_win.exe
(Akamai Technologies, Inc.) C:\Users\Tromm\AppData\Local\Akamai\netsession_win.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Dell Inc.) C:\Program Files (x86)\Dell Remote Access\ezi_ra.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DellDock.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
(Ask) C:\Program Files (x86)\Ask.com\Updater\Updater.exe
(Dropbox, Inc.) C:\Users\Tromm\AppData\Roaming\Dropbox\bin\Dropbox.exe
(VER_COMPANY_NAME) C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64brmon.exe
(Wireless Service) C:\Program Files (x86)\ANI\ANIWZCS2 Service\WZCSLDR2.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(D-Link Corp.) C:\Program Files (x86)\D-Link\DWA-140 revB\AirNCFG.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\redirector.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(ShareFile) C:\Program Files\Citrix\ShareFile\Sync\SyncEngine.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\Receiver\Receiver.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
() C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8158240 2009-10-02] (Realtek Semiconductor)
HKLM\...\Run: [IAAnotif] => C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-04] (Intel Corporation)
HKLM\...\Run: [SecureIT Control Panel] => C:\Program Files\SecureIT\bin\bin32\SCControlPanel.exe [5219696 2013-10-10] ()
HKLM\...\Run: [Citrix ShareFile Sync Monitor] => C:\Program Files\Citrix\ShareFile\Sync\ShareFileSyncMonitor.exe [814920 2014-10-30] (ShareFile)
HKLM\...\Run: [Citrix ShareFile Sync Session Agent] => C:\Program Files\Citrix\ShareFile\Sync\SyncSessionAgent.exe [680264 2014-10-30] (© Citrix Systems, Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [557768 2014-09-19] (Adobe Systems Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-01-27] (Apple Inc.)
HKLM-x32\...\Run: [PDVDDXSrv] => C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe [140520 2009-06-24] (CyberLink Corp.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [41360 2014-12-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [840592 2014-12-03] (Adobe Systems Inc.)
HKLM-x32\...\Run: [ApnUpdater] => C:\Program Files (x86)\Ask.com\Updater\Updater.exe [1644680 2013-02-08] (Ask)
HKLM-x32\...\Run: [TelevisionFanatic Search Scope Monitor] => C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64SrchMn.exe [42536 2013-02-25] (MindSpark)
HKLM-x32\...\Run: [TelevisionFanatic Browser Plugin Loader] => C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64brmon.exe [30096 2013-02-25] (VER_COMPANY_NAME)
HKLM-x32\...\Run: [ANIWZCS2Service] => C:\Program Files (x86)\ANI\ANIWZCS2 Service\WZCSLDR2.exe [98304 2009-08-21] (Wireless Service)
HKLM-x32\...\Run: [D-Link D-Link RangeBooster N DWA-140] => C:\Program Files (x86)\D-Link\DWA-140 revB\AirNCFG.exe [1708032 2009-09-18] (D-Link Corp.)
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [395616 2014-09-03] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [Redirector] => C:\Program Files (x86)\Citrix\ICA Client\redirector.exe [153952 2014-09-03] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2694320 2015-01-07] (Adobe Systems Incorporated)
HKLM-x32\...\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] => C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe [559616 2011-10-16] (Dell)
HKLM-x32\...\runonceex: [ContentMerger] => c:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\ContentMerger10.exe [19952 2009-06-26] (Sonic Solutions)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-1272866869-2122429395-3008059543-1001\...\Run: [ctfmon.exe] => C:\WINDOWS\system32\ctfmon.exe [9728 2009-07-13] (Microsoft Corporation)
HKU\S-1-5-21-1272866869-2122429395-3008059543-1001\...\Run: [Akamai NetSession Interface] => C:\Users\Tromm\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-30] (Akamai Technologies, Inc.)
HKU\S-1-5-21-1272866869-2122429395-3008059543-1001\...\Run: [Adobe Acrobat Synchronizer] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\AdobeCollabSync.exe [1104288 2014-12-03] (Adobe Systems Incorporated)
HKU\S-1-5-21-1272866869-2122429395-3008059543-1001\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-08-26] (Google Inc.)
HKU\S-1-5-21-1272866869-2122429395-3008059543-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2014-11-21] (Apple Inc.)
HKU\S-1-5-21-1272866869-2122429395-3008059543-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-10-17] (Apple Inc.)
HKU\S-1-5-21-1272866869-2122429395-3008059543-1001\...\Run: [Google Update] => C:\Users\Tromm\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-08-26] (Google Inc.)
HKU\S-1-5-21-1272866869-2122429395-3008059543-1001\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-1272866869-2122429395-3008059543-1001\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-1272866869-2122429395-3008059543-1001\...\MountPoints2: {659e8eb8-529e-11df-bc46-a4badbf93918} - E:\LaunchU3.exe -a
HKU\S-1-5-21-1272866869-2122429395-3008059543-1001\...\MountPoints2: {e7f721a1-27cd-11df-9901-806e6f6e6963} - D:\autorun.exe
HKU\S-1-5-21-1272866869-2122429395-3008059543-1001\...\Winlogon: [Shell] C:\Windows\Explorer.exe [2870272 2011-02-26] (Microsoft Corporation) <==== ATTENTION
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Dell Remote Access.lnk
ShortcutTarget: Dell Remote Access.lnk -> c:\Windows\Installer\{F66A31D9-7831-4FBA-BA02-C411C0047CC5}\NewShortcut4_F66A31D978314FBABA02C411C0047CC5.exe (Acresso Software Inc.)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Lauren\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Tromm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Tromm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Tromm\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [0SFErrorOverlayIcon] -> {35F9FE7F-FE61-4B37-BEA6-28655A9E8C3F} => C:\Program Files\Citrix\ShareFile\Sync\ShareFileExplorerExt64.dll (© Citrix Systems, Inc.)
ShellIconOverlayIdentifiers: [0SFInProgressIcon] -> {BE078C89-F84B-423E-971B-7FC17861B57C} => C:\Program Files\Citrix\ShareFile\Sync\ShareFileExplorerExt64.dll (© Citrix Systems, Inc.)
ShellIconOverlayIdentifiers: [0SFInSyncOverlayIcon] -> {0050432A-27F4-43B0-872A-4C68EB384CC1} => C:\Program Files\Citrix\ShareFile\Sync\ShareFileExplorerExt64.dll (© Citrix Systems, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tromm\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tromm\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tromm\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tromm\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [0SFErrorOverlayIcon] -> {35F9FE7F-FE61-4B37-BEA6-28655A9E8C3F} => C:\Program Files\Citrix\ShareFile\Sync\ShareFileExplorerExt.dll (© Citrix Systems, Inc.)
ShellIconOverlayIdentifiers-x32: [0SFInProgressIcon] -> {BE078C89-F84B-423E-971B-7FC17861B57C} => C:\Program Files\Citrix\ShareFile\Sync\ShareFileExplorerExt.dll (© Citrix Systems, Inc.)
ShellIconOverlayIdentifiers-x32: [0SFInSyncOverlayIcon] -> {0050432A-27F4-43B0-872A-4C68EB384CC1} => C:\Program Files\Citrix\ShareFile\Sync\ShareFileExplorerExt.dll (© Citrix Systems, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tromm\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tromm\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tromm\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyServer: [.DEFAULT] => http=127.0.0.1:57677
ProxyServer: [S-1-5-21-1272866869-2122429395-3008059543-1001] => http=127.0.0.1:57677
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-1272866869-2122429395-3008059543-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.professormesser.com/
HKU\S-1-5-21-1272866869-2122429395-3008059543-1001\Software\Microsoft\Internet Explorer\Main,Old Start Page = https://owa.inscompanies.org/owa/auth/logon.aspx?replaceCurrent=1&url=https%3a%2f%2fowa.inscompanies.org%2fowa%2f
URLSearchHook: HKU\S-1-5-21-1272866869-2122429395-3008059543-1001 - UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
URLSearchHook: HKU\S-1-5-21-1272866869-2122429395-3008059543-1001 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
URLSearchHook: HKU\S-1-5-21-1272866869-2122429395-3008059543-1001 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
URLSearchHook: HKU\S-1-5-21-1272866869-2122429395-3008059543-1001 - (No Name) - {0696f815-a3a9-490a-bb14-9ec3350b1276} - C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64SrcAs.dll (MindSpark)
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {68549DD2-987E-45FD-BE3D-F549D22E651D} URL = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {110a9ea2-8810-4c04-b916-cfd4e9427fec} URL = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZXxdm003YYus&ptnrS=ZXxdm003YYus&si=CNiqoPGIr7ICFSlgTAodjTUAqw&ptb=86DB6BF7-24F2-439B-A2F0-1B63E6A89411&ind=2012091123&n=77ee12f3&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKLM-x32 -> {44737395-CFEE-46F5-9A82-4EDA8909F9FE} URL = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {a5b9c0f5-5616-47cd-a95f-e43b488faccf} URL = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?p2=^XP^xdm259^YY^us&si=82496&ptb=80D52464-20BF-4FE2-B380-E2657FF74C53&psa=&ind=2014102808&st=sb&n=780cc518&searchfor={searchTerms}
SearchScopes: HKU\S-1-5-21-1272866869-2122429395-3008059543-1001 -> DefaultScope {44737395-CFEE-46F5-9A82-4EDA8909F9FE} URL = http://www.bing.com/search?FORM=WLETDF&PC=WLEM&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1272866869-2122429395-3008059543-1001 -> {110a9ea2-8810-4c04-b916-cfd4e9427fec} URL = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZXxdm003YYus&ptnrS=ZXxdm003YYus&si=CNiqoPGIr7ICFSlgTAodjTUAqw&ptb=86DB6BF7-24F2-439B-A2F0-1B63E6A89411&ind=2012091123&n=77ee12f3&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKU\S-1-5-21-1272866869-2122429395-3008059543-1001 -> {1FC88C49-3156-4758-8C6B-CEDA93144BBE} URL = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=TV&apn_dtid=OSJ000YYUS&apn_uid=283BC273-511C-4D94-8EFB-042CE49E1BE6&apn_sauid=34241C68-F2A0-4B7B-828B-E8FCFA57EEE9
SearchScopes: HKU\S-1-5-21-1272866869-2122429395-3008059543-1001 -> {44737395-CFEE-46F5-9A82-4EDA8909F9FE} URL = http://www.bing.com/search?FORM=WLETDF&PC=WLEM&q={searchTerms}&src=IE-SearchBox
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-02] (Google Inc.)
BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2014-06-30] (McAfee, Inc.)
BHO-x32: Bing Bar Helper -> {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} -> C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BingExt.dll [2013-07-23] (Microsoft Corporation.)
BHO-x32: BeFrugalIEHelper -> {2335A057-CBA6-40F6-A712-C6A7C98F7813} -> C:\Program Files (x86)\Common Files\BeFrugal.com\Toolbar\BFTB.dll [2014-12-17] (Capital Intellect, Inc.)
BHO-x32: Search Assistant BHO -> {5d79f641-c168-40df-a32f-bacea7509e75} -> C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64SrcAs.dll [2013-02-25] (MindSpark)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll [2015-03-03] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll [2012-03-08] (Microsoft Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-02] (Google Inc.)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2014-12-03] (Adobe Systems Incorporated)
BHO-x32: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2014-06-30] (McAfee, Inc.)
BHO-x32: Toolbar BHO -> {cb41fc95-f1b3-4797-8bb6-1012ff62abba} -> C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64bar.dll [2013-02-25] (MindSpark)
BHO-x32: Ask Toolbar -> {D4027C7F-154A-4066-A1AD-4243D8127440} -> C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll [2013-02-08] (Ask)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-03-03] (Oracle Corporation)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2014-12-03] (Adobe Systems Incorporated)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2014-06-30] (McAfee, Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-02] (Google Inc.)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2014-12-03] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2014-06-30] (McAfee, Inc.)
Toolbar: HKLM-x32 - Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll [2013-02-08] (Ask)
Toolbar: HKLM-x32 - TelevisionFanatic - {c98d5b61-b0ea-4d48-9839-1079d352d880} - C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64bar.dll [2013-02-25] (MindSpark)
Toolbar: HKLM-x32 - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BingExt.dll [2013-07-23] (Microsoft Corporation.)
Toolbar: HKLM-x32 - BeFrugal.com Shopping toolbar - {5BA2C4EE-42EF-4E2D-88BE-7271AE4E35B7} - C:\Program Files (x86)\Common Files\BeFrugal.com\Toolbar\BFTB.dll [2014-12-17] (Capital Intellect, Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-02] (Google Inc.)
Toolbar: HKU\S-1-5-21-1272866869-2122429395-3008059543-1001 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKU\S-1-5-21-1272866869-2122429395-3008059543-1001 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Toolbar: HKU\S-1-5-21-1272866869-2122429395-3008059543-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-02] (Google Inc.)
Toolbar: HKU\S-1-5-21-1272866869-2122429395-3008059543-1001 -> No Name - {C98D5B61-B0EA-4D48-9839-1079D352D880} -  No File
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2014-06-30] (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2014-06-30] (McAfee, Inc.)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2014-06-30] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2014-06-30] (McAfee, Inc.)
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-09-03] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-09-03] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-09-03] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-09-03] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-09-03] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-09-03] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-09-03] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-09-03] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-09-03] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-09-03] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-09-03] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-09-03] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-09-03] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-09-03] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-09-03] (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-09-03] (Citrix Systems, Inc.)
Winsock: Catalog5 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 02 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog5-x64 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 02 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Tcpip\Parameters: [DhcpNameServer] 66.90.130.101 216.82.201.11

FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect_x86_64 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2015-01-07] (Adobe Systems)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll [2014-09-03] (Citrix Systems, Inc.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-03] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-03] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @TelevisionFanatic.com/Plugin -> C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\NP64Stub.dll [2013-02-25] (MindSpark)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-03] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-03] (Google Inc.)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2015-01-07] (Adobe Systems)
FF Plugin HKU\S-1-5-21-1272866869-2122429395-3008059543-1001: @citrixonline.com/appdetectorplugin -> C:\Users\Tromm\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2014-08-22] (Citrix Online)
FF Plugin HKU\S-1-5-21-1272866869-2122429395-3008059543-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\Tromm\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-01-27] (Google)
FF Plugin HKU\S-1-5-21-1272866869-2122429395-3008059543-1001: @talk.google.com/O1DPlugin -> C:\Users\Tromm\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-01-27] (Google)
FF Plugin HKU\S-1-5-21-1272866869-2122429395-3008059543-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Tromm\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)
FF Plugin HKU\S-1-5-21-1272866869-2122429395-3008059543-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Tromm\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Tromm\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-01-27] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Tromm\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-01-27] (Google)
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012-02-05]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2012-06-25]
FF HKLM-x32\...\Firefox\Extensions: [64ffxtbr@TelevisionFanatic.com] - C:\Program Files (x86)\TelevisionFanatic\bar\1.bin
FF Extension: TelevisionFanatic - C:\Program Files (x86)\TelevisionFanatic\bar\1.bin [2013-02-25]
FF HKU\S-1-5-21-1272866869-2122429395-3008059543-1001\...\Firefox\Extensions: [{E1FEFA19-BC67-46AC-96A8-B2B3A2C60177}] - C:\Users\Tromm\AppData\Local\{E1FEFA19-BC67-46AC-96A8-B2B3A2C60177}
FF Extension: XULRunner - C:\Users\Tromm\AppData\Local\{E1FEFA19-BC67-46AC-96A8-B2B3A2C60177} [2011-07-13]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR DefaultSearchKeyword: Default -> ask.com
CHR DefaultSearchURL: Default -> http://websearch.ask.com/redirect?client=cr&src=kw&tb=ORJ&o=&locale=&apn_uid=283BC273-511C-4D94-8EFB-042CE49E1BE6&apn_ptnrs=TV&apn_sauid=34241C68-F2A0-4B7B-828B-E8FCFA57EEE9&apn_dtid=OSJ000YYUS&q={searchTerms}
CHR DefaultSuggestURL: Default -> http://ss.websearch.ask.com/query?qsrc=2922&li=ff&sstype=prefix&q={searchTerms}
CHR Profile: C:\Users\Tromm\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (MSN Homepage & Bing Search Engine) - C:\Users\Tromm\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcfenmboojpjinhpgggodefccipikbpd [2015-01-20]
CHR Extension: (SiteAdvisor) - C:\Users\Tromm\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2012-08-30]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Tromm\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-12]
CHR Extension: (Google Wallet) - C:\Users\Tromm\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-01]
CHR HKU\S-1-5-21-1272866869-2122429395-3008059543-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2014-08-22]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ANIWConnService; C:\Windows\SysWOW64\ANIWConnService.exe [151552 2009-07-07] () [File not signed]
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-20] (Apple Inc.)
S4 BeFrugal.com Service; C:\Program Files (x86)\Common Files\BeFrugal.com\Toolbar\befrgl.exe [549920 2014-12-17] (Capital Intellect, Inc.)
S4 CouponPrinterService; C:\Program Files (x86)\Coupons\CouponPrinterService.exe [177648 2014-09-05] (Coupons.com Inc.)
S3 ctxSharefile; C:\Program Files\Citrix\ShareFile\Sync\SyncService.exe [508232 2014-10-30] (ShareFile)
R2 ctxShareFileSyncUpdate; C:\Program Files\Citrix\ShareFile\Sync\SyncUpdateService.exe [78152 2014-10-30] (ShareFile)
R2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [155648 2009-06-09] (Stardock Corporation) [File not signed]
R3 SecureIT2011FileMonitor; C:\Program Files\SecureIT\bin\SCFileMonitor.exe [205072 2014-02-05] (SecurityCoverage, Inc.)
R3 SecureIT2011Firewall; C:\Program Files\SecureIT\bin\SCFirewall.exe [143120 2014-02-05] (SecurityCoverage, Inc.)
R2 SecureIT2011Manager; C:\Program Files\SecureIT\bin\SCManager.exe [855784 2014-02-05] (SecurityCoverage, Inc.)
R2 TelevisionFanaticService; C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64barsvc.exe [42504 2013-02-25] (COMPANYVERS_NAME)
S2 McAfee SiteAdvisor Service; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [X]
S4 McMPFSvc; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [X]
S2 SessionLauncher; c:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [X]
S2 WinDefend; %ProgramFiles(x86)%\Windows Defender\mpsvc.dll [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 anodlwf; C:\Windows\System32\DRIVERS\anodlwfx.sys [15872 2009-03-06] ()
R1 BdfNdisf; c:\program files\secureit\bin\bdfndisf6.sys [93160 2014-08-23] (BitDefender LLC)
R3 bdfsfltr; C:\Windows\System32\DRIVERS\bdfsfltr.sys [431176 2014-08-23] (BitDefender)
R1 bdfwfpf; C:\Program Files\SecureIT\bin\bdfwfpf.sys [107080 2014-08-23] (BitDefender LLC)
S3 netr28ux; C:\Windows\System32\DRIVERS\Dnetr28ux.sys [987648 2009-08-05] (Ralink Technology Corp.)
S1 RxFilter; C:\Windows\SysWOW64\DRIVERS\RxFilter.sys [65520 2009-06-26] (Sonic Solutions)
R3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [329800 2014-08-23] (BitDefender S.R.L.)
S3 upmjit; C:\Windows\System32\DRIVERS\upmjit.sys [99560 2014-09-19] (Citrix Systems, Inc.)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-15 17:44 - 2015-03-15 17:45 - 00038297 _____ () C:\Users\Tromm\Desktop\FRST.txt
2015-03-15 17:44 - 2015-03-15 17:44 - 02095616 _____ (Farbar) C:\Users\Tromm\Desktop\FRST64.exe
2015-03-15 17:44 - 2015-03-15 17:44 - 00000000 ____D () C:\FRST
2015-03-13 21:20 - 2015-03-14 22:30 - 00000112 _____ () C:\Windows\setupact.log
2015-03-13 21:20 - 2015-03-13 21:20 - 00000000 _____ () C:\Windows\setuperr.log
2015-03-13 20:20 - 2015-03-13 20:25 - 564744309 _____ () C:\Users\Tromm\Downloads\Windows6.1-KB947821-v34-x64.msu
2015-03-04 17:18 - 2015-03-04 17:18 - 00253278 _____ () C:\Users\Tromm\Downloads\Test Event Logs - Extended System Test.html
2015-03-03 23:45 - 2015-03-03 23:45 - 00002028 _____ () C:\Users\Public\Desktop\Adobe Acrobat X Pro.lnk
2015-03-03 18:53 - 2015-03-03 18:53 - 13087456 _____ (Microsoft Corporation) C:\Users\Tromm\Downloads\Silverlight_x64.exe
2015-03-03 17:41 - 2015-03-03 17:41 - 06431728 _____ (Microsoft Corporation) C:\Users\Tromm\Downloads\OSGS14-WindowsUpgradeAssistant-32bitand64bit-ClientSKU-4141411.exe
2015-03-03 17:31 - 2015-03-03 17:31 - 58130592 _____ (Microsoft Corporation) C:\Users\Tromm\Downloads\EIE11_EN-US_WOL_WIN764.EXE
2015-03-03 16:37 - 2015-03-03 16:37 - 00003160 _____ () C:\Windows\System32\Tasks\{804F0A93-A4F4-4ECF-90E3-55415B9716DE}
2015-03-02 13:54 - 2015-03-02 13:54 - 00000000 ____D () C:\Users\Tromm\AppData\Local\{1EE75EEA-F34C-418F-863D-D12C7EFFB9F2}
2015-03-02 13:53 - 2015-03-02 13:54 - 50230019 _____ (Total Seminars, LLC ) C:\Users\Tromm\Downloads\aplus_demo_2012.exe
2015-03-02 00:16 - 2015-02-27 12:21 - 00300444 _____ () C:\Users\Tromm\Documents\The Siberian crater saga is more widespread — and scarier — than anyone thought.mht
2015-02-23 21:12 - 2015-03-13 21:21 - 00000000 ____D () C:\Users\Tromm\Desktop\k
2015-02-23 20:56 - 2015-02-23 20:56 - 00000000 ____D () C:\Users\Tromm\Documents\Adobe
2015-02-16 14:11 - 2015-02-16 14:12 - 00000000 ____D () C:\Users\Tromm\AppData\Local\{7C2C591C-B58B-476C-8F77-512390BBF0F3}

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-15 17:40 - 2012-09-01 22:48 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1272866869-2122429395-3008059543-1001UA.job
2015-03-15 17:39 - 2012-08-26 16:58 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-15 17:35 - 2013-11-21 14:06 - 00000000 ___RD () C:\Users\Tromm\Dropbox
2015-03-15 17:35 - 2013-11-21 14:04 - 00000000 ____D () C:\Users\Tromm\AppData\Roaming\Dropbox
2015-03-15 17:35 - 2012-07-13 08:58 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-03-15 17:35 - 2010-04-02 18:23 - 00000000 ____D () C:\Users\Tromm\AppData\Local\Adobe
2015-03-15 17:34 - 2014-10-23 06:02 - 00000000 ___RD () C:\Users\Tromm\ShareFile
2015-03-15 17:34 - 2014-09-30 14:11 - 00000430 _____ () C:\Windows\Tasks\BeFrugal.com Toolbar.job
2015-03-15 17:34 - 2014-08-22 09:39 - 00000562 _____ () C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-1272866869-2122429395-3008059543-1001.job
2015-03-15 17:34 - 2010-03-28 19:09 - 00000000 ____D () C:\Users\Tromm\AppData\Local\SoftThinks
2015-03-15 17:34 - 2010-03-04 14:16 - 00000000 ____D () C:\Users\Default\AppData\Local\SoftThinks
2015-03-15 17:34 - 2010-03-04 14:16 - 00000000 ____D () C:\Users\Default User\AppData\Local\SoftThinks
2015-03-15 17:34 - 2010-03-04 13:58 - 00000000 ____D () C:\Program Files (x86)\Dell DataSafe Local Backup
2015-03-14 22:37 - 2009-07-13 23:45 - 00014256 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-14 22:37 - 2009-07-13 23:45 - 00014256 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-14 22:34 - 2009-07-14 00:13 - 00726270 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-14 22:33 - 2009-07-14 00:10 - 02159707 _____ () C:\Windows\WindowsUpdate.log
2015-03-14 22:30 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-13 22:41 - 2013-08-08 10:23 - 00864256 ___SH () C:\Users\Tromm\Desktop\Thumbs.db
2015-03-13 20:54 - 2009-07-13 22:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2015-03-13 15:40 - 2012-09-01 22:48 - 00000856 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1272866869-2122429395-3008059543-1001Core.job
2015-03-13 08:19 - 2014-09-13 09:17 - 00003950 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{B29F1BB3-29D5-4B99-8DC4-7D628027E3C9}
2015-03-12 15:50 - 2015-02-10 17:02 - 00003484 _____ () C:\Windows\System32\Tasks\PCDEventLauncherTask
2015-03-12 12:40 - 2012-08-26 16:59 - 00002185 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-03-11 10:29 - 2013-11-21 14:06 - 00001027 _____ () C:\Users\Tromm\Desktop\Dropbox.lnk
2015-03-11 10:29 - 2013-11-21 14:04 - 00000000 ____D () C:\Users\Tromm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-03-10 10:22 - 2014-08-27 17:41 - 00000000 ____D () C:\Users\Tromm\Desktop\Miscellanous File
2015-03-09 23:56 - 2014-09-22 13:09 - 00000000 ____D () C:\Users\Tromm\Downloads\Misc File
2015-03-09 22:53 - 2015-01-16 22:47 - 00000000 ____D () C:\Users\Tromm\AppData\Local\300ABEF4-6E7B-4B1E-A9DF-B26C4A6BFE6E.aplzod
2015-03-09 13:49 - 2014-08-22 09:39 - 00003600 _____ () C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-1272866869-2122429395-3008059543-1001
2015-03-04 16:45 - 2010-03-04 13:59 - 00000000 ____D () C:\ProgramData\PCDr
2015-03-03 23:51 - 2013-08-10 18:45 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-03-03 23:45 - 2012-02-05 13:31 - 00002465 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller X.lnk
2015-03-03 23:45 - 2012-02-05 13:31 - 00002453 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat X Pro.lnk
2015-03-03 23:45 - 2012-02-05 13:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe LiveCycle ES2
2015-03-03 19:02 - 2014-08-21 10:24 - 00000000 ____D () C:\ProgramData\Oracle
2015-03-03 19:01 - 2013-03-20 23:23 - 00000000 ____D () C:\Program Files (x86)\Java
2015-03-03 18:58 - 2014-10-18 10:16 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-03-03 18:55 - 2013-03-14 03:02 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-03-03 18:55 - 2013-03-14 03:02 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2015-03-03 18:53 - 2013-03-14 03:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-03-03 17:32 - 2014-10-06 18:11 - 00007153 _____ () C:\Windows\IE11_main.log
2015-03-03 11:19 - 2010-03-04 15:38 - 00601800 _____ () C:\Windows\PFRO.log
2015-03-03 01:43 - 2014-09-24 14:30 - 00000000 ___RD () C:\Users\Lauren\Desktop\English Papers
2015-03-02 14:32 - 2014-09-24 14:21 - 00127824 _____ () C:\Users\Lauren\AppData\Local\GDIPFONTCACHEV1.DAT
2015-03-02 14:04 - 2010-03-28 19:09 - 00127824 _____ () C:\Users\Tromm\AppData\Local\GDIPFONTCACHEV1.DAT
2015-03-02 13:58 - 2009-07-13 23:45 - 00468800 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-27 19:06 - 2015-01-20 13:46 - 00000000 ____D () C:\Program Files (x86)\Microsoft Windows 7 Upgrade Advisor
2015-02-27 19:06 - 2014-09-24 14:20 - 00000000 ____D () C:\Users\Lauren
2015-02-27 19:06 - 2012-02-05 13:21 - 00000000 ____D () C:\Users\Tromm\AppData\Local\Akamai
2015-02-27 19:06 - 2010-03-28 19:09 - 00000000 ____D () C:\Users\Tromm
2015-02-27 19:06 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-02-27 19:06 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\registration
2015-02-27 12:18 - 2015-02-08 01:42 - 00000000 ____D () C:\Users\Tromm\Desktop\Photoshop
2015-02-23 20:56 - 2010-03-28 19:13 - 00000000 ____D () C:\Users\Tromm\AppData\Roaming\Adobe
2015-02-16 14:12 - 2010-10-25 19:53 - 00000000 ____D () C:\Users\Tromm\AppData\Local\Windows Live
2015-02-14 11:04 - 2014-10-02 12:46 - 00000000 ____D () C:\Users\Tromm\Documents\Tax Files

==================== Files in the root of some directories =======

2013-05-25 15:31 - 2013-10-14 12:42 - 0000258 _____ () C:\Users\Tromm\AppData\Roaming\ANICONFIG_{660FC58E-0900-4342-B021-2873F6FA8BE1}.ini
2013-05-25 15:39 - 2013-11-19 17:59 - 0003284 _____ () C:\Users\Tromm\AppData\Roaming\ANIWZCS{660FC58E-0900-4342-B021-2873F6FA8BE1}
2014-10-16 21:47 - 2014-10-16 21:47 - 0000093 _____ () C:\Users\Tromm\AppData\Roaming\ARCompanion.log
2010-04-29 15:48 - 2010-04-29 15:50 - 8658813 _____ () C:\Users\Tromm\AppData\Roaming\DataSafeDotNet.exe
2015-01-17 13:02 - 2015-01-20 13:38 - 0000115 _____ () C:\Users\Tromm\AppData\Roaming\LogFile.txt
2011-06-12 12:16 - 2011-06-19 12:37 - 0012032 ___SH () C:\Users\Tromm\AppData\Local\dmnl8x0wg7864d2gc7ys3jwch87q680g6u3
2011-07-13 18:38 - 2011-08-09 16:48 - 0000000 _____ () C:\Users\Tromm\AppData\Local\Fqaqu.bin
2011-07-13 18:38 - 2011-08-09 16:48 - 0000120 _____ () C:\Users\Tromm\AppData\Local\Qguseyesuba.dat
2010-11-08 21:40 - 2010-11-08 21:40 - 0000017 _____ () C:\Users\Tromm\AppData\Local\resmon.resmoncfg
2011-06-12 12:16 - 2011-06-19 12:37 - 0012032 ___SH () C:\ProgramData\dmnl8x0wg7864d2gc7ys3jwch87q680g6u3
2011-12-30 18:24 - 2011-12-30 18:25 - 0000319 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
ZeroAccess:
C:\Users\Tromm\AppData\Local\Google\Desktop\Install
ZeroAccess:
C:\Program Files (x86)\Google\Desktop\Install

Some content of TEMP:
====================
C:\Users\Tromm\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp9y65ij.dll
C:\Users\Tromm\AppData\Local\Temp\InstallFlashPlayer.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-03-15 00:20



#7 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:11:08 PM

Posted 16 March 2015 - 01:09 PM

warning.gif Malware Warning

If your computer was used for online banking, has credit card information or other sensitive data, using a non-infected computer/device you should immediately change all account information (including those used for banking, Email, eBay, Paypal, online forums, etc).

Step 1

Please uninstall the following programs:
TelevisionFanatic Toolbar
Ask Toolbar
Ask Toolbar Updater

Step 2

Please download combofix.pngCombofix (by sUBs) and save it to your Desktop.

  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start Combofix.exe and follow its instructions.
  • Do not use the computer while the scan is running. This may cause the program to stall.
  • When finished, a log file will be displayed (that can also be found at C:\Combofix.txt).
    Please copy and paste the contents of this file into your next post.

Note: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." after the scan, just restart the computer.
(You can find more detailed instructions in this guide on using Combofix.)


Edited by deeprybka, 16 March 2015 - 01:13 PM.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#8 DaisyComet

DaisyComet
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:04:08 PM

Posted 16 March 2015 - 03:20 PM

ComboFix 15-03-14.03 - Tromm 03/16/2015  15:02:59.1.8 - x64
Microsoft Windows 7 Professional   6.1.7600.0.1252.1.1033.18.6135.3747 [GMT -5:00]
Running from: c:\users\Tromm\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OO6U1QYE\ComboFix.exe
AV: SecureIT Antivirus *Enabled/Updated* {291887FF-280F-ED84-F703-7F28ACD0749F}
FW: SecureIT Firewall *Disabled* {112306DA-6260-ECDC-DC5C-D61D520333E4}
SP: SecureIT Antivirus *Enabled/Updated* {9279661B-0E35-E20A-CDB3-445AD7573E22}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\PCDr\6584\AddOnDownloaded\6b56d7e1-5ac6-46da-8615-10fbe2919ac8.dll
c:\programdata\PCDr\6584\AddOnDownloaded\6f9e83ca-5216-40db-863d-61ffff2a1563.dll
c:\programdata\PCDr\6584\AddOnDownloaded\812fed95-c1fb-4695-be1a-fd6265302cf9.dll
c:\programdata\PCDr\6584\AddOnDownloaded\a7a4f473-8998-4029-be3e-f4280478bd6b.dll
c:\programdata\PCDr\6584\AddOnDownloaded\b4e7e391-8ff3-4363-bb72-f41a243749b1.dll
c:\programdata\PCDr\6584\AddOnDownloaded\c746a3b1-ed0c-4bff-941c-d5e6f0583ce7.dll
c:\users\Tromm\AppData\Local\Google\Desktop\Install
c:\users\Tromm\AppData\Local\Google\Desktop\Install\{636ce08c-6a47-8d98-429a-5bfcd37e19b7}\2E2F~1\28F0~1\E628~1\{636ce08c-6a47-8d98-429a-5bfcd37e19b7}\@
c:\users\Tromm\AppData\Roaming\.#
c:\users\Tromm\AppData\Roaming\Adobe\plugs
c:\users\Tromm\AppData\Roaming\Adobe\plugs\mmc105.exe
c:\users\Tromm\AppData\Roaming\Adobe\plugs\mmc211.exe
c:\users\Tromm\AppData\Roaming\Adobe\shed
c:\users\Tromm\AppData\Roaming\Adobe\shed\thr1.chm
c:\users\Tromm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HDD Defragmenter
c:\users\Tromm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HDD Defragmenter\Uninstall HDD Defragmenter.lnk
.
.
(((((((((((((((((((((((((   Files Created from 2015-02-16 to 2015-03-16  )))))))))))))))))))))))))))))))
.
.
2015-03-15 22:44 . 2015-03-15 22:46 -------- d-----w- C:\FRST
2015-03-03 23:59 . 2015-03-03 23:59 -------- d-----w- c:\program files (x86)\Common Files\Java
2015-03-02 18:54 . 2015-03-02 18:54 -------- d-----w- c:\users\Tromm\AppData\Local\{1EE75EEA-F34C-418F-863D-D12C7EFFB9F2}
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-03-15 03:34 . 2012-07-07 20:33 736952 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2015-03-15 03:34 . 2012-07-07 20:33 2876528 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2015-03-15 03:33 . 2012-07-07 20:33 42168 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2015-03-15 03:33 . 2012-07-07 20:32 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2015-03-03 23:58 . 2014-10-18 15:16 98216 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2015-02-05 17:35 . 2012-07-13 13:58 701616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2015-02-05 17:35 . 2012-03-10 13:13 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-12-31 19:12 . 2010-03-29 08:05 113365784 ----a-w- c:\windows\system32\MRT.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0SFErrorOverlayIcon]
@="{35F9FE7F-FE61-4B37-BEA6-28655A9E8C3F}"
[HKEY_CLASSES_ROOT\CLSID\{35F9FE7F-FE61-4B37-BEA6-28655A9E8C3F}]
2014-10-30 22:33 1962824 ----a-w- c:\program files\Citrix\ShareFile\Sync\ShareFileExplorerExt.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0SFInProgressIcon]
@="{BE078C89-F84B-423E-971B-7FC17861B57C}"
[HKEY_CLASSES_ROOT\CLSID\{BE078C89-F84B-423E-971B-7FC17861B57C}]
2014-10-30 22:33 1962824 ----a-w- c:\program files\Citrix\ShareFile\Sync\ShareFileExplorerExt.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0SFInSyncOverlayIcon]
@="{0050432A-27F4-43B0-872A-4C68EB384CC1}"
[HKEY_CLASSES_ROOT\CLSID\{0050432A-27F4-43B0-872A-4C68EB384CC1}]
2014-10-30 22:33 1962824 ----a-w- c:\program files\Citrix\ShareFile\Sync\ShareFileExplorerExt.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 152544 ----a-w- c:\users\Tromm\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 152544 ----a-w- c:\users\Tromm\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 152544 ----a-w- c:\users\Tromm\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Akamai NetSession Interface"="c:\users\Tromm\AppData\Local\Akamai\netsession_win.exe" [2014-10-30 4673432]
"Adobe Acrobat Synchronizer"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\AdobeCollabSync.exe" [2014-12-03 1104288]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-08-26 39408]
"ApplePhotoStreams"="c:\program files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2014-11-21 43816]
"iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2014-10-17 43816]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-06-25 140520]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-12-19 1022152]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2014-12-03 41360]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2014-12-03 840592]
"ANIWZCS2Service"="c:\program files (x86)\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2009-08-21 98304]
"D-Link D-Link RangeBooster N DWA-140"="c:\program files (x86)\D-Link\DWA-140 revB\AirNCFG.exe" [2009-09-18 1708032]
"ConnectionCenter"="c:\program files (x86)\Citrix\ICA Client\concentr.exe" [2014-09-03 395616]
"Redirector"="c:\program files (x86)\Citrix\ICA Client\redirector.exe" [2014-09-03 153952]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2014-10-02 421888]
"Adobe Creative Cloud"="c:\program files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" [2015-01-08 2694320]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"="c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [2011-10-16 559616]
.
c:\users\Tromm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-9-21 1316192]
Dropbox.lnk - c:\users\Tromm\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2015-3-4 42560368]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Remote Access.lnk - c:\windows\Installer\{F66A31D9-7831-4FBA-BA02-C411C0047CC5}\NewShortcut4_F66A31D978314FBABA02C411C0047CC5.exe /onboot [2010-3-4 53248]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe /firstrun [2009-9-21 1316192]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SecureIT2011FileMonitor]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SecureIT2011Firewall]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SecureIT2011Manager]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [x]
R2 SessionLauncher;SessionLauncher;c:\users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe;c:\users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [x]
R3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.2.241.0\SeaPort.exe;c:\program files (x86)\Microsoft\BingBar\7.2.241.0\SeaPort.exe [x]
R3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;c:\windows\system32\drivers\BVRPMPR5a64.SYS;c:\windows\SYSNATIVE\drivers\BVRPMPR5a64.SYS [x]
R3 ctxSharefile;ShareFile Desktop Sync Service;c:\program files\Citrix\ShareFile\Sync\SyncService.exe;c:\program files\Citrix\ShareFile\Sync\SyncService.exe [x]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [x]
R3 RoxMediaDB10;RoxMediaDB10;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [x]
R3 upmjit;upmjit;c:\windows\system32\DRIVERS\upmjit.sys;c:\windows\SYSNATIVE\DRIVERS\upmjit.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 CouponPrinterService;Coupon Printer Service;c:\program files (x86)\Coupons\CouponPrinterService.exe;c:\program files (x86)\Coupons\CouponPrinterService.exe [x]
R4 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S1 anodlwf;ANOD Network Security Filter driver;c:\windows\system32\DRIVERS\anodlwfx.sys;c:\windows\SYSNATIVE\DRIVERS\anodlwfx.sys [x]
S1 BdfNdisf;BitDefender Firewall NDIS 6 Filter Driver;c:\program files\secureit\bin\bdfndisf6.sys;c:\program files\secureit\bin\bdfndisf6.sys [x]
S1 bdfwfpf;bdfwfpf;c:\program files\SecureIT\bin\bdfwfpf.sys;c:\program files\SecureIT\bin\bdfwfpf.sys [x]
S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys;c:\windows\SYSNATIVE\DRIVERS\ctxusbm.sys [x]
S2 ANIWConnService;ANIWConn Service;c:\windows\system32\ANIWConnService.exe;c:\windows\SYSNATIVE\ANIWConnService.exe [x]
S2 Apple Mobile Device Service;Apple Mobile Device Service;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [x]
S2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.2.241.0\BBSvc.exe;c:\program files (x86)\Microsoft\BingBar\7.2.241.0\BBSvc.exe [x]
S2 ctxShareFileSyncUpdate;ShareFile Sync Update Service;c:\program files\Citrix\ShareFile\Sync\SyncUpdateService.exe;c:\program files\Citrix\ShareFile\Sync\SyncUpdateService.exe [x]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe;c:\program files\Dell\DellDock\DockLogin.exe [x]
S2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [x]
S2 SecureIT2011Manager;SecureIT Manager Service;c:\program files\SecureIT\bin\SCManager.exe;c:\program files\SecureIT\bin\SCManager.exe [x]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [x]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 SecureIT2011FileMonitor;SecureIT 2011 Antivirus Monitor Service;c:\program files\SecureIT\bin\SCFileMonitor.exe;c:\program files\SecureIT\bin\SCFileMonitor.exe [x]
S3 SecureIT2011Firewall;SecureIT 2011 Firewall Service;c:\program files\SecureIT\bin\SCFirewall.exe;c:\program files\SecureIT\bin\SCFirewall.exe [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-03-12 17:39 1061704 ----a-w- c:\program files (x86)\Google\Chrome\Application\41.0.2272.89\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2015-03-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-13 17:35]
.
2015-03-16 c:\windows\Tasks\G2MUpdateTask-S-1-5-21-1272866869-2122429395-3008059543-1001.job
- c:\users\Tromm\AppData\Local\Citrix\GoToMeeting\2457\g2mupdate.exe [2015-03-16 18:26]
.
2015-03-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-26 23:22]
.
2015-02-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-26 23:22]
.
2015-03-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1272866869-2122429395-3008059543-1001Core.job
- c:\users\Tromm\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-02 22:03]
.
2015-03-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1272866869-2122429395-3008059543-1001UA.job
- c:\users\Tromm\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-02 22:03]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ AccExtIco1]
@="{AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47}"
[HKEY_CLASSES_ROOT\CLSID\{AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47}]
2014-12-19 21:57 1039008 ----a-w- c:\program files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ AccExtIco2]
@="{853B7E05-C47D-4985-909A-D0DC5C6D7303}"
[HKEY_CLASSES_ROOT\CLSID\{853B7E05-C47D-4985-909A-D0DC5C6D7303}]
2014-12-19 21:57 1039008 ----a-w- c:\program files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ AccExtIco3]
@="{42D38F2E-98E9-4382-B546-E24E4D6D04BB}"
[HKEY_CLASSES_ROOT\CLSID\{42D38F2E-98E9-4382-B546-E24E4D6D04BB}]
2014-12-19 21:57 1039008 ----a-w- c:\program files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0SFErrorOverlayIcon]
@="{35F9FE7F-FE61-4B37-BEA6-28655A9E8C3F}"
[HKEY_CLASSES_ROOT\CLSID\{35F9FE7F-FE61-4B37-BEA6-28655A9E8C3F}]
2014-10-30 22:33 1988936 ----a-w- c:\program files\Citrix\ShareFile\Sync\ShareFileExplorerExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0SFInProgressIcon]
@="{BE078C89-F84B-423E-971B-7FC17861B57C}"
[HKEY_CLASSES_ROOT\CLSID\{BE078C89-F84B-423E-971B-7FC17861B57C}]
2014-10-30 22:33 1988936 ----a-w- c:\program files\Citrix\ShareFile\Sync\ShareFileExplorerExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0SFInSyncOverlayIcon]
@="{0050432A-27F4-43B0-872A-4C68EB384CC1}"
[HKEY_CLASSES_ROOT\CLSID\{0050432A-27F4-43B0-872A-4C68EB384CC1}]
2014-10-30 22:33 1988936 ----a-w- c:\program files\Citrix\ShareFile\Sync\ShareFileExplorerExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 185824 ----a-w- c:\users\Tromm\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 185824 ----a-w- c:\users\Tromm\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 185824 ----a-w- c:\users\Tromm\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 185824 ----a-w- c:\users\Tromm\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-10-03 8158240]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
"SecureIT Control Panel"="c:\program files\SecureIT\bin\bin32\SCControlPanel.exe" [2013-10-10 5219696]
"Citrix ShareFile Sync Monitor"="c:\program files\Citrix\ShareFile\Sync\ShareFileSyncMonitor.exe" [2014-10-30 814920]
"Citrix ShareFile Sync Session Agent"="c:\program files\Citrix\ShareFile\Sync\SyncSessionAgent.exe" [2014-10-30 680264]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2014-09-20 557768]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2015-01-27 169768]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.professormesser.com/
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyServer = http=127.0.0.1:57677
uInternet Settings,ProxyOverride = 127.0.0.1:9421;<local>;*.local
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office12\EXCEL.EXE/3000
Trusted Zone: intuit.com\ttlc
TCP: DhcpNameServer = 66.90.130.101 216.82.201.11
.
.
------- File Associations -------
.
inifile="%SystemRoot%\system32\NOTEPAD.EXE" %1
txtfile="%SystemRoot%\system32\NOTEPAD.EXE" %1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\windows\SysWOW64\ANIWConnService.exe
c:\program files (x86)\Common Files\Dell\Advanced Networking Service\hnm_svc.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler.exe
c:\program files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
c:\program files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
c:\program files\Citrix\ShareFile\Sync\SyncEngine.exe
c:\program files (x86)\Dell Remote Access\ezi_ra.exe
c:\users\Tromm\AppData\Roaming\Dropbox\bin\Dropbox.exe
c:\program files (x86)\Citrix\Receiver\Receiver.exe
c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
c:\program files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe
c:\program files (x86)\Citrix\ICA Client\wfcrun32.exe
c:\program files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
c:\program files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
c:\program files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
c:\program files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
c:\program files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
.
**************************************************************************
.
Completion time: 2015-03-16  15:14:37 - machine was rebooted
ComboFix-quarantined-files.txt  2015-03-16 20:14
.
Pre-Run: 881,644,462,080 bytes free
Post-Run: 882,040,274,944 bytes free
.
- - End Of File - - FD56267F13DDBB42F3C3B3EAAC1BB26E
CDB4DE4BBD714F152979DA2DCBEF57EB
 



#9 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:11:08 PM

Posted 16 March 2015 - 04:07 PM

Step 1

Download mbar.PNGMalwarebytes Anti-Rootkit to your Desktop.
  • Double-click "mbar.exe" to start the tool.
  • Warning! Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.
  • Click in the introduction screen "next" to continue.
  • Click in the following screen "Update" to obtain the latest malware definitions.
  • Once the update is complete select "Next" and click "Scan".
  • When the scan is finished and no malware has been found select "Exit".
  • If malware was detected, make sure to check all the items and click "Cleanup". Reboot your computer.
  • Open the MBAR folder and paste the content of the following files in your next reply:
    • "mbar-log-{date} (xx-xx-xx).txt"
    • "system-log.txt"
mbar.gif


Step 2

Please download fss.pngFarbar Service Scanner and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#10 DaisyComet

DaisyComet
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:04:08 PM

Posted 16 March 2015 - 04:36 PM

Malwarebytes Anti-Rootkit BETA 1.09.1.1004
www.malwarebytes.org

Database version:
  main:    v2015.03.16.04
  rootkit: v2015.02.25.01

Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
Tromm :: LENTINI-FAMILY [administrator]

3/16/2015 4:19:17 PM
mbar-log-2015-03-16 (16-19-17).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 454289
Time elapsed: 9 minute(s),

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 7
c:\program files (x86)\google\desktop\install\{636ce08c-6a47-8d98-429a-5bfcd37e19b7}\    (Trojan.0Access) -> Delete on reboot. [c96b281e0882b3832c382cd644bcf60a]
c:\program files (x86)\google\desktop\install\{636ce08c-6a47-8d98-429a-5bfcd37e19b7}\   \... (Trojan.0Access) -> Delete on reboot. [c96b281e0882b3832c382cd644bcf60a]
c:\program files (x86)\google\desktop\install\{636ce08c-6a47-8d98-429a-5bfcd37e19b7}\   \...\‮ﯹ๛ (Trojan.0Access) -> Delete on reboot. [c96b281e0882b3832c382cd644bcf60a]
c:\program files (x86)\google\desktop\install\{636ce08c-6a47-8d98-429a-5bfcd37e19b7}\   \...\‮ﯹ๛\{636ce08c-6a47-8d98-429a-5bfcd37e19b7} (Trojan.0Access) -> Delete on reboot. [c96b281e0882b3832c382cd644bcf60a]
c:\program files (x86)\google\desktop\install\{636ce08c-6a47-8d98-429a-5bfcd37e19b7}\   \...\‮ﯹ๛\{636ce08c-6a47-8d98-429a-5bfcd37e19b7}\l (Trojan.0Access) -> Delete on reboot. [c96b281e0882b3832c382cd644bcf60a]
c:\program files (x86)\google\desktop\install\{636ce08c-6a47-8d98-429a-5bfcd37e19b7}\   \...\‮ﯹ๛\{636ce08c-6a47-8d98-429a-5bfcd37e19b7}\u (Trojan.0Access) -> Delete on reboot. [c96b281e0882b3832c382cd644bcf60a]
C:\Program Files (x86)\Google\Desktop\Install\{636ce08c-6a47-8d98-429a-5bfcd37e19b7} (Trojan.0Access) -> Delete on reboot. [30044303503a8ea8382d44be9c64649c]

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)


Malwarebytes Anti-Rootkit BETA 1.09.1.1004

© Malwarebytes Corporation 2011-2012

OS version: 6.1.7600 Windows 7 x64

Account is Administrative

Internet Explorer version: 9.0.8112.16421

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 2.660000 GHz
Memory total: 6433001472, free: 3493949440

Downloaded database version: v2015.03.16.04
Downloaded database version: v2015.02.25.01
Downloaded database version: v2015.03.09.01
=======================================
Initializing...
------------ Kernel report ------------
     03/16/2015 16:19:08
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\DRIVERS\ACPI.sys
\SystemRoot\system32\DRIVERS\WMILIB.SYS
\SystemRoot\system32\DRIVERS\msisadrv.sys
\SystemRoot\system32\DRIVERS\pci.sys
\SystemRoot\system32\DRIVERS\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\DRIVERS\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\DRIVERS\iaStor.sys
\SystemRoot\system32\DRIVERS\jraid.sys
\SystemRoot\system32\DRIVERS\SCSIPORT.SYS
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\PxHlpa64.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\system32\DRIVERS\vmstorfl.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\DRIVERS\disk.sys
\SystemRoot\system32\DRIVERS\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\system32\DRIVERS\ctxusbm.sys
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\??\c:\program files\secureit\bin\bdfndisf6.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\??\C:\Program Files\SecureIT\bin\bdfwfpf.sys
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\drivers\ws2ifsl.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\anodlwfx.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\system32\drivers\csc.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\nvlddmkm.sys
\SystemRoot\system32\DRIVERS\nvBridge.kmd
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\Rt64win7.sys
\SystemRoot\system32\DRIVERS\1394ohci.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\wmiacpi.sys
\SystemRoot\system32\DRIVERS\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\rdpbus.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\circlass.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\nvhda64v.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\cdfs.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_iaStor.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\Drivers\RtsUStor.sys
\SystemRoot\system32\DRIVERS\usbcir.sys
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\packet.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\DRIVERS\hidir.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\system32\DRIVERS\Trufos.sys
\SystemRoot\system32\DRIVERS\bdfsfltr.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\System32\ATMFD.DLL
\??\C:\Windows\system32\Drivers\PROCEXP113.SYS
\SystemRoot\system32\drivers\WudfPf.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\Wldap32.dll
\Windows\System32\msctf.dll
\Windows\System32\kernel32.dll
\Windows\System32\psapi.dll
\Windows\System32\setupapi.dll
\Windows\System32\ole32.dll
\Windows\System32\ws2_32.dll
\Windows\System32\shell32.dll
\Windows\System32\normaliz.dll
\Windows\System32\rpcrt4.dll
\Windows\System32\oleaut32.dll
\Windows\System32\wininet.dll
\Windows\System32\lpk.dll
\Windows\System32\msvcrt.dll
\Windows\System32\advapi32.dll
\Windows\System32\user32.dll
\Windows\System32\gdi32.dll
\Windows\System32\difxapi.dll
\Windows\System32\nsi.dll
\Windows\System32\comdlg32.dll
\Windows\System32\imm32.dll
\Windows\System32\clbcatq.dll
\Windows\System32\iertutil.dll
\Windows\System32\sechost.dll
\Windows\System32\shlwapi.dll
\Windows\System32\imagehlp.dll
\Windows\System32\urlmon.dll
\Windows\System32\usp10.dll
\Windows\System32\devobj.dll
\Windows\System32\wintrust.dll
\Windows\System32\comctl32.dll
\Windows\System32\cfgmgr32.dll
\Windows\System32\crypt32.dll
\Windows\System32\KernelBase.dll
\Windows\System32\msasn1.dll
\Windows\SysWOW64\normaliz.dll
----------- End -----------
Done!

Scan started
Database versions:
  main:    v2015.03.16.04
  rootkit: v2015.02.25.01

<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8006411410, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8006412040, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8006411410, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa80062f8050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 9974F6BF

Partition information:

    Partition 0 type is Other (0xde)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 63  Numsec = 80262

    Partition 1 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 81920  Numsec = 19132416
    Partition file system is NTFS
    Partition is bootable

    Partition 2 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 19214336  Numsec = 1934307328

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 1000204886016 bytes
Sector size: 512 bytes

Done!
Infected: c:\program files (x86)\google\desktop\install\{636ce08c-6a47-8d98-429a-5bfcd37e19b7}\    --> [Trojan.0Access]
Infected: c:\program files (x86)\google\desktop\install\{636ce08c-6a47-8d98-429a-5bfcd37e19b7}\   \... --> [Trojan.0Access]
Infected: c:\program files (x86)\google\desktop\install\{636ce08c-6a47-8d98-429a-5bfcd37e19b7}\   \...\‮ﯹ๛ --> [Trojan.0Access]
Infected: c:\program files (x86)\google\desktop\install\{636ce08c-6a47-8d98-429a-5bfcd37e19b7}\   \...\‮ﯹ๛\{636ce08c-6a47-8d98-429a-5bfcd37e19b7} --> [Trojan.0Access]
Infected: c:\program files (x86)\google\desktop\install\{636ce08c-6a47-8d98-429a-5bfcd37e19b7}\   \...\‮ﯹ๛\{636ce08c-6a47-8d98-429a-5bfcd37e19b7}\l --> [Trojan.0Access]
Infected: c:\program files (x86)\google\desktop\install\{636ce08c-6a47-8d98-429a-5bfcd37e19b7}\   \...\‮ﯹ๛\{636ce08c-6a47-8d98-429a-5bfcd37e19b7}\u --> [Trojan.0Access]
Infected: C:\Program Files (x86)\Google\Desktop\Install\{636ce08c-6a47-8d98-429a-5bfcd37e19b7} --> [Trojan.0Access]
Scan finished
Creating System Restore point...
Cleaning up...
Executing an action fixdamage.exe...
Success!
Queuing an action fixdamage.exe
Removal scheduling successful. System shutdown needed.
System shutdown occurred
=======================================

Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-1-81920-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removal finished



#11 DaisyComet

DaisyComet
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:04:08 PM

Posted 16 March 2015 - 04:38 PM

Farbar Service Scanner Version: 17-01-2015
Ran by Tromm (administrator) on 16-03-2015 at 16:37:14
Running from "C:\Users\Tromm\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EDW1V1IP"
Microsoft Windows 7 Professional   (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============

Firewall Disabled Policy:
==================

System Restore:
============

System Restore Policy:
========================

Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.

Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1

Other Services:
==============

File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed

**** End of log ****



#12 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:11:08 PM

Posted 16 March 2015 - 04:40 PM

Step 1


Don't remove on your own anything that HitmanPro detects!
This scanner, as it is a really good for checking, has been known for deleting files instead of curing them, which in some cases may render the machine unbootable.
Any removals will be done manually after careful analysis of the scan results!


Please download hitmanpro_32.pngHitmanPro 32-bit / HitmanPro 64-bit by SurfRight and save it to your desktop.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

  • Right-click onhitmanpro.pngicon and select admin.PNGRun as Administrator to start the tool.
  • If the program won't run please run it while holding down the left CTRL key until it's loaded!
  • Click on the Next button (1). You must agree with the terms of EULA (2 - if asked).
  • Check the box beside "No, I only want to perform a one-time scan to check this computer" and click on the Next button. (3)
  • The program will start to scan the computer. It would only take several minutes.
  • When the scan is done click on Save Log (4) and close HitmanPro! (5)
  • Copy and paste the content of the log file in your next reply.

hitman.gif


Step 2

Please downloadesetlogo.pngOnline Scanner and save it to your Desktop.

  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start installer.pngwith administartor privileges.
  • Select the option Yes, I accept the Terms of Use and click on Start.
  • Choose the following settings:

settings.png

  • Click on Start. The virus signature database will begin to download. This may take some time.
  • When completed the Online Scan will begin automatically.
    Note: This scan might take a long time! Please be patient.
  • When completed select Uninstall application on close if you so wish, but make sure you copy the logfile first!
  • Now click on Finish
  • A log filelog.pngis created at logpath.png
    Copy and paste the content of this log file in your next reply.

esetlog.png
Note: Do not forget to re-enable your antivirus application after running the above scan!
eset.gif

Step 3

frst.pngfrstscan.png

Start FRST with administator privileges.

  • Make sure the following option is checked: addition.png
  • Press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
    Please copy and paste these logs in your next reply.

lesestoff.png

Can you please tell me which problems still persist now?
How is the computer running?


regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#13 DaisyComet

DaisyComet
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:04:08 PM

Posted 16 March 2015 - 05:01 PM

HitmanPro 3.7.9.238
www.hitmanpro.com
   Computer name . . . . : LENTINI-FAMILY
   Windows . . . . . . . : 6.1.0.7600.X64/8
   User name . . . . . . : LENTINI-FAMILY\Tromm
   UAC . . . . . . . . . : Enabled
   License . . . . . . . : Free
   Scan date . . . . . . : 2015-03-16 16:51:40
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 4m 24s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No
   Threats . . . . . . . : 0
   Traces  . . . . . . . : 323
   Objects scanned . . . : 1,996,448
   Files scanned . . . . : 57,385
   Remnants scanned  . . : 568,791 files / 1,370,272 keys
Suspicious files ____________________________________________________________
   C:\Users\Tromm\Desktop\FRST64.exe
      Size . . . . . . . : 2,095,616 bytes
      Age  . . . . . . . : 1.0 days (2015-03-15 17:44:06)
      Entropy  . . . . . : 7.5
      SHA-256  . . . . . : 72AAB1C62CF0BC00F5B102954B603D1509B2AF5F0BD1911E9CAE98C4DDE2D152
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 24.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.
   C:\Windows\PEV.exe
      Size . . . . . . . : 256,000 bytes
      Age  . . . . . . . : 0.1 days (2015-03-16 14:58:13)
      Entropy  . . . . . : 8.0
      SHA-256  . . . . . : AE0F5CC54E4B133DF66A54572A7CE52FAFF11F8FD0CAEAB088AAD3699D6EC924
      Fuzzy  . . . . . . : 22.0
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         The .rsrc (resources) section in this program is set to executable. This is an indication of malware infection.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.
         The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.
         Program contains PE structure anomalies. This is not typical for most programs.
      Forensic Cluster
         -3.3s C:\ComboFix\
         -2.8s C:\Qoobox\Quarantine\catchme.log
         -0.0s C:\Windows\SWXCACLS.exe
         -0.0s C:\Windows\SWSC.exe
         -0.0s C:\Windows\sed.exe
         -0.0s C:\Windows\grep.exe
         -0.0s C:\Windows\zip.exe
         -0.0s C:\Windows\SWREG.exe
          0.0s C:\Windows\PEV.exe
          0.0s C:\Windows\NIRCMD.exe
          0.0s C:\Windows\MBR.exe

Potential Unwanted Programs _________________________________________________
   C:\ProgramData\APN\ (AskBar)
   C:\ProgramData\Ask\ (AskBar)
   ask.com
   C:\Users\Lauren\AppData\Local\Google\Chrome\User Data\Default\Web Data
   C:\Users\Lauren\AppData\Local\TelevisionFanatic\ (TelevisionFanatic)
   C:\Users\Lauren\AppData\Local\TelevisionFanatic\49a9d868ae4c0683ba1717130e2a4c2d465d16d6\1.3.0\ (TelevisionFanatic)
   C:\Users\Lauren\AppData\Local\TelevisionFanatic\49a9d868ae4c0683ba1717130e2a4c2d465d16d6\1.3.0\anemone-1.2.7.js (TelevisionFanatic)
   C:\Users\Lauren\AppData\Local\TelevisionFanatic\49a9d868ae4c0683ba1717130e2a4c2d465d16d6\1.3.0\background.html (TelevisionFanatic)
   C:\Users\Lauren\AppData\Local\TelevisionFanatic\49a9d868ae4c0683ba1717130e2a4c2d465d16d6\1.3.0\css\ (TelevisionFanatic)
   C:\Users\Lauren\AppData\Local\TelevisionFanatic\49a9d868ae4c0683ba1717130e2a4c2d465d16d6\1.3.0\css\ie8-and-less.css (TelevisionFanatic)
   C:\Users\Lauren\AppData\Local\TelevisionFanatic\49a9d868ae4c0683ba1717130e2a4c2d465d16d6\1.3.0\css\jqui.css (TelevisionFanatic)
   C:\Users\Lauren\AppData\Local\TelevisionFanatic\49a9d868ae4c0683ba1717130e2a4c2d465d16d6\1.3.0\css\style.css (TelevisionFanatic)
   C:\Users\Lauren\AppData\Local\TelevisionFanatic\49a9d868ae4c0683ba1717130e2a4c2d465d16d6\1.3.0\dataBlockForManifest.txt (TelevisionFanatic)
   C:\Users\Lauren\AppData\Local\TelevisionFanatic\49a9d868ae4c0683ba1717130e2a4c2d465d16d6\1.3.0\EventManager.js (TelevisionFanatic)
   C:\Users\Lauren\AppData\Local\TelevisionFanatic\49a9d868ae4c0683ba1717130e2a4c2d465d16d6\1.3.0\firstRun.html (TelevisionFanatic)
   C:\Users\Lauren\AppData\Local\TelevisionFanatic\49a9d868ae4c0683ba1717130e2a4c2d465d16d6\1.3.0\firstRun_bb.html (TelevisionFanatic)
   C:\Users\Lauren\AppData\Local\TelevisionFanatic\49a9d868ae4c0683ba1717130e2a4c2d465d16d6\1.3.0\firstRun_bb2.html (TelevisionFanatic)
   C:\Users\Lauren\AppData\Local\TelevisionFanatic\49a9d868ae4c0683ba1717130e2a4c2d465d16d6\1.3.0\firstRun_sb.html (TelevisionFanatic)
   C:\Users\Lauren\AppData\Local\TelevisionFanatic\49a9d868ae4c0683ba1717130e2a4c2d465d16d6\1.3.0\hogan-2.0.0.js (TelevisionFanatic)
   C:\Users\Lauren\AppData\Local\TelevisionFanatic\49a9d868ae4c0683ba1717130e2a4c2d465d16d6\1.3.0\img\ (TelevisionFanatic)
   C:\Users\Lauren\AppData\Local\TelevisionFanatic\49a9d868ae4c0683ba1717130e2a4c2d465d16d6\1.3.0\img\1x1.png (TelevisionFanatic)
   C:\Users\Lauren\AppData\Local\TelevisionFanatic\49a9d868ae4c0683ba1717130e2a4c2d465d16d6\1.3.0\img\bg_rpt.png (TelevisionFanatic)
   C:\Users\Lauren\AppData\Local\TelevisionFanatic\49a9d868ae4c0683ba1717130e2a4c2d465d16d6\1.3.0\img\close_x.png (TelevisionFanatic)
   C:\Users\Lauren\AppData\Local\TelevisionFanatic\49a9d868ae4c0683ba1717130e2a4c2d465d16d6\1.3.0\img\deleteMe.png (TelevisionFanatic)
   C:\Users\Lauren\AppData\Local\TelevisionFanatic\49a9d868ae4c0683ba1717130e2a4c2d465d16d6\1.3.0\img\down_facing_triangle_sprite.png (TelevisionFanatic)
   C:\Users\Lauren\AppData\Local\TelevisionFanatic\49a9d868ae4c0683ba1717130e2a4c2d465d16d6\1.3.0\img\down_facing_triangle_sprite2.png (TelevisionFanatic)
   C:\Users\Lauren\AppData\Local\TelevisionFanatic\49a9d868ae4c0683ba1717130e2a4c2d465d16d6\1.3.0\img\error_connection.png (TelevisionFanatic)
   C:\Users\Lauren\AppData\Local\TelevisionFanatic\49a9d868ae4c0683ba1717130e2a4c2d465d16d6\1.3.0\img\firstRunLargeButton.png (TelevisionFanatic)
   C:\Users\Lauren\AppData\Local\TelevisionFanatic\49a9d868ae4c0683ba1717130e2a4c2d465d16d6\1.3.0\img\firstRunLargeButton2.png (TelevisionFanatic)
   C:\Users\Lauren\AppData\Local\TelevisionFanatic\49a9d868ae4c0683ba1717130e2a4c2d465d16d6\1.3.0\img\firstRunSmallButton.png (TelevisionFanatic)
   C:\Users\Lauren\AppData\Local\TelevisionFanatic\49a9d868ae4c0683ba1717130e2a4c2d465d16d6\1.3.0\img\home_icon.png (TelevisionFanatic)
   C:\Users\Lauren\AppData\Local\TelevisionFanatic\49a9d868ae4c0683ba1717130e2a4c2d465d16d6\1.3.0\img\icon.bmp (TelevisionFanatic)
   C:\Users\Lauren\AppData\Local\TelevisionFanatic\49a9d868ae4c0683ba1717130e2a4c2d465d16d6\1.3.0\img\icon.png (TelevisionFanatic)
   C:\Users\Lauren\AppData\Local\TelevisionFanatic\49a9d868ae4c0683ba1717130e2a4c2d465d16d6\1.3.0\img\icon2.bmp (TelevisionFanatic)
   C:\Users\Lauren\AppData\Local\TelevisionFanatic\49a9d868ae4c0683ba1717130e2a4c2d465d16d6\1.3.0\img\icon2.png (TelevisionFanatic)
   C:\Users\Lauren\AppData\Local\TelevisionFanatic\49a9d868ae4c0683ba1717130e2a4c2d465d16d6\1.3.0\img\icon\ (TelevisionFanatic)
   C:\Users\Lauren\AppData\Local\TelevisionFanatic\49a9d868ae4c0683ba1717130e2a4c2d465d16d6\1.3.0\img\icon\icon.bmp (TelevisionFanatic)
   C:\Users\Lauren\AppData\Local\TelevisionFanatic\49a9d868ae4c0683ba1717130e2a4c2d465d16d6\1.3.0\img\icon\icon.png (TelevisionFanatic)
   C:\Users\Lauren\AppData\Local\TelevisionFanatic\49a9d868ae4c0683ba1717130e2a4c2d465d16d6\1.3.0\img\icon\icon2.bmp (TelevisionFanatic)
   C:\Users\Lauren\AppData\Local\TelevisionFanatic\49a9d868ae4c0683ba1717130e2a4c2d465d16d6\1.3.0\img\icon\icon2.png (TelevisionFanatic)
   C:\Users\Lauren\AppData\Local\TelevisionFanatic\49a9d868ae4c0683ba1717130e2a4c2d465d16d6\1.3.0\img\icon\icon3.bmp (TelevisionFanatic)
   C:\Users\Lauren\AppData\Local\TelevisionFanatic\49a9d868ae4c0683ba1717130e2a4c2d465d16d6\1.3.0\img\icon\icon3.png (TelevisionFanatic)
   C:\Users\Lauren\AppData\Local\TelevisionFanatic\49a9d868ae4c0683ba1717130e2a4c2d465d16d6\1.3.0\img\icon\icon4.bmp (TelevisionFanatic)
   C:\Users\Lauren\AppData\Local\TelevisionFanatic\49a9d868ae4c0683ba1717130e2a4c2d465d16d6\1.3.0\img\icon\icon4.png (TelevisionFanatic)
   C:\Users\Lauren\AppData\Local\TelevisionFanatic\49a9d868ae4c0683ba1717130e2a4c2d465d16d6\1.3.0\img\icon\shows\ (TelevisionFanatic)
   C:\Users\Lauren\AppData\Local\TelevisionFanatic\49a9d868ae4c0683ba1717130e2a4c2d465d16d6\1.3.0\img\icon\shows\2.5.men.bmp (TelevisionFanatic)
   C:\Users\Lauren\AppData\Local\TelevisionFanatic\49a9d868ae4c0683ba1717130e2a4c2d465d16d6\1.3.0\img\icon\shows\2.5.men.png (TelevisionFanatic)
   C:\Users\Lauren\AppData\Local\TelevisionFanatic\49a9d868ae4c0683ba1717130e2a4c2d465d16d6\1.3.0\img\icon\shows\bigBang.bmp (TelevisionFanatic)
   C:\Users\Lauren\AppData\Local\TelevisionFanatic\49a9d868ae4c0683ba1717130e2a4c2d465d16d6\1.3.0\img\icon\shows\bigBang.png (TelevisionFanatic)
   C:\Users\Lauren\AppData\Local\TelevisionFanatic\49a9d868ae4c0683ba1717130e2a4c2d465d16d6\1.3.0\img\icon\shows\familyGuy.bmp (TelevisionFanatic)
   C:\Users\Lauren\AppData\Local\TelevisionFanatic\49a9d868ae4c0683ba1717130e2a4c2d465d16d6\1.3.0\img\icon\shows\familyGuy.png (TelevisionFanatic)
   C:\Users\Lauren\AppData\Local\TelevisionFanatic\49a9d868ae4c0683ba1717130e2a4c2d465d16d6\1.3.0\img\loading.gif (TelevisionFanatic)
   C:\Users\Lauren\AppData\Local\TelevisionFanatic\49a9d868ae4c0683ba1717130e2a4c2d465d16d6\1.3.0\img\logo_mark.png (TelevisionFanatic)
   C:\Users\Lauren\AppData\Local\TelevisionFanatic\49a9d868ae4c0683ba1717130e2a4c2d465d16d6\1.3.0\img\new_linear_episode_call_out.png (TelevisionFanatic)
   C:\Users\Lauren\AppData\Local\TelevisionFanatic\49a9d868ae4c0683ba1717130e2a4c2d465d16d6\1.3.0\img\new_linear_shows_call_out.png (TelevisionFanatic)
   C:\Users\Lauren\AppData\Local\TelevisionFanatic\49a9d868ae4c0683ba1717130e2a4c2d465d16d6\1.3.0\img\new_on_tv_call_out_pill_bg.png (TelevisionFanatic)
   C:\Users\Lauren\AppData\Local\TelevisionFanatic\49a9d868ae4c0683ba1717130e2a4c2d465d16d6\1.3.0\img\sad_bunny.png (TelevisionFanatic)
   C:\Users\Lauren\AppData\Local\TelevisionFanatic\49a9d868ae4c0683ba1717130e2a4c2d465d16d6\1.3.0\img\search.png (TelevisionFanatic)
   C:\Users\Lauren\AppData\Local\TelevisionFanatic\49a9d868ae4c0683ba1717130e2a4c2d465d16d6\1.3.0\img\search_bg_field.png (TelevisionFanatic)
   C:\Users\Lauren\AppData\Local\TelevisionFanatic\49a9d868ae4c0683ba1717130e2a4c2d465d16d6\1.3.0\img\tb_bg.png (TelevisionFanatic)
   C:\Users\Lauren\AppData\Local\TelevisionFanatic\49a9d868ae4c0683ba1717130e2a4c2d465d16d6\1.3.0\img\tb_btn_x.png (TelevisionFanatic)
   C:\Users\Lauren\AppData\Local\TelevisionFanatic\49a9d868ae4c0683ba1717130e2a4c2d465d16d6\1.3.0\img\tvf_app_logo.png (TelevisionFanatic)
   C:\Users\Lauren\AppData\Local\TelevisionFanatic\49a9d868ae4c0683ba1717130e2a4c2d465d16d6\1.3.0\img\tvf_header_bg.png (TelevisionFanatic)
   C:\Users\Lauren\AppData\Local\TelevisionFanatic\49a9d868ae4c0683ba1717130e2a4c2d465d16d6\1.3.0\img\watch_premium_button_arrows.png (TelevisionFanatic)
   C:\Users\Lauren\AppData\Local\TelevisionFanatic\49a9d868ae4c0683ba1717130e2a4c2d465d16d6\1.3.0\img\yellow_loading_screen_animated.gif (TelevisionFanatic)
   C:\Users\Lauren\AppData\Local\TelevisionFanatic\49a9d868ae4c0683ba1717130e2a4c2d465d16d6\1.3.0\jquery-1.7.1.min.js (TelevisionFanatic)
   C:\Users\Lauren\AppData\Local\TelevisionFanatic\49a9d868ae4c0683ba1717130e2a4c2d465d16d6\1.3.0\jquery-ui.tabs.min.js (TelevisionFanatic)
   C:\Users\Lauren\AppData\Local\TelevisionFanatic\49a9d868ae4c0683ba1717130e2a4c2d465d16d6\1.3.0\js\ (TelevisionFanatic)
   C:\Users\Lauren\AppData\Local\TelevisionFanatic\49a9d868ae4c0683ba1717130e2a4c2d465d16d6\1.3.0\js\CastCarousel.js (TelevisionFanatic)
   C:\Users\Lauren\AppData\Local\TelevisionFanatic\49a9d868ae4c0683ba1717130e2a4c2d465d16d6\1.3.0\js\Heartbeat.js (TelevisionFanatic)
   C:\Users\Lauren\AppData\Local\TelevisionFanatic\49a9d868ae4c0683ba1717130e2a4c2d465d16d6\1.3.0\js\televisionFanatic_cache.js (TelevisionFanatic)
   C:\Users\Lauren\AppData\Local\TelevisionFanatic\49a9d868ae4c0683ba1717130e2a4c2d465d16d6\1.3.0\js\TVFanatic.BG.FirstRun.js (TelevisionFanatic)
   C:\Users\Lauren\AppData\Local\TelevisionFanatic\49a9d868ae4c0683ba1717130e2a4c2d465d16d6\1.3.0\js\TVFanatic.BG.js (TelevisionFanatic)
   C:\Users\Lauren\AppData\Local\TelevisionFanatic\49a9d868ae4c0683ba1717130e2a4c2d465d16d6\1.3.0\js\TVFanatic.Celebrity.js (TelevisionFanatic)
   C:\Users\Lauren\AppData\Local\TelevisionFanatic\49a9d868ae4c0683ba1717130e2a4c2d465d16d6\1.3.0\js\TVFanatic.FirstRun.js (TelevisionFanatic)
   C:\Users\Lauren\AppData\Local\TelevisionFanatic\49a9d868ae4c0683ba1717130e2a4c2d465d16d6\1.3.0\js\TVFanatic.History.js (TelevisionFanatic)
   C:\Users\Lauren\AppData\Local\TelevisionFanatic\49a9d868ae4c0683ba1717130e2a4c2d465d16d6\1.3.0\js\TVFanatic.js (TelevisionFanatic)
   C:\Users\Lauren\AppData\Local\TelevisionFanatic\49a9d868ae4c0683ba1717130e2a4c2d465d16d6\1.3.0\js\TVFanatic.Reporting.js (TelevisionFanatic)
   C:\Users\Lauren\AppData\Local\TelevisionFanatic\49a9d868ae4c0683ba1717130e2a4c2d465d16d6\1.3.0\js\TVFanatic.Search.js (TelevisionFanatic)
   C:\Users\Lauren\AppData\Local\TelevisionFanatic\49a9d868ae4c0683ba1717130e2a4c2d465d16d6\1.3.0\js\TVFanatic.Show.js (TelevisionFanatic)
   C:\Users\Lauren\AppData\Local\TelevisionFanatic\49a9d868ae4c0683ba1717130e2a4c2d465d16d6\1.3.0\js\TVFanatic.Utils.js (TelevisionFanatic)
   C:\Users\Lauren\AppData\Local\TelevisionFanatic\49a9d868ae4c0683ba1717130e2a4c2d465d16d6\1.3.0\js\TVFanatic.Utils.Menus.js (TelevisionFanatic)
   C:\Users\Lauren\AppData\Local\TelevisionFanatic\49a9d868ae4c0683ba1717130e2a4c2d465d16d6\1.3.0\js\TVFanatic.WatchTV.js (TelevisionFanatic)
   C:\Users\Lauren\AppData\Local\TelevisionFanatic\49a9d868ae4c0683ba1717130e2a4c2d465d16d6\1.3.0\js\TVFanatic.Widget.js (TelevisionFanatic)
   C:\Users\Lauren\AppData\Local\TelevisionFanatic\49a9d868ae4c0683ba1717130e2a4c2d465d16d6\1.3.0\json2.min.js (TelevisionFanatic)
   C:\Users\Lauren\AppData\Local\TelevisionFanatic\49a9d868ae4c0683ba1717130e2a4c2d465d16d6\1.3.0\lazyload.js (TelevisionFanatic)
   C:\Users\Lauren\AppData\Local\TelevisionFanatic\49a9d868ae4c0683ba1717130e2a4c2d465d16d6\1.3.0\manifest.json (TelevisionFanatic)
   C:\Users\Lauren\AppData\Local\TelevisionFanatic\49a9d868ae4c0683ba1717130e2a4c2d465d16d6\1.3.0\reset.css (TelevisionFanatic)
   C:\Users\Lauren\AppData\Local\TelevisionFanatic\49a9d868ae4c0683ba1717130e2a4c2d465d16d6\1.3.0\SignedExtension.cab (TelevisionFanatic)
   C:\Users\Lauren\AppData\Local\TelevisionFanatic\49a9d868ae4c0683ba1717130e2a4c2d465d16d6\1.3.0\underscore-1.3.1.min.js (TelevisionFanatic)
   C:\Users\Lauren\AppData\Local\TelevisionFanatic\49a9d868ae4c0683ba1717130e2a4c2d465d16d6\1.3.0\widget-messaging-1.0.SNAPSHOT.js (TelevisionFanatic)
   C:\Users\Lauren\AppData\Local\TelevisionFanatic\49a9d868ae4c0683ba1717130e2a4c2d465d16d6\1.3.0\widget.html (TelevisionFanatic)
   C:\Users\Lauren\AppData\Local\TelevisionFanatic\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.1\ (TelevisionFanatic)
   C:\Users\Lauren\AppData\Local\TelevisionFanatic\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.1\anemone-1.2.7.js (TelevisionFanatic)
   C:\Users\Lauren\AppData\Local\TelevisionFanatic\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.1\App.html (TelevisionFanatic)
   C:\Users\Lauren\AppData\Local\TelevisionFanatic\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.1\Background.html (TelevisionFanatic)
   C:\Users\Lauren\AppData\Local\TelevisionFanatic\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.1\css\ (TelevisionFanatic)
   C:\Users\Lauren\AppData\Local\TelevisionFanatic\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.1\css\App.css (TelevisionFanatic)
   C:\Users\Lauren\AppData\Local\TelevisionFanatic\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.1\fonts\ (TelevisionFanatic)
   C:\Users\Lauren\AppData\Local\TelevisionFanatic\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.1\fonts\cabin.eot (TelevisionFanatic)
   C:\Users\Lauren\AppData\Local\TelevisionFanatic\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.1\fonts\cabin.woff (TelevisionFanatic)
   C:\Users\Lauren\AppData\Local\TelevisionFanatic\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.1\hogan-2.0.0.js (TelevisionFanatic)
   C:\Users\Lauren\AppData\Local\TelevisionFanatic\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.1\images\ (TelevisionFanatic)
   C:\Users\Lauren\AppData\Local\TelevisionFanatic\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.1\images\close.png (TelevisionFanatic)
   C:\Users\Lauren\AppData\Local\TelevisionFanatic\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.1\images\MainIcon.bmp (TelevisionFanatic)
   C:\Users\Lauren\AppData\Local\TelevisionFanatic\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.1\images\MainIcon.png (TelevisionFanatic)
   C:\Users\Lauren\AppData\Local\TelevisionFanatic\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.1\images\minimize.png (TelevisionFanatic)
   C:\Users\Lauren\AppData\Local\TelevisionFanatic\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.1\images\rate_WB.png (TelevisionFanatic)
   C:\Users\Lauren\AppData\Local\TelevisionFanatic\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.1\images\rateUISprite.png (TelevisionFanatic)
   C:\Users\Lauren\AppData\Local\TelevisionFanatic\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.1\images\search.png (TelevisionFanatic)
   C:\Users\Lauren\AppData\Local\TelevisionFanatic\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.1\images\WBlogo.png (TelevisionFanatic)
   C:\Users\Lauren\AppData\Local\TelevisionFanatic\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.1\images\weather\ (TelevisionFanatic)
   C:\Users\Lauren\AppData\Local\TelevisionFanatic\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.1\images\weather\ChanceOfRain.bmp (TelevisionFanatic)
   C:\Users\Lauren\AppData\Local\TelevisionFanatic\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.1\images\weather\ChanceOfRain.png (TelevisionFanatic)
   C:\Users\Lauren\AppData\Local\TelevisionFanatic\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.1\images\weather\ChanceOfRain_60x60.png (TelevisionFanatic)
   C:\Users\Lauren\AppData\Local\TelevisionFanatic\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.1\images\weather\ChanceOfRain_90x90.png (TelevisionFanatic)
   C:\Users\Lauren\AppData\Local\TelevisionFanatic\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.1\images\weather\ChanceOfSnow.bmp (TelevisionFanatic)
   C:\Users\Lauren\AppData\Local\TelevisionFanatic\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.1\images\weather\ChanceOfSnow.png (TelevisionFanatic)
   C:\Users\Lauren\AppData\Local\TelevisionFanatic\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.1\images\weather\ChanceOfSnow_60x60.png (TelevisionFanatic)
   C:\Users\Lauren\AppData\Local\TelevisionFanatic\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.1\images\weather\ChanceOfSnow_90x90.png (TelevisionFanatic)
   C:\Users\Lauren\AppData\Local\TelevisionFanatic\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.1\images\weather\ChanceOfStorm.bmp (TelevisionFanatic)
   C:\Users\Lauren\AppData\Local\TelevisionFanatic\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.1\images\weather\ChanceOfStorm.png (TelevisionFanatic)
   C:\Users\Lauren\AppData\Local\TelevisionFanatic\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.1\images\weather\ChanceOfStorm_60x60.png (TelevisionFanatic)
   C:\Users\Lauren\AppData\Local\TelevisionFanatic\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.1\images\weather\ChanceOfStorm_90x90.png (TelevisionFanatic)
   C:\Users\Lauren\AppData\Local\TelevisionFanatic\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.1\images\weather\ChanceOfTstorm.bmp (TelevisionFanatic)
   C:\Users\Lauren\AppData\Local\TelevisionFanatic\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.1\images\weather\ChanceOfTstorm.png (TelevisionFanatic)
   C:\Users\Lauren\AppData\Local\TelevisionFanatic\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.1\images\weather\ChanceOfTstorm_60x60.png (TelevisionFanatic)
   C:\Users\Lauren\AppData\Local\TelevisionFanatic\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.1\images\weather\ChanceOfTstorm_90x90.png (TelevisionFanatic)
   C:\Users\Lauren\AppData\Local\TelevisionFanatic\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.1\images\weather\Cloudy.bmp (TelevisionFanatic)
   C:\Users\Lauren\AppData\Local\TelevisionFanatic\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.1\images\weather\Cloudy.png (TelevisionFanatic)
   C:\Users\Lauren\AppData\Local\TelevisionFanatic\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.1\images\weather\Cloudy_60x60.png (TelevisionFanatic)
   C:\Users\Lauren\AppData\Local\TelevisionFanatic\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.1\images\weather\Cloudy_90x90.png (TelevisionFanatic)
   C:\Users\Lauren\AppData\Local\TelevisionFanatic\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.1\images\weather\Dust.bmp (TelevisionFanatic)
   C:\Users\Lauren\AppData\Local\TelevisionFanatic\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.1\images\weather\Dust.png (TelevisionFanatic)
   C:\Users\Lauren\AppData\Local\TelevisionFanatic\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.1\images\weather\Dust_60x60.png (TelevisionFanatic)
   C:\Users\Lauren\AppData\Local\TelevisionFanatic\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.1\images\weather\Dust_90x90.png (TelevisionFanatic)
   C:\Users\Lauren\AppData\Local\TelevisionFanatic\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.1\images\weather\Fog.bmp (TelevisionFanatic)
   C:\Users\Lauren\AppData\Local\TelevisionFanatic\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.1\images\weather\Fog.png (TelevisionFanatic)
   C:\Users\Lauren\AppData\Local\TelevisionFanatic\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.1\images\weather\Fog_60x60.png (TelevisionFanatic)
   C:\Users\Lauren\AppData\Local\TelevisionFanatic\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.1\images\weather\Fog_90x90.png (TelevisionFanatic)
   C:\Users\Lauren\AppData\Local\TelevisionFanatic\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.1\images\weather\Ice.bmp (TelevisionFanatic)
   C:\Users\Lauren\AppData\Local\TelevisionFanatic\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.1\images\weather\Ice.png (TelevisionFanatic)
   C:\Users\Lauren\AppData\Local\TelevisionFanatic\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.1\images\weather\Ice_60x60.png (TelevisionFanatic)
   C:\Users\Lauren\AppData\Local\TelevisionFanatic\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.1\images\weather\Ice_90x90.png (TelevisionFanatic)
   C:\Users\Lauren\AppData\Local\TelevisionFanatic\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.1\images\weather\MainIcon.bmp (TelevisionFanatic)
   C:\Users\Lauren\AppData\Local\TelevisionFanatic\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.1\images\weather\MainIcon.png (TelevisionFanatic)
   C:\Users\Lauren\AppData\Local\TelevisionFanatic\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.1\images\weather\Misc.bmp (TelevisionFanatic)
   C:\Users\Lauren\AppData\Local\TelevisionFanatic\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.1\images\weather\Misc.png (TelevisionFanatic)
   C:\Users\Lauren\AppData\Local\TelevisionFanatic\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.1\images\weather\Misc_60x60.png (TelevisionFanatic)
   C:\Users\Lauren\AppData\Local\TelevisionFanatic\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.1\images\weather\Misc_90x90.png (TelevisionFanatic)
   C:\Users\Lauren\AppData\Local\TelevisionFanatic\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.1\images\weather\Misty.bmp (TelevisionFanatic)
   C:\Users\Lauren\AppData\Local\TelevisionFanatic\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.1\images\weather\Misty.png (TelevisionFanatic)
   C:\Users\Lauren\AppData\Local\TelevisionFanatic\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.1\images\weather\Misty_60x60.png (TelevisionFanatic)
   C:\Users\Lauren\AppData\Local\TelevisionFanatic\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.1\images\weather\Misty_90x90.png (TelevisionFanatic)
   C:\Users\Lauren\AppData\Local\TelevisionFanatic\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.1\images\weather\MostlyCloudy.bmp (TelevisionFanatic)
   C:\Users\Lauren\AppData\Local\TelevisionFanatic\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.1\images\weather\MostlyCloudy.png (TelevisionFanatic)
   C:\Users\Lauren\AppData\Local\TelevisionFanatic\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.1\images\weather\MostlyCloudy_60x60.png (TelevisionFanatic)
   C:\Users\Lauren\AppData\Local\TelevisionFanatic\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.1\images\weather\MostlyCloudy_90x90.png (TelevisionFanatic)
   C:\Users\Lauren\AppData\Local\TelevisionFanatic\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.1\images\weather\MostlySunny.bmp (TelevisionFanatic)
   C:\Users\Lauren\AppData\Local\TelevisionFanatic\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.1\images\weather\MostlySunny.png (TelevisionFanatic)
   C:\Users\Lauren\AppData\Local\TelevisionFanatic\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.1\images\weather\MostlySunny_60x60.png (TelevisionFanatic)
   C:\Users\Lauren\AppData\Local\TelevisionFanatic\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.1\images\weather\MostlySunny_90x90.png (TelevisionFanatic)
   C:\Users\Lauren\AppData\Local\TelevisionFanatic\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.1\images\weather\Rain.bmp (TelevisionFanatic)
   C:\Users\Lauren\AppData\Local\TelevisionFanatic\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.1\images\weather\Rain.png (TelevisionFanatic)
   C:\Users\Lauren\AppData\Local\TelevisionFanatic\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.1\images\weather\Rain_60x60.png (TelevisionFanatic)
   C:\Users\Lauren\AppData\Local\TelevisionFanatic\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.1\images\weather\Rain_90x90.png (TelevisionFanatic)
   C:\Users\Lauren\AppData\Local\TelevisionFanatic\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.1\images\weather\SevereWeatherAdvisory.bmp (TelevisionFanatic)
   C:\Users\Lauren\AppData\Local\TelevisionFanatic\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.1\images\weather\SevereWeatherAdvisory.png (TelevisionFanatic)
   C:\Users\Lauren\AppData\Local\TelevisionFanatic\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.1\images\weather\SevereWeatherWarning.bmp (TelevisionFanatic)
   C:\Users\Lauren\AppData\Local\TelevisionFanatic\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.1\images\weather\SevereWeatherWarning.png (TelevisionFanatic)
   C:\Users\Lauren\AppData\Local\TelevisionFanatic\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.1\images\weather\SevereWeatherWatch.bmp (TelevisionFanatic)
   C:\Users\Lauren\AppData\Local\TelevisionFanatic\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.1\images\weather\SevereWeatherWatch.png (TelevisionFanatic)
   C:\Users\Lauren\AppData\Local\TelevisionFanatic\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.1\images\weather\Showers.bmp (TelevisionFanatic)
   C:\Users\Lauren\AppData\Local\TelevisionFanatic\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.1\images\weather\Showers.png (TelevisionFanatic)
   C:\Users\Lauren\AppData\Local\TelevisionFanatic\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.1\images\weather\Showers_60x60.png (TelevisionFanatic)
   C:\Users\Lauren\AppData\Local\TelevisionFanatic\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.1\images\weather\Showers_90x90.png (TelevisionFanatic)
   C:\Users\Lauren\AppData\Local\TelevisionFanatic\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.1\images\weather\Sleet.bmp (TelevisionFanatic)
   C:\Users\Lauren\AppData\Local\TelevisionFanatic\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.1\images\weather\Sleet.png (TelevisionFanatic)
   C:\Users\Lauren\AppData\Local\TelevisionFanatic\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.1\images\weather\Sleet_60x60.png (TelevisionFanatic)
   C:\Users\Lauren\AppData\Local\TelevisionFanatic\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.1\images\weather\Sleet_90x90.png (TelevisionFanatic)
   C:\Users\Lauren\AppData\Local\TelevisionFanatic\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.1\images\weather\Snow.bmp (TelevisionFanatic)
   C:\Users\Lauren\AppData\Local\TelevisionFanatic\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.1\images\weather\Snow.png (TelevisionFanatic)
   C:\Users\Lauren\AppData\Local\TelevisionFanatic\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.1\images\weather\Snow_60x60.png (TelevisionFanatic)
   C:\Users\Lauren\AppData\Local\TelevisionFanatic\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.1\images\weather\Snow_90x90.png (TelevisionFanatic)
   C:\Users\Lauren\AppData\Local\TelevisionFanatic\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.1\images\weather\Sunny.bmp (TelevisionFanatic)
   C:\Users\Lauren\AppData\Local\TelevisionFanatic\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.1\images\weather\Sunny.png (TelevisionFanatic)
   C:\Users\Lauren\AppData\Local\TelevisionFanatic\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.1\images\weather\Sunny_60x60.png (TelevisionFanatic)
   C:\Users\Lauren\AppData\Local\TelevisionFanatic\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.1\images\weather\Sunny_90x90.png (TelevisionFanatic)
   C:\Users\Lauren\AppData\Local\TelevisionFanatic\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.1\images\weather\Thunderstorm.bmp (TelevisionFanatic)
   C:\Users\Lauren\AppData\Local\TelevisionFanatic\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.1\images\weather\Thunderstorm.png (TelevisionFanatic)
   C:\Users\Lauren\AppData\Local\TelevisionFanatic\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.1\images\weather\Thunderstorm_60x60.png (TelevisionFanatic)
   C:\Users\Lauren\AppData\Local\TelevisionFanatic\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.1\images\weather\Thunderstorm_90x90.png (TelevisionFanatic)
   C:\Users\Lauren\AppData\Local\TelevisionFanatic\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.1\images\weather\Windy.bmp (TelevisionFanatic)
   C:\Users\Lauren\AppData\Local\TelevisionFanatic\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.1\images\weather\Windy.png (TelevisionFanatic)
   C:\Users\Lauren\AppData\Local\TelevisionFanatic\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.1\images\weather\Windy_60x60.png (TelevisionFanatic)
   C:\Users\Lauren\AppData\Local\TelevisionFanatic\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.1\images\weather\Windy_90x90.png (TelevisionFanatic)
   C:\Users\Lauren\AppData\Local\TelevisionFanatic\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.1\jquery-1.7.1.min.js (TelevisionFanatic)
   C:\Users\Lauren\AppData\Local\TelevisionFanatic\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.1\js\ (TelevisionFanatic)
   C:\Users\Lauren\AppData\Local\TelevisionFanatic\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.1\js\App.js (TelevisionFanatic)
   C:\Users\Lauren\AppData\Local\TelevisionFanatic\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.1\js\App.Test.js (TelevisionFanatic)
   C:\Users\Lauren\AppData\Local\TelevisionFanatic\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.1\js\Background.js (TelevisionFanatic)
   C:\Users\Lauren\AppData\Local\TelevisionFanatic\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.1\js\Settings.js (TelevisionFanatic)
   C:\Users\Lauren\AppData\Local\TelevisionFanatic\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.1\js\WeatherBlink.js (TelevisionFanatic)
   C:\Users\Lauren\AppData\Local\TelevisionFanatic\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.1\json2.min.js (TelevisionFanatic)
   C:\Users\Lauren\AppData\Local\TelevisionFanatic\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.1\manifest.json (TelevisionFanatic)
   C:\Users\Lauren\AppData\Local\TelevisionFanatic\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.1\reset.css (TelevisionFanatic)
   C:\Users\Lauren\AppData\Local\TelevisionFanatic\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.1\SignedExtension.cab (TelevisionFanatic)
   C:\Users\Lauren\AppData\Local\TelevisionFanatic\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.1\underscore-1.4.2.min.js (TelevisionFanatic)
   C:\Users\Lauren\AppData\Local\TelevisionFanatic\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.1\widget-api-1.2.js (TelevisionFanatic)
   C:\Users\Lauren\AppData\Local\TelevisionFanatic\UrlFolderExtension.uf1 (TelevisionFanatic)
   C:\Users\Lauren\AppData\Local\TelevisionFanatic\UrlFolderExtension.ufm (TelevisionFanatic)
   C:\Users\Lauren\AppData\LocalLow\IAC\ (MindSpark)
   C:\Users\Lauren\AppData\LocalLow\TelevisionFanatic\ (TelevisionFanatic)
   C:\Users\Lauren\AppData\LocalLow\TelevisionFanatic\bar\Cache\ (TelevisionFanatic)
   C:\Users\Lauren\AppData\LocalLow\TelevisionFanatic\bar\Cache\0003E1F5 (TelevisionFanatic)
   C:\Users\Lauren\AppData\LocalLow\TelevisionFanatic\bar\Cache\0003E648 (TelevisionFanatic)
   C:\Users\Lauren\AppData\LocalLow\TelevisionFanatic\bar\Cache\0003E752.bmp (TelevisionFanatic)
   C:\Users\Lauren\AppData\LocalLow\TelevisionFanatic\bar\Cache\0003E82C.bmp (TelevisionFanatic)
   C:\Users\Lauren\AppData\LocalLow\TelevisionFanatic\bar\Cache\0003E8C8.bmp (TelevisionFanatic)
   C:\Users\Lauren\AppData\LocalLow\TelevisionFanatic\bar\Cache\0003EA8C.cab (TelevisionFanatic)
   C:\Users\Lauren\AppData\LocalLow\TelevisionFanatic\bar\Cache\0003EE82.bmp (TelevisionFanatic)
   C:\Users\Lauren\AppData\LocalLow\TelevisionFanatic\bar\Cache\0003EEE0.bmp (TelevisionFanatic)
   C:\Users\Lauren\AppData\LocalLow\TelevisionFanatic\bar\Cache\0003EF9B.bmp (TelevisionFanatic)
   C:\Users\Lauren\AppData\LocalLow\TelevisionFanatic\bar\Cache\0003EFE9.bmp (TelevisionFanatic)
   C:\Users\Lauren\AppData\LocalLow\TelevisionFanatic\bar\Cache\0003F028.bmp (TelevisionFanatic)
   C:\Users\Lauren\AppData\LocalLow\TelevisionFanatic\bar\Cache\0003F076.bmp (TelevisionFanatic)
   C:\Users\Lauren\AppData\LocalLow\TelevisionFanatic\bar\Cache\0003F0B4.bmp (TelevisionFanatic)
   C:\Users\Lauren\AppData\LocalLow\TelevisionFanatic\bar\Cache\0003F150.bmp (TelevisionFanatic)
   C:\Users\Lauren\AppData\LocalLow\TelevisionFanatic\bar\Cache\0003F19E.bmp (TelevisionFanatic)
   C:\Users\Lauren\AppData\LocalLow\TelevisionFanatic\bar\Cache\0003F1DC.bmp (TelevisionFanatic)
   C:\Users\Lauren\AppData\LocalLow\TelevisionFanatic\bar\Cache\0003F288.cab (TelevisionFanatic)
   C:\Users\Lauren\AppData\LocalLow\TelevisionFanatic\bar\Cache\files.ini (TelevisionFanatic)
   C:\Users\Lauren\AppData\LocalLow\TelevisionFanatic\bar\History\ (TelevisionFanatic)
   C:\Users\Lauren\AppData\LocalLow\TelevisionFanatic\bar\History\search3 (TelevisionFanatic)
   C:\Users\Lauren\AppData\LocalLow\TelevisionFanatic\bar\Settings\ (TelevisionFanatic)
   C:\Users\Lauren\AppData\LocalLow\TelevisionFanatic\bar\Settings\prevcfg2.htm (TelevisionFanatic)
   C:\Users\Lauren\AppData\LocalLow\TelevisionFanatic\TelevisionFanatic\Cache\ (TelevisionFanatic)
   C:\Users\Lauren\AppData\LocalLow\TelevisionFanatic\TelevisionFanatic\Cache\PopupProperties211561156.html (TelevisionFanatic)
   C:\Users\Lauren\AppData\LocalLow\TelevisionFanatic\TelevisionFanatic\Cache\PopupProperties211561158.html (TelevisionFanatic)
   C:\Users\Lauren\AppData\LocalLow\TelevisionFanatic\TelevisionFanatic\Cache\PopupProperties211561174.html (TelevisionFanatic)
   C:\Users\Lauren\AppData\LocalLow\TelevisionFanatic\TelevisionFanatic\Cache\VideosAffinityBtn.html (TelevisionFanatic)
   ask.com_
   C:\Users\Tromm\AppData\Local\Google\Chrome\User Data\Default\Web Data
   C:\Users\Tromm\AppData\Local\IAC\ (MindSpark)
   HKLM\SOFTWARE\Classes\Interface\{0510789C-5E5D-4FA3-A3EF-2D56FDE5090A}\ (TelevisionFanatic)
   HKLM\SOFTWARE\Classes\Interface\{1E34EA93-600B-4CBC-9858-59BE04C1A581}\ (TelevisionFanatic)
   HKLM\SOFTWARE\Classes\Interface\{32CC4D2E-999C-4853-9D3E-5DE4C02D57C6}\ (TelevisionFanatic)
   HKLM\SOFTWARE\Classes\Interface\{34A117AD-7F43-4859-BF97-ADC46488953F}\ (TelevisionFanatic)
   HKLM\SOFTWARE\Classes\Interface\{42CB7963-EFE0-4737-A927-CE076FAA3BA0}\ (TelevisionFanatic)
   HKLM\SOFTWARE\Classes\Interface\{4B8E39FD-ED07-4A41-9681-3D78DAFCEE66}\ (TelevisionFanatic)
   HKLM\SOFTWARE\Classes\Interface\{4E7F49ED-8C94-4AAA-A407-3010D099B11A}\ (TelevisionFanatic)
   HKLM\SOFTWARE\Classes\Interface\{5A06A37E-F036-42EC-9D51-E738FACBFEB5}\ (TelevisionFanatic)
   HKLM\SOFTWARE\Classes\Interface\{7007FA4C-E372-4485-ADFA-213B9E38D87F}\ (TelevisionFanatic)
   HKLM\SOFTWARE\Classes\Interface\{7AE769DF-F151-4541-B820-031726E76E06}\ (TelevisionFanatic)
   HKLM\SOFTWARE\Classes\Interface\{844C2331-94DF-431E-9A67-426ED861D27F}\ (TelevisionFanatic)
   HKLM\SOFTWARE\Classes\Interface\{8684A596-308C-4872-ACA7-FF6093BBEEF7}\ (TelevisionFanatic)
   HKLM\SOFTWARE\Classes\Interface\{934063FB-A81D-4849-B02C-478446DF3219}\ (TelevisionFanatic)
   HKLM\SOFTWARE\Classes\Interface\{93A55DA3-83ED-4090-91B6-904C44647639}\ (TelevisionFanatic)
   HKLM\SOFTWARE\Classes\Interface\{966430CC-2097-45CA-8626-2C3F454C3297}\ (TelevisionFanatic)
   HKLM\SOFTWARE\Classes\Interface\{993161E3-CF87-46CF-A702-3FD05D3DEDDD}\ (TelevisionFanatic)
   HKLM\SOFTWARE\Classes\Interface\{9989BC14-9B5B-4B3B-8040-478FD1685E34}\ (TelevisionFanatic)
   HKLM\SOFTWARE\Classes\Interface\{9DFFAA5F-44C6-4FF2-80EE-76368D0A2E75}\ (TelevisionFanatic)
   HKLM\SOFTWARE\Classes\Interface\{AA8714C4-294D-47FB-BCE0-BC12445CFBD4}\ (TelevisionFanatic)
   HKLM\SOFTWARE\Classes\Interface\{B34A6A15-1F6F-4A19-A9DD-8B44C874A20B}\ (TelevisionFanatic)
   HKLM\SOFTWARE\Classes\Interface\{B8445FED-900C-4137-AD15-DDD2F6306B62}\ (TelevisionFanatic)
   HKLM\SOFTWARE\Classes\Interface\{BB27DF2F-6F05-4A42-9FFD-14696D795750}\ (TelevisionFanatic)
   HKLM\SOFTWARE\Classes\Interface\{C00F4B2B-A33C-40FC-8E47-4D18DCD4B01E}\ (TelevisionFanatic)
   HKLM\SOFTWARE\Classes\Interface\{C242AC08-2AE7-46A5-A62D-E7F1B9BE489C}\ (TelevisionFanatic)
   HKLM\SOFTWARE\Classes\Interface\{F3EC3AFF-8FD8-4253-ABA2-F2ABE0A5524A}\ (TelevisionFanatic)
   HKLM\SOFTWARE\Classes\Interface\{F85503FF-ED21-4493-9A4A-B6765EB45D94}\ (TelevisionFanatic)
   HKLM\SOFTWARE\Classes\Interface\{FEEAF56C-C91B-4D1C-9FC8-BAFD85F5F2B3}\ (TelevisionFanatic)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E\ (AskBar)
   HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{a5b9c0f5-5616-47cd-a95f-e43b488faccf}\ (TelevisionFanatic)
   HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\APNSetup_RASAPI32\ (AskBar)
   HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\APNSetup_RASMANCS\ (AskBar)
   HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2ff49ed5-a3ef-410b-918e-97deceb5996d}\ (TelevisionFanatic)
   HKU\S-1-5-21-1272866869-2122429395-3008059543-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2FF49ED5-A3EF-410B-918E-97DECEB5996D}\ (TelevisionFanatic)
Cookies _____________________________________________________________________
   C:\Users\Lauren\AppData\Local\Google\Chrome\User Data\Default\Cookies:doubleclick.net
   C:\Users\Tromm\AppData\Local\Google\Chrome\User Data\Default\Cookies:2o7.net
   C:\Users\Tromm\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.360yield.com
   C:\Users\Tromm\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.bridgetrack.com
   C:\Users\Tromm\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.creative-serving.com
   C:\Users\Tromm\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.pointroll.com
   C:\Users\Tromm\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.stickyadstv.com
   C:\Users\Tromm\AppData\Local\Google\Chrome\User Data\Default\Cookies:adtech.de
   C:\Users\Tromm\AppData\Local\Google\Chrome\User Data\Default\Cookies:adtechus.com
   C:\Users\Tromm\AppData\Local\Google\Chrome\User Data\Default\Cookies:advertising.com
   C:\Users\Tromm\AppData\Local\Google\Chrome\User Data\Default\Cookies:at.atwola.com
   C:\Users\Tromm\AppData\Local\Google\Chrome\User Data\Default\Cookies:atdmt.com
   C:\Users\Tromm\AppData\Local\Google\Chrome\User Data\Default\Cookies:bs.serving-sys.com
   C:\Users\Tromm\AppData\Local\Google\Chrome\User Data\Default\Cookies:burstnet.com
   C:\Users\Tromm\AppData\Local\Google\Chrome\User Data\Default\Cookies:casalemedia.com
   C:\Users\Tromm\AppData\Local\Google\Chrome\User Data\Default\Cookies:collective-media.net
   C:\Users\Tromm\AppData\Local\Google\Chrome\User Data\Default\Cookies:doubleclick.net
   C:\Users\Tromm\AppData\Local\Google\Chrome\User Data\Default\Cookies:media6degrees.com
   C:\Users\Tromm\AppData\Local\Google\Chrome\User Data\Default\Cookies:mediaplex.com
   C:\Users\Tromm\AppData\Local\Google\Chrome\User Data\Default\Cookies:microsoftsto.112.2o7.net
   C:\Users\Tromm\AppData\Local\Google\Chrome\User Data\Default\Cookies:oracle.112.2o7.net
   C:\Users\Tromm\AppData\Local\Google\Chrome\User Data\Default\Cookies:pointroll.com
   C:\Users\Tromm\AppData\Local\Google\Chrome\User Data\Default\Cookies:questionmarket.com
   C:\Users\Tromm\AppData\Local\Google\Chrome\User Data\Default\Cookies:revsci.net
   C:\Users\Tromm\AppData\Local\Google\Chrome\User Data\Default\Cookies:ru4.com
   C:\Users\Tromm\AppData\Local\Google\Chrome\User Data\Default\Cookies:serving-sys.com
   C:\Users\Tromm\AppData\Local\Google\Chrome\User Data\Default\Cookies:statcounter.com
   C:\Users\Tromm\AppData\Local\Google\Chrome\User Data\Default\Cookies:tribalfusion.com
   C:\Users\Tromm\AppData\Roaming\Microsoft\Windows\Cookies\5C6GV718.txt
   C:\Users\Tromm\AppData\Roaming\Microsoft\Windows\Cookies\8OLORWC3.txt
   C:\Users\Tromm\AppData\Roaming\Microsoft\Windows\Cookies\H028V1ET.txt
   C:\Users\Tromm\AppData\Roaming\Microsoft\Windows\Cookies\J35D5M3F.txt
   C:\Users\Tromm\AppData\Roaming\Microsoft\Windows\Cookies\JT59TVJQ.txt
   C:\Users\Tromm\AppData\Roaming\Microsoft\Windows\Cookies\MHGU23PL.txt
   C:\Users\Tromm\AppData\Roaming\Microsoft\Windows\Cookies\WE4VGOXX.txt


#14 DaisyComet

DaisyComet
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:04:08 PM

Posted 16 March 2015 - 06:38 PM

ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=d7ed0b9d6798524894482440f8d9572f
# engine=22935
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2015-03-16 11:36:39
# local_time=2015-03-16 06:36:39 (-0600, Central Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7600 NT
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 66 85 178077532 178092449 0 0
# scanned=277664
# found=4
# cleaned=0
# scan_time=5499
sh=2807C5D07299EF9463A016D968C2280945907A73 ft=1 fh=e99d65fc1c4e920d vn="a variant of Win32/InstallIQ.A potentially unwanted application" ac=I fn="C:\Program Files\SecureIT\quarantine\infected\java_setup[1].exe.1425061726"
sh=BD3C685B5F9C5FDDBCF46DAF1C89E094C69F87B0 ft=1 fh=62591177f2e83ca9 vn="a variant of Win32/HiddenStart.A potentially unsafe application" ac=I fn="C:\Program Files (x86)\Dell DataSafe Local Backup\hstart.exe"
sh=3963D8A5B82F5DD540BB1DDEE8BA5B8D9098C549 ft=1 fh=d69ca3895677d6e5 vn="a variant of Win32/HiddenStart.A potentially unsafe application" ac=I fn="C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe"
sh=2738D105544202E14900B5387D96CE97B98CACB2 ft=0 fh=0000000000000000 vn="a variant of Java/Exploit.CVE-2012-1723.FD trojan" ac=I fn="C:\Users\Tromm\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36\6025baa4-76887917"

#15 DaisyComet

DaisyComet
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:04:08 PM

Posted 16 March 2015 - 06:40 PM

C:\Program Files\SecureIT\quarantine\infected\java_setup[1].exe.1425061726 a variant of Win32/InstallIQ.A potentially unwanted application
C:\Program Files (x86)\Dell DataSafe Local Backup\hstart.exe a variant of Win32/HiddenStart.A potentially unsafe application
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe a variant of Win32/HiddenStart.A potentially unsafe application
C:\Users\Tromm\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36\6025baa4-76887917 a variant of Java/Exploit.CVE-2012-1723.FD trojan




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users