Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Home PC -- Spyware, Popups


  • This topic is locked This topic is locked
4 replies to this topic

#1 art_vandelay

art_vandelay

  • Members
  • 134 posts
  • OFFLINE
  •  
  • Local time:05:22 AM

Posted 06 December 2015 - 03:18 AM

Greetings.

 

We've got big time spyware / popup issues on our home PC.

 

Thanks in advance for help. 

 

Here is FRST log

===============================

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-12-2015
Ran by Lindholm (administrator) on MARINERS (06-12-2015 00:11:07)
Running from C:\Users\Lindholm\Desktop\Spyware
Loaded Profiles: Lindholm & RA Media Server (Available Profiles: Lindholm & RA Media Server)
Platform: Windows Vista ™ Home Premium Service Pack 2 (X64) Language: English (United States)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Apache Software Foundation) C:\Program Files (x86)\Common Files\Dell\apache\bin\httpd.exe
() C:\Program Files (x86)\Common Files\Dell\MySQL\bin\mysqld.exe
(SingleClick Systems) C:\Program Files (x86)\Common Files\Dell\Remote Access File Sync Service\dsl_fs_sync.exe
(Apache Software Foundation) C:\Program Files (x86)\Common Files\Dell\apache\bin\httpd.exe
(Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe
(Citrix Online, a division of Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\GoToMyPC\g2svc.exe
(Dell Inc.) C:\Program Files (x86)\Common Files\Dell\Advanced Networking Service\hnm_svc.exe
(Citrix Online, a division of Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\GoToMyPC\g2comm.exe
(Citrix Online, a division of Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\GoToMyPC\g2pre.exe
(Citrix Online, a division of Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\GoToMyPC\g2tray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(CyberLink Corp.) C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Google Inc.) C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [6963744 2009-03-04] (Realtek Semiconductor)
HKLM\...\Run: [Skytel] => C:\Program Files\Realtek\Audio\HDA\Skytel.exe
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => c:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [34672 2008-06-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [PDVDDXSrv] => C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe [128296 2008-05-23] (CyberLink Corp.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [803200 2015-12-01] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [126200 2014-11-20] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597552 2015-08-04] (Oracle Corporation)
HKLM-x32\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [4377256 2015-09-04] (Fitbit, Inc.)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [36713096 2015-11-04] (Dropbox, Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-972237742-4277227436-3115563062-1000\...\Run: [Messenger (Yahoo!)] => C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe [6595928 2012-05-25] (Yahoo! Inc.)
HKU\S-1-5-21-972237742-4277227436-3115563062-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2013-09-09] (Google Inc.)
HKU\S-1-5-21-972237742-4277227436-3115563062-1000\...\Run: [Speech Recognition] => C:\Windows\Speech\Common\sapisvr.exe [41984 2008-01-20] (Microsoft Corporation)
HKU\S-1-5-21-972237742-4277227436-3115563062-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7935904 2015-10-27] (SUPERAntiSpyware)
HKU\S-1-5-21-972237742-4277227436-3115563062-1000\...\Run: [WMPNSCFG] => C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
HKU\S-1-5-21-972237742-4277227436-3115563062-1000\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [4377256 2015-09-04] (Fitbit, Inc.)
HKU\S-1-5-21-972237742-4277227436-3115563062-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\ssBranded.scr [8432640 2008-01-20] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Dell Remote Access.lnk [2015-11-23]
ShortcutTarget: Dell Remote Access.lnk -> c:\Windows\Installer\{F66A31D9-7831-4FBA-BA02-C411C0047CC5}\NewShortcut4_F66A31D978314FBABA02C411C0047CC5.exe (Macrovision Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2015-07-03]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk [2009-05-22]
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk [2009-05-22]
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Lindholm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Photosmart 6520 series.lnk [2015-11-23]
ShortcutTarget: Monitor Ink Alerts - HP Photosmart 6520 series.lnk -> C:\Program Files\HP\HP Photosmart 6520 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
Startup: C:\Users\RA Media Server\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk [2009-05-22]
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{B6501290-91D1-47D2-A36F-15A33B7D4DD3}: [DhcpNameServer] 192.168.20.7 192.168.20.10
Tcpip\..\Interfaces\{EFA115CF-8A60-44F7-92CD-B3CF9D03067B}: [DhcpNameServer] 75.75.75.75 75.75.76.76

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-972237742-4277227436-3115563062-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-972237742-4277227436-3115563062-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\S-1-5-21-972237742-4277227436-3115563062-1000 -> {0E526EB4-2B34-45DA-8E5C-72FD4F1A694C} URL = hxxp://www.google.com/search?q={searchTerms}
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_60\bin\ssv.dll [2015-08-26] (Oracle Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-09-22] (Google Inc.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-08-26] (Oracle Corporation)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll [2014-04-09] (McAfee, Inc.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> c:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11] (Adobe Systems Incorporated)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-09-22] (Google Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-09-22] (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-09-22] (Google Inc.)
Toolbar: HKU\.DEFAULT -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-09-22] (Google Inc.)
Toolbar: HKU\S-1-5-21-972237742-4277227436-3115563062-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-09-22] (Google Inc.)
Toolbar: HKU\S-1-5-21-972237742-4277227436-3115563062-1000 -> &Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\Windows\system32\ieframe.dll [2015-10-31] (Microsoft Corporation)
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab

FireFox:
========
FF ProfilePath: C:\Users\Lindholm\AppData\Roaming\Mozilla\Firefox\Profiles\1jr5kn4p.default-1448321706286
FF DefaultSearchEngine.US: Google
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_19_0_0_245.dll [2015-11-10] ()
FF Plugin: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-08-26] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-08-26] (Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_245.dll [2015-11-10] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 -> C:\Windows\SysWOW64\npDeployJava1.dll [2013-09-09] (Oracle Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll [2012-05-25] (Yahoo! Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8051.1204 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2008-12-04] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-02] (Google Inc.)
FF Plugin HKU\S-1-5-21-972237742-4277227436-3115563062-1000: @citrixonline.com/appdetectorplugin -> C:\Users\Lindholm\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2014-01-30] (Citrix Online)
FF Plugin HKU\S-1-5-21-972237742-4277227436-3115563062-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Lindholm\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-06-17] (Unity Technologies ApS)
FF Extension: GameZooks - C:\Users\Lindholm\AppData\Roaming\Mozilla\Firefox\Profiles\1jr5kn4p.default-1448321706286\Extensions\{8693cb76-1caf-4115-9bd7-6bab02330326}.xpi [2015-12-05]
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2013-09-20] [not signed]
FF HKU\S-1-5-21-972237742-4277227436-3115563062-1000\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: No Name - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04] [not signed]

Chrome:
=======
CHR Profile: C:\Users\Lindholm\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Cloudy Calculator) - C:\Users\Lindholm\AppData\Local\Google\Chrome\User Data\Default\Extensions\acgimceffoceigocablmjdpebeodphgc [2015-10-08]
CHR Extension: (geography puzzles) - C:\Users\Lindholm\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahhobhjcbloinpmfpfamnpcedjeiaedk [2015-10-08]
CHR Extension: (Google Drive) - C:\Users\Lindholm\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (Dualless) - C:\Users\Lindholm\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgdpkilkheacbboffppjgceiplijhfpd [2015-10-11]
CHR Extension: (Loupe Collage) - C:\Users\Lindholm\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhaonknplhhecdgjpphnooeomecgipkc [2015-10-08]
CHR Extension: (GeoGebra) - C:\Users\Lindholm\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnbaboaihhkjoaolfnfoablhllahjnee [2015-10-08]
CHR Extension: (Gmail Offline) - C:\Users\Lindholm\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejidjjhkpiempkbhmpbfngldlkglhimk [2015-10-21]
CHR Extension: (Avira Browser Safety) - C:\Users\Lindholm\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2015-10-08]
CHR Extension: (Office Editing for Docs, Sheets & Slides) - C:\Users\Lindholm\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbkeegbaiigmenfmjfclcdgdpimamgkj [2015-10-11]
CHR Extension: (Save to Google Drive) - C:\Users\Lindholm\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmbmikajjgmnabiglmofipeabaddhgne [2015-10-11]
CHR Extension: (Camera) - C:\Users\Lindholm\AppData\Local\Google\Chrome\User Data\Default\Extensions\hfhhnacclhffhdffklopdkcgdhifgngh [2015-10-08]
CHR Extension: (Pixlr Editor) - C:\Users\Lindholm\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmaknaampgiegkcjlimdiidlhopknpk [2015-10-11]
CHR Extension: (Synergyse Training for Google Apps™) - C:\Users\Lindholm\AppData\Local\Google\Chrome\User Data\Default\Extensions\idkloemkmldbemijiamdiolojbffnjlh [2015-10-08]
CHR Extension: (Hapara Interact Extension) - C:\Users\Lindholm\AppData\Local\Google\Chrome\User Data\Default\Extensions\iehakgpdecaomokcdicdigpbmipnllcg [2015-10-11]
CHR Extension: (Read&Write for Google Chrome™) - C:\Users\Lindholm\AppData\Local\Google\Chrome\User Data\Default\Extensions\inoeonmfapjbbkmdafoankkfajkcphgd [2015-10-08]
CHR Extension: (CKAuthenticator) - C:\Users\Lindholm\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdogphakondfdmcanpapfahkdomaicfa [2015-10-08]
CHR Extension: (Hapara Highlights Extension) - C:\Users\Lindholm\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbohafcopfpigkjdimdcdgenlhkmhbnc [2015-10-08]
CHR Extension: (Webcam Toy) - C:\Users\Lindholm\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfbgimoladefibpklnfmkpknadbklade [2015-10-08]
CHR Extension: (Google Classroom) - C:\Users\Lindholm\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhehppjhmmnlfbbopchdfldgimhfhfk [2015-10-08]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Lindholm\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-10-08]
CHR Extension: (PowToon Presentations Edu) - C:\Users\Lindholm\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogodblbnhpbcmcjcoopbalconhnloagl [2015-10-08]
CHR Extension: (WeVideo - Video Editor and Maker) - C:\Users\Lindholm\AppData\Local\Google\Chrome\User Data\Default\Extensions\okgjbfikepgflmlelgfgecmgjnmnmnnb [2015-10-18]
CHR Extension: (Gmail) - C:\Users\Lindholm\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-10-11]
CHR Extension: (Hapara Teacher Dashboard for Google Apps) - C:\Users\Lindholm\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkimffcemlhioogdhaflfefoklamojgh [2015-10-08]
CHR Extension: (Snapverter) - C:\Users\Lindholm\AppData\Local\Google\Chrome\User Data\Default\Extensions\plebojnaihkfjkkpgaemcjpnkmcpleih [2015-10-11]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe [930944 2015-12-01] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [466408 2015-12-01] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [466408 2015-12-01] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1222952 2015-12-01] (Avira Operations GmbH & Co. KG)
R2 Apache2.2; C:\Program Files (x86)\Common Files\Dell\apache\bin\httpd.exe [15872 2007-09-21] (Apache Software Foundation) [File not signed]
S2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [166192 2014-11-20] (Avira Operations GmbH & Co. KG)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [136048 2015-10-12] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [136048 2015-10-12] (Dropbox, Inc.)
R2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [155648 2008-12-18] (Stardock Corporation) [File not signed]
R2 dsl-db; C:\Program Files (x86)\Common Files\Dell\MySQL\bin\mysqld.exe [5730304 2007-09-14] () [File not signed]
R2 Fitbit Connect; C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe [5750440 2015-09-04] (Fitbit, Inc.)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [383544 2008-01-20] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27648 2008-01-20] (Microsoft Corporation)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [162072 2015-12-01] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [140448 2015-12-01] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-01-20] (Avira Operations GmbH & Co. KG)
S1 Beep; no ImagePath
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-04-14] (Malwarebytes Corporation)
R2 monblanking; C:\Windows\System32\DRIVERS\monblanking.sys [37112 2015-03-20] (Citrix Systems)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-11-19 19:39 - 2015-11-19 19:39 - 00162426 _____ C:\Users\Lindholm\Downloads\SRS-2 Pg 2.pdf
2015-11-11 22:48 - 2015-11-11 22:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-11-11 03:17 - 2015-09-26 08:05 - 00281600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-11-11 03:17 - 2015-09-26 08:05 - 00077312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-11-11 03:17 - 2015-09-26 08:04 - 00206336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-11-11 03:17 - 2015-09-26 07:58 - 00350720 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-11-11 03:17 - 2015-09-26 07:58 - 00257536 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-11-11 03:17 - 2015-09-26 05:21 - 00275968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2015-11-11 03:17 - 2015-09-22 05:10 - 00517976 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-11-11 03:17 - 2015-09-22 05:10 - 00306688 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2015-11-11 03:16 - 2015-10-17 06:35 - 02798592 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-11-11 03:11 - 2015-10-17 08:01 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-11-11 03:11 - 2015-10-17 07:41 - 00659456 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-11-11 03:09 - 2015-10-10 07:48 - 00736192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2015-11-11 03:02 - 2015-10-13 06:45 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2015-11-11 03:02 - 2015-10-13 06:44 - 00094720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2015-11-11 03:01 - 2015-10-14 12:25 - 01586304 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-11-11 03:01 - 2015-10-14 12:25 - 01168600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-11-11 03:01 - 2015-10-14 07:47 - 04691392 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-11-10 21:13 - 2015-10-31 11:48 - 17079296 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-11-10 21:13 - 2015-10-31 11:45 - 10886144 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-11-10 21:13 - 2015-10-31 11:45 - 00448512 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-11-10 21:13 - 2015-10-31 11:44 - 02264576 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-11-10 21:13 - 2015-10-31 11:44 - 01494016 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-11-10 21:13 - 2015-10-31 11:44 - 01299968 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-11-10 21:13 - 2015-10-31 11:44 - 01295872 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-11-10 21:13 - 2015-10-31 11:43 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-11-10 21:13 - 2015-10-31 11:43 - 02129408 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-11-10 21:13 - 2015-10-31 11:43 - 00887296 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-11-10 21:13 - 2015-10-31 11:43 - 00724992 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-11-10 21:13 - 2015-10-31 11:43 - 00521728 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-11-10 21:13 - 2015-10-31 11:43 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-11-10 21:13 - 2015-10-31 11:43 - 00269824 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-11-10 21:13 - 2015-10-31 11:43 - 00234496 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-11-10 21:13 - 2015-10-31 11:43 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-11-10 21:13 - 2015-10-31 11:43 - 00173568 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-11-10 21:13 - 2015-10-31 11:43 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-11-10 21:13 - 2015-10-31 11:43 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-11-10 21:13 - 2015-10-31 11:43 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-11-10 21:13 - 2015-10-31 11:43 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-11-10 21:13 - 2015-10-31 11:43 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-11-10 21:13 - 2015-10-31 10:40 - 12376576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-11-10 21:13 - 2015-10-31 10:38 - 09727488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-11-10 21:13 - 2015-10-31 10:38 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-11-10 21:13 - 2015-10-31 10:37 - 01830912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-11-10 21:13 - 2015-10-31 10:36 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-11-10 21:13 - 2015-10-31 10:36 - 01789440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-11-10 21:13 - 2015-10-31 10:36 - 01436160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-11-10 21:13 - 2015-10-31 10:36 - 01093632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-11-10 21:13 - 2015-10-31 10:36 - 01088512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-11-10 21:13 - 2015-10-31 10:36 - 00711168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-11-10 21:13 - 2015-10-31 10:36 - 00615424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-11-10 21:13 - 2015-10-31 10:36 - 00412672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-11-10 21:13 - 2015-10-31 10:36 - 00358400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-11-10 21:13 - 2015-10-31 10:36 - 00232960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2015-11-10 21:13 - 2015-10-31 10:36 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-11-10 21:13 - 2015-10-31 10:36 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-11-10 21:13 - 2015-10-31 10:36 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-11-10 21:13 - 2015-10-31 10:36 - 00077312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-11-10 21:13 - 2015-10-31 10:36 - 00064512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-11-10 21:13 - 2015-10-31 10:36 - 00042496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2015-11-10 21:13 - 2015-10-31 10:36 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2015-11-10 21:13 - 2015-10-31 10:36 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2015-11-09 15:31 - 2015-11-09 15:31 - 00054928 _____ C:\Users\Lindholm\Downloads\CLOCK-BIG2.pdf
2015-11-06 15:34 - 2015-11-06 15:37 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-11-06 12:16 - 2015-11-06 12:16 - 08045295 _____ C:\Users\Lindholm\Downloads\budgetbinder30daysblog.pdf
2015-11-06 11:51 - 2015-11-06 11:51 - 00053034 _____ C:\Users\Lindholm\Downloads\0e1d8d86.pdf
2015-11-06 10:34 - 2015-11-06 10:34 - 00032924 _____ C:\Users\Lindholm\Downloads\Budget.pdf
2015-11-06 10:33 - 2015-11-06 10:33 - 00021792 _____ C:\Users\Lindholm\Downloads\Ideas 1.pdf
2015-11-06 10:33 - 2015-11-06 10:33 - 00013083 _____ C:\Users\Lindholm\Downloads\Notes.pdf
2015-11-06 10:32 - 2015-11-06 10:32 - 00141673 _____ C:\Users\Lindholm\Downloads\Contacts 1.pdf
2015-11-06 10:31 - 2015-11-06 10:31 - 00065539 _____ C:\Users\Lindholm\Downloads\Auto 1.pdf
2015-11-06 10:30 - 2015-11-06 10:30 - 00036065 _____ C:\Users\Lindholm\Downloads\Meal Weekly.pdf
2015-11-06 10:30 - 2015-11-06 10:30 - 00026474 _____ C:\Users\Lindholm\Downloads\Cleaning 1.pdf
2015-11-06 10:29 - 2015-11-06 10:29 - 00038461 _____ C:\Users\Lindholm\Downloads\Recipe Fav 1.pdf
2015-11-06 10:28 - 2015-11-06 10:28 - 00001399 _____ C:\Users\Lindholm\Documents\hou.txt
2015-11-06 10:27 - 2015-11-06 10:27 - 00131432 _____ C:\Users\Lindholm\Downloads\Special Dates1.pdf

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-12-06 00:11 - 2015-06-23 18:02 - 00000000 ____D C:\FRST
2015-12-06 00:11 - 2015-06-23 18:00 - 00000000 ____D C:\Users\Lindholm\Desktop\Spyware
2015-12-05 23:45 - 2015-10-12 19:40 - 00000912 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
2015-12-05 23:34 - 2013-09-09 15:10 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-12-05 23:23 - 2014-02-07 03:04 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-12-05 22:21 - 2006-11-02 07:22 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-12-05 22:21 - 2006-11-02 07:22 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-12-05 20:45 - 2015-10-12 19:40 - 00000908 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
2015-12-05 03:34 - 2013-09-09 15:10 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-12-02 23:35 - 2014-09-11 14:10 - 00002027 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-12-02 03:29 - 2013-09-09 15:10 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-12-02 03:29 - 2013-09-09 15:10 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-12-01 02:14 - 2014-12-15 06:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-12-01 02:12 - 2013-09-09 15:25 - 00162072 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2015-12-01 02:12 - 2013-09-09 15:25 - 00140448 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2015-11-23 16:27 - 2006-11-02 05:33 - 00000000 ____D C:\Windows\inf
2015-11-23 16:27 - 2006-11-02 04:46 - 00758862 _____ C:\Windows\system32\PerfStringBackup.INI
2015-11-23 16:21 - 2013-09-09 13:01 - 00000000 ____D C:\ProgramData\TEMP
2015-11-23 16:20 - 2013-09-11 09:46 - 00000000 _____ C:\Windows\system32\Drivers\lvuvc.hs
2015-11-23 16:20 - 2006-11-02 07:42 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-11-23 16:19 - 2006-11-02 07:42 - 00032600 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-11-23 15:35 - 2014-10-07 00:45 - 00000000 ____D C:\Users\Lindholm\Desktop\Old Firefox Data
2015-11-19 15:59 - 2014-09-30 16:51 - 00000000 ____D C:\Users\RA Media Server
2015-11-11 22:48 - 2015-10-12 19:40 - 00000000 ____D C:\Program Files (x86)\Dropbox
2015-11-11 04:06 - 2006-11-02 05:33 - 00000000 ____D C:\Windows\rescache
2015-11-11 03:50 - 2006-11-02 07:21 - 00339608 _____ C:\Windows\system32\FNTCACHE.DAT
2015-11-11 03:49 - 2015-07-03 09:15 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2015-11-11 03:49 - 2014-09-09 16:37 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-11-11 03:47 - 2006-11-02 05:33 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-11-11 03:46 - 2006-11-02 07:07 - 00000000 ____D C:\Program Files\Windows Journal
2015-11-11 03:30 - 2013-09-09 15:46 - 00000000 ____D C:\Windows\system32\MRT
2015-11-11 03:18 - 2006-11-02 04:35 - 145617392 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2015-11-11 03:17 - 2015-06-23 18:54 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-11-11 03:05 - 2014-02-04 03:06 - 00752174 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2015-11-10 12:23 - 2014-02-07 03:04 - 00003682 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-11-10 12:23 - 2013-09-10 20:11 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-11-10 12:23 - 2013-09-10 20:11 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-11-09 22:30 - 2015-06-23 19:00 - 00002609 _____ C:\Users\Lindholm\Desktop\Microsoft Office Excel 2007.lnk
2015-11-06 08:49 - 2013-09-09 22:16 - 00135168 _____ C:\Users\Lindholm\Documents\Budget.xls
2015-11-06 08:46 - 2013-09-24 20:36 - 00011926 _____ C:\Users\Lindholm\AppData\Roaming\wklnhst.dat

==================== Files in the root of some directories =======

2013-09-24 20:36 - 2015-11-06 08:46 - 0011926 _____ () C:\Users\Lindholm\AppData\Roaming\wklnhst.dat
2013-10-13 12:51 - 2015-10-12 18:29 - 0006080 _____ () C:\Users\Lindholm\AppData\Local\d3d9caps.dat
2013-09-16 18:47 - 2015-09-16 16:55 - 0054272 _____ () C:\Users\Lindholm\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-07-04 13:35 - 2014-07-04 13:37 - 0437366 _____ () C:\Users\Lindholm\AppData\Local\dd_vcredistMSI038F.txt
2014-07-04 13:35 - 2014-07-04 13:37 - 0024208 _____ () C:\Users\Lindholm\AppData\Local\dd_vcredistUI038F.txt
2014-05-13 20:08 - 2014-05-13 20:08 - 0000057 _____ () C:\ProgramData\Ament.ini

Some files in TEMP:
====================
C:\Users\Lindholm\AppData\Local\temp\avgnt.exe
C:\Users\Lindholm\AppData\Local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp6evaim.dll
C:\Users\Lindholm\AppData\Local\temp\jre-8u51-windows-au.exe
C:\Users\Lindholm\AppData\Local\temp\jre-8u60-windows-au.exe
C:\Users\Lindholm\AppData\Local\temp\jre-8u66-windows-au.exe

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-12-05 17:54

==================== End of FRST.txt ============================

 

 

 

 

 

Addition.txt

==============

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:05-12-2015
Ran by Lindholm (2015-12-06 00:12:18)
Running from C:\Users\Lindholm\Desktop\Spyware
Windows Vista ™ Home Premium Service Pack 2 (X64) (2009-05-22 18:23:05)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-972237742-4277227436-3115563062-500 - Administrator - Disabled)
Guest (S-1-5-21-972237742-4277227436-3115563062-501 - Limited - Disabled)
Kristi (S-1-5-21-972237742-4277227436-3115563062-1002 - Limited - Enabled)
Lindholm (S-1-5-21-972237742-4277227436-3115563062-1000 - Administrator - Enabled) => C:\Users\Lindholm
RA Media Server (S-1-5-21-972237742-4277227436-3115563062-1001 - Administrator - Enabled) => C:\Users\RA Media Server

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Acrobat.com (HKLM-x32\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated)
Acrobat.com (x32 Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.0.4990 - Adobe Systems Inc.)
Adobe Flash Player 19 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 19.0.0.245 - Adobe Systems Incorporated)
Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.245 - Adobe Systems Incorporated)
Adobe Reader 9 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A90000000001}) (Version: 9.0.0 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Avira (HKLM-x32\...\{e7c7c227-b742-4878-9425-f09bbf9951db}) (Version: 1.1.27.25527 - Avira Operations & Co. KG)
Avira (x32 Version: 1.1.27.25527 - Avira Operations & Co. KG) Hidden
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.15.125 - Avira Operations GmbH & Co. KG)
Choice Guard (x32 Version: 1.2.87.0 - Microsoft Corporation) Hidden
Citrix Online Launcher (HKLM-x32\...\{75B8A55E-0762-4676-AAC0-6FDF025B034B}) (Version: 1.0.220 - Citrix)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Dell Dock (HKLM\...\{F6CB42B9-F033-4152-8813-FF11DA8E6A78}) (Version: 1.0.0 - Dell)
Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Dell Remote Access (HKLM-x32\...\{F66A31D9-7831-4FBA-BA02-C411C0047CC5}) (Version: 1.0.0.0 - Dell Inc.)
Dropbox (HKLM-x32\...\Dropbox) (Version: 3.10.11 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.27.37 - Dropbox, Inc.) Hidden
Fitbit Connect (HKLM-x32\...\{9EC69368-C1C7-48BA-AD93-01EFC142DDF9}) (Version: 2.0.0.6630 - Fitbit Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 47.0.2526.73 - Google Inc.)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6904.2028 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) Hidden
GoToMyPC (HKLM\...\{ED8FAC5C-24F9-4F6B-9F9A-010360BDA1D2}) (Version: 8.3.1611 - Citrix Systems, Inc.)
H&R Block Basic + Efile 2013 (HKLM-x32\...\{FDF789BA-0A3F-45B1-AFC3-FB424AFEB3D0}) (Version: 13.02.6502 - HRB Technology, LLC.)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Photosmart 6520 series Basic Device Software (HKLM\...\{1151BCF8-3246-4E34-9C17-22E66318C41C}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Photosmart 6520 series Help (HKLM-x32\...\{D3293275-1002-41F5-BC37-099B4251FF5B}) (Version: 28.0.0 - Hewlett Packard)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - Intel Corporation)
Internet Updater (HKLM-x32\...\InternetUpdater) (Version: 2.6.57 - Parallel Lines Development, LLC) <==== ATTENTION
iSEEK AnswerWorks English Runtime (HKLM-x32\...\{18A8E78B-9EF2-496E-B310-BCD8E4C1DAB3}) (Version: 010.000.0101 - Vantage Linguistics)
Java 8 Update 60 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418060F0}) (Version: 8.0.600.27 - Oracle Corporation)
Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
McAfee Security Scan Plus (HKLM-x32\...\McAfee Security Scan) (Version: 3.0.285.6 - McAfee, Inc.)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0014-0000-0000-0000000FF1CE}_PRO_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Professional 2007 (HKLM-x32\...\PRO) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
Mozilla Firefox 42.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 42.0 (x86 en-US)) (Version: 42.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 42.0.0.5780 - Mozilla)
MSXML 4.0 SP2 (KB927978) (HKLM-x32\...\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}) (Version: 4.20.9841.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
PowerDVD (HKLM-x32\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 8.1 - Dell)
Quicken 2012 (HKLM-x32\...\{0A1E0BDA-5E8F-436d-8BE5-7E97C5CB899D}) (Version: 21.1.7.18 - Intuit)
QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5780 - Realtek Semiconductor Corp.)
Roxio Creator DE (HKLM-x32\...\{09760D42-E223-42AD-8C3E-55B47D0DDAC3}) (Version: 10.1 - Roxio)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1194 - SUPERAntiSpyware.com)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0014-0000-0000-0000000FF1CE}_PRO_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Updater (HKLM-x32\...\{D54E3D9F-FEB8-4D2D-A138-B69A5C80080B}) (Version: 2.6.53 - Creative Island Media, LLC) <==== ATTENTION
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8050.1202 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{FDD810CA-D5E3-40E9-AB7B-36440B0D41EF}) (Version: 14.0.8050.1202 - Microsoft Corporation)
Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)
Yahoo! Software Update (HKLM-x32\...\Yahoo! Software Update) (Version:  - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== Restore Points =========================

10-11-2015 00:00:04 Scheduled Checkpoint
11-11-2015 01:40:50 Scheduled Checkpoint
11-11-2015 03:00:38 Windows Update
12-11-2015 00:00:09 Scheduled Checkpoint
13-11-2015 00:00:02 Scheduled Checkpoint
14-11-2015 00:20:04 Scheduled Checkpoint
15-11-2015 00:00:03 Scheduled Checkpoint
16-11-2015 00:24:01 Scheduled Checkpoint
17-11-2015 00:00:03 Scheduled Checkpoint
19-11-2015 17:43:32 Scheduled Checkpoint
21-11-2015 01:31:58 Scheduled Checkpoint
22-11-2015 00:42:16 Scheduled Checkpoint
23-11-2015 10:17:12 Scheduled Checkpoint
24-11-2015 00:00:01 Scheduled Checkpoint
25-11-2015 00:00:01 Scheduled Checkpoint
26-11-2015 00:00:01 Scheduled Checkpoint
27-11-2015 00:00:02 Scheduled Checkpoint
28-11-2015 02:38:08 Scheduled Checkpoint
29-11-2015 00:00:03 Scheduled Checkpoint
30-11-2015 00:00:03 Scheduled Checkpoint
01-12-2015 00:39:15 Scheduled Checkpoint
02-12-2015 00:00:04 Scheduled Checkpoint
03-12-2015 00:00:03 Scheduled Checkpoint
04-12-2015 00:00:01 Scheduled Checkpoint

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 04:34 - 2015-07-01 07:16 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1       localhost

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {54F29B4E-32ED-420A-B426-2F0C677639F4} - \SlimCleaner Plus (Scheduled Scan - Lindholm) -> No File <==== ATTENTION
Task: {5A282115-1E21-4BF5-9D94-6C523FD24562} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-10-12] (Dropbox, Inc.)
Task: {5EC2C95B-739D-4907-BA2F-7870E6D6EEDF} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {6A10ADF2-202F-42B2-8340-C4050E568BF5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {75F56350-ACC7-44EC-867D-0730B32FD79E} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-10-12] (Dropbox, Inc.)
Task: {8B2BDA31-63DA-4F0C-A2A0-8AEFDE8B187D} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {98CAF2EB-9F85-4715-ACF5-B5DACBCE5A07} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-11-10] (Adobe Systems Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2007-09-14 09:35 - 2007-09-14 09:35 - 05730304 _____ () C:\Program Files (x86)\Common Files\Dell\MySQL\bin\mysqld.exe
2008-05-19 12:47 - 2008-05-19 12:47 - 00450560 _____ () C:\Program Files (x86)\Common Files\Dell\apache\ioncube_loader_win_5.2.dll
2007-09-21 09:32 - 2007-09-21 09:32 - 02035712 _____ () C:\Program Files (x86)\Common Files\Dell\apache\LIBMYSQL.dll
2007-09-24 03:27 - 2007-09-24 03:27 - 02035712 _____ () C:\Program Files (x86)\Common Files\Dell\Remote Access File Sync Service\LIBMYSQL.dll
2014-12-11 16:40 - 2014-12-11 16:40 - 40622592 ____R () C:\Program Files (x86)\Fitbit Connect\libcef.dll
2013-10-10 15:22 - 2012-05-25 03:25 - 00921600 _____ () C:\Program Files (x86)\Yahoo!\Messenger\yui.dll
2013-10-10 15:21 - 2012-05-25 03:25 - 00078336 _____ () C:\Program Files (x86)\Yahoo!\Messenger\pcre.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:373E1720
AlternateDataStreams: C:\ProgramData\TEMP:5D432CE3

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-972237742-4277227436-3115563062-1000\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\img19.jpg
HKU\S-1-5-21-972237742-4277227436-3115563062-1001\Control Panel\Desktop\\Wallpaper -> C:\windows\Web\Wallpaper\img24.jpg
DNS Servers: 75.75.75.75 - 75.75.76.76
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 1) (EnableLUA: 0)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [WinCollab-Out-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-Out-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-DFSR-Out-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [WinCollab-DFSR-In-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [{A8B6A86E-283C-4523-9316-98CAF497D5D9}] => (Allow) C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe
FirewallRules: [{90465D58-2CAF-49C6-9E5F-CA6C222D4E0F}] => (Allow) C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
FirewallRules: [{3FF1A960-9FA8-462B-875A-E9E6C02E046F}] => (Allow) C:\Program Files (x86)\Dell Remote Access\ezi_ra.exe
FirewallRules: [{93AADB7A-08AB-4D3A-8DCB-365617BC5549}] => (Allow) C:\Program Files (x86)\Dell Remote Access\ezi_ra.exe
FirewallRules: [{A31B2A45-A9AD-4B5A-9F11-59E319CC1527}] => (Allow) C:\Program Files (x86)\Common Files\Dell\Advanced Networking Service\hnm_svc.exe
FirewallRules: [{BC74BBA6-A5E4-42B1-BA2B-909DF531AC76}] => (Allow) C:\Program Files (x86)\Common Files\Dell\Advanced Networking Service\hnm_svc.exe
FirewallRules: [{E9E17B6E-6BB7-4247-980D-2A11660160E3}] => (Allow) C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [{C0D2E0AF-BAFE-49BE-AE43-AA94129C2CD0}] => (Allow) C:\Program Files (x86)\Common Files\Dell\VLC\vlc.exe
FirewallRules: [{1654F6DA-0838-41C6-B059-F8424593973E}] => (Allow) C:\Program Files (x86)\Common Files\Dell\VLC\vlc.exe
FirewallRules: [{67B73421-A8CE-4EE5-886E-B5E85D2077A9}] => (Allow) LPort=80
FirewallRules: [{105C490B-60CD-4530-91BA-8547845DE8E3}] => (Allow) LPort=80
FirewallRules: [{F95289AF-AF6D-43E8-9962-A72755704344}] => (Allow) LPort=80
FirewallRules: [{449C33B2-E160-46E9-B9E5-65951379F0E2}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{9C697B53-9697-4EDD-A02A-BDECA9957566}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{2E95504D-1322-4027-84CA-8BCE180D0D86}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [TCP Query User{20D9AACD-ED7C-4F19-9D6A-9FC94351B15D}C:\users\lindholm\appdata\local\temp\g2_943\g2viewer.exe] => (Allow) C:\users\lindholm\appdata\local\temp\g2_943\g2viewer.exe
FirewallRules: [UDP Query User{0A4BEA06-693A-44E3-8CC9-88A1C458E4F0}C:\users\lindholm\appdata\local\temp\g2_943\g2viewer.exe] => (Allow) C:\users\lindholm\appdata\local\temp\g2_943\g2viewer.exe
FirewallRules: [{9DD45F9E-B11C-41C6-918F-EEB952EA4583}] => (Allow) C:\Program Files\HP\HP Photosmart 6520 series\Bin\DeviceSetup.exe
FirewallRules: [{4C0E1492-C864-42CA-B911-0965B782B088}] => (Allow) C:\Program Files\HP\HP Photosmart 6520 series\Bin\HPNetworkCommunicator.exe
FirewallRules: [{D1451F5E-DFCA-4F3F-BCD2-59F906E8CB11}] => (Allow) C:\Program Files\HP\HP Photosmart 6520 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [TCP Query User{945C48F8-6656-4DB4-A1C9-98D051755025}C:\users\lindholm\appdata\local\temp\g2_1337\g2viewer.exe] => (Allow) C:\users\lindholm\appdata\local\temp\g2_1337\g2viewer.exe
FirewallRules: [UDP Query User{B98E3D1A-D8A5-41A7-84C0-B4EFAE21E2C1}C:\users\lindholm\appdata\local\temp\g2_1337\g2viewer.exe] => (Allow) C:\users\lindholm\appdata\local\temp\g2_1337\g2viewer.exe
FirewallRules: [TCP Query User{A8E4649B-302E-4A0E-B5E6-CB697E6860F6}C:\program files (x86)\mozilla firefox\plugin-container.exe] => (Block) C:\program files (x86)\mozilla firefox\plugin-container.exe
FirewallRules: [UDP Query User{1F2F3A2C-3A19-4AF4-8054-6D4E05BC25E8}C:\program files (x86)\mozilla firefox\plugin-container.exe] => (Block) C:\program files (x86)\mozilla firefox\plugin-container.exe
FirewallRules: [{6E375242-25DB-48B7-BAEC-1C1E67620B6D}] => (Allow) C:\Program Files (x86)\Common Files\Dell\apache\bin\httpd.exe
FirewallRules: [{A23E8398-B4B8-4384-8B20-AD8EFEA173E2}] => (Allow) C:\Program Files (x86)\Common Files\Dell\apache\bin\httpd.exe
FirewallRules: [{87A31F4A-3865-4FD7-AF01-6472CFB06FF3}] => (Allow) C:\Program Files (x86)\Common Files\Dell\MySQL\bin\mysqld.exe
FirewallRules: [{D8ED12AD-2C5D-4902-BB2E-AF03924681EE}] => (Allow) C:\Program Files (x86)\Common Files\Dell\MySQL\bin\mysqld.exe
FirewallRules: [{DD8799C1-6D02-4A69-B16D-AA1955416C5F}] => (Allow) C:\Program Files (x86)\Common Files\Dell\MySQL\bin\mysql.exe
FirewallRules: [{62AC8834-C48A-4954-AE61-70BFE9A3D64A}] => (Allow) C:\Program Files (x86)\Common Files\Dell\MySQL\bin\mysql.exe
FirewallRules: [{B091F18F-D4B9-4862-9054-816B14861C71}] => (Allow) C:\Program Files (x86)\Common Files\Dell\apache\php.exe
FirewallRules: [{FEF64B11-13A3-48B8-98DA-DC1649CF7638}] => (Allow) C:\Program Files (x86)\Common Files\Dell\apache\php.exe
FirewallRules: [{0DE06BAB-5C53-407C-AE74-728FC9B02C92}] => (Allow) C:\Program Files (x86)\Common Files\Dell\Remote Access File Sync Service\dsl_fs_sync.exe
FirewallRules: [{8CFB6266-CD0E-476F-BBA3-E2074DB586F9}] => (Allow) C:\Program Files (x86)\Common Files\Dell\Remote Access File Sync Service\dsl_fs_sync.exe
FirewallRules: [{559854EA-BBEF-4F9D-A5BC-FACBA290E16D}] => (Allow) LPort=40080
FirewallRules: [{FEE0982D-4D09-4329-93FF-F235924C1958}] => (Allow) LPort=40090
FirewallRules: [{E6640805-EBF2-4240-9795-B5F163E1D4E9}] => (Allow) LPort=40091
FirewallRules: [{21807D83-612A-4633-A6C4-01C6C5F30DF6}] => (Allow) LPort=40092
FirewallRules: [{0E47CFD6-D10B-474B-A28F-763AE2D84D1D}] => (Allow) LPort=40093
FirewallRules: [{1505EDCC-CD0D-4E3D-953A-FE9BA5EA7AB5}] => (Allow) LPort=40094
FirewallRules: [{8B6E2E29-4864-4CA6-9895-ABD8B76ED815}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{ECC92540-E682-4163-87CD-6D0D73CD9FE7}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{FFF1FA19-D4B9-4267-88B0-832F7B6F1599}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{61FA8ECE-73F6-4823-92F8-57A6AA76FE27}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{271B1113-4AEC-468F-9892-C1E658C22DE2}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
FirewallRules: [{E8FD15EC-92C1-46C1-9777-055671300A99}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (12/05/2015 10:44:43 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application plugin-container.exe, version 42.0.0.5780, time stamp 0x5632d0a4, faulting module mozglue.dll, version 42.0.0.5780, time stamp 0x5632ba58, exception code 0x80000003, fault offset 0x0000ed50,
process id 0x4a4, application start time 0xplugin-container.exe0.

Error: (12/05/2015 10:44:43 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program firefox.exe version 42.0.0.5780 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: 1dcc
Start Time: 01d12eba9aa03380
Termination Time: 729

Error: (11/23/2015 04:32:22 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: Avira.OE.Systray.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.Configuration.ConfigurationErrorsException
Stack:
   at System.Configuration.BaseConfigurationRecord.GetSectionRecursive(System.String, Boolean, Boolean, Boolean, Boolean, System.Object ByRef, System.Object ByRef)
   at System.Configuration.BaseConfigurationRecord.GetSection(System.String)
   at System.Configuration.ClientConfigurationSystem.System.Configuration.Internal.IInternalConfigSystem.GetSection(System.String)
   at System.Configuration.ConfigurationManager.GetSection(System.String)
   at System.Configuration.ConfigurationManager.get_AppSettings()
   at Avira.OE.WinCore.OeProductInfo.get_Culture()
   at Avira.OE.WinCore.Utility.CultureSetter.SetDefaultCultureDefinedInAppsettings()
   at Avira.OE.Systray.Program.Main(System.String[])

Error: (11/23/2015 04:22:13 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: Avira.OE.ServiceHost.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.TypeInitializationException
Stack:
   at NLog.Common.InternalLogger.Debug(System.String, System.Object[])
   at NLog.LogFactory.get_Configuration()
   at NLog.LogFactory.GetLogger(LoggerCacheKey)
   at NLog.LogFactory.GetLogger(System.String)
   at NLog.LogManager.GetLogger(System.String)
   at Avira.OE.WinCore.Utility.LoggerFacade.GetLogger(System.String)
   at Avira.OE.WinCore.Utility.LoggerFacade.GetCurrentClassLogger()
   at Avira.OE.WinCore.Lazy`1[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].get_Value()
   at Avira.OE.ServiceHost.ServiceHost.SetDefaultCulture()
   at Avira.OE.ServiceHost.ServiceHost.Initialize(System.Object)
   at System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
   at System.Threading.ThreadPoolWorkQueue.Dispatch()
   at System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()

Error: (11/23/2015 04:21:55 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: Avira.OE.ServiceHost.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.TypeInitializationException
Stack:
   at NLog.Common.InternalLogger.Debug(System.String, System.Object[])
   at NLog.LogFactory.get_Configuration()
   at NLog.LogFactory.GetLogger(LoggerCacheKey)
   at NLog.LogFactory.GetLogger(System.String)
   at NLog.LogManager.GetLogger(System.String)
   at Avira.OE.WinCore.Utility.LoggerFacade.GetLogger(System.String)
   at Avira.OE.WinCore.Utility.LoggerFacade.GetCurrentClassLogger()
   at Avira.OE.WinCore.Lazy`1[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].get_Value()
   at Avira.OE.ServiceHost.ServiceHost.SetDefaultCulture()
   at Avira.OE.ServiceHost.ServiceHost.Initialize(System.Object)
   at System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
   at System.Threading.ThreadPoolWorkQueue.Dispatch()
   at System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()

Error: (11/23/2015 04:21:36 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: Avira.OE.ServiceHost.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.TypeInitializationException
Stack:
   at NLog.Common.InternalLogger.Debug(System.String, System.Object[])
   at NLog.LogFactory.get_Configuration()
   at NLog.LogFactory.GetLogger(LoggerCacheKey)
   at NLog.LogFactory.GetLogger(System.String)
   at NLog.LogManager.GetLogger(System.String)
   at Avira.OE.WinCore.Utility.LoggerFacade.GetLogger(System.String)
   at Avira.OE.WinCore.Utility.LoggerFacade.GetCurrentClassLogger()
   at Avira.OE.WinCore.Lazy`1[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].get_Value()
   at Avira.OE.ServiceHost.ServiceHost.SetDefaultCulture()
   at Avira.OE.ServiceHost.ServiceHost.Initialize(System.Object)
   at System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
   at System.Threading.ThreadPoolWorkQueue.Dispatch()
   at System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()

Error: (11/23/2015 04:21:29 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/23/2015 03:37:28 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\LINDHOLM\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\1JR5KN4P.DEFAULT-1448321706286\SAFEBROWSING-TO_DELETE> in the hash map cannot be updated.

Context:  Application, SystemIndex Catalog

Details:
 A device attached to the system is not functioning.   (0x8007001f)

Error: (11/23/2015 03:37:27 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\LINDHOLM\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\1JR5KN4P.DEFAULT-1448321706286\SAFEBROWSING> in the hash map cannot be updated.

Context:  Application, SystemIndex Catalog

Details:
 A device attached to the system is not functioning.   (0x8007001f)

Error: (11/23/2015 03:37:27 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\LINDHOLM\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\1JR5KN4P.DEFAULT-1448321706286\SAFEBROWSING> in the hash map cannot be updated.

Context:  Application, SystemIndex Catalog

Details:
 A device attached to the system is not functioning.   (0x8007001f)

System errors:
=============
Error: (11/23/2015 04:22:13 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Avira Service Host3

Error: (11/23/2015 04:21:55 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Avira Service Host2100001Restart the service

Error: (11/23/2015 04:21:37 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Avira Service Host1100001Restart the service

Error: (11/23/2015 04:21:29 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Beep

Error: (11/22/2015 06:06:29 PM) (Source: netbt) (EventID: 4321) (User: )
Description: The name "GEORGE-L       :0" could not be registered on the interface with IP address 192.168.1.101.
The computer with the IP address 192.168.1.105 did not allow the name to be claimed by
this computer.

Error: (11/22/2015 05:56:58 PM) (Source: netbt) (EventID: 4321) (User: )
Description: The name "GEORGE-L       :0" could not be registered on the interface with IP address 192.168.1.101.
The computer with the IP address 192.168.1.105 did not allow the name to be claimed by
this computer.

Error: (11/22/2015 03:59:37 PM) (Source: Dhcp) (EventID: 1002) (User: )
Description: The IP address lease 192.168.1.104 for the Network Card with network address 002564007D9E has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

Error: (11/22/2015 01:25:31 PM) (Source: netbt) (EventID: 4321) (User: )
Description: The name "GEORGE-L       :0" could not be registered on the interface with IP address 192.168.1.104.
The computer with the IP address 192.168.1.109 did not allow the name to be claimed by
this computer.

Error: (11/22/2015 01:15:13 PM) (Source: netbt) (EventID: 4321) (User: )
Description: The name "GEORGE-L       :0" could not be registered on the interface with IP address 192.168.1.104.
The computer with the IP address 192.168.1.109 did not allow the name to be claimed by
this computer.

Error: (11/22/2015 01:04:54 PM) (Source: netbt) (EventID: 4321) (User: )
Description: The name "GEORGE-L       :0" could not be registered on the interface with IP address 192.168.1.104.
The computer with the IP address 192.168.1.109 did not allow the name to be claimed by
this computer.

CodeIntegrity:
===================================
  Date: 2015-12-06 00:11:44.676
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-12-06 00:11:44.481
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-12-06 00:11:44.330
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-12-06 00:11:44.165
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-10-30 12:37:16.236
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-10-30 12:37:15.890
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-10-30 12:37:15.656
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-10-30 12:37:15.410
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-10-30 12:37:13.878
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-10-30 12:37:13.683
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: Intel® Core™2 Duo CPU E7400 @ 2.80GHz
Percentage of memory in use: 40%
Total physical RAM: 4060.14 MB
Available physical RAM: 2418.87 MB
Total Virtual: 8353.57 MB
Available Virtual: 5598.11 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:450.71 GB) (Free:284.62 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (RECOVERY) (Fixed) (Total:15 GB) (Free:8.49 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: 38000000)
Partition 1: (Not Active) - (Size=55 MB) - (Type=DE)
Partition 2: (Not Active) - (Size=15 GB) - (Type=07 NTFS)
Partition 3: (Active) - (Size=450.7 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

 

 

 



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,557 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:22 AM

Posted 06 December 2015 - 10:59 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Remove these programs in bold via the Control Panel > Programs and Features applet.
Internet Updater (HKLM-x32\...\InternetUpdater) (Version: 2.6.57 - Parallel Lines Development, LLC) <==== ATTENTION
Updater (HKLM-x32\...\{D54E3D9F-FEB8-4D2D-A138-B69A5C80080B}) (Version: 2.6.53 - Creative Island Media, LLC) <==== ATTENTION
Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version: - Yahoo! Inc.)

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-972237742-4277227436-3115563062-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
FF Extension: GameZooks - C:\Users\Lindholm\AppData\Roaming\Mozilla\Firefox\Profiles\1jr5kn4p.default-1448321706286\Extensions\{8693cb76-1caf-4115-9bd7-6bab02330326}.xpi [2015-12-05]
S1 Beep; no ImagePath
S3 catchme; \??\C:\ComboFix\catchme.sys 
Task: {54F29B4E-32ED-420A-B426-2F0C677639F4} - \SlimCleaner Plus (Scheduled Scan - Lindholm) -> No File <==== ATTENTION
AlternateDataStreams: C:\ProgramData\TEMP:373E1720
AlternateDataStreams: C:\ProgramData\TEMP:5D432CE3
C:\Users\Lindholm\AppData\Roaming\Mozilla\Firefox\Profiles\1jr5kn4p.default-1448321706286\Extensions\{8693cb76-1caf-4115-9bd7-6bab02330326}.xpi

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the LogFile button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleanerCx.txt (x is a number).
===

Firefox:
Reset Default Browsing settings:
https://support.mozilla.org/en-US/kb/reset-firefox-easily-fix-problems?utm_expid=65912487-41.djHNRQY0RhaLvvtvcd0BQA.2&utm_referrer=https%3A%2F%2Fwww.google.ca%2F

Clean the Firefox Cache.
https://kb.wisc.edu/page.php?id=15141
===

How is the computer running now?

#3 art_vandelay

art_vandelay
  • Topic Starter

  • Members
  • 134 posts
  • OFFLINE
  •  
  • Local time:05:22 AM

Posted 06 December 2015 - 01:34 PM

OK, I've done everything you listed.  I'll have my wife check things out to see how it's working.  Let me know if there is anything else to do before then.

Thank you!

 

# AdwCleaner v5.023 - Logfile created 06/12/2015 at 10:20:16
# Updated 30/11/2015 by Xplode
# Database : 2015-12-03.1 [Server]
# Operating system : Windows ™ Vista Home Premium Service Pack 2 (x64)
# Username : Lindholm - MARINERS
# Running from : C:\Users\Lindholm\Desktop\Spyware\adwcleaner_5.023.exe
# Option : Cleaning
# Support : http://toolslib.net/forum

***** [ Services ] *****

***** [ Folders ] *****

[#] Folder Deleted : C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Yahoo!\Companion

***** [ Files ] *****

***** [ DLLs ] *****

***** [ Shortcuts ] *****

***** [ Scheduled tasks ] *****

***** [ Registry ] *****

[-] Key Deleted : HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar
[-] Key Deleted : HKCU\Software\Classes\CLSID\{444785F1-DE89-4295-863A-D46C3A781394}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{444785F1-DE89-4295-863A-D46C3A781394}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{444785F1-DE89-4295-863A-D46C3A781394}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{444785F1-DE89-4295-863A-D46C3A781394}
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{FED6A736-129B-49C7-857E-25FC91E87DB3}]
[-] Key Deleted : HKCU\Software\SlimWare Utilities Inc
[-] Key Deleted : HKCU\Software\Yahoo\Companion
[-] Key Deleted : HKCU\Software\Yahoo\YFriendsBar
[-] Key Deleted : HKCU\Software\OB
[-] Key Deleted : HKCU\Software\AppDataLow\Software\Yahoo\Companion
[-] Key Deleted : HKLM\SOFTWARE\SlimWare Utilities Inc
[-] Key Deleted : HKLM\SOFTWARE\Yahoo\Companion
[-] Key Deleted : HKLM\SOFTWARE\SLIMWARE UTILITIES, INC.
[-] Key Deleted : HKU\.DEFAULT\Software\Yahoo\Companion
[-] Key Deleted : HKU\.DEFAULT\Software\Yahoo\YFriendsBar
[-] Key Deleted : HKU\.DEFAULT\Software\AppDataLow\Software\Yahoo\Companion

***** [ Web browsers ] *****

[-] [C:\Users\Lindholm\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : aol.com
[-] [C:\Users\Lindholm\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com

*************************

:: "Tracing" keys removed
:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C3].txt - [2364 bytes] ##########



#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,557 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:22 AM

Posted 07 December 2015 - 08:18 AM

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===

#5 nasdaq

nasdaq

  • Malware Response Team
  • 38,557 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:22 AM

Posted 12 December 2015 - 08:40 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users