1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Solved IE start page

Discussion in 'Malware and Virus Removal Archive' started by mariola, 2014/08/06.

Page 1 of 2
  1. 2014/08/06
    mariola

    mariola Well-Known Member Thread Starter

    Joined:
    2002/12/07
    Messages:
    82
    Likes Received:
    0
    [Solved] IE start page

    When updating a program I was not on the alert and I got Istartsurf installed. Istartsurf took control over my start page. However, I managed to delete the program but by another mistake, I had named my start page http:/blank, which I was not able to change again to about:blank under Internet Options. It continued to revert to http:/blank.

    Then I opened Regedit: HKEY_Current_User\Software\Policies\Microsoft\Internet Explorer\Main and found that about:blank was the key. I closed Regedit, opened IE again, and found about:blank under my start page.

    In a way, my problem was solved but under Internet Options now appeared a message saying: "Your system administrator manages some settings" and I am not able to change my start page again, as it is now locked on about:blank.

    By recommendation from MrBill and SpywareDr I ran Malwarebytes Anti-Malware and having clicked Apply Actions the above message was gone and I could change the name of the start page again. But closing IE and opening it again the start page reverted to about:blank.

    Therefore I still have a problem, for which reason I forward the Scan and DDS logs and hope that the expert on malware can help.

    System: WIN07 PRO SP1 with IE11. ZA Extreme Security.

    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Scan Date: 05-08-2014
    Scan Time: 15:53:25
    Logfile: Scan log mariola.txt
    Administrator: Yes

    Version: 2.00.2.1012
    Malware Database: v2014.08.05.04
    Rootkit Database: v2014.08.04.01
    License: Trial
    Malware Protection: Enabled
    Malicious Website Protection: Enabled
    Self-protection: Disabled

    OS: Windows 7 Service Pack 1
    CPU: x64
    File System: NTFS
    User: Olaf

    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 294174
    Time Elapsed: 4 min, 36 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Enabled
    PUM: Enabled

    Processes: 0
    (No malicious items detected)

    Modules: 0
    (No malicious items detected)

    Registry Keys: 0
    (No malicious items detected)

    Registry Values: 0
    (No malicious items detected)

    Registry Data: 1
    PUM.Hijack.HomePageControl, HKU\S-1-5-21-451487791-1423636449-3525387171-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\POLICIES\MICROSOFT\INTERNET EXPLORER\CONTROL PANEL|HomePage, 1, Good: (0), Bad: (1),Replaced,[cb2d7d454a3180b63e70c3f864a08779]

    Folders: 33
    PUP.Optional.FastStart.A, C:\Users\Olaf\AppData\Roaming\Mozilla\Firefox\Profiles\1oieb4pa.default\extensions\faststartff@gmail.com, Quarantined, [dd1b4181a6d53afc8cd09c2a1be70ff1],
    PUP.Optional.FastStart.A, C:\Users\Olaf\AppData\Roaming\Mozilla\Firefox\Profiles\1oieb4pa.default\extensions\faststartff@gmail.com\chrome, Quarantined, [dd1b4181a6d53afc8cd09c2a1be70ff1],
    PUP.Optional.FastStart.A, C:\Users\Olaf\AppData\Roaming\Mozilla\Firefox\Profiles\1oieb4pa.default\extensions\faststartff@gmail.com\chrome\content, Quarantined, [dd1b4181a6d53afc8cd09c2a1be70ff1],
    PUP.Optional.FastStart.A, C:\Users\Olaf\AppData\Roaming\Mozilla\Firefox\Profiles\1oieb4pa.default\extensions\faststartff@gmail.com\chrome\content\include, Quarantined, [dd1b4181a6d53afc8cd09c2a1be70ff1],
    PUP.Optional.FastStart.A, C:\Users\Olaf\AppData\Roaming\Mozilla\Firefox\Profiles\1oieb4pa.default\extensions\faststartff@gmail.com\chrome\content\include\tools, Quarantined, [dd1b4181a6d53afc8cd09c2a1be70ff1],
    PUP.Optional.FastStart.A, C:\Users\Olaf\AppData\Roaming\Mozilla\Firefox\Profiles\1oieb4pa.default\extensions\faststartff@gmail.com\chrome\content\js, Quarantined, [dd1b4181a6d53afc8cd09c2a1be70ff1],
    PUP.Optional.FastStart.A, C:\Users\Olaf\AppData\Roaming\Mozilla\Firefox\Profiles\1oieb4pa.default\extensions\faststartff@gmail.com\chrome\content\js\lib, Quarantined, [dd1b4181a6d53afc8cd09c2a1be70ff1],
    PUP.Optional.FastStart.A, C:\Users\Olaf\AppData\Roaming\Mozilla\Firefox\Profiles\1oieb4pa.default\extensions\faststartff@gmail.com\chrome\content\js\module, Quarantined, [dd1b4181a6d53afc8cd09c2a1be70ff1],
    PUP.Optional.FastStart.A, C:\Users\Olaf\AppData\Roaming\Mozilla\Firefox\Profiles\1oieb4pa.default\extensions\faststartff@gmail.com\chrome\content\js\pack, Quarantined, [dd1b4181a6d53afc8cd09c2a1be70ff1],
    PUP.Optional.FastStart.A, C:\Users\Olaf\AppData\Roaming\Mozilla\Firefox\Profiles\1oieb4pa.default\extensions\faststartff@gmail.com\chrome\locale, Quarantined, [dd1b4181a6d53afc8cd09c2a1be70ff1],
    PUP.Optional.FastStart.A, C:\Users\Olaf\AppData\Roaming\Mozilla\Firefox\Profiles\1oieb4pa.default\extensions\faststartff@gmail.com\chrome\locale\en, Quarantined, [dd1b4181a6d53afc8cd09c2a1be70ff1],
    PUP.Optional.FastStart.A, C:\Users\Olaf\AppData\Roaming\Mozilla\Firefox\Profiles\1oieb4pa.default\extensions\faststartff@gmail.com\chrome\locale\en-US, Quarantined, [dd1b4181a6d53afc8cd09c2a1be70ff1],
    PUP.Optional.FastStart.A, C:\Users\Olaf\AppData\Roaming\Mozilla\Firefox\Profiles\1oieb4pa.default\extensions\faststartff@gmail.com\chrome\locale\es, Quarantined, [dd1b4181a6d53afc8cd09c2a1be70ff1],
    PUP.Optional.FastStart.A, C:\Users\Olaf\AppData\Roaming\Mozilla\Firefox\Profiles\1oieb4pa.default\extensions\faststartff@gmail.com\chrome\locale\es-419, Quarantined, [dd1b4181a6d53afc8cd09c2a1be70ff1],
    PUP.Optional.FastStart.A, C:\Users\Olaf\AppData\Roaming\Mozilla\Firefox\Profiles\1oieb4pa.default\extensions\faststartff@gmail.com\chrome\locale\fr, Quarantined, [dd1b4181a6d53afc8cd09c2a1be70ff1],
    PUP.Optional.FastStart.A, C:\Users\Olaf\AppData\Roaming\Mozilla\Firefox\Profiles\1oieb4pa.default\extensions\faststartff@gmail.com\chrome\locale\fr-BE, Quarantined, [dd1b4181a6d53afc8cd09c2a1be70ff1],
    PUP.Optional.FastStart.A, C:\Users\Olaf\AppData\Roaming\Mozilla\Firefox\Profiles\1oieb4pa.default\extensions\faststartff@gmail.com\chrome\locale\fr-CA, Quarantined, [dd1b4181a6d53afc8cd09c2a1be70ff1],
    PUP.Optional.FastStart.A, C:\Users\Olaf\AppData\Roaming\Mozilla\Firefox\Profiles\1oieb4pa.default\extensions\faststartff@gmail.com\chrome\locale\fr-CH, Quarantined, [dd1b4181a6d53afc8cd09c2a1be70ff1],
    PUP.Optional.FastStart.A, C:\Users\Olaf\AppData\Roaming\Mozilla\Firefox\Profiles\1oieb4pa.default\extensions\faststartff@gmail.com\chrome\locale\fr-LU, Quarantined, [dd1b4181a6d53afc8cd09c2a1be70ff1],
    PUP.Optional.FastStart.A, C:\Users\Olaf\AppData\Roaming\Mozilla\Firefox\Profiles\1oieb4pa.default\extensions\faststartff@gmail.com\chrome\locale\it, Quarantined, [dd1b4181a6d53afc8cd09c2a1be70ff1],
    PUP.Optional.FastStart.A, C:\Users\Olaf\AppData\Roaming\Mozilla\Firefox\Profiles\1oieb4pa.default\extensions\faststartff@gmail.com\chrome\locale\it-CH, Quarantined, [dd1b4181a6d53afc8cd09c2a1be70ff1],
    PUP.Optional.FastStart.A, C:\Users\Olaf\AppData\Roaming\Mozilla\Firefox\Profiles\1oieb4pa.default\extensions\faststartff@gmail.com\chrome\locale\pl, Quarantined, [dd1b4181a6d53afc8cd09c2a1be70ff1],
    PUP.Optional.FastStart.A, C:\Users\Olaf\AppData\Roaming\Mozilla\Firefox\Profiles\1oieb4pa.default\extensions\faststartff@gmail.com\chrome\locale\pt-BR, Quarantined, [dd1b4181a6d53afc8cd09c2a1be70ff1],
    PUP.Optional.FastStart.A, C:\Users\Olaf\AppData\Roaming\Mozilla\Firefox\Profiles\1oieb4pa.default\extensions\faststartff@gmail.com\chrome\locale\ru, Quarantined, [dd1b4181a6d53afc8cd09c2a1be70ff1],
    PUP.Optional.FastStart.A, C:\Users\Olaf\AppData\Roaming\Mozilla\Firefox\Profiles\1oieb4pa.default\extensions\faststartff@gmail.com\chrome\locale\ru-MO, Quarantined, [dd1b4181a6d53afc8cd09c2a1be70ff1],
    PUP.Optional.FastStart.A, C:\Users\Olaf\AppData\Roaming\Mozilla\Firefox\Profiles\1oieb4pa.default\extensions\faststartff@gmail.com\chrome\locale\tr, Quarantined, [dd1b4181a6d53afc8cd09c2a1be70ff1],
    PUP.Optional.FastStart.A, C:\Users\Olaf\AppData\Roaming\Mozilla\Firefox\Profiles\1oieb4pa.default\extensions\faststartff@gmail.com\chrome\locale\vi, Quarantined, [dd1b4181a6d53afc8cd09c2a1be70ff1],
    PUP.Optional.FastStart.A, C:\Users\Olaf\AppData\Roaming\Mozilla\Firefox\Profiles\1oieb4pa.default\extensions\faststartff@gmail.com\chrome\locale\zh-CN, Quarantined, [dd1b4181a6d53afc8cd09c2a1be70ff1],
    PUP.Optional.FastStart.A, C:\Users\Olaf\AppData\Roaming\Mozilla\Firefox\Profiles\1oieb4pa.default\extensions\faststartff@gmail.com\chrome\locale\zh-TW, Quarantined, [dd1b4181a6d53afc8cd09c2a1be70ff1],
    PUP.Optional.FastStart.A, C:\Users\Olaf\AppData\Roaming\Mozilla\Firefox\Profiles\1oieb4pa.default\extensions\faststartff@gmail.com\chrome\skin, Quarantined, [dd1b4181a6d53afc8cd09c2a1be70ff1],
    PUP.Optional.FastStart.A, C:\Users\Olaf\AppData\Roaming\Mozilla\Firefox\Profiles\1oieb4pa.default\extensions\faststartff@gmail.com\defaults, Quarantined, [dd1b4181a6d53afc8cd09c2a1be70ff1],
    PUP.Optional.FastStart.A, C:\Users\Olaf\AppData\Roaming\Mozilla\Firefox\Profiles\1oieb4pa.default\extensions\faststartff@gmail.com\defaults\preferences, Quarantined, [dd1b4181a6d53afc8cd09c2a1be70ff1],
    PUP.Optional.FastStart.A, C:\Users\Olaf\AppData\Roaming\Mozilla\Firefox\Profiles\1oieb4pa.default\extensions\faststartff@gmail.com\modules, Quarantined, [dd1b4181a6d53afc8cd09c2a1be70ff1],

    Files: 0
    (No malicious items detected)

    Physical Sectors: 0
    (No malicious items detected)

    (end)

    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 11.0.9600.17207 BrowserJavaVersion: 10.65.2
    Run by Olaf at 16:35:23 on 2014-08-05
    Microsoft Windows 7 Professional 6.1.7601.1.1252.45.1030.18.8098.4526 [GMT 2:00]
    .
    AV: ZoneAlarm Extreme Security Antivirus *Enabled/Updated* {DE038A5B-9EDD-18A9-2361-FF7D98D43730}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: ZoneAlarm Extreme Security Anti-Spyware *Enabled/Updated* {65626BBF-B8E7-1727-19D1-C40FE3537D8D}
    FW: ZoneAlarm Extreme Security Firewall *Enabled* {E6380B7E-D4B2-19F1-083E-56486607704B}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
    C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    C:\Windows\System32\WUDFHost.exe
    C:\Windows\System32\WUDFHost.exe
    C:\Windows\System32\WUDFHost.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
    C:\Program Files\Common Files\SPBA\upeksvr.exe
    C:\Windows\system32\WLANExt.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\CheckPoint\AKL\AkSVC.exe
    C:\Program Files (x86)\CheckPoint\AKL\AkSA.exe
    C:\Windows\System32\spoolsv.exe
    C:\Program Files\DellTPad\Apoint.exe
    C:\Windows\system32\taskhost.exe
    c:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
    C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
    c:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    C:\Program Files\Realtek\Audio\HDA\WavesSvc64.exe
    C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
    C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
    C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe
    C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe
    C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe
    C:\Program Files (x86)\iolo\System Mechanic\iologovernor64.exe
    C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
    C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe
    C:\Program Files (x86)\POP Peeper\POPPeeper.exe
    C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe
    C:\Program Files (x86)\Skype\Phone\Skype.exe
    C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
    C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe
    C:\Program Files (x86)\Ruiware\WinPatrol\WinPatrol.exe
    C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
    C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE
    C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
    C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
    C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
    C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe
    C:\Program Files\Intel\iCLS Client\HeciServer.exe
    C:\Windows\system32\IProsetMonitor.exe
    C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe
    C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DeviceAgent.exe
    C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
    C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
    C:\Program Files (x86)\iolo\System Mechanic\LiveBoost.exe
    C:\Program Files\Microsoft LifeCam\MSCamS64.exe
    C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
    C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe
    C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\MobileService.exe
    C:\Program Files (x86)\Secunia\PSI\PSIA.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files (x86)\Sierra Wireless Inc\Common\SwiCardDetect64.exe
    C:\Program Files (x86)\Sierra Wireless Inc\Utils\SWIService.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
    C:\Program Files (x86)\CheckPoint\AntiTheft\Antitheft.exe
    C:\Program Files (x86)\CheckPoint\ZoneAlarm\ThreatEmulation.exe
    C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\svchost.exe -k bthsvcs
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files\DellTPad\ApMsgFwd.exe
    C:\Program Files\DellTPad\HidFind.exe
    C:\Program Files\DellTPad\Apntex.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\System32\msdtc.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
    C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
    C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
    C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
    C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
    C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
    C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
    C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    C:\Windows\system32\DRIVERS\o2flash.exe
    C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
    C:\Program Files (x86)\Dell Backup and Recovery\TOASTER.EXE
    C:\Program Files (x86)\Dell Backup and Recovery\Components\DBRUpdate\DBRUpd.exe
    C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRCrawler.exe
    C:\Windows\system32\Macromed\Flash\FlashUtil64_14_0_0_145_ActiveX.exe
    C:\Windows\splwow64.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\NBCore.exe
    C:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXE
    C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://blank
    uSearch Bar = Preserve
    mStart Page = hxxp://www.google.com
    mSearch Page = hxxp://www.google.com
    mDefault_Page_URL = hxxp://www.google.com
    mDefault_Search_URL = hxxp://www.google.com
    mWinlogon: Userinit = userinit.exe,
    BHO: RoboForm Toolbar Helper: {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\urlredir.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    TB: &RoboForm Toolbar: {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
    TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    TB: &RoboForm Toolbar: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
    TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    uRun: [FileHippo.com] "C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe" /background
    uRun: [POP Peeper] "C:\Program Files (x86)\POP Peeper\POPPeeper.exe" -min
    uRun: [GarminExpressTrayApp] "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe "
    uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
    uRun: [RoboForm] "C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe "
    uRun: [Uploader] C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe
    uRun: [WinPatrol] C:\Program Files (x86)\Ruiware\WinPatrol\winpatrol.exe -expressboot
    mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe "
    mRun: [IMSS] "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe "
    mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
    mRun: [ZoneAlarm] "C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe "
    mRun: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe "
    mRun: [DBAgent] "C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe" /WinStart
    dRun: [GarminExpressTrayApp] "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe "
    StartupFolder: C:\Users\Olaf\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\SENDTI~1.LNK - C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SECUNI~1.LNK - C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-Explorer: NoActiveDesktopChanges = dword:1
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    mPolicies-System: DisableCAD = dword:1
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\office15\onbttnie.dll
    IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
    IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
    IE: {724d43aa-0d85-11d4-9908-00400523e39a} - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    DPF: {A6616B31-4860-41E2-98E3-CA7649AF172F} - file:///D:/launch.ocx
    TCP: NameServer = 192.168.1.1
    TCP: Interfaces\{7F22AED1-1FF2-4D7D-9D3D-960A03B13D64} : DHCPNameServer = 192.168.1.1
    TCP: Interfaces\{7F22AED1-1FF2-4D7D-9D3D-960A03B13D64}\94E6475627E65647D274163747 : DHCPNameServer = 172.30.3.254
    TCP: Interfaces\{D3E5EEE4-D89F-412A-A6AE-A3D13FA80892} : DHCPNameServer = 203.118.191.1 203.109.191.1
    TCP: Interfaces\{FAE6187F-64B9-468C-8DA1-DDDF1230AA06} : NameServer = 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
    Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\msosb.dll
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    SSODL: WebCheck - <orphaned>
    x64-mStart Page = hxxp://www.google.com
    x64-mSearch Page = hxxp://www.google.com
    x64-mDefault_Page_URL = hxxp://www.google.com
    x64-mDefault_Search_URL = hxxp://www.google.com
    x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ochelper.dll
    x64-BHO: RoboForm Toolbar Helper: {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll
    x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
    x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
    x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\urlredir.dll
    x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\grooveex.dll
    x64-TB: &RoboForm Toolbar: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll
    x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
    x64-Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
    x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe /s
    x64-Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /MAXX4P1
    x64-Run: [WavesSvc] C:\Program Files\Realtek\Audio\HDA\WavesSvc64.exe
    x64-Run: [RtHDVBg_PushButton] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /IM
    x64-Run: [IgfxTray] "C:\Windows\System32\igfxtray.exe "
    x64-Run: [HotKeysCmds] "C:\Windows\System32\hkcmd.exe "
    x64-Run: [Persistence] "C:\Windows\System32\igfxpers.exe "
    x64-Run: [IntelPROSet] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel PROSet/Wireless
    x64-Run: [BLEServicesCtrl] C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe
    x64-Run: [IAStorIcon] "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60
    x64-Run: [Logitech Download Assistant] C:\Windows\System32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
    x64-Run: [ISW] "C:\Program Files (x86)\CheckPoint\AKL\AkSA.exe" /icon= "hidden "
    x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\onbttnie.dll
    x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ochelper.dll
    x64-IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll
    x64-IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll
    x64-IE: {724d43aa-0d85-11d4-9908-00400523e39a} - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll
    x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
    x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
    x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - <orphaned>
    x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
    x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
    x64-Notify: igfxcui - igfxdev.dll
    x64-Notify: spba - C:\Program Files\Common Files\SPBA\homefus2.dll
    x64-SSODL: WebCheck - <orphaned>
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath -
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 iaStorA;iaStorA;C:\Windows\System32\drivers\iaStorA.sys [2013-10-10 677360]
    R0 iaStorF;iaStorF;C:\Windows\System32\drivers\iaStorF.sys [2013-10-10 28656]
    R0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2013-10-10 20464]
    R0 stdcfltn;Disk Class Filter Driver for Accelerometer;C:\Windows\System32\drivers\stdcfltn.sys [2013-10-10 22128]
    R1 ElRawDisk;ElRawDisk;C:\Windows\System32\drivers\ElRawDsk.sys [2014-4-17 30752]
    R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\System32\drivers\klim6.sys [2014-1-5 29792]
    R1 kltdi;kltdi;C:\Windows\System32\drivers\kltdi.sys [2014-1-5 54104]
    R1 kneps;kneps;C:\Windows\System32\drivers\kneps.sys [2014-1-5 177760]
    R1 RawDisk3;RawDisk3;C:\Windows\System32\drivers\rawdsk3.sys [2014-7-16 32912]
    R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
    R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
    R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2013-10-11 144152]
    R2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® + High Speed Service;C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [2013-5-1 772064]
    R2 Bluetooth Device Monitor;Bluetooth Device Monitor;C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [2013-6-24 1132920]
    R2 Bluetooth Media Service;Bluetooth Media Service;C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [2013-4-23 1366392]
    R2 Bluetooth OBEX Service;Bluetooth OBEX Service;C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [2013-4-23 1153400]
    R2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) + High Speed Security Service;C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2012-9-13 135984]
    R2 c2cautoupdatesvc;Skype Click to Call Updater;C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2014-4-11 1390720]
    R2 c2cpnrsvc;Skype Click to Call PNR Service;C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2014-4-11 1764992]
    R2 ClickToRunSvc;Microsoft Office-tjenesten Klik og kør;C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe [2014-3-26 2356912]
    R2 Credential Vault Host Control Service;Credential Vault Host Control Service;C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe [2013-7-3 1044872]
    R2 Credential Vault Host Storage;Credential Vault Host Storage;C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe [2013-7-3 37768]
    R2 Dell.PowerManager.Service;Dell.PowerManager.Service;C:\Windows\System32\dllhost.exe [2009-7-14 9728]
    R2 DellDigitalDelivery;Dell Digital Delivery Service;C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe [2014-4-10 202248]
    R2 Garmin Core Update Service;Garmin Core Update Service;C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [2014-7-1 437080]
    R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2013-5-29 15344]
    R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2013-5-12 733696]
    R2 Intel(R) PROSet Monitoring Service;Intel(R) PROSet Monitoring Service;C:\Windows\System32\IPROSetMonitor.exe [2013-1-3 183200]
    R2 ioloSystemService;iolo System Service;C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe [2014-7-16 4700872]
    R2 ISWKL;ZoneAlarm AntiKeylogger ISWKL;C:\Program Files (x86)\CheckPoint\AKL\ISWKL.sys [2014-3-27 54144]
    R2 IswSvc;ZoneAlarm AntiKeylogger IswSvc;C:\Program Files (x86)\CheckPoint\AKL\AkSVC.exe [2014-3-27 1133176]
    R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe [2013-10-10 169432]
    R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-8-5 1809720]
    R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-8-5 860472]
    R2 PDFsFilter;PDFsFilter;C:\Windows\System32\drivers\PDFsFilter.sys [2014-4-17 82160]
    R2 RtkAudioService;Realtek Audio Service;C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [2013-10-10 223816]
    R2 Seagate Dashboard Services;Seagate Dashboard Services;C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe [2014-4-30 16000]
    R2 Seagate MobileBackup Service;Seagate MobileBackup Service;C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\MobileService.exe [2014-4-30 157264]
    R2 Secunia PSI Agent;Secunia PSI Agent;C:\Program Files (x86)\Secunia\PSI\psia.exe [2013-12-6 1229528]
    R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe [2013-10-10 1915480]
    R2 SpyHunter 4 Service;SpyHunter 4 Service;C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE [2014-1-9 1025408]
    R2 SwiCardDetectSvc;Sierra Wireless Card Detection Service;C:\Program Files (x86)\Sierra Wireless Inc\Common\SwiCardDetect64.exe [2013-5-3 312136]
    R2 SwiService;Sierra Wireless Service;C:\Program Files (x86)\Sierra Wireless Inc\Utils\SwiService.exe [2013-5-24 258376]
    R2 ZAPrivacyService;ZoneAlarm Privacy Service;C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe [2014-4-9 92176]
    R2 ZeroConfigService;Intel(R) PROSet/Wireless Zero Configuration Service;C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2013-6-13 3376880]
    R2 ZoneAlarm AntiTheft;ZoneAlarm AntiTheft;C:\Program Files (x86)\CheckPoint\AntiTheft\Antitheft.exe [2014-4-25 3124360]
    R3 AMPPAL;Intel(r) Centrino(r) Wireless Bluetooth(r) + High Speed Virtual Adapter;C:\Windows\System32\drivers\AmpPal.sys [2013-5-1 164832]
    R3 btmaux;Intel Bluetooth Auxiliary Service;C:\Windows\System32\drivers\btmaux.sys [2013-4-23 132920]
    R3 btmhsf;btmhsf;C:\Windows\System32\drivers\btmhsf.sys [2013-4-23 1385272]
    R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\System32\drivers\CtClsFlt.sys [2013-10-10 176096]
    R3 cvusbdrv;Dell ControlVault;C:\Windows\System32\drivers\cvusbdrv.sys [2013-7-3 47752]
    R3 e1dexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver D;C:\Windows\System32\drivers\e1d62x64.sys [2013-10-10 495888]
    R3 esgiguard;esgiguard;C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [2014-1-7 14872]
    R3 ibtusb;Intel(R) Wireless Bluetooth(R) 4.0 + HS Adapter;C:\Windows\System32\drivers\ibtusb.sys [2013-6-13 112072]
    R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2013-10-10 442368]
    R3 iusb3hub;Intel(R) USB 3.0 hub driver;C:\Windows\System32\drivers\iusb3hub.sys [2013-10-10 368112]
    R3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2013-10-10 786416]
    R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2014-8-5 25816]
    R3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2014-8-5 122584]
    R3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2014-8-5 63704]
    R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;C:\Windows\System32\drivers\nx6000.sys [2010-12-13 36720]
    R3 O2FJ2RDR;O2FJ2RDR;C:\Windows\System32\drivers\O2FJ2w7x64.sys [2013-10-10 185760]
    R3 PSI;PSI;C:\Windows\System32\drivers\psi_mf_amd64.sys [2013-12-6 18456]
    R3 ST_Accel;STMicroelectronics Accelerometer Service;C:\Windows\System32\drivers\ST_Accel.sys [2013-10-10 89312]
    R3 swg3kmbb05;Sierra Wireless QMI USB-NDIS 6.20 miniport for Dell;C:\Windows\System32\drivers\swg3kmbb05.sys [2013-5-24 486672]
    R3 swg3knmea05;Sierra Wireless QMI NMEA Communication - Dell;C:\Windows\System32\drivers\swg3knmea05.sys [2013-5-24 269488]
    R3 swg3kser05;Sierra Wireless QMI USB Device for Legacy Serial Communication - Dell;C:\Windows\System32\drivers\swg3kser05.sys [2013-5-24 269488]
    R3 wbfcvusbdrv;WBF Control Vault;C:\Windows\System32\drivers\wbfcvusbdrv.sys [2013-7-3 17120]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
    S2 Secunia Update Agent;Secunia Update Agent;C:\Program Files (x86)\Secunia\PSI\sua.exe [2013-12-6 662232]
    S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2014-4-3 315008]
    S3 AMPPALP;Intel(r) Centrino(r) Wireless Bluetooth(r) + High Speed Protocol;C:\Windows\System32\drivers\AmpPal.sys [2013-5-1 164832]
    S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2010-11-21 71168]
    S3 EsgScanner;EsgScanner;C:\Windows\System32\drivers\EsgScanner.sys [2014-8-3 22704]
    S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2013-10-10 57856]
    S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-9-12 1512448]
    S3 icsak;icsak;C:\Program Files (x86)\CheckPoint\AKL\AK\icsak.sys [2014-3-27 48512]
    S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-7-9 111616]
    S3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [2013-5-12 822232]
    S3 InvProtectDrv;InvProtectDrv;C:\Program Files (x86)\Invincea\Enterprise\X64\InvProtectDrv64.sys [2013-5-23 34824]
    S3 InvProtectSvc;Invincea Enterprise Service;C:\Program Files (x86)\Invincea\Enterprise\X64\InvProtectSvc64.exe [2013-5-23 2947856]
    S3 massfilter;ZTE Mass Storage Filter Driver;C:\Windows\System32\drivers\massfilter.sys [2008-11-12 11776]
    S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2013-6-13 273136]
    S3 netvsc;netvsc;C:\Windows\System32\drivers\netvsc60.sys [2010-11-21 168448]
    S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2014-1-5 19456]
    S3 SboxDrv;SboxDrv;C:\Program Files (x86)\Invincea\Enterprise\Sandbox\SboxDrv.sys [2013-5-23 202248]
    S3 SboxSvc;SboxSvc;C:\Program Files (x86)\Invincea\Enterprise\Sandbox\SboxSvc.exe [2013-5-23 124616]
    S3 StorSvc;Lagertjeneste;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 27136]
    S3 SynthVid;SynthVid;C:\Windows\System32\drivers\VMBusVideoM.sys [2010-11-21 22528]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-1-5 57856]
    S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2014-1-5 30208]
    S3 WatAdminSvc;Tjenesten Windows Aktivering;C:\Windows\System32\Wat\WatAdminSvc.exe [2014-1-5 1255736]
    S3 ZTEusbnet;ZTE USB-NDIS miniport;C:\Windows\System32\drivers\ZTEusbnet.sys [2014-2-14 167424]
    S3 ZTEusbvoice;ZTE VoUSB Port;C:\Windows\System32\drivers\zteusbvoice.sys [2014-2-14 150656]
    .
    =============== Created Last 30 ================
    .
    2014-08-05 13:51:19 122584 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
    2014-08-05 13:50:56 91352 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
    2014-08-05 13:50:56 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
    2014-08-05 13:50:56 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2014-08-05 13:50:56 -------- d-----w- C:\ProgramData\Malwarebytes
    2014-08-05 13:50:56 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
    2014-08-05 13:27:15 -------- d-----w- C:\Program Files (x86)\Emsisoft HiJackFree
    2014-08-03 15:06:35 22704 ----a-w- C:\Windows\System32\drivers\EsgScanner.sys
    2014-08-03 15:06:33 110080 ----a-r- C:\Users\Olaf\AppData\Roaming\Microsoft\Installer\{ACF5FE1B-3772-4068-8B87-2D2A6EFD0A05}\IconF7A21AF7.exe
    2014-08-03 15:06:33 110080 ----a-r- C:\Users\Olaf\AppData\Roaming\Microsoft\Installer\{ACF5FE1B-3772-4068-8B87-2D2A6EFD0A05}\IconD7F16134.exe
    2014-08-03 15:06:33 110080 ----a-r- C:\Users\Olaf\AppData\Roaming\Microsoft\Installer\{ACF5FE1B-3772-4068-8B87-2D2A6EFD0A05}\Icon1226A4C5.exe
    2014-08-03 15:06:32 -------- d-----w- C:\sh4ldr
    2014-08-03 15:06:32 -------- d-----w- C:\Program Files\Enigma Software Group
    2014-08-03 15:06:12 -------- d-----w- C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP
    2014-08-03 15:06:10 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard
    2014-08-03 14:31:29 -------- d-----w- C:\Program Files (x86)\VS Revo Group
    2014-08-02 05:48:23 10924376 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{19C7F7ED-DFB5-48D9-8BE2-DCF7DD1431A2}\mpengine.dll
    2014-07-26 13:50:04 -------- d-----w- C:\Users\Olaf\.oces
    2014-07-21 07:58:01 -------- d-----w- C:\Program Files (x86)\Ruiware
    2014-07-19 13:00:21 -------- d-----w- C:\ProgramData\Nero
    2014-07-19 13:00:19 -------- d-----w- C:\Program Files (x86)\Seagate
    2014-07-19 12:45:56 -------- d-----w- C:\ProgramData\Seagate
    2014-07-19 12:45:54 -------- d-----w- C:\Users\Olaf\AppData\Roaming\Seagate
    2014-07-16 11:01:53 2155152 ----a-w- C:\Windows\System32\Incinerator64.dll
    2014-07-16 11:01:32 32912 ----a-w- C:\Windows\System32\drivers\rawdsk3.sys
    2014-07-09 14:01:21 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
    2014-07-09 14:01:21 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
    2014-07-09 14:01:21 1460736 ----a-w- C:\Windows\System32\lsasrv.dll
    .
    ==================== Find3M ====================
    .
    2014-07-13 11:53:58 57584 ----a-w- C:\Windows\System32\iolobtdfg.exe
    2014-07-13 11:53:48 26184 ----a-w- C:\Windows\System32\smrgdf.exe
    2014-07-13 11:36:56 2097984 ----a-w- C:\Windows\SysWow64\Incinerator32.dll
    2014-07-11 01:02:05 98216 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
    2014-07-09 09:28:12 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2014-07-09 09:28:12 699056 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2014-06-30 02:09:33 519168 ----a-w- C:\Windows\System32\aepdu.dll
    2014-06-30 02:04:49 424448 ----a-w- C:\Windows\System32\aeinv.dll
    2014-06-19 01:06:55 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
    2014-06-19 01:06:24 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
    2014-06-19 00:42:57 548352 ----a-w- C:\Windows\System32\vbscript.dll
    2014-06-19 00:42:49 66048 ----a-w- C:\Windows\System32\iesetup.dll
    2014-06-19 00:41:52 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
    2014-06-19 00:41:16 83968 ----a-w- C:\Windows\System32\MshtmlDac.dll
    2014-06-19 00:24:30 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
    2014-06-19 00:24:12 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
    2014-06-19 00:23:53 752640 ----a-w- C:\Windows\System32\jscript9diag.dll
    2014-06-19 00:14:28 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
    2014-06-18 23:59:04 38400 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
    2014-06-18 23:56:37 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2014-06-18 23:51:38 5721088 ----a-w- C:\Windows\System32\jscript9.dll
    2014-06-18 23:38:40 455168 ----a-w- C:\Windows\SysWow64\vbscript.dll
    2014-06-18 23:37:23 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
    2014-06-18 23:36:35 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
    2014-06-18 23:35:55 62464 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
    2014-06-18 23:27:45 1249280 ----a-w- C:\Windows\System32\mshtmlmedia.dll
    2014-06-18 23:27:07 2040832 ----a-w- C:\Windows\System32\inetcpl.cpl
    2014-06-18 23:23:27 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
    2014-06-18 23:22:40 592896 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
    2014-06-18 23:06:10 32256 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
    2014-06-18 22:58:27 2266112 ----a-w- C:\Windows\System32\wininet.dll
    2014-06-18 22:52:18 4254720 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2014-06-18 22:46:23 1068032 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
    2014-06-18 22:45:59 1964544 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2014-06-18 22:13:59 1791488 ----a-w- C:\Windows\SysWow64\wininet.dll
    2014-06-18 02:18:30 692736 ----a-w- C:\Windows\System32\osk.exe
    2014-06-18 01:51:32 646144 ----a-w- C:\Windows\SysWow64\osk.exe
    2014-06-18 01:10:36 3157504 ----a-w- C:\Windows\System32\win32k.sys
    2014-06-06 10:47:08 4558848 ----a-w- C:\Windows\SysWow64\GPhotos.scr
    2014-06-06 10:10:34 624128 ----a-w- C:\Windows\System32\qedit.dll
    2014-06-06 09:44:17 509440 ----a-w- C:\Windows\SysWow64\qedit.dll
    2014-05-30 08:08:52 210944 ----a-w- C:\Windows\System32\wdigest.dll
    2014-05-30 08:08:49 86528 ----a-w- C:\Windows\System32\TSpkg.dll
    2014-05-30 08:08:47 340992 ----a-w- C:\Windows\System32\schannel.dll
    2014-05-30 08:08:41 314880 ----a-w- C:\Windows\System32\msv1_0.dll
    2014-05-30 08:08:41 307200 ----a-w- C:\Windows\System32\ncrypt.dll
    2014-05-30 08:08:36 728064 ----a-w- C:\Windows\System32\kerberos.dll
    2014-05-30 08:08:31 22016 ----a-w- C:\Windows\System32\credssp.dll
    2014-05-30 07:52:51 172032 ----a-w- C:\Windows\SysWow64\wdigest.dll
    2014-05-30 07:52:49 65536 ----a-w- C:\Windows\SysWow64\TSpkg.dll
    2014-05-30 07:52:45 247808 ----a-w- C:\Windows\SysWow64\schannel.dll
    2014-05-30 07:52:41 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll
    2014-05-30 07:52:40 259584 ----a-w- C:\Windows\SysWow64\msv1_0.dll
    2014-05-30 07:52:36 550912 ----a-w- C:\Windows\SysWow64\kerberos.dll
    2014-05-30 07:52:30 17408 ----a-w- C:\Windows\SysWow64\credssp.dll
    2014-05-30 06:45:52 497152 ----a-w- C:\Windows\System32\drivers\afd.sys
    2014-05-14 16:21:04 2620928 ----a-w- C:\Windows\System32\wucltux.dll
    2014-05-14 16:20:45 97792 ----a-w- C:\Windows\System32\wudriver.dll
    2014-05-14 16:17:10 92672 ----a-w- C:\Windows\SysWow64\wudriver.dll
    2014-05-14 07:23:04 198600 ----a-w- C:\Windows\System32\wuwebv.dll
    2014-05-14 07:23:04 179656 ----a-w- C:\Windows\SysWow64\wuwebv.dll
    2014-05-14 07:20:46 36864 ----a-w- C:\Windows\System32\wuapp.exe
    2014-05-14 07:17:14 33792 ----a-w- C:\Windows\SysWow64\wuapp.exe
    2014-05-08 09:32:11 3178496 ----a-w- C:\Windows\System32\rdpcorets.dll
    2014-05-08 09:32:11 16384 ----a-w- C:\Windows\System32\RdpGroupPolicyExtension.dll
    .
    ============= FINISH: 16:35:51,77 ===============

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows 7 Professional
    Boot Device: \Device\HarddiskVolume2
    Install Date: 05-01-2014 16:06:34
    System Uptime: 05-08-2014 16:00:44 (0 hours ago)
    .
    Motherboard: Dell Inc. | | 0PPXP5
    Processor: Intel(R) Core(TM) i5-4300U CPU @ 1.90GHz | SOCKET 0 | 1875/100mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 104 GiB total, 19,115 GiB free.
    E: is FIXED (NTFS) - 932 GiB total, 739,285 GiB free.
    Y: is FIXED (NTFS) - 16 GiB total, 6,676 GiB free.
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {36fc9e60-c465-11cf-8056-444553540000}
    Description: Unknown Device
    Device ID: USB\VID_0000&PID_0000\7&3661087B&0&2
    Manufacturer: (Standard USB-værtscontroller)
    Name: Unknown Device
    PNP Device ID: USB\VID_0000&PID_0000\7&3661087B&0&2
    Service:
    .
    ==== System Restore Points ===================
    .
    No restore point in system.
    .
    ==== Installed Programs ======================
    .
    Adobe Digital Editions 3.0
    Adobe Flash Player 14 ActiveX
    Adobe Reader XI (11.0.07) MUI
    ANT Drivers Installer x64
    AuthenTec Fingerprint Driver
    AuthenTec WinBio FingerPrint Software 64-bit
    calibre
    Canon iP4800 series Printer Driver
    Canon MP Navigator EX 4.0
    CanoScan LiDE 210 Scanner Driver
    CmgMasterPrerequisites
    D3DX10
    Dell Backup and Recovery
    Dell Backup and Recovery - Support Software
    Dell Client System Update
    Dell ControlVault Host Components Installer 64 bit
    Dell Custom Help
    Dell Data Protection | Security Tools
    Dell Digital Delivery
    Dell Edoc Viewer
    Dell Power Manager
    Dell Protected Workspace
    Dell Touchpad
    Dell Webcam Central
    Elevated Installer
    Emsisoft HiJackFree 4.5
    FileHippo.com Update Checker
    Fotogalleri
    Fotogalleriet
    Garmin Express
    Garmin Express Tray
    Google Toolbar for Internet Explorer
    Google Update Helper
    Intel(R) Control Center
    Intel(R) Management Engine Components
    Intel(R) Network Connections 18.1.59.00
    Intel(R) PRO/Wireless Driver
    Intel(R) Processor Graphics
    Intel(R) PROSet/Wireless for Bluetooth(R) + High Speed
    Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology
    Intel(R) Rapid Storage Technology
    Intel(R) SDK for OpenCL - CPU Only Runtime Package
    Intel(R) USB 3.0 eXtensible Host Controller Driver
    Intel® PROSet/Wireless Software
    Intel® PROSet/Wireless WiFi Software
    Intel® Trusted Connect Service Client
    Internet Explorer (Enable DEP)
    iolo technologies' System Mechanic
    Java 7 Update 60
    Java Auto Updater
    Junk Mail filter update
    Light Image Resizer 4.6.5.0
    Malwarebytes Anti-Malware version 2.0.2.1012
    Microsoft .NET Framework 4.5.1
    Microsoft Application Error Reporting
    Microsoft Corporation
    Microsoft LifeCam
    Microsoft Office Home and Business 2013 - da-dk
    Microsoft Silverlight
    Microsoft SkyDrive
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft SQL Server Compact 4.0 x64 ENU
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2005 Redistributable (x64)
    Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
    Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005
    Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005
    Movie Maker
    Mozilla Firefox 31.0 (x86 da)
    Mozilla Maintenance Service
    MSVCRT
    MSVCRT_amd64
    MSVCRT110
    MSVCRT110_amd64
    My Dell
    O2Micro OZ776 SCR Driver
    Office 15 Click-to-Run Extensibility Component
    Office 15 Click-to-Run Licensing Component
    Office 15 Click-to-Run Localization Component
    PC Tune-Up
    PDFill PDF Editor with FREE Writer and FREE Tools
    Photo Common
    Photo Gallery
    Picasa 3
    POP Peeper
    Realtek Audio COM Components
    Realtek High Definition Audio Driver
    Revo Uninstaller 1.95
    RoboForm 7-9-8-5 (All Users)
    Seagate Dashboard
    Secunia PSI (3.0.0.9016)
    Security Innovation TSS
    Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
    Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
    Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)
    Shared C Run-time for x64
    Sierra Wireless AirCard Watcher
    Sierra Wireless QMI Dell Driver Package
    Skype Click to Call
    Skypeâ„¢ 6.16
    SPBA (WBF) 5.9
    SpyHunter
    ST Microelectronics 3 Axis Digital Accelerometer Solution
    SUPERAntiSpyware
    TreeSize Free V3.0.1
    Valokuvavalikoima
    VC_CRT_x64
    Windows-driverpakke - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201)
    Windows-driverpakke - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1)
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Family Safety
    Windows Live ID Sign-in Assistant
    Windows Live Installer
    Windows Live Mail
    Windows Live MIME IFilter
    Windows Live Photo Common
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    Windows Liven peruspaketti
    Windows Liven sähköposti
    WinPatrol
    Wisdom-soft ScreenHunter 6.0 Free
    ZoneAlarm Antivirus
    ZoneAlarm Extreme Security
    ZoneAlarm Find My Laptop
    ZoneAlarm Firewall
    ZoneAlarm Security
    .
    ==== End Of File ===========================
     
    Last edited: 2014/08/06
    mariola,
    #1
  2. 2014/08/06
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    =========================

    [​IMG] Download RogueKiller from one of the following links and save it to your Desktop:

    Link 1
    Link 2

    • Close all the running programs
    • Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    [​IMG] Create new restore point before proceeding with the next step....
    How to: http://www.smartestcomputing.us.com/topic/63983-how-to-create-new-restore-point-all-windows/

    Download Malwarebytes Anti-Rootkit (MBAR) from HERE
    • Unzip downloaded file.
    • Open the folder where the contents were unzipped and run mbar.exe
    • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
    • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
    • Wait while the system shuts down and the cleanup process is performed.
    • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
    • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log-xxxxx.txt and system-log.txt
     
    broni,
    #2


  3. to hide this advert.

  4. 2014/08/07
    mariola

    mariola Well-Known Member Thread Starter

    Joined:
    2002/12/07
    Messages:
    82
    Likes Received:
    0
    RogueKiller V9.2.5.0 [Jul 11 2014] by Adlice Software
    mail : http://www.adlice.com/contact/
    Feedback : http://forum.adlice.com
    Website : http://www.adlice.com/softwares/roguekiller/
    Blog : http://www.adlice.com

    Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User : Olaf [Admin rights]
    Mode : Remove -- Date : 08/07/2014 10:34:57

    ¤¤¤ Bad processes : 0 ¤¤¤

    ¤¤¤ Registry Entries : 12 ¤¤¤
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{D3E5EEE4-D89F-412A-A6AE-A3D13FA80892} | DhcpNameServer : 203.118.191.1 203.109.191.1 -> NOT SELECTED
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{FAE6187F-64B9-468C-8DA1-DDDF1230AA06} | NameServer : 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1 -> NOT SELECTED
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{D3E5EEE4-D89F-412A-A6AE-A3D13FA80892} | DhcpNameServer : 203.118.191.1 203.109.191.1 -> NOT SELECTED
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{FAE6187F-64B9-468C-8DA1-DDDF1230AA06} | NameServer : 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1 -> NOT SELECTED
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{D3E5EEE4-D89F-412A-A6AE-A3D13FA80892} | DhcpNameServer : 203.118.191.1 203.109.191.1 -> NOT SELECTED
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{FAE6187F-64B9-468C-8DA1-DDDF1230AA06} | NameServer : 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1 -> NOT SELECTED
    [PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-451487791-1423636449-3525387171-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> NOT SELECTED
    [PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-451487791-1423636449-3525387171-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> NOT SELECTED
    [PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> NOT SELECTED
    [PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> NOT SELECTED
    [PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> NOT SELECTED
    [PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> NOT SELECTED

    ¤¤¤ Scheduled tasks : 2 ¤¤¤
    [Suspicious.Path] \\Olaf -- C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\NBCore.exe ( "C:\Users\Olaf\AppData\Roaming\Seagate\Seagate Dashboard 2.0\Files\Olaf.nji ") -> DELETED
    [Suspicious.Path] \\Olaf Merge -- "C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\NBCore.exe" ( "C:\Users\Olaf\AppData\Roaming\Seagate\Seagate Dashboard 2.0\Files\Olaf Merge.nji ") -> DELETED

    ¤¤¤ Files : 0 ¤¤¤

    ¤¤¤ HOSTS File : 0 ¤¤¤

    ¤¤¤ Antirootkit : 0 (Driver: NOT LOADED [0xc000036b]) ¤¤¤

    ¤¤¤ Web browsers : 0 ¤¤¤

    ¤¤¤ MBR Check : ¤¤¤
    +++++ PhysicalDrive0: SAMSUNG SSD SM841 mSATA SCSI Disk Device +++++
    --- User ---
    [MBR] a5163b178b18ce616fa1573bb13a68c6
    [BSP] 95d38b23d89f96720e5a7afb267b7faf : HP MBR Code
    Partition table:
    0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 MB
    1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 81920 | Size: 16042 MB
    2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 32935936 | Size: 106021 MB
    User = LL1 ... OK
    Error reading LL2 MBR! ([18] Programmet afgav en kommando, men kommandolængden er forkert. )

    +++++ PhysicalDrive1: Seagate Backup+ BK USB Device +++++
    --- User ---
    [MBR] 6e5c87a23559801be48cfd84acd96efb
    [BSP] a00b0d67517e145e00d3a32f492e4796 : Empty MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 953868 MB
    User = LL1 ... OK
    Error reading LL2 MBR! ([32] Anmodningen understøttes ikke. )


    ============================================
    RKreport_SCN_08072014_103404.log

    Malwarebytes Anti-Rootkit BETA 1.07.0.1012
    www.malwarebytes.org

    Database version: v2014.08.07.01

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 11.0.9600.17207
    Olaf :: OLAF-PC [administrator]

    07-08-2014 10:45:39
    mbar-log-2014-08-07 (10-45-39).txt

    Scan type: Quick scan
    Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
    Scan options disabled:
    Objects scanned: 296131
    Time elapsed: 4 minute(s), 55 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    Physical Sectors Detected: 0
    (No malicious items detected)

    (end)

    ---------------------------------------
    Malwarebytes Anti-Rootkit BETA 1.07.0.1012

    (c) Malwarebytes Corporation 2011-2012

    OS version: 6.1.7601 Windows 7 Service Pack 1 x64

    Account is Administrative

    Internet Explorer version: 11.0.9600.17207

    File system is: NTFS
    Disk drives: C:\ DRIVE_FIXED, E:\ DRIVE_FIXED, Y:\ DRIVE_FIXED
    CPU speed: 2.494000 GHz
    Memory total: 8490876928, free: 3764060160

    Downloaded database version: v2014.08.07.01
    Downloaded database version: v2014.08.04.01
    =======================================
    Initializing...
    Done!
    Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
    Done!
    Drive 0
    This is a System drive
    Scanning MBR on drive 0...
    Inspecting partition table:
    MBR Signature: 55AA
    Disk Signature: A7342B7B

    Partition information:

    Partition 0 type is Other (0xde)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 63 Numsec = 80262

    Partition 1 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 81920 Numsec = 32854016
    Partition file system is NTFS
    Partition is bootable

    Partition 2 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 32935936 Numsec = 217131008

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Disk Size: 128035676160 bytes
    Sector size: 512 bytes

    Scanning physical sectors of unpartitioned space on drive 0 (1-62-250049680-250069680)...
    Done!
    Drive 1
    Scanning MBR on drive 1...
    Inspecting partition table:
    MBR Signature: 55AA
    Disk Signature: 99D1AC03

    Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048 Numsec = 1953523119
    Partition file system is NTFS
    Partition is not bootable

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Disk Size: 1000204885504 bytes
    Sector size: 512 bytes

    Done!
    Scan finished
    =======================================


    Removal queue found; removal started
    Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
    Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-1-81920-i.mbam...
    Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
    Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-i.mbam...
    Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-1-0-2048-i.mbam...
    Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-r.mbam...
    Removal finished
     
    mariola,
    #3
  5. 2014/08/07
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Very Important! Temporarily disable your anti-virus and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
      If the connection is not there use restore point you created prior to running Combofix.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results ". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try the following...

    Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Download Rkill (courtesy of BleepingComputer.com) to your desktop.
    There are 2 different versions. If one of them won't run then download and try to run the other one.
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
    iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

    Restart computer in safe mode

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    When the scan is done Notepad will open with rKill.txt log.
    NOTE. rKill.txt log will also be present on your desktop.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
     
    broni,
    #4
  6. 2014/08/08
    mariola

    mariola Well-Known Member Thread Starter

    Joined:
    2002/12/07
    Messages:
    82
    Likes Received:
    0
    I downloaded ComboFix as instructed. Disabled Anti-virus. Closed browsers and started Combofix. Soon it told me that stages 1,2 and 3 were finished and later that stage 4 was finished as well. During the process I realized that SpyHunter dispite not opened was operating in the background and came up a couple of times to ask for permissions which were accepted. At midnight after 2 hours after no messages I went to bed. This morning my PC had went into sleeping mode and I restarted Windows and unlocked Olaf as a user. Nothing had changed regarding the finished 4 stages. SpyHunter is now removed since it was downloaded to solve current problem and only did it partly. Do I rerun Combofix?
     
    mariola,
    #5
  7. 2014/08/08
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Please do.
     
    broni,
    #6
  8. 2014/08/09
    mariola

    mariola Well-Known Member Thread Starter

    Joined:
    2002/12/07
    Messages:
    82
    Likes Received:
    0
    A you can see I changed to method 2 in order to get it work properly.

    Rkill 2.6.8 by Lawrence Abrams (Grinler)
    http://www.bleepingcomputer.com/
    Copyright 2008-2014 BleepingComputer.com
    More Information about Rkill can be found at this link:
    http://www.bleepingcomputer.com/forums/topic308364.html

    Program started at: 08/09/2014 10:42:57 AM in x64 mode. (Safe Mode)
    Windows Version: Windows 7 Professional Service Pack 1

    Checking for Windows services to stop:

    * No malware services found to stop.

    Checking for processes to terminate:

    * No malware processes found to kill.

    Checking Registry for malware related settings:

    * No issues found in the Registry.

    Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

    Performing miscellaneous checks:

    * Windows Firewall Disabled

    [HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = dword:00000000

    Checking Windows Service Integrity:

    * BFE (Base Filtering Engine) (BFE) is not Running.
    Startup Type set to: Automatic

    * DHCP-klientprogram (Dhcp) is not Running.
    Startup Type set to: Automatic

    * DNS-klient (Dnscache) is not Running.
    Startup Type set to: Automatic

    * COM+ Event System (EventSystem) is not Running.
    Startup Type set to: Automatic

    * Windows Firewall (MpsSvc) is not Running.
    Startup Type set to: Automatic

    * Netværksforbindelser (Netman) is not Running.
    Startup Type set to: Manual

    * Tjenesten Grænseflade til netværkslagring (nsi) is not Running.
    Startup Type set to: Automatic

    * Sikkerhedscenter (wscsvc) is not Running.
    Startup Type set to: Automatic (Delayed Start)

    * Windows Update (wuauserv) is not Running.
    Startup Type set to: Automatic (Delayed Start)

    * Ancillary Function Driver for Winsock (AFD) is not Running.
    Startup Type set to: System

    * Godkendelsesdriver til Windows Firewall (mpsdrv) is not Running.
    Startup Type set to: Manual

    * NetBT (NetBT) is not Running.
    Startup Type set to: System

    * NSI proxy service driver. (nsiproxy) is not Running.
    Startup Type set to: System

    * NetIO Legacy TDI-supportdriver (tdx) is not Running.
    Startup Type set to: System

    Searching for Missing Digital Signatures:

    * No issues found.

    Checking HOSTS File:

    * No issues found.

    Program finished at: 08/09/2014 10:43:07 AM
    Execution time: 0 hours(s), 0 minute(s), and 10 seconds(s)

    ComboFix 14-08-06.02 - Olaf 09-08-2014 10:52:04.3.4 - x64
    Microsoft Windows 7 Professional 6.1.7601.1.1252.45.1030.18.8098.5396 [GMT 2:00]
    Kører fra: c:\users\Olaf\Desktop\Olaf_Poulsen.exe
    AV: ZoneAlarm Extreme Security Antivirus *Disabled/Updated* {DE038A5B-9EDD-18A9-2361-FF7D98D43730}
    FW: ZoneAlarm Extreme Security Firewall *Disabled* {E6380B7E-D4B2-19F1-083E-56486607704B}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: ZoneAlarm Extreme Security Anti-Spyware *Disabled/Updated* {65626BBF-B8E7-1727-19D1-C40FE3537D8D}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Andet, der er slettet )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
    c:\programdata\Roaming
    c:\users\Olaf\AppData\Local\Microsoft\Windows\Temporary Internet Files\{254894E4-7694-48F5-8C1D-5324E583F03F}.xps
    c:\users\Olaf\AppData\Local\Microsoft\Windows\Temporary Internet Files\{728BEA5D-5D2F-4428-83A9-324AC5A479F2}.xps
    c:\users\Olaf\AppData\Local\Microsoft\Windows\Temporary Internet Files\{82058E12-5DD2-4690-A421-E1A2F2C874CE}.xps
    c:\users\Olaf\AppData\Local\Microsoft\Windows\Temporary Internet Files\{B3BECEE8-C44C-4A92-A760-C9325A77B4FA}.xps
    c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744BA0000000010\11.0.0\eula.ini
    c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744BA0000000010\11.0.0\eula.ini2
    E:\Autorun.inf
    .
    .
    ((((((((((((((((((((((((((((( Filer skabt fra 2014-07-09 til 2014-08-09 )))))))))))))))))))))))))))))))))))
    .
    .
    2014-08-09 09:13 . 2014-08-09 09:13 -------- d-----w- c:\users\Default\AppData\Local\temp
    2014-08-09 08:47 . 2014-08-09 08:47 -------- d-----w- C:\Olaf_Poulsen
    2014-08-09 05:34 . 2014-07-02 03:09 10924376 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E0DBA20A-A3AB-4034-A7C5-2687F5F6C017}\mpengine.dll
    2014-08-07 08:45 . 2014-08-07 08:50 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
    2014-08-07 08:29 . 2014-08-07 08:29 29160 ----a-w- c:\windows\SysWow64\drivers\TrueSight.sys
    2014-08-07 08:29 . 2014-08-07 08:29 -------- d-----w- c:\programdata\RogueKiller
    2014-08-05 13:51 . 2014-08-09 09:16 122584 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
    2014-08-05 13:50 . 2014-08-07 08:44 92888 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
    2014-08-05 13:50 . 2014-08-05 13:50 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
    2014-08-05 13:50 . 2014-08-05 13:50 -------- d-----w- c:\programdata\Malwarebytes
    2014-08-05 13:50 . 2014-05-12 05:26 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
    2014-08-05 13:50 . 2014-05-12 05:25 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
    2014-08-03 15:06 . 2014-08-03 15:06 -------- d-----w- c:\program files\Enigma Software Group
    2014-08-03 15:06 . 2014-08-08 06:00 -------- d-----w- c:\windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP
    2014-08-03 15:06 . 2014-08-03 15:06 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
    2014-08-03 14:31 . 2014-08-08 20:49 -------- d-----w- c:\program files (x86)\VS Revo Group
    2014-07-26 13:50 . 2014-07-26 13:50 -------- d-----w- c:\users\Olaf\.oces
    2014-07-24 05:06 . 2014-07-24 05:06 -------- d-----w- c:\users\Default\AppData\Roaming\Garmin
    2014-07-21 07:58 . 2014-07-21 07:58 -------- d-----w- c:\program files (x86)\Ruiware
    2014-07-19 13:02 . 2014-07-19 13:02 -------- d-----w- c:\users\Olaf\AppData\Roaming\Nero
    2014-07-19 13:00 . 2014-07-19 13:00 -------- d-----w- c:\program files (x86)\Common Files\Nero
    2014-07-19 13:00 . 2014-07-19 13:00 -------- d-----w- c:\programdata\Nero
    2014-07-19 13:00 . 2014-07-19 13:00 -------- d-----w- c:\program files (x86)\Seagate
    2014-07-19 12:45 . 2014-07-19 12:45 -------- d-----w- c:\programdata\Seagate
    2014-07-19 12:45 . 2014-07-19 12:45 -------- d-----w- c:\users\Olaf\AppData\Roaming\Seagate
    2014-07-19 12:40 . 2014-07-19 12:40 -------- d-----w- c:\users\Olaf\AppData\Roaming\Leadertech
    2014-07-16 11:01 . 2014-07-13 11:36 2155152 ----a-w- c:\windows\system32\Incinerator64.dll
    2014-07-16 11:01 . 2014-07-13 11:33 32912 ----a-w- c:\windows\system32\drivers\rawdsk3.sys
    2014-07-16 08:04 . 2014-07-16 08:04 -------- d-----w- c:\program files (x86)\Common Files\Java
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2014-07-13 11:53 . 2014-04-17 10:07 57584 ----a-w- c:\windows\system32\iolobtdfg.exe
    2014-07-13 11:53 . 2014-04-17 10:07 26184 ----a-w- c:\windows\system32\smrgdf.exe
    2014-07-13 11:36 . 2014-04-17 10:07 2097984 ----a-w- c:\windows\SysWow64\Incinerator32.dll
    2014-07-13 08:00 . 2014-01-05 18:45 96441528 ----a-w- c:\windows\system32\MRT.exe
    2014-07-11 01:02 . 2014-06-06 16:03 98216 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
    2014-07-09 09:28 . 2013-10-10 14:52 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2014-07-09 09:28 . 2013-10-10 14:52 699056 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2014-06-30 02:09 . 2014-07-09 14:02 519168 ----a-w- c:\windows\system32\aepdu.dll
    2014-06-30 02:04 . 2014-07-09 14:02 424448 ----a-w- c:\windows\system32\aeinv.dll
    2014-06-20 20:14 . 2014-07-09 14:02 266424 ----a-w- c:\windows\system32\iedkcs32.dll
    2014-06-19 01:39 . 2014-07-09 14:02 23464448 ----a-w- c:\windows\system32\mshtml.dll
    2014-06-19 01:06 . 2014-07-09 14:02 2724864 ----a-w- c:\windows\system32\mshtml.tlb
    2014-06-19 01:06 . 2014-07-09 14:02 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
    2014-06-19 00:48 . 2014-07-09 14:02 2768384 ----a-w- c:\windows\system32\iertutil.dll
    2014-06-19 00:42 . 2014-07-09 14:02 548352 ----a-w- c:\windows\system32\vbscript.dll
    2014-06-19 00:42 . 2014-07-09 14:02 66048 ----a-w- c:\windows\system32\iesetup.dll
    2014-06-19 00:41 . 2014-07-09 14:02 48640 ----a-w- c:\windows\system32\ieetwproxystub.dll
    2014-06-19 00:41 . 2014-07-09 14:02 83968 ----a-w- c:\windows\system32\MshtmlDac.dll
    2014-06-19 00:32 . 2014-07-09 14:02 51200 ----a-w- c:\windows\system32\jsproxy.dll
    2014-06-19 00:31 . 2014-07-09 14:02 33792 ----a-w- c:\windows\system32\iernonce.dll
    2014-06-19 00:26 . 2014-07-09 14:02 598016 ----a-w- c:\windows\system32\ieui.dll
    2014-06-19 00:24 . 2014-07-09 14:02 139264 ----a-w- c:\windows\system32\ieUnatt.exe
    2014-06-19 00:24 . 2014-07-09 14:02 111616 ----a-w- c:\windows\system32\ieetwcollector.exe
    2014-06-19 00:23 . 2014-07-09 14:02 752640 ----a-w- c:\windows\system32\jscript9diag.dll
    2014-06-19 00:14 . 2014-07-09 14:02 940032 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
    2014-06-19 00:09 . 2014-07-09 14:02 452608 ----a-w- c:\windows\system32\dxtmsft.dll
    2014-06-18 23:59 . 2014-07-09 14:02 38400 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
    2014-06-18 23:56 . 2014-07-09 14:02 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb
    2014-06-18 23:53 . 2014-07-09 14:02 195584 ----a-w- c:\windows\system32\msrating.dll
    2014-06-18 23:51 . 2014-07-09 14:02 5721088 ----a-w- c:\windows\system32\jscript9.dll
    2014-06-18 23:50 . 2014-07-09 14:02 85504 ----a-w- c:\windows\system32\mshtmled.dll
    2014-06-18 23:48 . 2014-07-09 14:02 292864 ----a-w- c:\windows\system32\dxtrans.dll
    2014-06-18 23:39 . 2014-07-09 14:02 608768 ----a-w- c:\windows\system32\ie4uinit.exe
    2014-06-18 23:38 . 2014-07-09 14:02 455168 ----a-w- c:\windows\SysWow64\vbscript.dll
    2014-06-18 23:37 . 2014-07-09 14:02 61952 ----a-w- c:\windows\SysWow64\iesetup.dll
    2014-06-18 23:36 . 2014-07-09 14:02 51200 ----a-w- c:\windows\SysWow64\ieetwproxystub.dll
    2014-06-18 23:35 . 2014-07-09 14:02 62464 ----a-w- c:\windows\SysWow64\MshtmlDac.dll
    2014-06-18 23:33 . 2014-07-09 14:02 631808 ----a-w- c:\windows\system32\msfeeds.dll
    2014-06-18 23:27 . 2014-07-09 14:02 1249280 ----a-w- c:\windows\system32\mshtmlmedia.dll
    2014-06-18 23:27 . 2014-07-09 14:02 2040832 ----a-w- c:\windows\system32\inetcpl.cpl
    2014-06-18 23:23 . 2014-07-09 14:02 112128 ----a-w- c:\windows\SysWow64\ieUnatt.exe
    2014-06-18 23:22 . 2014-07-09 14:02 592896 ----a-w- c:\windows\SysWow64\jscript9diag.dll
    2014-06-18 23:06 . 2014-07-09 14:02 32256 ----a-w- c:\windows\SysWow64\JavaScriptCollectionAgent.dll
    2014-06-18 22:58 . 2014-07-09 14:02 2266112 ----a-w- c:\windows\system32\wininet.dll
    2014-06-18 22:52 . 2014-07-09 14:02 4254720 ----a-w- c:\windows\SysWow64\jscript9.dll
    2014-06-18 22:51 . 2014-07-09 14:02 13527040 ----a-w- c:\windows\system32\ieframe.dll
    2014-06-18 22:46 . 2014-07-09 14:02 1068032 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
    2014-06-18 22:45 . 2014-07-09 14:02 1964544 ----a-w- c:\windows\SysWow64\inetcpl.cpl
    2014-06-18 22:34 . 2014-07-09 14:02 1393664 ----a-w- c:\windows\system32\urlmon.dll
    2014-06-18 22:15 . 2014-07-09 14:02 846336 ----a-w- c:\windows\system32\ieapfltr.dll
    2014-06-18 22:13 . 2014-07-09 14:02 1791488 ----a-w- c:\windows\SysWow64\wininet.dll
    2014-06-18 02:18 . 2014-07-09 14:02 692736 ----a-w- c:\windows\system32\osk.exe
    2014-06-18 01:51 . 2014-07-09 14:02 646144 ----a-w- c:\windows\SysWow64\osk.exe
    2014-06-18 01:10 . 2014-07-09 14:02 3157504 ----a-w- c:\windows\system32\win32k.sys
    2014-06-06 10:47 . 2014-06-06 10:47 4558848 ----a-w- c:\windows\SysWow64\GPhotos.scr
    2014-06-06 10:10 . 2014-07-09 14:02 624128 ----a-w- c:\windows\system32\qedit.dll
    2014-06-06 09:44 . 2014-07-09 14:02 509440 ----a-w- c:\windows\SysWow64\qedit.dll
    2014-06-05 14:45 . 2014-07-09 14:01 1460736 ----a-w- c:\windows\system32\lsasrv.dll
    2014-06-05 14:26 . 2014-07-09 14:01 22016 ----a-w- c:\windows\SysWow64\secur32.dll
    2014-06-05 14:25 . 2014-07-09 14:01 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
    2014-06-03 08:41 . 2014-01-05 20:56 589008 ----a-w- c:\programdata\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe
    2014-05-30 08:08 . 2014-07-09 14:02 210944 ----a-w- c:\windows\system32\wdigest.dll
    2014-05-30 08:08 . 2014-07-09 14:02 86528 ----a-w- c:\windows\system32\TSpkg.dll
    2014-05-30 08:08 . 2014-07-09 14:02 340992 ----a-w- c:\windows\system32\schannel.dll
    2014-05-30 08:08 . 2014-07-09 14:02 314880 ----a-w- c:\windows\system32\msv1_0.dll
    2014-05-30 08:08 . 2014-07-09 14:02 307200 ----a-w- c:\windows\system32\ncrypt.dll
    2014-05-30 08:08 . 2014-07-09 14:02 728064 ----a-w- c:\windows\system32\kerberos.dll
    2014-05-30 08:08 . 2014-07-09 14:02 22016 ----a-w- c:\windows\system32\credssp.dll
    2014-05-30 07:52 . 2014-07-09 14:02 172032 ----a-w- c:\windows\SysWow64\wdigest.dll
    2014-05-30 07:52 . 2014-07-09 14:02 65536 ----a-w- c:\windows\SysWow64\TSpkg.dll
    2014-05-30 07:52 . 2014-07-09 14:02 247808 ----a-w- c:\windows\SysWow64\schannel.dll
    2014-05-30 07:52 . 2014-07-09 14:02 220160 ----a-w- c:\windows\SysWow64\ncrypt.dll
    2014-05-30 07:52 . 2014-07-09 14:02 259584 ----a-w- c:\windows\SysWow64\msv1_0.dll
    2014-05-30 07:52 . 2014-07-09 14:02 550912 ----a-w- c:\windows\SysWow64\kerberos.dll
    2014-05-30 07:52 . 2014-07-09 14:02 17408 ----a-w- c:\windows\SysWow64\credssp.dll
    2014-05-30 06:45 . 2014-07-09 14:02 497152 ----a-w- c:\windows\system32\drivers\afd.sys
    .
    .
    ((((((((((((((((((((((((((((((((((( Start steder i reg.basen ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Bemærk* tomme linier & lovlige standard linier vises ikke
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
    @= "{F241C880-6982-4CE5-8CF7-7085BA96DA5A} "
    [HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
    2014-01-05 20:58 220632 ----a-w- c:\users\Olaf\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
    @= "{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} "
    [HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
    2014-01-05 20:58 220632 ----a-w- c:\users\Olaf\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
    @= "{BBACC218-34EA-4666-9D7A-C78F2274A524} "
    [HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
    2014-01-05 20:58 220632 ----a-w- c:\users\Olaf\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "FileHippo.com "= "c:\program files (x86)\FileHippo.com\UpdateChecker.exe" [2012-11-23 307712]
    "POP Peeper "= "c:\program files (x86)\POP Peeper\POPPeeper.exe" [2011-11-16 1613824]
    "GarminExpressTrayApp "= "c:\program files (x86)\Garmin\Express Tray\ExpressTray.exe" [2014-07-01 122200]
    "Skype "= "c:\program files (x86)\Skype\Phone\Skype.exe" [2014-05-08 21442176]
    "RoboForm "= "c:\program files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2014-07-04 109784]
    "Uploader "= "c:\program files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe" [2014-04-30 126056]
    "WinPatrol "= "c:\program files (x86)\Ruiware\WinPatrol\winpatrol.exe" [2014-07-21 1154112]
    "swg "= "c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2014-01-18 39408]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "USB3MON "= "c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2013-04-26 292848]
    "IMSS "= "c:\program files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe" [2013-07-02 134616]
    "Dell Webcam Central "= "c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2011-12-16 462974]
    "ZoneAlarm "= "c:\program files (x86)\CheckPoint\ZoneAlarm\zatray.exe" [2014-04-24 137352]
    "LifeCam "= "c:\program files (x86)\Microsoft LifeCam\LifeExp.exe" [2010-12-13 135536]
    "DBAgent "= "c:\program files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe" [2014-04-30 1519176]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "GarminExpressTrayApp "= "c:\program files (x86)\Garmin\Express Tray\ExpressTray.exe" [2014-07-01 122200]
    .
    c:\users\Olaf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Send til OneNote.lnk - c:\program files\Microsoft Office 15\root\office15\ONENOTEM.EXE /tsr [2014-7-10 195248]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Secunia PSI Tray.lnk - c:\program files (x86)\Secunia\PSI\psi_tray.exe [2013-12-6 565464]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin "= 5 (0x5)
    "ConsentPromptBehaviorUser "= 3 (0x3)
    "EnableUIADesktopToggle "= 0 (0x0)
    "DisableCAD "= 1 (0x1)
    "EnableLinkedConnections "= 1 (0x1)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ ??|??????\0??????????????\0d.\0
    \0???\0M\0Software\Classes\Wow6432Node\Interface\{00000102-0000-0000-C000-000000000046}\0.\0???\0M\0Software\Classes\Wow6432Node\Interface\{00000101-0000-0000-C000-000000000046}\02\0???\0M\0Software\Classes\Wow6432Node\Interface\{00000081-0000-0010-8000-00AA006D2EA4}\0rhåndsbesked.htm\0autocheck smrgdf c:\users\Olaf\AppData\Roaming\iolo\
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
    @=" "
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ioloSystemService]
    @= "Service "
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=" "
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc]
    @=" "
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @= "Driver "
    .
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
    R2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe;c:\program files (x86)\Secunia\PSI\sua.exe [x]
    R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
    R3 AMPPALP;Intel(r) Centrino(r) Wireless Bluetooth(r) + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys;c:\windows\SYSNATIVE\DRIVERS\amppal.sys [x]
    R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
    R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
    R3 icsak;icsak;c:\program files (x86)\CheckPoint\AKL\ak\icsak.sys;c:\program files (x86)\CheckPoint\AKL\ak\icsak.sys [x]
    R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
    R3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;c:\program files\Intel\iCLS Client\SocketHeciServer.exe;c:\program files\Intel\iCLS Client\SocketHeciServer.exe [x]
    R3 InvProtectDrv;InvProtectDrv;c:\program files (x86)\Invincea\Enterprise\X64\InvProtectDrv64.sys;c:\program files (x86)\Invincea\Enterprise\X64\InvProtectDrv64.sys [x]
    R3 InvProtectSvc;Invincea Enterprise Service;c:\program files (x86)\Invincea\Enterprise\X64\InvProtectSvc64.exe;c:\program files (x86)\Invincea\Enterprise\X64\InvProtectSvc64.exe [x]
    R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\DRIVERS\massfilter.sys;c:\windows\SYSNATIVE\DRIVERS\massfilter.sys [x]
    R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
    R3 netvsc;netvsc;c:\windows\system32\DRIVERS\netvsc60.sys;c:\windows\SYSNATIVE\DRIVERS\netvsc60.sys [x]
    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
    R3 SboxDrv;SboxDrv;c:\program files (x86)\Invincea\Enterprise\Sandbox\SboxDrv.sys;c:\program files (x86)\Invincea\Enterprise\Sandbox\SboxDrv.sys [x]
    R3 SboxSvc;SboxSvc;c:\program files (x86)\Invincea\Enterprise\Sandbox\SboxSvc.exe;c:\program files (x86)\Invincea\Enterprise\Sandbox\SboxSvc.exe [x]
    R3 SynthVid;SynthVid;c:\windows\system32\DRIVERS\VMBusVideoM.sys;c:\windows\SYSNATIVE\DRIVERS\VMBusVideoM.sys [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
    R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
    R3 WatAdminSvc;Tjenesten Windows Aktivering;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
    R3 ZTEusbnet;ZTE USB-NDIS miniport;c:\windows\system32\DRIVERS\ZTEusbnet.sys;c:\windows\SYSNATIVE\DRIVERS\ZTEusbnet.sys [x]
    R3 ZTEusbvoice;ZTE VoUSB Port;c:\windows\system32\DRIVERS\ZTEusbvoice.sys;c:\windows\SYSNATIVE\DRIVERS\ZTEusbvoice.sys [x]
    S0 iaStorA;iaStorA;c:\windows\system32\drivers\iaStorA.sys;c:\windows\SYSNATIVE\drivers\iaStorA.sys [x]
    S0 iaStorF;iaStorF;c:\windows\system32\drivers\iaStorF.sys;c:\windows\SYSNATIVE\drivers\iaStorF.sys [x]
    S0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
    S0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdcfltn.sys;c:\windows\SYSNATIVE\DRIVERS\stdcfltn.sys [x]
    S1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\ElRawDsk.sys;c:\windows\SYSNATIVE\drivers\ElRawDsk.sys [x]
    S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys;c:\windows\SYSNATIVE\DRIVERS\klim6.sys [x]
    S1 kltdi;kltdi;c:\windows\system32\DRIVERS\kltdi.sys;c:\windows\SYSNATIVE\DRIVERS\kltdi.sys [x]
    S1 kneps;kneps;c:\windows\system32\DRIVERS\kneps.sys;c:\windows\SYSNATIVE\DRIVERS\kneps.sys [x]
    S1 RawDisk3;RawDisk3;c:\windows\system32\drivers\rawdsk3.sys;c:\windows\SYSNATIVE\drivers\rawdsk3.sys [x]
    S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x]
    S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x]
    S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x]
    S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [x]
    S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [x]
    S2 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [x]
    S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [x]
    S2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [x]
    S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [x]
    S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [x]
    S2 ClickToRunSvc;Microsoft Office-tjenesten Klik og kør;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [x]
    S2 Credential Vault Host Control Service;Credential Vault Host Control Service;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe [x]
    S2 Credential Vault Host Storage;Credential Vault Host Storage;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe [x]
    S2 Dell.PowerManager.Service;Dell.PowerManager.Service;c:\windows\system32\dllhost.exe;c:\windows\SYSNATIVE\dllhost.exe [x]
    S2 DellDigitalDelivery;Dell Digital Delivery Service;c:\program files (x86)\Dell Digital Delivery\DeliveryService.exe;c:\program files (x86)\Dell Digital Delivery\DeliveryService.exe [x]
    S2 Garmin Core Update Service;Garmin Core Update Service;c:\program files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe;c:\program files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [x]
    S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
    S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
    S2 Intel(R) PROSet Monitoring Service;Intel(R) PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe;c:\windows\SYSNATIVE\IProsetMonitor.exe [x]
    S2 ioloSystemService;iolo System Service;c:\program files (x86)\iolo\Common\Lib\ioloServiceManager.exe;c:\program files (x86)\iolo\Common\Lib\ioloServiceManager.exe [x]
    S2 ISWKL;ZoneAlarm AntiKeylogger ISWKL;c:\program files (x86)\CheckPoint\AKL\ISWKL.sys;c:\program files (x86)\CheckPoint\AKL\ISWKL.sys [x]
    S2 IswSvc;ZoneAlarm AntiKeylogger IswSvc;c:\program files (x86)\CheckPoint\AKL\AkSVC.exe;c:\program files (x86)\CheckPoint\AKL\AkSVC.exe [x]
    S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
    S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]
    S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
    S2 PDFsFilter;PDFsFilter;c:\windows\system32\DRIVERS\PDFsFilter.sys;c:\windows\SYSNATIVE\DRIVERS\PDFsFilter.sys [x]
    S2 RtkAudioService;Realtek Audio Service;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe [x]
    S2 Seagate Dashboard Services;Seagate Dashboard Services;c:\program files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe;c:\program files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe [x]
    S2 Seagate MobileBackup Service;Seagate MobileBackup Service;c:\program files (x86)\Seagate\Seagate Dashboard 2.0\MobileService.exe;c:\program files (x86)\Seagate\Seagate Dashboard 2.0\MobileService.exe [x]
    S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe;c:\program files (x86)\Secunia\PSI\PSIA.exe [x]
    S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell Backup and Recovery\SftService.exe;c:\program files (x86)\Dell Backup and Recovery\SftService.exe [x]
    S2 SwiCardDetectSvc;Sierra Wireless Card Detection Service;c:\program files (x86)\Sierra Wireless Inc\Common\SwiCardDetect64.exe;c:\program files (x86)\Sierra Wireless Inc\Common\SwiCardDetect64.exe [x]
    S2 SwiService;Sierra Wireless Service;c:\program files (x86)\Sierra Wireless Inc\Utils\SWIService.exe;c:\program files (x86)\Sierra Wireless Inc\Utils\SWIService.exe [x]
    S2 ZAPrivacyService;ZoneAlarm Privacy Service;c:\program files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe;c:\program files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe [x]
    S2 ZeroConfigService;Intel(R) PROSet/Wireless Zero Configuration Service;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe [x]
    S2 ZoneAlarm AntiTheft;ZoneAlarm AntiTheft;c:\program files (x86)\CheckPoint\AntiTheft\Antitheft.exe;c:\program files (x86)\CheckPoint\AntiTheft\Antitheft.exe [x]
    S3 AMPPAL;Intel(r) Centrino(r) Wireless Bluetooth(r) + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys;c:\windows\SYSNATIVE\DRIVERS\AMPPAL.sys [x]
    S3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys;c:\windows\SYSNATIVE\DRIVERS\btmaux.sys [x]
    S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys;c:\windows\SYSNATIVE\DRIVERS\btmhsf.sys [x]
    S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys;c:\windows\SYSNATIVE\DRIVERS\CtClsFlt.sys [x]
    S3 cvusbdrv;Dell ControlVault;c:\windows\system32\Drivers\cvusbdrv.sys;c:\windows\SYSNATIVE\Drivers\cvusbdrv.sys [x]
    S3 e1dexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver D;c:\windows\system32\DRIVERS\e1d62x64.sys;c:\windows\SYSNATIVE\DRIVERS\e1d62x64.sys [x]
    S3 ibtusb;Intel(R) Wireless Bluetooth(R) 4.0 + HS Adapter;c:\windows\system32\DRIVERS\ibtusb.sys;c:\windows\SYSNATIVE\DRIVERS\ibtusb.sys [x]
    S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
    S3 iusb3hub;Intel(R) USB 3.0 hub driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
    S3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
    S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
    S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
    S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\Drivers\nx6000.sys;c:\windows\SYSNATIVE\Drivers\nx6000.sys [x]
    S3 O2FJ2RDR;O2FJ2RDR;c:\windows\system32\DRIVERS\O2FJ2w7x64.sys;c:\windows\SYSNATIVE\DRIVERS\O2FJ2w7x64.sys [x]
    S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf_amd64.sys;c:\windows\SYSNATIVE\DRIVERS\psi_mf_amd64.sys [x]
    S3 ST_Accel;STMicroelectronics Accelerometer Service;c:\windows\system32\DRIVERS\ST_Accel.sys;c:\windows\SYSNATIVE\DRIVERS\ST_Accel.sys [x]
    S3 swg3kmbb05;Sierra Wireless QMI USB-NDIS 6.20 miniport for Dell;c:\windows\system32\DRIVERS\swg3kmbb05.sys;c:\windows\SYSNATIVE\DRIVERS\swg3kmbb05.sys [x]
    S3 swg3knmea05;Sierra Wireless QMI NMEA Communication - Dell;c:\windows\system32\DRIVERS\swg3knmea05.sys;c:\windows\SYSNATIVE\DRIVERS\swg3knmea05.sys [x]
    S3 swg3kser05;Sierra Wireless QMI USB Device for Legacy Serial Communication - Dell;c:\windows\system32\DRIVERS\swg3kser05.sys;c:\windows\SYSNATIVE\DRIVERS\swg3kser05.sys [x]
    S3 wbfcvusbdrv;WBF Control Vault;c:\windows\system32\Drivers\wbfcvusbdrv.sys;c:\windows\SYSNATIVE\Drivers\wbfcvusbdrv.sys [x]
    .
    .
    --- Andre Services/Drivers i Hukommelsen ---
    .
    *NewlyCreated* - MBAMSWISSARMY
    .
    Indhold af mappen 'Planlagte Opgaver'
    .
    2014-08-09 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-10 09:28]
    .
    2014-08-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-01-18 22:21]
    .
    2014-08-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-01-18 22:21]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
    @= "{F241C880-6982-4CE5-8CF7-7085BA96DA5A} "
    [HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
    2014-01-05 20:58 244696 ----a-w- c:\users\Olaf\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
    @= "{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} "
    [HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
    2014-01-05 20:58 244696 ----a-w- c:\users\Olaf\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
    @= "{BBACC218-34EA-4666-9D7A-C78F2274A524} "
    [HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
    2014-01-05 20:58 244696 ----a-w- c:\users\Olaf\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
    @= "{8BA85C75-763B-4103-94EB-9470F12FE0F7} "
    [HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
    2014-06-10 10:07 2335960 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\grooveex.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
    @= "{CD55129A-B1A1-438E-A425-CEBC7DC684EE} "
    [HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
    2014-06-10 10:07 2335960 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\grooveex.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
    @= "{E768CD3B-BDDC-436D-9C13-E1B39CA257B1} "
    [HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
    2014-06-10 10:07 2335960 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\grooveex.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DBARFileBackuped]
    @= "{831cebdd-6baf-4432-be76-9e0989c14aef} "
    [HKEY_CLASSES_ROOT\CLSID\{831cebdd-6baf-4432-be76-9e0989c14aef}]
    2010-11-21 03:23 444752 ----a-w- c:\windows\System32\mscoree.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DBARFileNotBackuped]
    @= "{275e4fd7-21ef-45cf-a836-832e5d2cc1b3} "
    [HKEY_CLASSES_ROOT\CLSID\{275e4fd7-21ef-45cf-a836-832e5d2cc1b3}]
    2010-11-21 03:23 444752 ----a-w- c:\windows\System32\mscoree.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Apoint "= "c:\program files\DellTPad\Apoint.exe" [2013-05-02 698712]
    "RtHDVCpl "= "c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2013-06-28 7191768]
    "RtHDVBg "= "c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2013-03-23 1291848]
    "WavesSvc "= "c:\program files\Realtek\Audio\HDA\WavesSvc64.exe" [2013-04-18 114944]
    "RtHDVBg_PushButton "= "c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2013-03-23 1291848]
    "IgfxTray "= "c:\windows\system32\igfxtray.exe" [2013-07-04 165872]
    "HotKeysCmds "= "c:\windows\system32\hkcmd.exe" [2013-07-04 407536]
    "Persistence "= "c:\windows\system32\igfxpers.exe" [2013-07-04 444400]
    "IntelPROSet "= "c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2013-06-13 4791024]
    "BLEServicesCtrl "= "c:\program files (x86)\Intel\Bluetooth\BleServicesCtrl.exe" [2012-09-17 184112]
    "IAStorIcon "= "c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" [2013-05-29 36352]
    "Logitech Download Assistant "= "c:\windows\System32\LogiLDA.dll" [2012-09-20 1832760]
    "ISW "= "c:\program files (x86)\CheckPoint\AKL\AkSA.exe" [2014-03-27 933496]
    .
    ------- Yderligere scanning -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://blank
    mDefault_Search_URL = hxxp://www.google.com
    mDefault_Page_URL = hxxp://www.google.com
    mStart Page = hxxp://www.google.com
    mSearch Page = hxxp://www.google.com
    TCP: DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{FAE6187F-64B9-468C-8DA1-DDDF1230AA06}: NameServer = 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
    DPF: {A6616B31-4860-41E2-98E3-CA7649AF172F} - file:///D:/launch.ocx
    FF - ProfilePath -
    .
    - - - - TOMME GENVEJE FJERNET - - - -
    .
    Toolbar-Locked - (no file)
    HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
    Toolbar-Locked - (no file)
    .
    .
    .
    --------------------- LÅSTE REGISTRERINGS NØGLER ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @= "FlashBroker "
    "LocalizedString "= "@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe,-101 "
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled "=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @= "c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe "
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @= "IFlashBroker5 "
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @= "{00020424-0000-0000-C000-000000000046} "
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "
    "Version "= "1.0 "
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @= "FlashBroker "
    "LocalizedString "= "@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe,-101 "
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled "=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @= "c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe "
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @= "Shockwave Flash Object "
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @= "c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx "
    "ThreadingModel "= "Apartment "
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @= "0 "
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @= "ShockwaveFlash.ShockwaveFlash.14 "
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @= "c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1 "
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @= "{D27CDB6B-AE6D-11cf-96B8-444553540000} "
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @= "1.0 "
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @= "ShockwaveFlash.ShockwaveFlash "
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @= "Macromedia Flash Factory Object "
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @= "c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx "
    "ThreadingModel "= "Apartment "
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @= "FlashFactory.FlashFactory.1 "
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @= "c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1 "
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @= "{D27CDB6B-AE6D-11cf-96B8-444553540000} "
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @= "1.0 "
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @= "FlashFactory.FlashFactory "
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @= "IFlashBroker5 "
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @= "{00020424-0000-0000-C000-000000000046} "
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "
    "Version "= "1.0 "
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
    @Denied: (A) (Everyone)
    "Solution "= "{15727DE6-F92D-4E46-ACB4-0E2C58B31A18} "
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
    @Denied: (A) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
    "Key "= "ActionsPane3 "
    "Location "= "c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd "
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial "=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial "=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial "=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Andre kørende processer ------------------------
    .
    c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    c:\program files (x86)\iolo\System Mechanic\LiveBoost.exe
    c:\program files (x86)\Malwarebytes Anti-Malware\mbam.exe
    c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    c:\windows\system32\DRIVERS\o2flash.exe
    c:\program files (x86)\Dell Backup and Recovery\TOASTER.EXE
    c:\program files (x86)\Dell Backup and Recovery\Components\DBRUpdate\DBRUpd.exe
    .
    **************************************************************************
    .
    Gennemført tid: 2014-08-09 12:30:04 - maskinen blev genstartet
    ComboFix-quarantined-files.txt 2014-08-09 10:28
    .
    Pre-Kørsel: 16.021.172.224 byte ledig
    Post-Kørsel: 15.885.602.816 byte ledig
    .
    - - End Of File - - E257F94F7BACBC4A8421A4EB80BC8FA4
    5C616939100B85E558DA92B899A0FC36
     
    mariola,
    #7
  9. 2014/08/09
    mariola

    mariola Well-Known Member Thread Starter

    Joined:
    2002/12/07
    Messages:
    82
    Likes Received:
    0
    After performing the above tests with RKill and Combofix I cannot enter some homepages, e.g. my netbank. Problem applies to both homepages with password and homepages without. I use Roboform and I normally enter from its Login. Some of them works others not and I cannot find any pathern in the problem. You see I can enter windowsbbs.
     
    mariola,
    #8
  10. 2014/08/09
    mariola

    mariola Well-Known Member Thread Starter

    Joined:
    2002/12/07
    Messages:
    82
    Likes Received:
    0
    Could one solution to above problem be a resetting of IE, going to Options/Advanced/Reset IE including personal settings a.o. startpage? Since we are in a process I would not do anything, until I have heard from you.
     
    mariola,
    #9
  11. 2014/08/09
    mariola

    mariola Well-Known Member Thread Starter

    Joined:
    2002/12/07
    Messages:
    82
    Likes Received:
    0
    One more comment. All websites can be opened in Firefox,
     
    mariola,
    #10
  12. 2014/08/09
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    [​IMG] Reset Internet Explorer.
    Go here: http://support.microsoft.com/kb/923737 and run "FixIt" procedure.
    You can use ANY browser to download "FixIt" file.
    Make sure you follow ALL steps listed there.

    [​IMG] Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Scan button.
    • When the scan has finished click on Clean button.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.

    [​IMG] Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator ".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.

    [​IMG] Please download Farbar Recovery Scan Tool and save it to your Desktop.

    Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
    • Double-click to run it. When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
    • The first time the tool is run, it makes also another log (Addition.txt). Please copy and paste it to your reply.
     
    broni,
    #11
  13. 2014/08/09
    mariola

    mariola Well-Known Member Thread Starter

    Joined:
    2002/12/07
    Messages:
    82
    Likes Received:
    0
    IE reset and OK now.

    # AdwCleaner v3.304 - Report created 10/08/2014 at 01:02:02
    # Updated 08/08/2014 by Xplode
    # Operating System : Windows 7 Professional Service Pack 1 (64 bits)
    # Username : Olaf - OLAF-PC
    # Running from : C:\Users\Olaf\Desktop\adwcleaner_3.304.exe
    # Option : Clean

    ***** [ Services ] *****


    ***** [ Files / Folders ] *****


    ***** [ Scheduled Tasks ] *****


    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****

    Key Deleted : HKCU\Software\powerpack

    ***** [ Browsers ] *****

    -\\ Internet Explorer v11.0.9600.17207


    -\\ Mozilla Firefox v31.0 (x86 da)

    [ File : C:\Users\Olaf\AppData\Roaming\Mozilla\Firefox\Profiles\1oieb4pa.default\prefs.js ]


    *************************

    AdwCleaner[R0].txt - [891 octets] - [10/08/2014 00:59:35]
    AdwCleaner[S0].txt - [772 octets] - [10/08/2014 01:02:02]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [831 octets] ##########
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 6.1.4 (04.06.2014:1)
    OS: Windows 7 Professional x64
    Ran by Olaf on 10-08-2014 at 1:07:07,19
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services



    ~~~ Registry Values



    ~~~ Registry Keys



    ~~~ Files



    ~~~ Folders



    ~~~ Event Viewer Logs were cleared





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on 10-08-2014 at 1:14:27,04
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     
    mariola,
    #12
  14. 2014/08/09
    mariola

    mariola Well-Known Member Thread Starter

    Joined:
    2002/12/07
    Messages:
    82
    Likes Received:
    0
    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-08-2014 01
    Ran by Olaf (administrator) on OLAF-PC on 10-08-2014 01:15:04
    Running from C:\Users\Olaf\Desktop
    Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Dansk (Danmark)
    Internet Explorer Version 11
    Boot Mode: Normal

    The only official download link for FRST:
    Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
    Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
    Download link from any site other than Bleeping Computer is unpermitted or outdated.
    See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    (Authentec Inc.) C:\Program Files\Common Files\SPBA\upeksvr.exe
    (Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
    (Microsoft Corporation) C:\Windows\System32\wlanext.exe
    (Check Point Software Technologies LTD) C:\Program Files (x86)\CheckPoint\AKL\AkSVC.exe
    (Check Point Software Technologies LTD) C:\Program Files (x86)\CheckPoint\AKL\AkSA.exe
    (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
    (Broadcom Corporation) C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
    (Broadcom Corporation) C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    (Waves Audio Ltd.) C:\Program Files\Realtek\Audio\HDA\WavesSvc64.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    (Intel Corporation) C:\Windows\System32\igfxtray.exe
    (Intel Corporation) C:\Windows\System32\hkcmd.exe
    (Intel Corporation) C:\Windows\System32\igfxsrvc.exe
    (Intel Corporation) C:\Windows\System32\igfxpers.exe
    (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
    (SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
    (iolo technologies, LLC) C:\Program Files (x86)\iolo\System Mechanic\ioloGovernor64.exe
    (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe
    (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe
    (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
    (Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
    (Siber Systems) C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
    (Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe
    (Ruiware LLC) C:\Program Files (x86)\Ruiware\WinPatrol\WinPatrol.exe
    (Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
    (Creative Technology Ltd) C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
    (Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
    (Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe
    (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
    (Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
    (iolo technologies, LLC) C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe
    (Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DeviceAgent.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
    (iolo technologies, LLC) C:\Program Files (x86)\iolo\System Mechanic\LiveBoost.exe
    (Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS64.exe
    (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    (Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe
    (Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\MobileService.exe
    (Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
    (Sierra Wireless, Inc.) C:\Program Files (x86)\Sierra Wireless Inc\Common\SwiCardDetect64.exe
    (Sierra Wireless, Inc.) C:\Program Files (x86)\Sierra Wireless Inc\Utils\SwiService.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    (Check Point Software Technologies, Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
    (Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
    (Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\AntiTheft\Antitheft.exe
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
    (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
    (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\msosync.exe
    (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
    (Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
    (Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
    (Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
    (Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
    (Dell Products, LP.) C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
    (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    (O2Micro International) C:\Windows\System32\drivers\o2flash.exe
    (SoftThinks SAS) C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
    (SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Toaster.exe
    (SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Components\DBRUpdate\DBRUpd.exe
    () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRCrawler.exe


    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [698712 2013-05-02] (Alps Electric Co., Ltd.)
    HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7191768 2013-06-28] (Realtek Semiconductor)
    HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1291848 2013-03-23] (Realtek Semiconductor)
    HKLM\...\Run: [WavesSvc] => C:\Program Files\Realtek\Audio\HDA\WavesSvc64.exe [114944 2013-04-18] (Waves Audio Ltd.)
    HKLM\...\Run: [RtHDVBg_PushButton] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1291848 2013-03-23] (Realtek Semiconductor)
    HKLM\...\Run: [IntelPROSet] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [4791024 2013-06-13] (Intel(R) Corporation)
    HKLM\...\Run: [BLEServicesCtrl] => C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe [184112 2012-09-17] (Intel Corporation)
    HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [286704 2013-05-29] (Intel Corporation)
    HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
    HKLM\...\Run: [ISW] => C:\Program Files (x86)\CheckPoint\AKL\AkSA.exe [933496 2014-03-27] (Check Point Software Technologies LTD)
    HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-04-26] (Intel Corporation)
    HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [134616 2013-07-02] (Intel Corporation)
    HKLM-x32\...\Run: [Dell Webcam Central] => C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [462974 2011-12-16] (Creative Technology Ltd)
    HKLM-x32\...\Run: [ZoneAlarm] => C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe [137352 2014-04-25] (Check Point Software Technologies Ltd.)
    HKLM-x32\...\Run: [LifeCam] => C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe [135536 2010-12-13] (Microsoft Corporation)
    HKLM-x32\...\Run: [DBAgent] => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe [1519176 2014-04-30] (Seagate Technology LLC)
    Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
    Winlogon\Notify\spba: C:\Program Files\Common Files\SPBA\homefus2.dll (Authentec Inc.)
    HKU\.DEFAULT\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [122200 2014-07-01] (Garmin Ltd or its subsidiaries)
    HKU\S-1-5-21-451487791-1423636449-3525387171-1001\...\Run: [FileHippo.com] => C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe [307712 2012-11-23] (FileHippo.com)
    HKU\S-1-5-21-451487791-1423636449-3525387171-1001\...\Run: [POP Peeper] => C:\Program Files (x86)\POP Peeper\POPPeeper.exe [1613824 2011-11-16] (Mortal Universe)
    HKU\S-1-5-21-451487791-1423636449-3525387171-1001\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [122200 2014-07-01] (Garmin Ltd or its subsidiaries)
    HKU\S-1-5-21-451487791-1423636449-3525387171-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21442176 2014-05-08] (Skype Technologies S.A.)
    HKU\S-1-5-21-451487791-1423636449-3525387171-1001\...\Run: [RoboForm] => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [109784 2014-07-04] (Siber Systems)
    HKU\S-1-5-21-451487791-1423636449-3525387171-1001\...\Run: [Uploader] => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe [126056 2014-04-30] (Seagate Technology LLC)
    HKU\S-1-5-21-451487791-1423636449-3525387171-1001\...\Run: [WinPatrol] => C:\Program Files (x86)\Ruiware\WinPatrol\winpatrol.exe [1154112 2014-07-21] (Ruiware LLC)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
    ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
    Startup: C:\Users\Olaf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send til OneNote.lnk
    ShortcutTarget: Send til OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe (Microsoft Corporation)
    ShellIconOverlayIdentifiers: SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Olaf\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
    ShellIconOverlayIdentifiers: SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Olaf\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
    ShellIconOverlayIdentifiers: SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Olaf\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
    ShellIconOverlayIdentifiers: SkyDrivePro1 (ErrorConflict) -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
    ShellIconOverlayIdentifiers: SkyDrivePro2 (SyncInProgress) -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
    ShellIconOverlayIdentifiers: SkyDrivePro3 (InSync) -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
    ShellIconOverlayIdentifiers: DBARFileBackuped -> {831cebdd-6baf-4432-be76-9e0989c14aef} => C:\Windows\system32\mscoree.dll (Microsoft Corporation)
    ShellIconOverlayIdentifiers: DBARFileNotBackuped -> {275e4fd7-21ef-45cf-a836-832e5d2cc1b3} => C:\Windows\system32\mscoree.dll (Microsoft Corporation)
    ShellIconOverlayIdentifiers-x32: SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Olaf\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll (Microsoft Corporation)
    ShellIconOverlayIdentifiers-x32: SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Olaf\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll (Microsoft Corporation)
    ShellIconOverlayIdentifiers-x32: SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Olaf\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll (Microsoft Corporation)
    BootExecute: 盽᫠ǀ隸৆Ꙡȴ�ጦꓰȩꙠȴᜄጔ媘ȲԒꙠȴ�ጦd. ρȉҰMSoftware\Classes\Wow6432Node\Interface\{00000102-0000-0000-C000-000000000046}.בȉҰMSoftware\Classes\Wow6432Node\Interface\{00000101-0000-0000-C000-000000000046}2ఁȉҰMSoftware\Classes\Wow6432Node\Interface\{00000081-0000-0010-8000-00AA006D2EA4}rhÃ¥ndsbesked.htm

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:tabs
    StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
    SearchScopes: HKLM - {749A4926-B4B3-4BF5-A0EE-9A5FBC8F92A4} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=DCJB
    SearchScopes: HKLM-x32 - {749A4926-B4B3-4BF5-A0EE-9A5FBC8F92A4} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=DCJB
    SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
    SearchScopes: HKCU - {749A4926-B4B3-4BF5-A0EE-9A5FBC8F92A4} URL =
    SearchScopes: HKCU - {FBE4325A-A76B-46AC-B1BC-D3E49B37962D} URL =
    BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
    BHO: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll (Siber Systems Inc.)
    BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
    BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
    BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
    BHO-x32: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
    BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
    BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
    BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    Toolbar: HKLM - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll (Siber Systems Inc.)
    Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    Toolbar: HKLM-x32 - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
    Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    Toolbar: HKCU - &RoboForm Toolbar - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll (Siber Systems Inc.)
    Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    DPF: HKLM-x32 {A6616B31-4860-41E2-98E3-CA7649AF172F} file:///D:/launch.ocx
    Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
    Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
    Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
    Tcpip\..\Interfaces\{FAE6187F-64B9-468C-8DA1-DDDF1230AA06}: [NameServer]8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1

    FireFox:
    ========
    FF ProfilePath: C:\Users\Olaf\AppData\Roaming\Mozilla\Firefox\Profiles\1oieb4pa.default
    FF Plugin: @microsoft.com/GENUINE -> disabled No File
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.1 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
    FF Plugin-x32: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazon-co-uk.xml
    FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-07-14]
    FF HKLM-x32\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox
    FF Extension: RoboForm Toolbar for Firefox - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox [2014-01-19]
    FF HKCU\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox
    FF StartMenuInternet: FIREFOX.EXE - C:\Program Files\Mozilla Firefox\firefox.exe

    Chrome:
    =======

    ==================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [144152 2013-10-11] (SUPERAntiSpyware.com)
    R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
    R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
    R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2356912 2014-07-19] (Microsoft Corporation)
    R2 Dell.PowerManager.Service; C:\Windows\system32\dllhost.exe [9728 2009-07-14] (Microsoft Corporation)
    R2 Dell.PowerManager.Service; C:\Windows\SysWOW64\dllhost.exe [7168 2009-07-14] (Microsoft Corporation)
    R2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [437080 2014-07-01] (Garmin Ltd or its subsidiaries)
    R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-05-29] (Intel Corporation)
    R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-12] (Intel(R) Corporation) [File not signed]
    S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-12] (Intel(R) Corporation)
    S3 InvProtectSvc; C:\Program Files (x86)\Invincea\Enterprise\X64\InvProtectSvc64.exe [2947856 2013-05-23] (Invincea, Inc.)
    R2 ioloSystemService; C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe [4700872 2014-07-13] (iolo technologies, LLC)
    R2 IswSvc; C:\Program Files (x86)\CheckPoint\AKL\AkSVC.exe [1133176 2014-03-27] (Check Point Software Technologies LTD)
    R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-07-02] (Intel Corporation)
    R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
    R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
    S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-06-13] ()
    R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [223816 2013-01-10] (Realtek Semiconductor)
    S3 SboxSvc; C:\Program Files (x86)\Invincea\Enterprise\Sandbox\SboxSvc.exe [124616 2013-05-23] ()
    R2 Seagate Dashboard Services; C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe [16000 2014-04-30] (Seagate Technology LLC)
    R2 Seagate MobileBackup Service; C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\MobileService.exe [157264 2014-04-30] (Seagate Technology LLC)
    R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1229528 2013-12-06] (Secunia)
    S2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [662232 2013-12-06] (Secunia)
    R2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe [1915480 2013-05-23] (SoftThinks SAS)
    R2 SwiCardDetectSvc; C:\Program Files (x86)\Sierra Wireless Inc\Common\SwiCardDetect64.exe [312136 2013-05-03] (Sierra Wireless, Inc.)
    R2 SwiService; C:\Program Files (x86)\Sierra Wireless Inc\Utils\SWIService.exe [258376 2013-05-24] (Sierra Wireless, Inc.)
    S2 tcsd_win32.exe; C:\Program Files\Dell\Dell Data Protection\TSS\bin\tcsd_win32.exe [1636352 2012-12-10] (Security Innovation, Inc.) [File not signed]
    R2 vsmon; C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe [3592120 2014-04-25] (Check Point Software Technologies Ltd.)
    R2 ZAPrivacyService; C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe [92176 2014-04-09] (Check Point Software Technologies, Ltd.)
    R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3376880 2013-06-13] (Intel® Corporation)
    R2 ZoneAlarm AntiTheft; C:\Program Files (x86)\CheckPoint\AntiTheft\Antitheft.exe [3124360 2014-04-25] (Check Point Software Technologies Ltd.)

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R3 btmaux; C:\Windows\System32\DRIVERS\btmaux.sys [132920 2013-04-23] (Motorola Solutions, Inc.)
    R3 btmhsf; C:\Windows\System32\DRIVERS\btmhsf.sys [1385272 2013-04-23] (Motorola Solutions, Inc.)
    R3 e1dexpress; C:\Windows\System32\DRIVERS\e1d62x64.sys [495888 2013-05-07] (Intel Corporation)
    R1 ElRawDisk; C:\Windows\system32\drivers\ElRawDsk.sys [30752 2014-04-07] (EldoS Corporation)
    R0 iaStorF; C:\Windows\System32\drivers\iaStorF.sys [28656 2013-05-20] (Intel Corporation)
    R3 ibtusb; C:\Windows\System32\DRIVERS\ibtusb.sys [112072 2013-06-13] (Intel Corporation)
    S3 icsak; C:\Program Files (x86)\CheckPoint\AKL\ak\icsak.sys [48512 2014-03-27] (Check Point Software Technologies LTD)
    R3 IntcAzAudAddService; C:\Windows\System32\drivers\RTDVHD64.sys [2161752 2013-06-29] (Realtek Semiconductor Corp.)
    S3 InvProtectDrv; C:\Program Files (x86)\Invincea\Enterprise\X64\InvProtectDrv64.sys [34824 2013-05-23] ()
    R2 ISWKL; C:\Program Files (x86)\CheckPoint\AKL\ISWKL.sys [54144 2014-03-27] (Check Point Software Technologies LTD)
    R0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [7717984 2014-03-19] (Kaspersky Lab ZAO)
    U5 klflt; C:\Windows\System32\Drivers\klflt.sys [92768 2014-03-19] (Kaspersky Lab ZAO)
    R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [490592 2014-03-19] (Kaspersky Lab ZAO)
    R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29792 2014-03-19] (Kaspersky Lab ZAO)
    R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [54104 2014-03-19] (Kaspersky Lab)
    R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [177760 2014-03-19] (Kaspersky Lab ZAO)
    R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
    R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-08-10] (Malwarebytes Corporation)
    R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
    R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [99288 2013-12-19] (Intel Corporation)
    R3 NETwNs64; C:\Windows\System32\DRIVERS\NETwsw02.sys [3465184 2013-06-27] (Intel Corporation)
    R3 O2FJ2RDR; C:\Windows\System32\DRIVERS\O2FJ2w7x64.sys [185760 2013-05-07] (O2Micro )
    R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-12-06] (Secunia)
    R1 RawDisk3; C:\Windows\system32\drivers\rawdsk3.sys [32912 2014-07-13] (EldoS Corporation)
    R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    S3 SboxDrv; C:\Program Files (x86)\Invincea\Enterprise\Sandbox\SboxDrv.sys [202248 2013-05-23] ()
    R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
    R3 ST_Accel; C:\Windows\System32\DRIVERS\ST_Accel.sys [89312 2013-03-27] (STMicroelectronics)
    R3 swg3kmbb05; C:\Windows\System32\DRIVERS\swg3kmbb05.sys [486672 2013-05-24] (Sierra Wireless Incorporated)
    R3 swg3knmea05; C:\Windows\System32\DRIVERS\swg3knmea05.sys [269488 2013-05-24] (Sierra Wireless Incorporated)
    R3 swg3kser05; C:\Windows\System32\DRIVERS\swg3kser05.sys [269488 2013-05-24] (Sierra Wireless Incorporated)
    S3 SWUMX20; No ImagePath
    U3 TrueSight; C:\Windows\SysWOW64\drivers\TrueSight.sys [29160 2014-08-07] ()
    R1 Vsdatant; C:\Windows\System32\DRIVERS\vsdatant.sys [450968 2014-04-24] (Check Point Software Technologies Ltd.)
    R3 wbfcvusbdrv; C:\Windows\System32\Drivers\wbfcvusbdrv.sys [17120 2013-07-03] ()
    S3 catchme; \??\C:\Olaf_Poulsen4298O\catchme.sys [X]
    S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


    ==================== One Month Created Files and Folders ========

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2014-08-10 01:15 - 2014-08-10 01:15 - 00030948 _____ () C:\Users\Olaf\Desktop\FRST.txt
    2014-08-10 01:15 - 2014-08-10 01:15 - 00000000 ____D () C:\FRST
    2014-08-10 01:14 - 2014-08-10 01:14 - 00000624 _____ () C:\Users\Olaf\Desktop\JRT.txt
    2014-08-10 01:07 - 2014-08-10 01:07 - 00000000 ____D () C:\Windows\ERUNT
    2014-08-10 01:05 - 2014-08-10 01:05 - 00000910 _____ () C:\Users\Olaf\Desktop\AdwCleaner[S0].txt
    2014-08-10 00:59 - 2014-08-10 01:02 - 00000000 ____D () C:\AdwCleaner
    2014-08-10 00:56 - 2014-08-10 00:57 - 02093568 _____ (Farbar) C:\Users\Olaf\Desktop\FRST64.exe
    2014-08-10 00:56 - 2014-08-10 00:56 - 01016261 _____ (Thisisu) C:\Users\Olaf\Desktop\JRT.exe
    2014-08-10 00:55 - 2014-08-10 00:55 - 01366203 _____ () C:\Users\Olaf\Desktop\adwcleaner_3.304.exe
    2014-08-09 13:02 - 2014-08-09 13:02 - 00041633 _____ () C:\Users\Olaf\Desktop\Combifix.txt
    2014-08-09 12:32 - 2014-08-09 12:32 - 00041633 _____ () C:\ComboFix.txt
    2014-08-09 10:47 - 2014-08-09 10:47 - 00000000 ____D () C:\Olaf_Poulsen
    2014-08-09 10:42 - 2014-08-09 10:43 - 00004842 _____ () C:\Users\Olaf\Desktop\Rkill.txt
    2014-08-09 07:40 - 2014-08-09 07:40 - 01944824 _____ (Bleeping Computer, LLC) C:\Users\Olaf\Desktop\rkill.exe
    2014-08-09 07:39 - 2014-08-09 07:39 - 05568206 ____R (Swearware) C:\Users\Olaf\Desktop\Olaf_Poulsen.exe
    2014-08-07 21:56 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
    2014-08-07 21:56 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
    2014-08-07 21:56 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
    2014-08-07 21:56 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
    2014-08-07 21:56 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
    2014-08-07 21:56 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
    2014-08-07 21:56 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
    2014-08-07 21:56 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
    2014-08-07 21:55 - 2014-08-09 12:38 - 00000000 ____D () C:\Qoobox
    2014-08-07 21:54 - 2014-08-09 12:01 - 00000000 ____D () C:\Windows\erdnt
    2014-08-07 10:45 - 2014-08-07 10:50 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
    2014-08-07 10:44 - 2014-08-07 10:50 - 00000000 ____D () C:\Users\Olaf\Desktop\mbar
    2014-08-07 10:43 - 2014-08-07 10:43 - 14349744 _____ (Malwarebytes Corp.) C:\Users\Olaf\Desktop\mbar-1.07.0.1012.exe
    2014-08-07 10:37 - 2014-08-07 10:37 - 00004592 _____ () C:\Users\Olaf\Desktop\RKreport_DEL_08072014_103457.log
    2014-08-07 10:29 - 2014-08-07 10:29 - 04817496 _____ () C:\Users\Olaf\Desktop\RogueKiller.exe
    2014-08-07 10:29 - 2014-08-07 10:29 - 00029160 _____ () C:\Windows\SysWOW64\Drivers\TrueSight.sys
    2014-08-07 10:29 - 2014-08-07 10:29 - 00000000 ____D () C:\ProgramData\RogueKiller
    2014-08-05 16:36 - 2014-08-05 16:36 - 00005627 _____ () C:\Users\Olaf\Desktop\attach.txt
    2014-08-05 16:36 - 2014-08-05 16:35 - 00036104 _____ () C:\Users\Olaf\Desktop\dds.txt
    2014-08-05 16:31 - 2014-08-05 16:31 - 00007883 _____ () C:\Users\Olaf\Desktop\Malwarebytes.txt
    2014-08-05 15:51 - 2014-08-10 01:05 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2014-08-05 15:50 - 2014-08-07 10:44 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
    2014-08-05 15:50 - 2014-08-05 15:50 - 00001104 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2014-08-05 15:50 - 2014-08-05 15:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2014-08-05 15:50 - 2014-08-05 15:50 - 00000000 ____D () C:\ProgramData\Malwarebytes
    2014-08-05 15:50 - 2014-08-05 15:50 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
    2014-08-05 15:50 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
    2014-08-05 15:50 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
    2014-08-05 15:30 - 2014-08-05 15:30 - 00000108 _____ () C:\index.ini
    2014-08-03 17:06 - 2014-08-08 08:00 - 00000000 ____D () C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP
    2014-08-03 17:06 - 2014-08-03 17:06 - 00000000 ____D () C:\Program Files\Enigma Software Group
    2014-08-03 17:06 - 2014-08-03 17:06 - 00000000 _____ () C:\autoexec.bat
    2014-08-03 16:31 - 2014-08-08 22:49 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
    2014-08-03 10:57 - 2014-08-03 10:57 - 00003150 _____ () C:\Windows\System32\Tasks\{65ACF052-8725-46A6-8369-9D67AB13C16D}
    2014-08-01 07:00 - 2014-05-14 18:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
    2014-08-01 07:00 - 2014-05-14 18:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
    2014-08-01 07:00 - 2014-05-14 18:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
    2014-08-01 07:00 - 2014-05-14 18:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
    2014-08-01 07:00 - 2014-05-14 18:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
    2014-08-01 07:00 - 2014-05-14 18:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
    2014-08-01 07:00 - 2014-05-14 18:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
    2014-08-01 07:00 - 2014-05-14 18:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
    2014-08-01 07:00 - 2014-05-14 18:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
    2014-08-01 07:00 - 2014-05-14 18:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
    2014-08-01 07:00 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
    2014-08-01 07:00 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
    2014-08-01 07:00 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
    2014-08-01 07:00 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
    2014-07-26 15:50 - 2014-07-28 15:18 - 00000001 _____ () C:\Users\Olaf\temp.dat
    2014-07-26 15:50 - 2014-07-26 15:50 - 00000000 ____D () C:\Users\Olaf\.oces
    2014-07-24 07:06 - 2014-07-24 07:06 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Garmin
    2014-07-24 07:06 - 2014-07-24 07:06 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Garmin
    2014-07-24 07:06 - 2014-07-24 07:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
    2014-07-23 07:24 - 2014-07-23 08:27 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
    2014-07-21 09:58 - 2014-07-21 09:58 - 00000000 ____D () C:\Program Files (x86)\Ruiware
    2014-07-19 15:02 - 2014-07-19 15:02 - 00003496 _____ () C:\Windows\System32\Tasks\Seagate_Install_Launch
    2014-07-19 15:02 - 2014-07-19 15:02 - 00003484 _____ () C:\Windows\System32\Tasks\Olaf DBAgent 2 0
    2014-07-19 15:02 - 2014-07-19 15:02 - 00000000 ____D () C:\Users\Olaf\AppData\Roaming\Nero
    2014-07-19 15:00 - 2014-07-19 15:00 - 00002717 _____ () C:\Users\Olaf\Desktop\Seagate Dashboard.lnk
    2014-07-19 15:00 - 2014-07-19 15:00 - 00000000 ____D () C:\ProgramData\Nero
    2014-07-19 15:00 - 2014-07-19 15:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Seagate Dashboard
    2014-07-19 15:00 - 2014-07-19 15:00 - 00000000 ____D () C:\Program Files (x86)\Seagate
    2014-07-19 14:45 - 2014-07-19 14:45 - 00000000 ____D () C:\Users\Olaf\AppData\Roaming\Seagate
    2014-07-19 14:45 - 2014-07-19 14:45 - 00000000 ____D () C:\ProgramData\Seagate
    2014-07-19 14:43 - 2014-07-19 14:43 - 00000000 ____D () C:\Windows\System32\Tasks\Leader Technologies
    2014-07-19 14:40 - 2014-07-19 14:40 - 00000000 ____D () C:\Users\Olaf\AppData\Roaming\Leadertech
    2014-07-18 09:35 - 2014-07-18 09:35 - 00003584 _____ () C:\Users\Olaf\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2014-07-16 13:01 - 2014-07-16 13:01 - 00001431 _____ () C:\Users\Olaf\Desktop\LiveBoost.lnk
    2014-07-16 13:01 - 2014-07-13 13:36 - 02155152 _____ (iolo technologies, LLC) C:\Windows\system32\Incinerator64.dll
    2014-07-16 13:01 - 2014-07-13 13:33 - 00032912 _____ (EldoS Corporation) C:\Windows\system32\Drivers\rawdsk3.sys
    2014-07-16 10:04 - 2014-07-16 10:04 - 00004162 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_65-b20.log
    2014-07-16 10:04 - 2014-07-16 10:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
    2014-07-15 22:53 - 2014-07-15 22:53 - 00007137 _____ () C:\Users\Olaf\Desktop\ASG_Bogholder.lnk

    ==================== One Month Modified Files and Folders =======

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2014-08-10 01:15 - 2014-08-10 01:15 - 00030948 _____ () C:\Users\Olaf\Desktop\FRST.txt
    2014-08-10 01:15 - 2014-08-10 01:15 - 00000000 ____D () C:\FRST
    2014-08-10 01:14 - 2014-08-10 01:14 - 00000624 _____ () C:\Users\Olaf\Desktop\JRT.txt
    2014-08-10 01:12 - 2013-10-10 17:18 - 00000000 ____D () C:\Program Files (x86)\Dell Backup and Recovery
    2014-08-10 01:12 - 2009-07-14 06:45 - 00021312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2014-08-10 01:12 - 2009-07-14 06:45 - 00021312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2014-08-10 01:10 - 2011-03-04 04:29 - 00510408 _____ () C:\Windows\system32\perfh006.dat
    2014-08-10 01:10 - 2011-03-04 04:29 - 00099184 _____ () C:\Windows\system32\perfc006.dat
    2014-08-10 01:10 - 2009-07-14 07:13 - 01382258 _____ () C:\Windows\system32\PerfStringBackup.INI
    2014-08-10 01:08 - 2013-10-10 18:48 - 01447944 _____ () C:\Windows\WindowsUpdate.log
    2014-08-10 01:07 - 2014-08-10 01:07 - 00000000 ____D () C:\Windows\ERUNT
    2014-08-10 01:06 - 2014-03-11 14:12 - 00004960 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for Olaf-Pc-Olaf Olaf-Pc
    2014-08-10 01:05 - 2014-08-10 01:05 - 00000910 _____ () C:\Users\Olaf\Desktop\AdwCleaner[S0].txt
    2014-08-10 01:05 - 2014-08-05 15:51 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2014-08-10 01:05 - 2014-06-28 15:40 - 00000000 ____D () C:\Users\Olaf\AppData\Roaming\Skype
    2014-08-10 01:05 - 2014-01-19 00:21 - 00000924 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2014-08-10 01:05 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\Registration
    2014-08-10 01:04 - 2014-01-05 17:06 - 00000000 ____D () C:\Users\Olaf
    2014-08-10 01:04 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2014-08-10 01:04 - 2009-07-14 06:51 - 00419350 _____ () C:\Windows\setupact.log
    2014-08-10 01:02 - 2014-08-10 00:59 - 00000000 ____D () C:\AdwCleaner
    2014-08-10 00:57 - 2014-08-10 00:56 - 02093568 _____ (Farbar) C:\Users\Olaf\Desktop\FRST64.exe
    2014-08-10 00:57 - 2014-01-08 15:44 - 00000000 ____D () C:\Users\Olaf\Documents\Outlook-filer
    2014-08-10 00:56 - 2014-08-10 00:56 - 01016261 _____ (Thisisu) C:\Users\Olaf\Desktop\JRT.exe
    2014-08-10 00:55 - 2014-08-10 00:55 - 01366203 _____ () C:\Users\Olaf\Desktop\adwcleaner_3.304.exe
    2014-08-10 00:48 - 2014-01-05 23:16 - 00195832 _____ () C:\Users\Olaf\danid.log
    2014-08-10 00:28 - 2013-10-10 16:52 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
    2014-08-10 00:24 - 2014-01-19 00:21 - 00000928 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2014-08-09 14:24 - 2014-06-28 15:40 - 00000000 ___RD () C:\Program Files (x86)\Skype
    2014-08-09 13:04 - 2010-11-21 05:47 - 00515254 _____ () C:\Windows\PFRO.log
    2014-08-09 13:02 - 2014-08-09 13:02 - 00041633 _____ () C:\Users\Olaf\Desktop\Combifix.txt
    2014-08-09 12:38 - 2014-08-07 21:55 - 00000000 ____D () C:\Qoobox
    2014-08-09 12:35 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
    2014-08-09 12:32 - 2014-08-09 12:32 - 00041633 _____ () C:\ComboFix.txt
    2014-08-09 12:01 - 2014-08-07 21:54 - 00000000 ____D () C:\Windows\erdnt
    2014-08-09 11:17 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
    2014-08-09 10:55 - 2014-01-08 16:26 - 00000000 ____D () C:\Users\Olaf\AppData\Local\CrashDumps
    2014-08-09 10:47 - 2014-08-09 10:47 - 00000000 ____D () C:\Olaf_Poulsen
    2014-08-09 10:43 - 2014-08-09 10:42 - 00004842 _____ () C:\Users\Olaf\Desktop\Rkill.txt
    2014-08-09 07:40 - 2014-08-09 07:40 - 01944824 _____ (Bleeping Computer, LLC) C:\Users\Olaf\Desktop\rkill.exe
    2014-08-09 07:39 - 2014-08-09 07:39 - 05568206 ____R (Swearware) C:\Users\Olaf\Desktop\Olaf_Poulsen.exe
    2014-08-08 22:49 - 2014-08-03 16:31 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
    2014-08-08 13:22 - 2014-01-20 00:00 - 00000000 ____D () C:\Users\Olaf\Documents\Brugerdefinerede Office-skabeloner
    2014-08-08 10:01 - 2014-01-06 17:50 - 00003440 _____ () C:\Windows\System32\Tasks\PCDEventLauncherTask
    2014-08-08 08:00 - 2014-08-03 17:06 - 00000000 ____D () C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP
    2014-08-08 08:00 - 2014-03-03 05:05 - 00000000 ____D () C:\Windows\system32\appmgmt
    2014-08-07 10:50 - 2014-08-07 10:45 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
    2014-08-07 10:50 - 2014-08-07 10:44 - 00000000 ____D () C:\Users\Olaf\Desktop\mbar
    2014-08-07 10:44 - 2014-08-05 15:50 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
    2014-08-07 10:43 - 2014-08-07 10:43 - 14349744 _____ (Malwarebytes Corp.) C:\Users\Olaf\Desktop\mbar-1.07.0.1012.exe
    2014-08-07 10:37 - 2014-08-07 10:37 - 00004592 _____ () C:\Users\Olaf\Desktop\RKreport_DEL_08072014_103457.log
    2014-08-07 10:29 - 2014-08-07 10:29 - 04817496 _____ () C:\Users\Olaf\Desktop\RogueKiller.exe
    2014-08-07 10:29 - 2014-08-07 10:29 - 00029160 _____ () C:\Windows\SysWOW64\Drivers\TrueSight.sys
    2014-08-07 10:29 - 2014-08-07 10:29 - 00000000 ____D () C:\ProgramData\RogueKiller
    2014-08-06 21:04 - 2014-01-05 23:16 - 01054928 _____ () C:\Users\Olaf\danid.log.1
    2014-08-06 15:01 - 2014-02-02 07:34 - 00000000 ____D () C:\Users\Olaf\AppData\Roaming\ObviousIdea
    2014-08-06 07:00 - 2009-07-14 07:08 - 00032550 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
    2014-08-05 16:36 - 2014-08-05 16:36 - 00005627 _____ () C:\Users\Olaf\Desktop\attach.txt
    2014-08-05 16:35 - 2014-08-05 16:36 - 00036104 _____ () C:\Users\Olaf\Desktop\dds.txt
    2014-08-05 16:31 - 2014-08-05 16:31 - 00007883 _____ () C:\Users\Olaf\Desktop\Malwarebytes.txt
    2014-08-05 15:50 - 2014-08-05 15:50 - 00001104 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2014-08-05 15:50 - 2014-08-05 15:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2014-08-05 15:50 - 2014-08-05 15:50 - 00000000 ____D () C:\ProgramData\Malwarebytes
    2014-08-05 15:50 - 2014-08-05 15:50 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
    2014-08-05 15:30 - 2014-08-05 15:30 - 00000108 _____ () C:\index.ini
    2014-08-05 11:27 - 2014-01-16 00:19 - 00000000 ____D () C:\Users\Olaf\Documents\Ferie_Rejser
    2014-08-05 06:41 - 2014-01-05 22:55 - 00000000 ____D () C:\Program Files\Microsoft Office 15
    2014-08-04 16:07 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
    2014-08-03 18:07 - 2014-05-04 16:54 - 00001161 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
    2014-08-03 17:06 - 2014-08-03 17:06 - 00000000 ____D () C:\Program Files\Enigma Software Group
    2014-08-03 17:06 - 2014-08-03 17:06 - 00000000 _____ () C:\autoexec.bat
    2014-08-03 10:57 - 2014-08-03 10:57 - 00003150 _____ () C:\Windows\System32\Tasks\{65ACF052-8725-46A6-8369-9D67AB13C16D}
    2014-08-02 15:53 - 2014-01-16 00:17 - 00000000 ____D () C:\Users\Olaf\Documents\Artikler
    2014-08-02 09:23 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
    2014-07-31 19:43 - 2014-01-16 11:03 - 00000000 ____D () C:\Users\Olaf\AppData\Roaming\POP Peeper
    2014-07-28 15:18 - 2014-07-26 15:50 - 00000001 _____ () C:\Users\Olaf\temp.dat
    2014-07-27 23:08 - 2014-04-28 22:56 - 00000000 ____D () C:\Users\Public\Documents\Kulturer
    2014-07-27 22:21 - 2014-01-05 20:05 - 00030249 ____H () C:\Windows\SysWOW64\BTImages.dat
    2014-07-27 20:41 - 2014-03-11 15:45 - 00000000 ____D () C:\Windows\Minidump
    2014-07-26 15:50 - 2014-07-26 15:50 - 00000000 ____D () C:\Users\Olaf\.oces
    2014-07-25 07:05 - 2014-01-05 19:54 - 00002001 _____ () C:\Users\Olaf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Update Checker.lnk
    2014-07-25 07:05 - 2014-01-05 19:54 - 00001971 _____ () C:\Users\Olaf\Desktop\Update Checker.lnk
    2014-07-24 23:01 - 2014-01-05 22:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
    2014-07-24 23:01 - 2014-01-05 22:45 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
    2014-07-24 23:01 - 2014-01-05 22:45 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
    2014-07-24 07:06 - 2014-07-24 07:06 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Garmin
    2014-07-24 07:06 - 2014-07-24 07:06 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Garmin
    2014-07-24 07:06 - 2014-07-24 07:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
    2014-07-24 07:06 - 2014-06-24 10:23 - 00003554 _____ () C:\Windows\System32\Tasks\GarminUpdaterTask
    2014-07-24 07:06 - 2014-06-24 10:23 - 00001890 _____ () C:\Users\Olaf\Desktop\Garmin Express.lnk
    2014-07-24 07:06 - 2014-06-24 10:23 - 00000000 ____D () C:\ProgramData\Garmin
    2014-07-24 07:06 - 2014-06-24 10:23 - 00000000 ____D () C:\Program Files (x86)\Garmin
    2014-07-24 07:06 - 2013-10-10 17:00 - 00000000 ____D () C:\ProgramData\Package Cache
    2014-07-23 15:51 - 2014-05-04 16:54 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
    2014-07-23 08:27 - 2014-07-23 07:24 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
    2014-07-21 09:58 - 2014-07-21 09:58 - 00000000 ____D () C:\Program Files (x86)\Ruiware
    2014-07-21 09:58 - 2014-04-17 14:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPatrol
    2014-07-21 09:58 - 2014-04-17 14:42 - 00000000 ____D () C:\ProgramData\InstallMate
    2014-07-19 15:02 - 2014-07-19 15:02 - 00003496 _____ () C:\Windows\System32\Tasks\Seagate_Install_Launch
    2014-07-19 15:02 - 2014-07-19 15:02 - 00003484 _____ () C:\Windows\System32\Tasks\Olaf DBAgent 2 0
    2014-07-19 15:02 - 2014-07-19 15:02 - 00000000 ____D () C:\Users\Olaf\AppData\Roaming\Nero
    2014-07-19 15:00 - 2014-07-19 15:00 - 00002717 _____ () C:\Users\Olaf\Desktop\Seagate Dashboard.lnk
    2014-07-19 15:00 - 2014-07-19 15:00 - 00000000 ____D () C:\ProgramData\Nero
    2014-07-19 15:00 - 2014-07-19 15:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Seagate Dashboard
    2014-07-19 15:00 - 2014-07-19 15:00 - 00000000 ____D () C:\Program Files (x86)\Seagate
    2014-07-19 14:45 - 2014-07-19 14:45 - 00000000 ____D () C:\Users\Olaf\AppData\Roaming\Seagate
    2014-07-19 14:45 - 2014-07-19 14:45 - 00000000 ____D () C:\ProgramData\Seagate
    2014-07-19 14:43 - 2014-07-19 14:43 - 00000000 ____D () C:\Windows\System32\Tasks\Leader Technologies
    2014-07-19 14:40 - 2014-07-19 14:40 - 00000000 ____D () C:\Users\Olaf\AppData\Roaming\Leadertech
    2014-07-19 14:11 - 2013-10-10 17:19 - 00000000 ____D () C:\Temp
    2014-07-19 13:31 - 2014-04-17 12:05 - 00000000 ____D () C:\ProgramData\iolo
    2014-07-19 07:44 - 2014-01-16 00:30 - 00000000 ____D () C:\Users\Olaf\Documents\Personale_Jura
    2014-07-18 09:35 - 2014-07-18 09:35 - 00003584 _____ () C:\Users\Olaf\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2014-07-17 22:23 - 2014-01-16 00:21 - 00000000 ____D () C:\Users\Olaf\Documents\Fødsels-mærkedage
    2014-07-16 13:01 - 2014-07-16 13:01 - 00001431 _____ () C:\Users\Olaf\Desktop\LiveBoost.lnk
    2014-07-16 13:01 - 2014-04-17 12:07 - 00003118 _____ () C:\Windows\System32\Tasks\iolo Process Governor
    2014-07-16 13:01 - 2014-04-17 12:07 - 00001427 _____ () C:\Users\Olaf\Desktop\System Mechanic.lnk
    2014-07-16 13:01 - 2014-04-17 12:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Mechanic
    2014-07-16 13:01 - 2014-04-17 12:07 - 00000000 ____D () C:\ProgramData\ioloGovernor
    2014-07-16 13:01 - 2014-04-17 12:05 - 00000000 ____D () C:\Users\Olaf\AppData\Roaming\iolo
    2014-07-16 10:06 - 2014-01-05 23:14 - 00000000 ____D () C:\ProgramData\Oracle
    2014-07-16 10:04 - 2014-07-16 10:04 - 00004162 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_65-b20.log
    2014-07-16 10:04 - 2014-07-16 10:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
    2014-07-16 10:04 - 2014-06-06 18:03 - 00000000 ____D () C:\Program Files (x86)\Java
    2014-07-15 22:53 - 2014-07-15 22:53 - 00007137 _____ () C:\Users\Olaf\Desktop\ASG_Bogholder.lnk
    2014-07-14 21:54 - 2014-01-16 00:25 - 00000000 ____D () C:\Users\Olaf\Documents\KontrakterJura
    2014-07-14 12:17 - 2014-01-16 00:14 - 00000000 ____D () C:\Users\Olaf\Documents\Aktieanalyser
    2014-07-13 13:53 - 2014-04-17 12:07 - 00057584 _____ (iolo technologies, LLC) C:\Windows\system32\iolobtdfg.exe
    2014-07-13 13:53 - 2014-04-17 12:07 - 00026184 _____ (iolo technologies, LLC) C:\Windows\system32\smrgdf.exe
    2014-07-13 13:36 - 2014-07-16 13:01 - 02155152 _____ (iolo technologies, LLC) C:\Windows\system32\Incinerator64.dll
    2014-07-13 13:36 - 2014-04-17 12:07 - 02097984 _____ (iolo technologies, LLC) C:\Windows\SysWOW64\Incinerator32.dll
    2014-07-13 13:33 - 2014-07-16 13:01 - 00032912 _____ (EldoS Corporation) C:\Windows\system32\Drivers\rawdsk3.sys
    2014-07-13 10:02 - 2014-01-05 20:46 - 00000000 ____D () C:\Windows\system32\MRT
    2014-07-13 10:00 - 2014-01-05 20:45 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
    2014-07-11 03:02 - 2014-06-06 18:03 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
    2014-07-11 02:56 - 2014-06-06 18:03 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
    2014-07-11 02:56 - 2014-06-06 18:03 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
    2014-07-11 02:55 - 2014-06-06 18:03 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe

    Files to move or delete:
    ====================
    C:\Users\Olaf\temp.dat


    Some content of TEMP:
    ====================
    C:\Users\Olaf\AppData\Local\Temp\BCF40012.dll
    C:\Users\Olaf\AppData\Local\Temp\Quarantine.exe


    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2014-08-07 08:50

    ==================== End Of Log ============================
     
    mariola,
    #13
  15. 2014/08/09
    mariola

    mariola Well-Known Member Thread Starter

    Joined:
    2002/12/07
    Messages:
    82
    Likes Received:
    0
    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 09-08-2014 01
    Ran by Olaf at 2014-08-10 01:15:24
    Running from C:\Users\Olaf\Desktop
    Boot Mode: Normal
    ==========================================================


    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: ZoneAlarm Extreme Security Antivirus (Disabled - Up to date) {DE038A5B-9EDD-18A9-2361-FF7D98D43730}
    AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: ZoneAlarm Extreme Security Anti-Spyware (Disabled - Up to date) {65626BBF-B8E7-1727-19D1-C40FE3537D8D}
    FW: ZoneAlarm Extreme Security Firewall (Disabled) {E6380B7E-D4B2-19F1-083E-56486607704B}

    ==================== Installed Programs ======================

    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    Adobe Digital Editions 3.0 (HKLM-x32\...\Adobe Digital Editions 3.0) (Version: 3.0 - Adobe Systems Incorporated)
    Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
    Adobe Reader XI (11.0.07) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
    ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
    AuthenTec Fingerprint Driver (Version: 1.6.2.0350 - AuthenTec) Hidden
    AuthenTec WinBio FingerPrint Software 64-bit (Version: 3.4.2.1016 - AuthenTec, Inc.) Hidden
    calibre (HKLM-x32\...\{D0AA226A-712B-4119-9B28-ABEDD936720F}) (Version: 1.26.0 - Kovid Goyal)
    Canon iP4800 series Printer Driver (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP4800_series) (Version: - )
    Canon MP Navigator EX 4.0 (HKLM-x32\...\MP Navigator EX 4.0) (Version: - )
    CanoScan LiDE 210 Scanner Driver (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_cnq4809) (Version: - )
    CmgMasterPrerequisites (x32 Version: 1.2.0.371 - Credant Technologies Inc.) Hidden
    D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
    Dell Backup and Recovery - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 1.5.0.0 - Dell Inc.)
    Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.5.0.0 - Dell Inc.)
    Dell Client System Update (HKLM-x32\...\{04566294-A6B6-4462-9721-031073EB3694}) (Version: 1.3.0 - Dell Inc.)
    Dell ControlVault Host Components Installer 64 bit (HKLM\...\{E48B5C04-39F5-4569-B793-F028203B0B47}) (Version: 2.3.318.1675 - Broadcom Corporation)
    Dell Custom Help (Version: 16.01.0000.0213 - Intel Corporation) Hidden
    Dell Data Protection | Security Tools (x32 Version: 1.2.0.371 - Dell) Hidden
    Dell Digital Delivery (HKLM-x32\...\{D850CB7E-72BC-4510-BA4F-48932BFAB295}) (Version: 2.9.901.0 - Dell Products, LP)
    Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
    Dell Power Manager (HKLM\...\{E45D7941-F3F0-4E8E-AD55-DCE2FE0AE6D8}) (Version: 1.0.0 - Dell Inc.)
    Dell Protected Workspace (HKLM-x32\...\{E2CAA395-66B3-4772-85E3-6134DBAB244E}) (Version: 2.3.15502 - Invincea, Inc.)
    Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 8.1200.101.129 - ALPS ELECTRIC CO., LTD.)
    Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 1.40.54 - Creative Technology Ltd)
    Elevated Installer (x32 Version: 3.2.9.0 - Garmin Ltd or its subsidiaries) Hidden
    FileHippo.com Update Checker (HKLM-x32\...\FileHippo.com) (Version: - )
    Fotogalleri (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
    Fotogalleriet (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
    Garmin Express (HKLM-x32\...\{aece03a3-686f-4b3c-9931-9dafb71829b7}) (Version: 3.2.9.0 - Garmin Ltd or its subsidiaries)
    Garmin Express (x32 Version: 3.2.9.0 - Garmin Ltd or its subsidiaries) Hidden
    Garmin Express Tray (x32 Version: 3.2.9.0 - Garmin Ltd or its subsidiaries) Hidden
    Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
    Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
    Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
    Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1011 - Intel Corporation)
    Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.10.1652 - Intel Corporation)
    Intel(R) Network Connections 18.1.59.00 (HKLM\...\PROSetDX) (Version: 18.1.59.00 - Intel)
    Intel(R) Network Connections 18.1.59.00 (Version: 18.1.59.00 - Intel) Hidden
    Intel(R) PRO/Wireless Driver (Version: 16.01.0000.0467 - Intel Corporation) Hidden
    Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.18.10.3220 - Intel Corporation)
    Intel(R) PROSet/Wireless for Bluetooth(R) + High Speed (Version: 16.1.0.0069 - Intel Corporation) Hidden
    Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (HKLM\...\{302600C1-6BDF-4FD1-1306-148929CC1385}) (Version: 3.1.1306.0352 - Intel Corporation)
    Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.6.2.1000 - Intel Corporation)
    Intel(R) Rapid Storage Technology (Version: 12.6.2.1000 - Intel Corporation) Hidden
    Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.66956 - Intel Corporation)
    Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.5.0.19 - Intel Corporation)
    Intel® PROSet/Wireless Software (HKLM-x32\...\{65c7ba66-8a8f-4607-ba69-de231202d2e7}) (Version: 16.1.0 - Intel Corporation)
    Intel® PROSet/Wireless WiFi Software (Version: 16.01.0000.0213 - Intel Corporation) Hidden
    Intel® Trusted Connect Service Client (Version: 1.28.487.1 - Intel Corporation) Hidden
    Internet Explorer (Enable DEP) (HKLM\...\{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb) (Version: - )
    iolo technologies' System Mechanic (HKLM-x32\...\{55FD1D5A-7AEF-4DA3-8FAF-A71B2A52FFC7}_is1) (Version: 14.0.0 - iolo technologies, LLC)
    Java 7 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217060FF}) (Version: 7.0.600 - Oracle)
    Java Auto Updater (x32 Version: 2.1.65.20 - Oracle, Inc.) Hidden
    Junk Mail filter update (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
    Light Image Resizer 4.6.5.0 (HKLM-x32\...\{EBE030DD-D404-4D92-85E9-8C3624820808}_is1) (Version: 4.6.5.0 - ObviousIdea)
    Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
    Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
    Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
    Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
    Microsoft Corporation (Version: 9.1.0.0 - Microsoft Corporation) Hidden
    Microsoft Corporation (x32 Version: 9.1.0.0 - Microsoft Corporation) Hidden
    Microsoft LifeCam (HKLM\...\{5CE7E3F5-9803-4F32-AA89-2D8848A80109}) (Version: 3.60.253.0 - Microsoft Corporation)
    Microsoft Office Home and Business 2013 - da-dk (HKLM\...\HomeBusinessRetail - da-dk) (Version: 15.0.4631.1004 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
    Microsoft SkyDrive (HKCU\...\SkyDriveSetup.exe) (Version: 16.4.6013.0910 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft SQL Server Compact 4.0 x64 ENU (HKLM\...\{8424B163-D1E0-48B7-88A2-C7A61767B3D7}) (Version: 4.0.8482.1 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
    Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
    Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
    Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
    Mozilla Firefox 31.0 (x86 da) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 da)) (Version: 31.0 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
    MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
    MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
    MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
    MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
    My Dell (HKLM\...\PC-Doctor for Windows) (Version: 3.4.6299.48 - PC-Doctor, Inc.)
    O2Micro OZ776 SCR Driver (x32 Version: 1.1.4.223 - O2Micro International LTD.) Hidden
    Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4631.1004 - Microsoft Corporation) Hidden
    Office 15 Click-to-Run Licensing Component (Version: 15.0.4631.1004 - Microsoft Corporation) Hidden
    Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4631.1004 - Microsoft Corporation) Hidden
    PC Tune-Up (x32 Version: 2.2.0.1 - ZoneAlarm) Hidden
    PDFill PDF Editor with FREE Writer and FREE Tools (HKLM\...\{D1399216-81B2-457C-A0F7-73B9A2EF6902}) (Version: 11.0 - PlotSoft LLC)
    Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
    Photo Gallery (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
    Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
    POP Peeper (HKLM-x32\...\POP Peeper) (Version: - Mortal Universe)
    Realtek Audio COM Components (HKLM-x32\...\{2355B503-9B11-4449-861D-1C1748B26320}) (Version: 1.0.2 - Realtek Semiconductor Corp.)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5975 - Realtek Semiconductor Corp.)
    RoboForm 7-9-8-5 (All Users) (HKLM-x32\...\AI RoboForm) (Version: 7-9-8-5 - Siber Systems)
    Seagate Dashboard (HKLM-x32\...\{67445E65-3D93-428F-83A5-446F7D02689A}) (Version: 3.1.3.0 - Seagate)
    Secunia PSI (3.0.0.9016) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.9016 - Secunia)
    Security Innovation TSS (Version: 2.1.42 - Security Innovation) Hidden
    Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
    Sierra Wireless AirCard Watcher (HKLM-x32\...\{87AE66E1-F431-4683-A98F-CAB9AE0FBA97}) (Version: 6.0.3830.8201 - Sierra Wireless Inc.)
    Sierra Wireless QMI Dell Driver Package (HKLM-x32\...\SWIDellDrvInstaller) (Version: 2.24.1305.0 - Sierra Wireless Inc.)
    Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
    Skype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
    SPBA (WBF) 5.9 (Version: 5.9.7.7232 - Authentec Inc.) Hidden
    ST Microelectronics 3 Axis Digital Accelerometer Solution (HKLM-x32\...\{9C24F411-9CA7-4A8A-91F3-F08A4A38EB31}) (Version: 4.10.0041 - ST Microelectronics)
    SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.7.1018 - SUPERAntiSpyware.com)
    TreeSize Free V3.0.1 (HKLM-x32\...\TreeSize Free_is1) (Version: 3.0.1 - JAM Software)
    Valokuvavalikoima (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
    VC_CRT_x64 (Version: 1.02.0000 - Intel Corporation) Hidden
    Windows Live Communications Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
    Windows Live Essentials (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
    Windows Live Family Safety (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
    Windows Live Family Safety (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
    Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
    Windows Live Installer (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
    Windows Live Mail (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
    Windows Live MIME IFilter (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
    Windows Live Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
    Windows Live PIMT Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
    Windows Live SOXE (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
    Windows Live SOXE Definitions (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
    Windows Live UX Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
    Windows Live UX Platform Language Pack (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
    Windows Live Writer (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
    Windows Live Writer Resources (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
    Windows Liven peruspaketti (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
    Windows Liven sähköposti (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
    Windows-driverpakke - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
    Windows-driverpakke - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
    WinPatrol (HKLM\...\{6A206A04-6BC1-411B-AA04-4E52EDEEADF2}) (Version: 32.0.2014.5 - Ruiware)
    Wisdom-soft ScreenHunter 6.0 Free (HKLM-x32\...\Wisdom-soft ScreenHunter 6.0 Free) (Version: - Wisdom Software Inc.)
    ZoneAlarm Antivirus (x32 Version: 13.1.211.000 - Check Point Software Technologies Ltd.) Hidden
    ZoneAlarm Extreme Security (HKLM-x32\...\ZoneAlarm Extreme Security) (Version: 13.1.211.000 - Check Point)
    ZoneAlarm Find My Laptop (x32 Version: 13.1.211.000 - Check Point Software Technologies Ltd.) Hidden
    ZoneAlarm Firewall (x32 Version: 13.1.211.000 - Check Point Software Technologies Ltd.) Hidden
    ZoneAlarm Security (x32 Version: 13.1.211.000 - Check Point Software Technologies Ltd.) Hidden

    ==================== Custom CLSID (selected items): ==========================

    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

    CustomCLSID: HKU\S-1-5-21-451487791-1423636449-3525387171-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Olaf\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-451487791-1423636449-3525387171-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Olaf\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-451487791-1423636449-3525387171-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Olaf\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-451487791-1423636449-3525387171-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Olaf\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\FileSyncApi64.dll (Microsoft Corporation)

    ==================== Restore Points =========================

    09-08-2014 16:58:26 Planlagt kontrolpunkt
    09-08-2014 22:45:27 Installed Microsoft Fix it 50195

    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2009-07-14 04:34 - 2014-08-09 11:16 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
    127.0.0.1 localhost

    ==================== Scheduled Tasks (whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

    Task: {03954738-9F3C-48AE-BFCF-539715E2C26E} - System32\Tasks\Run RoboForm TaskBar Icon => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [2014-07-04] (Siber Systems)
    Task: {53507B0D-733D-4FEE-B8C3-8AB97951CB2B} - System32\Tasks\Microsoft Office 15 Sync Maintenance for Olaf-Pc-Olaf Olaf-Pc => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2014-06-03] (Microsoft Corporation)
    Task: {8B61713E-255E-4280-89B2-54F489AAE1AC} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\My Dell\uaclauncher.exe [2013-08-21] (PC-Doctor, Inc.)
    Task: {8FDC5117-CB89-4596-B75E-AB17E57C9D98} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-06-19] (Microsoft Corporation)
    Task: {95473E44-BBFD-45AD-8BDF-621B7BA6DCFF} - System32\Tasks\Open URL by RoboForm => Rundll32.exe url.dll,FileProtocolHandler "http://www.roboform.com/test-pass.html?aaa=KICMPMJMNMKMKMHMIMNJCNKMGMMJKJCNLMLMMMNJCNGMPMGMMMCNKMHMMJIMIMGMOJOMNJJMOJLJJNJICMIMCNGMCNHMFMOMOMCNPMCNGMJMPMPMFMJMCNOMCNIMJMPMOMCNNMJNPICMOMFMMJBJKJLIMJFMKMHMOMJNHICMMJBJKJLIMJJNBJCMALDJOJJJJNKJCMJNNICMJNDJCMLJEJJNMJCMOMFMNMNMKMFMPMJNFICMGJLJKJBJLIGJLIGJKJMIBNKJHIKJ "
    Task: {9685D8C6-FC78-41A5-9777-F04F258BFE6D} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
    Task: {A4F14FB4-FD36-4CE0-A287-10532AE8FC08} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-09] (Adobe Systems Incorporated)
    Task: {A81E51ED-02D1-4428-8D0F-6162359046DD} - System32\Tasks\Seagate_Install_Launch => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Dashboard.exe [2014-04-30] (Seagate Technology LLC)
    Task: {ADE447B6-0424-42F4-ACE7-E4D29C11B6D9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-19] (Google Inc.)
    Task: {B264EA3C-A64A-4F5C-AA95-8C74A3D49F75} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-19] (Google Inc.)
    Task: {BE921A67-55F8-4E23-85EC-9E70572D07B6} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express Self Updater\ExpressSelfUpdater.exe [2014-07-01] ()
    Task: {CB25A1A6-74F8-48F7-8325-4CBA6629E1CD} - System32\Tasks\Olaf DBAgent 2 0 => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe [2014-04-30] (Seagate Technology LLC)
    Task: {D47FF5E1-3F5C-4196-9B51-EC56A654E46D} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\My Dell\sessionchecker.exe [2013-08-21] (PC-Doctor, Inc.)
    Task: {DF65620C-4D01-406D-A269-947B71A9BF49} - System32\Tasks\iolo Process Governor => C:\Program Files (x86)\iolo\System Mechanic\iologovernor64.exe [2014-07-13] (iolo technologies, LLC)
    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

    ==================== Loaded Modules (whitelisted) =============

    2014-03-26 15:24 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
    2013-10-10 17:18 - 2013-04-19 22:51 - 00020256 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIcon.dll
    2013-10-10 17:18 - 2013-04-19 22:52 - 00049440 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\STCommonShellIntegration.dll
    2013-10-10 17:18 - 2013-04-19 22:51 - 00019232 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayNotBackuped.dll
    2013-10-10 17:18 - 2013-04-19 22:51 - 00023328 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRCrawler.exe
    2014-06-17 07:35 - 2014-06-17 07:35 - 00316584 _____ () C:\Program Files\Microsoft Office 15\root\office15\AppVIsvStream32.dll
    2014-06-17 07:35 - 2014-06-17 07:35 - 00316584 _____ () C:\Program Files\Microsoft Office 15\Root\Office15\AppVIsvStream32.dll
    2014-04-10 14:30 - 2014-04-10 14:30 - 00134664 _____ () C:\Program Files (x86)\Dell Digital Delivery\ServiceTagPlusPlus.dll
    2013-10-10 16:57 - 2013-07-02 04:27 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
    2013-10-10 17:18 - 2013-05-02 23:01 - 01813792 _____ () C:\Program Files (x86)\Dell Backup and Recovery\OLCoreWrapper.dll

    ==================== Alternate Data Streams (whitelisted) =========

    (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

    AlternateDataStreams: C:\Windows\SysWOW64\MSIHANDLE:3204
    AlternateDataStreams: C:\Windows\SysWOW64\MSIHANDLE:3261
    AlternateDataStreams: C:\Windows\SysWOW64\MSIHANDLE:3362

    ==================== Safe Mode (whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ioloSystemService => " "= "Service "
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => " "=" "
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => " "= "Driver "
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ioloSystemService => " "= "Service "
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => " "=" "
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vsmon => " "= "Service "
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => " "= "Driver "

    ==================== EXE Association (whitelisted) =============

    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


    ==================== MSCONFIG/TASK MANAGER disabled items =========

    (Currently there is no automatic fix for this section.)


    ==================== Faulty Device Manager Devices =============

    Name: Unknown Device
    Description: Unknown Device
    Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
    Manufacturer: (Standard USB-værtscontroller)
    Service:
    Problem: : This device is disabled because the firmware of the device did not give it the required resources. (Code 29)
    Resolution: Enable the device in the BIOS of the device.


    ==================== Event log errors: =========================

    Application errors:
    ==================

    System errors:
    =============

    Microsoft Office Sessions:
    =========================

    CodeIntegrity Errors:
    ===================================
    Date: 2014-08-09 10:58:37.423
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Olaf_Poulsen4298O\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2014-08-09 10:58:37.383
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Olaf_Poulsen4298O\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2014-07-11 06:18:23.248
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\CheckPoint\ZoneAlarm\avsys\install\instdrivers\kl1\x86\win8\klelam.sys because the set of per-page image hashes could not be found on the system.

    Date: 2014-07-11 06:18:23.248
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\CheckPoint\ZoneAlarm\avsys\install\instdrivers\kl1\x86\win8\klelam.sys because the set of per-page image hashes could not be found on the system.

    Date: 2014-07-11 06:18:23.148
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\CheckPoint\ZoneAlarm\avsys\install\instdrivers\kl1\x64\win8\klelam.sys because the set of per-page image hashes could not be found on the system.

    Date: 2014-07-11 06:18:23.148
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\CheckPoint\ZoneAlarm\avsys\install\instdrivers\kl1\x64\win8\klelam.sys because the set of per-page image hashes could not be found on the system.

    Date: 2014-07-11 06:16:40.642
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\CheckPoint\ZoneAlarm\avsys\install\instdrivers\kl1\x86\win8\klelam.sys because the set of per-page image hashes could not be found on the system.

    Date: 2014-07-11 06:16:38.192
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\CheckPoint\ZoneAlarm\avsys\install\instdrivers\kl1\x64\win8\klelam.sys because the set of per-page image hashes could not be found on the system.

    Date: 2014-07-03 07:19:00.330
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\CheckPoint\ZoneAlarm\avsys\install\instdrivers\kl1\x86\win8\klelam.sys because the set of per-page image hashes could not be found on the system.

    Date: 2014-07-03 07:19:00.330
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\CheckPoint\ZoneAlarm\avsys\install\instdrivers\kl1\x86\win8\klelam.sys because the set of per-page image hashes could not be found on the system.


    ==================== Memory info ===========================

    Percentage of memory in use: 33%
    Total physical RAM: 8097.53 MB
    Available physical RAM: 5389.46 MB
    Total Pagefile: 16193.24 MB
    Available Pagefile: 13127.63 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.81 MB

    ==================== Drives ================================

    Drive c: (OS) (Fixed) (Total:103.54 GB) (Free:15.77 GB) NTFS
    Drive e: (Seagate Backup Plus Drive) (Fixed) (Total:931.51 GB) (Free:716.65 GB) NTFS
    Drive y: (RECOVERY) (Fixed) (Total:15.67 GB) (Free:6.68 GB) NTFS ==>[System with boot components (obtained from reading drive)]

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 119 GB) (Disk ID: A7342B7B)
    Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
    Partition 2: (Active) - (Size=16 GB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=104 GB) - (Type=07 NTFS)

    ========================================================
    Disk: 1 (Size: 932 GB) (Disk ID: 99D1AC03)
    Partition 1: (Active) - (Size=932 GB) - (Type=07 NTFS)

    ==================== End Of Log ============================
     
    mariola,
    #14
  16. 2014/08/09
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Download attached fixlist.txt file and save it to the Desktop.
    NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    Run FRST(FRST64) and press the Fix button just once and wait.
    The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
     

    Attached Files:

    broni,
    #15
  17. 2014/08/10
    mariola

    mariola Well-Known Member Thread Starter

    Joined:
    2002/12/07
    Messages:
    82
    Likes Received:
    0
    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 09-08-2014 01
    Ran by Olaf at 2014-08-10 08:35:11 Run:1
    Running from C:\Users\Olaf\Desktop
    Boot Mode: Normal
    ==============================================

    Content of fixlist:
    *****************
    SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
    SearchScopes: HKCU - {749A4926-B4B3-4BF5-A0EE-9A5FBC8F92A4} URL =
    SearchScopes: HKCU - {FBE4325A-A76B-46AC-B1BC-D3E49B37962D} URL =
    S3 SWUMX20; No ImagePath
    S3 catchme; \??\C:\Olaf_Poulsen4298O\catchme.sys [X]
    S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
    C:\Users\Olaf\temp.dat
    C:\Users\Olaf\AppData\Local\Temp\BCF40012.dll
    C:\Users\Olaf\AppData\Local\Temp\Quarantine.exe
    AlternateDataStreams: C:\Windows\SysWOW64\MSIHANDLE:3204
    AlternateDataStreams: C:\Windows\SysWOW64\MSIHANDLE:3261
    AlternateDataStreams: C:\Windows\SysWOW64\MSIHANDLE:3362

    *****************

    "HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" => Key deleted successfully.
    "HKCR\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" => Key not found.
    "HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{749A4926-B4B3-4BF5-A0EE-9A5FBC8F92A4}" => Key deleted successfully.
    "HKCR\CLSID\{749A4926-B4B3-4BF5-A0EE-9A5FBC8F92A4}" => Key not found.
    "HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{FBE4325A-A76B-46AC-B1BC-D3E49B37962D}" => Key deleted successfully.
    "HKCR\CLSID\{FBE4325A-A76B-46AC-B1BC-D3E49B37962D}" => Key not found.
    SWUMX20 => Service deleted successfully.
    catchme => Service deleted successfully.
    esgiguard => Service deleted successfully.
    C:\Users\Olaf\temp.dat => Moved successfully.
    C:\Users\Olaf\AppData\Local\Temp\BCF40012.dll => Moved successfully.
    C:\Users\Olaf\AppData\Local\Temp\Quarantine.exe => Moved successfully.
    C:\Windows\SysWOW64\MSIHANDLE => ":3204" ADS removed successfully.
    C:\Windows\SysWOW64\MSIHANDLE => ":3261" ADS removed successfully.
    C:\Windows\SysWOW64\MSIHANDLE => ":3362" ADS removed successfully.

    ==== End of Fixlog ====
     
    mariola,
    #16
  18. 2014/08/10
    mariola

    mariola Well-Known Member Thread Starter

    Joined:
    2002/12/07
    Messages:
    82
    Likes Received:
    0
    Hi broni

    I thought I had posted the result this morning but checking now I did not see my post, so here it is:

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 09-08-2014 01
    Ran by Olaf at 2014-08-10 08:35:11 Run:1
    Running from C:\Users\Olaf\Desktop
    Boot Mode: Normal
    ==============================================

    Content of fixlist:
    *****************
    SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
    SearchScopes: HKCU - {749A4926-B4B3-4BF5-A0EE-9A5FBC8F92A4} URL =
    SearchScopes: HKCU - {FBE4325A-A76B-46AC-B1BC-D3E49B37962D} URL =
    S3 SWUMX20; No ImagePath
    S3 catchme; \??\C:\Olaf_Poulsen4298O\catchme.sys [X]
    S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
    C:\Users\Olaf\temp.dat
    C:\Users\Olaf\AppData\Local\Temp\BCF40012.dll
    C:\Users\Olaf\AppData\Local\Temp\Quarantine.exe
    AlternateDataStreams: C:\Windows\SysWOW64\MSIHANDLE:3204
    AlternateDataStreams: C:\Windows\SysWOW64\MSIHANDLE:3261
    AlternateDataStreams: C:\Windows\SysWOW64\MSIHANDLE:3362

    *****************

    "HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" => Key deleted successfully.
    "HKCR\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" => Key not found.
    "HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{749A4926-B4B3-4BF5-A0EE-9A5FBC8F92A4}" => Key deleted successfully.
    "HKCR\CLSID\{749A4926-B4B3-4BF5-A0EE-9A5FBC8F92A4}" => Key not found.
    "HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{FBE4325A-A76B-46AC-B1BC-D3E49B37962D}" => Key deleted successfully.
    "HKCR\CLSID\{FBE4325A-A76B-46AC-B1BC-D3E49B37962D}" => Key not found.
    SWUMX20 => Service deleted successfully.
    catchme => Service deleted successfully.
    esgiguard => Service deleted successfully.
    C:\Users\Olaf\temp.dat => Moved successfully.
    C:\Users\Olaf\AppData\Local\Temp\BCF40012.dll => Moved successfully.
    C:\Users\Olaf\AppData\Local\Temp\Quarantine.exe => Moved successfully.
    C:\Windows\SysWOW64\MSIHANDLE => ":3204" ADS removed successfully.
    C:\Windows\SysWOW64\MSIHANDLE => ":3261" ADS removed successfully.
    C:\Windows\SysWOW64\MSIHANDLE => ":3362" ADS removed successfully.

    ==== End of Fixlog ====
     
    mariola,
    #17
  19. 2014/08/10
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Good :)

    Last scans...

    [​IMG] Download Security Check from here or here and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
    NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
    NOTE 2 SecurityCheck may produce some false warning(s), so leave the results reading to me.


    [​IMG] Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
      • Other Services
    • Press "Scan ".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.

    [​IMG] Download Temp File Cleaner (TFC)
    Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.

    [​IMG] Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Click on "Run ESET Online Scanner" button.
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click on List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
    broni,
    #18
  20. 2014/08/10
    mariola

    mariola Well-Known Member Thread Starter

    Joined:
    2002/12/07
    Messages:
    82
    Likes Received:
    0
    Results of screen317's Security Check version 0.99.86
    Windows 7 Service Pack 1 x64 (UAC is enabled)
    Internet Explorer 11
    ``````````````Antivirus/Firewall Check:``````````````
    ZoneAlarm Extreme Security Antivirus
    Antivirus up to date!
    `````````Anti-malware/Other Utilities Check:`````````
    Secunia PSI (3.0.0.9016)
    Java 7 Update 60
    Java version out of Date!
    Adobe Reader XI
    Mozilla Firefox (31.0)
    ````````Process Check: objlist.exe by Laurent````````
    WinPatrol winpatrol.exe
    Malwarebytes Anti-Malware mbamservice.exe
    Malwarebytes Anti-Malware mbam.exe
    Malwarebytes Anti-Malware mbamscheduler.exe
    Ruiware WinPatrol WinPatrol.exe
    CheckPoint ZoneAlarm ThreatEmulation.exe
    CheckPoint ZoneAlarm vsmon.exe
    CheckPoint ZoneAlarm zatray.exe
    CheckPoint ZoneAlarm ZAPrivacyService.exe
    CheckPoint ZoneAlarm ThreatEmulation.exe
    iolo System Mechanic iologovernor64.exe
    iolo Common Lib ioloServiceManager.exe
    iolo System Mechanic LiveBoost.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C:
    ````````````````````End of Log``````````````````````

    Farbar Service Scanner Version: 21-07-2014
    Ran by Olaf (administrator) on 10-08-2014 at 22:50:24
    Running from "C:\Users\Olaf\Desktop "
    Microsoft Windows 7 Professional Service Pack 1 (X64)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Attempt to access Google IP returned error. Google IP is unreachable
    Google.com is accessible.
    Attempt to access Yahoo.com returned error: Yahoo.com is unreachable


    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall "=DWORD:0


    System Restore:
    ============

    System Restore Disabled Policy:
    ========================


    Action Center:
    ============


    Windows Update:
    ============

    Windows Autoupdate Disabled Policy:
    ============================


    Windows Defender:
    ==============

    Other Services:
    ==============


    File Check:
    ========
    C:\Windows\System32\nsisvc.dll => File is digitally signed
    C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
    C:\Windows\System32\dhcpcore.dll => File is digitally signed
    C:\Windows\System32\drivers\afd.sys => File is digitally signed
    C:\Windows\System32\drivers\tdx.sys => File is digitally signed
    C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
    C:\Windows\System32\dnsrslvr.dll => File is digitally signed
    C:\Windows\System32\mpssvc.dll => File is digitally signed
    C:\Windows\System32\bfe.dll => File is digitally signed
    C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
    C:\Windows\System32\SDRSVC.dll => File is digitally signed
    C:\Windows\System32\vssvc.exe => File is digitally signed
    C:\Windows\System32\wscsvc.dll => File is digitally signed
    C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
    C:\Windows\System32\wuaueng.dll => File is digitally signed
    C:\Windows\System32\qmgr.dll => File is digitally signed
    C:\Windows\System32\es.dll => File is digitally signed
    C:\Windows\System32\cryptsvc.dll => File is digitally signed
    C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
    C:\Windows\System32\ipnathlp.dll => File is digitally signed
    C:\Windows\System32\iphlpsvc.dll => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed


    **** End of log ****

    TFC run.

    C:\Program Files (x86)\CheckPoint\Install\CUninstallerZA.exe Win32/Toolbar.Conduit potentially unwanted application deleted - quarantined
    C:\Program Files (x86)\CheckPoint\Install\zatb.exe Win32/Toolbar.Montiera.I potentially unwanted application deleted - quarantined
     
    mariola,
    #19
  21. 2014/08/10
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Update your Java version here: http://www.java.com/en/download/manual.jsp
    Alternate download: http://www.filehippo.com/search?q=java

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: If you're running 64-bit system make sure you install BOTH, 32-bit and 64-bit Java.

    Note 3: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

    ===========================

    Your computer is clean [​IMG]

    1. This step will remove all cleaning tools we used, it'll reset restore points (so you won't get reinfected by accidentally using some older restore point) and it'll make some other minor adjustments...
    This is a very crucial step so make sure you don't skip it.
    Download [​IMG]DelFix by Xplode to your desktop. Delfix will delete all the used tools and logfiles.

    Double-click Delfix.exe to start the tool.
    Make sure the following items are checked:
    • Activate UAC (optional; some users prefer to keep it off)
    • Remove disinfection tools
    • Create registry backup
    • Purge System Restore
    • Reset system settings
    Now click "Run" and wait patiently.
    Once finished a logfile will be created. You don't have to attach it to your next reply.

    2. Make sure Windows Updates are current.

    3. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    4. Check if your browser plugins are up to date.
    Firefox - https://www.mozilla.org/en-US/plugincheck/
    other browsers: https://browsercheck.qualys.com/ (click on "Launch a quick scan now" link)

    5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC), AdwCleaner and Junkware Removal Tool (JRT) weekly (you need to redownload these tools since they were removed by DelFix).

    8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

    11. Read:
    How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
    Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
    About those Toolbars and Add-ons - Potentially Unwanted Programs (PUPs) which change your browser settings: http://www.bleepingcomputer.com/for...curity-questions-best-practices/#entry3187642

    12. Please, let me know, how your computer is doing.
     
    broni,
    #20
Page 1 of 2

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...