ComboFix 14-11-09.02 - TeamTkac 11/09/2014 17:23:48.1.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3948.1602 [GMT -5:00] Running from: c:\users\TeamTkac\Desktop\ComboFix.exe AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B} SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\eimhlfnbjllicocigjdalpodkokffbmm c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\eimhlfnbjllicocigjdalpodkokffbmm\175\background.html c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\eimhlfnbjllicocigjdalpodkokffbmm\175\content.js c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\eimhlfnbjllicocigjdalpodkokffbmm\175\lsdb.js c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\eimhlfnbjllicocigjdalpodkokffbmm\175\manifest.json c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\eimhlfnbjllicocigjdalpodkokffbmm\175\syacCsuoFs.js c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jjnefmhklbfoblabfodbaaikbpnmabaa c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jjnefmhklbfoblabfodbaaikbpnmabaa\1.1\background.html c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jjnefmhklbfoblabfodbaaikbpnmabaa\1.1\content.js c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jjnefmhklbfoblabfodbaaikbpnmabaa\1.1\lsdb.js c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jjnefmhklbfoblabfodbaaikbpnmabaa\1.1\manifest.json c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jjnefmhklbfoblabfodbaaikbpnmabaa\1.1\pXX2qSA4.js c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mdmiplpmimgnpdeikafmnkjenncejibe c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mdmiplpmimgnpdeikafmnkjenncejibe\2.1\background.html c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mdmiplpmimgnpdeikafmnkjenncejibe\2.1\content.js c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mdmiplpmimgnpdeikafmnkjenncejibe\2.1\lsdb.js c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mdmiplpmimgnpdeikafmnkjenncejibe\2.1\manifest.json c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mdmiplpmimgnpdeikafmnkjenncejibe\2.1\newtab.html c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mdmiplpmimgnpdeikafmnkjenncejibe\2.1\Rtpc.js c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ololnhefdppajhpimaghkdepcgfnoedi c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ololnhefdppajhpimaghkdepcgfnoedi\1.0\background.html c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ololnhefdppajhpimaghkdepcgfnoedi\1.0\cFf3SbcGPx.js c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ololnhefdppajhpimaghkdepcgfnoedi\1.0\content.js c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ololnhefdppajhpimaghkdepcgfnoedi\1.0\lsdb.js c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ololnhefdppajhpimaghkdepcgfnoedi\1.0\manifest.json c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\eimhlfnbjllicocigjdalpodkokffbmm c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\eimhlfnbjllicocigjdalpodkokffbmm\175\background.html c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\eimhlfnbjllicocigjdalpodkokffbmm\175\content.js c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\eimhlfnbjllicocigjdalpodkokffbmm\175\lsdb.js c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\eimhlfnbjllicocigjdalpodkokffbmm\175\manifest.json c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\eimhlfnbjllicocigjdalpodkokffbmm\175\syacCsuoFs.js c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jjnefmhklbfoblabfodbaaikbpnmabaa c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jjnefmhklbfoblabfodbaaikbpnmabaa\1.1\background.html c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jjnefmhklbfoblabfodbaaikbpnmabaa\1.1\content.js c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jjnefmhklbfoblabfodbaaikbpnmabaa\1.1\lsdb.js c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jjnefmhklbfoblabfodbaaikbpnmabaa\1.1\manifest.json c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jjnefmhklbfoblabfodbaaikbpnmabaa\1.1\pXX2qSA4.js c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mdmiplpmimgnpdeikafmnkjenncejibe c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mdmiplpmimgnpdeikafmnkjenncejibe\2.1\background.html c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mdmiplpmimgnpdeikafmnkjenncejibe\2.1\content.js c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mdmiplpmimgnpdeikafmnkjenncejibe\2.1\lsdb.js c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mdmiplpmimgnpdeikafmnkjenncejibe\2.1\manifest.json c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mdmiplpmimgnpdeikafmnkjenncejibe\2.1\newtab.html c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mdmiplpmimgnpdeikafmnkjenncejibe\2.1\Rtpc.js c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ololnhefdppajhpimaghkdepcgfnoedi c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ololnhefdppajhpimaghkdepcgfnoedi\1.0\background.html c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ololnhefdppajhpimaghkdepcgfnoedi\1.0\cFf3SbcGPx.js c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ololnhefdppajhpimaghkdepcgfnoedi\1.0\content.js c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ololnhefdppajhpimaghkdepcgfnoedi\1.0\lsdb.js c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ololnhefdppajhpimaghkdepcgfnoedi\1.0\manifest.json c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\eimhlfnbjllicocigjdalpodkokffbmm c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\eimhlfnbjllicocigjdalpodkokffbmm\175\background.html c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\eimhlfnbjllicocigjdalpodkokffbmm\175\content.js c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\eimhlfnbjllicocigjdalpodkokffbmm\175\lsdb.js c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\eimhlfnbjllicocigjdalpodkokffbmm\175\manifest.json c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\eimhlfnbjllicocigjdalpodkokffbmm\175\syacCsuoFs.js c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjnefmhklbfoblabfodbaaikbpnmabaa c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjnefmhklbfoblabfodbaaikbpnmabaa\1.1\background.html c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjnefmhklbfoblabfodbaaikbpnmabaa\1.1\content.js c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjnefmhklbfoblabfodbaaikbpnmabaa\1.1\lsdb.js c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjnefmhklbfoblabfodbaaikbpnmabaa\1.1\manifest.json c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjnefmhklbfoblabfodbaaikbpnmabaa\1.1\pXX2qSA4.js c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdmiplpmimgnpdeikafmnkjenncejibe c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdmiplpmimgnpdeikafmnkjenncejibe\2.1\background.html c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdmiplpmimgnpdeikafmnkjenncejibe\2.1\content.js c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdmiplpmimgnpdeikafmnkjenncejibe\2.1\lsdb.js c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdmiplpmimgnpdeikafmnkjenncejibe\2.1\manifest.json c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdmiplpmimgnpdeikafmnkjenncejibe\2.1\newtab.html c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdmiplpmimgnpdeikafmnkjenncejibe\2.1\Rtpc.js c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ololnhefdppajhpimaghkdepcgfnoedi c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ololnhefdppajhpimaghkdepcgfnoedi\1.0\background.html c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ololnhefdppajhpimaghkdepcgfnoedi\1.0\cFf3SbcGPx.js c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ololnhefdppajhpimaghkdepcgfnoedi\1.0\content.js c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ololnhefdppajhpimaghkdepcgfnoedi\1.0\lsdb.js c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ololnhefdppajhpimaghkdepcgfnoedi\1.0\manifest.json c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\eimhlfnbjllicocigjdalpodkokffbmm c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\eimhlfnbjllicocigjdalpodkokffbmm\175\background.html c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\eimhlfnbjllicocigjdalpodkokffbmm\175\content.js c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\eimhlfnbjllicocigjdalpodkokffbmm\175\lsdb.js c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\eimhlfnbjllicocigjdalpodkokffbmm\175\manifest.json c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\eimhlfnbjllicocigjdalpodkokffbmm\175\syacCsuoFs.js c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\jjnefmhklbfoblabfodbaaikbpnmabaa c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\jjnefmhklbfoblabfodbaaikbpnmabaa\1.1\background.html c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\jjnefmhklbfoblabfodbaaikbpnmabaa\1.1\content.js c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\jjnefmhklbfoblabfodbaaikbpnmabaa\1.1\lsdb.js c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\jjnefmhklbfoblabfodbaaikbpnmabaa\1.1\manifest.json c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\jjnefmhklbfoblabfodbaaikbpnmabaa\1.1\pXX2qSA4.js c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\mdmiplpmimgnpdeikafmnkjenncejibe c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\mdmiplpmimgnpdeikafmnkjenncejibe\2.1\background.html c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\mdmiplpmimgnpdeikafmnkjenncejibe\2.1\content.js c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\mdmiplpmimgnpdeikafmnkjenncejibe\2.1\lsdb.js c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\mdmiplpmimgnpdeikafmnkjenncejibe\2.1\manifest.json c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\mdmiplpmimgnpdeikafmnkjenncejibe\2.1\newtab.html c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\mdmiplpmimgnpdeikafmnkjenncejibe\2.1\Rtpc.js c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\ololnhefdppajhpimaghkdepcgfnoedi c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\ololnhefdppajhpimaghkdepcgfnoedi\1.0\background.html c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\ololnhefdppajhpimaghkdepcgfnoedi\1.0\cFf3SbcGPx.js c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\ololnhefdppajhpimaghkdepcgfnoedi\1.0\content.js c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\ololnhefdppajhpimaghkdepcgfnoedi\1.0\lsdb.js c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\ololnhefdppajhpimaghkdepcgfnoedi\1.0\manifest.json c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\eimhlfnbjllicocigjdalpodkokffbmm c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\eimhlfnbjllicocigjdalpodkokffbmm\175\background.html c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\eimhlfnbjllicocigjdalpodkokffbmm\175\content.js c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\eimhlfnbjllicocigjdalpodkokffbmm\175\lsdb.js c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\eimhlfnbjllicocigjdalpodkokffbmm\175\manifest.json c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\eimhlfnbjllicocigjdalpodkokffbmm\175\syacCsuoFs.js c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jjnefmhklbfoblabfodbaaikbpnmabaa c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jjnefmhklbfoblabfodbaaikbpnmabaa\1.1\background.html c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jjnefmhklbfoblabfodbaaikbpnmabaa\1.1\content.js c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jjnefmhklbfoblabfodbaaikbpnmabaa\1.1\lsdb.js c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jjnefmhklbfoblabfodbaaikbpnmabaa\1.1\manifest.json c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jjnefmhklbfoblabfodbaaikbpnmabaa\1.1\pXX2qSA4.js c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mdmiplpmimgnpdeikafmnkjenncejibe c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mdmiplpmimgnpdeikafmnkjenncejibe\2.1\background.html c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mdmiplpmimgnpdeikafmnkjenncejibe\2.1\content.js c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mdmiplpmimgnpdeikafmnkjenncejibe\2.1\lsdb.js c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mdmiplpmimgnpdeikafmnkjenncejibe\2.1\manifest.json c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mdmiplpmimgnpdeikafmnkjenncejibe\2.1\newtab.html c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mdmiplpmimgnpdeikafmnkjenncejibe\2.1\Rtpc.js c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ololnhefdppajhpimaghkdepcgfnoedi c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ololnhefdppajhpimaghkdepcgfnoedi\1.0\background.html c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ololnhefdppajhpimaghkdepcgfnoedi\1.0\cFf3SbcGPx.js c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ololnhefdppajhpimaghkdepcgfnoedi\1.0\content.js c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ololnhefdppajhpimaghkdepcgfnoedi\1.0\lsdb.js c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ololnhefdppajhpimaghkdepcgfnoedi\1.0\manifest.json c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\eimhlfnbjllicocigjdalpodkokffbmm c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\eimhlfnbjllicocigjdalpodkokffbmm\175\background.html c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\eimhlfnbjllicocigjdalpodkokffbmm\175\content.js c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\eimhlfnbjllicocigjdalpodkokffbmm\175\lsdb.js c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\eimhlfnbjllicocigjdalpodkokffbmm\175\manifest.json c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\eimhlfnbjllicocigjdalpodkokffbmm\175\syacCsuoFs.js c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jjnefmhklbfoblabfodbaaikbpnmabaa c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jjnefmhklbfoblabfodbaaikbpnmabaa\1.1\background.html c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jjnefmhklbfoblabfodbaaikbpnmabaa\1.1\content.js c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jjnefmhklbfoblabfodbaaikbpnmabaa\1.1\lsdb.js c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jjnefmhklbfoblabfodbaaikbpnmabaa\1.1\manifest.json c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jjnefmhklbfoblabfodbaaikbpnmabaa\1.1\pXX2qSA4.js c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mdmiplpmimgnpdeikafmnkjenncejibe c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mdmiplpmimgnpdeikafmnkjenncejibe\2.1\background.html c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mdmiplpmimgnpdeikafmnkjenncejibe\2.1\content.js c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mdmiplpmimgnpdeikafmnkjenncejibe\2.1\lsdb.js c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mdmiplpmimgnpdeikafmnkjenncejibe\2.1\manifest.json c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mdmiplpmimgnpdeikafmnkjenncejibe\2.1\newtab.html c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mdmiplpmimgnpdeikafmnkjenncejibe\2.1\Rtpc.js c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ololnhefdppajhpimaghkdepcgfnoedi c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ololnhefdppajhpimaghkdepcgfnoedi\1.0\background.html c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ololnhefdppajhpimaghkdepcgfnoedi\1.0\cFf3SbcGPx.js c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ololnhefdppajhpimaghkdepcgfnoedi\1.0\content.js c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ololnhefdppajhpimaghkdepcgfnoedi\1.0\lsdb.js c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ololnhefdppajhpimaghkdepcgfnoedi\1.0\manifest.json c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\eimhlfnbjllicocigjdalpodkokffbmm c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\eimhlfnbjllicocigjdalpodkokffbmm\175\background.html c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\eimhlfnbjllicocigjdalpodkokffbmm\175\content.js c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\eimhlfnbjllicocigjdalpodkokffbmm\175\lsdb.js c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\eimhlfnbjllicocigjdalpodkokffbmm\175\manifest.json c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\eimhlfnbjllicocigjdalpodkokffbmm\175\syacCsuoFs.js c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjnefmhklbfoblabfodbaaikbpnmabaa c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjnefmhklbfoblabfodbaaikbpnmabaa\1.1\background.html c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjnefmhklbfoblabfodbaaikbpnmabaa\1.1\content.js c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjnefmhklbfoblabfodbaaikbpnmabaa\1.1\lsdb.js c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjnefmhklbfoblabfodbaaikbpnmabaa\1.1\manifest.json c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjnefmhklbfoblabfodbaaikbpnmabaa\1.1\pXX2qSA4.js c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdmiplpmimgnpdeikafmnkjenncejibe c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdmiplpmimgnpdeikafmnkjenncejibe\2.1\background.html c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdmiplpmimgnpdeikafmnkjenncejibe\2.1\content.js c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdmiplpmimgnpdeikafmnkjenncejibe\2.1\lsdb.js c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdmiplpmimgnpdeikafmnkjenncejibe\2.1\manifest.json c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdmiplpmimgnpdeikafmnkjenncejibe\2.1\newtab.html c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdmiplpmimgnpdeikafmnkjenncejibe\2.1\Rtpc.js c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\ololnhefdppajhpimaghkdepcgfnoedi c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\ololnhefdppajhpimaghkdepcgfnoedi\1.0\background.html c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\ololnhefdppajhpimaghkdepcgfnoedi\1.0\cFf3SbcGPx.js c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\ololnhefdppajhpimaghkdepcgfnoedi\1.0\content.js c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\ololnhefdppajhpimaghkdepcgfnoedi\1.0\lsdb.js c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\ololnhefdppajhpimaghkdepcgfnoedi\1.0\manifest.json c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\eimhlfnbjllicocigjdalpodkokffbmm c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\eimhlfnbjllicocigjdalpodkokffbmm\175\background.html c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\eimhlfnbjllicocigjdalpodkokffbmm\175\content.js c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\eimhlfnbjllicocigjdalpodkokffbmm\175\lsdb.js c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\eimhlfnbjllicocigjdalpodkokffbmm\175\manifest.json c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\eimhlfnbjllicocigjdalpodkokffbmm\175\syacCsuoFs.js c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\jjnefmhklbfoblabfodbaaikbpnmabaa c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\jjnefmhklbfoblabfodbaaikbpnmabaa\1.1\background.html c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\jjnefmhklbfoblabfodbaaikbpnmabaa\1.1\content.js c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\jjnefmhklbfoblabfodbaaikbpnmabaa\1.1\lsdb.js c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\jjnefmhklbfoblabfodbaaikbpnmabaa\1.1\manifest.json c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\jjnefmhklbfoblabfodbaaikbpnmabaa\1.1\pXX2qSA4.js c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\mdmiplpmimgnpdeikafmnkjenncejibe c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\mdmiplpmimgnpdeikafmnkjenncejibe\2.1\background.html c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\mdmiplpmimgnpdeikafmnkjenncejibe\2.1\content.js c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\mdmiplpmimgnpdeikafmnkjenncejibe\2.1\lsdb.js c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\mdmiplpmimgnpdeikafmnkjenncejibe\2.1\manifest.json c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\mdmiplpmimgnpdeikafmnkjenncejibe\2.1\newtab.html c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\mdmiplpmimgnpdeikafmnkjenncejibe\2.1\Rtpc.js c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\ololnhefdppajhpimaghkdepcgfnoedi c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\ololnhefdppajhpimaghkdepcgfnoedi\1.0\background.html c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\ololnhefdppajhpimaghkdepcgfnoedi\1.0\cFf3SbcGPx.js c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\ololnhefdppajhpimaghkdepcgfnoedi\1.0\content.js c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\ololnhefdppajhpimaghkdepcgfnoedi\1.0\lsdb.js c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\ololnhefdppajhpimaghkdepcgfnoedi\1.0\manifest.json c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\eimhlfnbjllicocigjdalpodkokffbmm c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\eimhlfnbjllicocigjdalpodkokffbmm\175\background.html c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\eimhlfnbjllicocigjdalpodkokffbmm\175\content.js c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\eimhlfnbjllicocigjdalpodkokffbmm\175\lsdb.js c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\eimhlfnbjllicocigjdalpodkokffbmm\175\manifest.json c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\eimhlfnbjllicocigjdalpodkokffbmm\175\syacCsuoFs.js c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jjnefmhklbfoblabfodbaaikbpnmabaa c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jjnefmhklbfoblabfodbaaikbpnmabaa\1.1\background.html c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jjnefmhklbfoblabfodbaaikbpnmabaa\1.1\content.js c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jjnefmhklbfoblabfodbaaikbpnmabaa\1.1\lsdb.js c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jjnefmhklbfoblabfodbaaikbpnmabaa\1.1\manifest.json c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jjnefmhklbfoblabfodbaaikbpnmabaa\1.1\pXX2qSA4.js c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mdmiplpmimgnpdeikafmnkjenncejibe c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mdmiplpmimgnpdeikafmnkjenncejibe\2.1\background.html c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mdmiplpmimgnpdeikafmnkjenncejibe\2.1\content.js c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mdmiplpmimgnpdeikafmnkjenncejibe\2.1\lsdb.js c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mdmiplpmimgnpdeikafmnkjenncejibe\2.1\manifest.json c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mdmiplpmimgnpdeikafmnkjenncejibe\2.1\newtab.html c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mdmiplpmimgnpdeikafmnkjenncejibe\2.1\Rtpc.js c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ololnhefdppajhpimaghkdepcgfnoedi c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ololnhefdppajhpimaghkdepcgfnoedi\1.0\background.html c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ololnhefdppajhpimaghkdepcgfnoedi\1.0\cFf3SbcGPx.js c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ololnhefdppajhpimaghkdepcgfnoedi\1.0\content.js c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ololnhefdppajhpimaghkdepcgfnoedi\1.0\lsdb.js c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ololnhefdppajhpimaghkdepcgfnoedi\1.0\manifest.json c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\eimhlfnbjllicocigjdalpodkokffbmm c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\eimhlfnbjllicocigjdalpodkokffbmm\175\background.html c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\eimhlfnbjllicocigjdalpodkokffbmm\175\content.js c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\eimhlfnbjllicocigjdalpodkokffbmm\175\lsdb.js c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\eimhlfnbjllicocigjdalpodkokffbmm\175\manifest.json c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\eimhlfnbjllicocigjdalpodkokffbmm\175\syacCsuoFs.js c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jjnefmhklbfoblabfodbaaikbpnmabaa c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jjnefmhklbfoblabfodbaaikbpnmabaa\1.1\background.html c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jjnefmhklbfoblabfodbaaikbpnmabaa\1.1\content.js c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jjnefmhklbfoblabfodbaaikbpnmabaa\1.1\lsdb.js c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jjnefmhklbfoblabfodbaaikbpnmabaa\1.1\manifest.json c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jjnefmhklbfoblabfodbaaikbpnmabaa\1.1\pXX2qSA4.js c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mdmiplpmimgnpdeikafmnkjenncejibe c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mdmiplpmimgnpdeikafmnkjenncejibe\2.1\background.html c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mdmiplpmimgnpdeikafmnkjenncejibe\2.1\content.js c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mdmiplpmimgnpdeikafmnkjenncejibe\2.1\lsdb.js c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mdmiplpmimgnpdeikafmnkjenncejibe\2.1\manifest.json c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mdmiplpmimgnpdeikafmnkjenncejibe\2.1\newtab.html c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mdmiplpmimgnpdeikafmnkjenncejibe\2.1\Rtpc.js c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ololnhefdppajhpimaghkdepcgfnoedi c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ololnhefdppajhpimaghkdepcgfnoedi\1.0\background.html c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ololnhefdppajhpimaghkdepcgfnoedi\1.0\cFf3SbcGPx.js c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ololnhefdppajhpimaghkdepcgfnoedi\1.0\content.js c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ololnhefdppajhpimaghkdepcgfnoedi\1.0\lsdb.js c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ololnhefdppajhpimaghkdepcgfnoedi\1.0\manifest.json c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\eimhlfnbjllicocigjdalpodkokffbmm c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\eimhlfnbjllicocigjdalpodkokffbmm\175\background.html c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\eimhlfnbjllicocigjdalpodkokffbmm\175\content.js c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\eimhlfnbjllicocigjdalpodkokffbmm\175\lsdb.js c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\eimhlfnbjllicocigjdalpodkokffbmm\175\manifest.json c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\eimhlfnbjllicocigjdalpodkokffbmm\175\syacCsuoFs.js c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjnefmhklbfoblabfodbaaikbpnmabaa c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjnefmhklbfoblabfodbaaikbpnmabaa\1.1\background.html c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjnefmhklbfoblabfodbaaikbpnmabaa\1.1\content.js c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjnefmhklbfoblabfodbaaikbpnmabaa\1.1\lsdb.js c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjnefmhklbfoblabfodbaaikbpnmabaa\1.1\manifest.json c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjnefmhklbfoblabfodbaaikbpnmabaa\1.1\pXX2qSA4.js c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdmiplpmimgnpdeikafmnkjenncejibe c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdmiplpmimgnpdeikafmnkjenncejibe\2.1\background.html c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdmiplpmimgnpdeikafmnkjenncejibe\2.1\content.js c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdmiplpmimgnpdeikafmnkjenncejibe\2.1\lsdb.js c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdmiplpmimgnpdeikafmnkjenncejibe\2.1\manifest.json c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdmiplpmimgnpdeikafmnkjenncejibe\2.1\newtab.html c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdmiplpmimgnpdeikafmnkjenncejibe\2.1\Rtpc.js c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\ololnhefdppajhpimaghkdepcgfnoedi c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\ololnhefdppajhpimaghkdepcgfnoedi\1.0\background.html c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\ololnhefdppajhpimaghkdepcgfnoedi\1.0\cFf3SbcGPx.js c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\ololnhefdppajhpimaghkdepcgfnoedi\1.0\content.js c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\ololnhefdppajhpimaghkdepcgfnoedi\1.0\lsdb.js c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\ololnhefdppajhpimaghkdepcgfnoedi\1.0\manifest.json c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\eimhlfnbjllicocigjdalpodkokffbmm c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\eimhlfnbjllicocigjdalpodkokffbmm\175\background.html c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\eimhlfnbjllicocigjdalpodkokffbmm\175\content.js c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\eimhlfnbjllicocigjdalpodkokffbmm\175\lsdb.js c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\eimhlfnbjllicocigjdalpodkokffbmm\175\manifest.json c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\eimhlfnbjllicocigjdalpodkokffbmm\175\syacCsuoFs.js c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\jjnefmhklbfoblabfodbaaikbpnmabaa c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\jjnefmhklbfoblabfodbaaikbpnmabaa\1.1\background.html c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\jjnefmhklbfoblabfodbaaikbpnmabaa\1.1\content.js c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\jjnefmhklbfoblabfodbaaikbpnmabaa\1.1\lsdb.js c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\jjnefmhklbfoblabfodbaaikbpnmabaa\1.1\manifest.json c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\jjnefmhklbfoblabfodbaaikbpnmabaa\1.1\pXX2qSA4.js c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\mdmiplpmimgnpdeikafmnkjenncejibe c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\mdmiplpmimgnpdeikafmnkjenncejibe\2.1\background.html c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\mdmiplpmimgnpdeikafmnkjenncejibe\2.1\content.js c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\mdmiplpmimgnpdeikafmnkjenncejibe\2.1\lsdb.js c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\mdmiplpmimgnpdeikafmnkjenncejibe\2.1\manifest.json c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\mdmiplpmimgnpdeikafmnkjenncejibe\2.1\newtab.html c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\mdmiplpmimgnpdeikafmnkjenncejibe\2.1\Rtpc.js c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\ololnhefdppajhpimaghkdepcgfnoedi c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\ololnhefdppajhpimaghkdepcgfnoedi\1.0\background.html c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\ololnhefdppajhpimaghkdepcgfnoedi\1.0\cFf3SbcGPx.js c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\ololnhefdppajhpimaghkdepcgfnoedi\1.0\content.js c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\ololnhefdppajhpimaghkdepcgfnoedi\1.0\lsdb.js c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\ololnhefdppajhpimaghkdepcgfnoedi\1.0\manifest.json c:\users\TeamTkac\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\eimhlfnbjllicocigjdalpodkokffbmm c:\users\TeamTkac\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\eimhlfnbjllicocigjdalpodkokffbmm\175\background.html c:\users\TeamTkac\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\eimhlfnbjllicocigjdalpodkokffbmm\175\content.js c:\users\TeamTkac\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\eimhlfnbjllicocigjdalpodkokffbmm\175\lsdb.js c:\users\TeamTkac\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\eimhlfnbjllicocigjdalpodkokffbmm\175\manifest.json c:\users\TeamTkac\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\eimhlfnbjllicocigjdalpodkokffbmm\175\syacCsuoFs.js c:\users\TeamTkac\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jjnefmhklbfoblabfodbaaikbpnmabaa c:\users\TeamTkac\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jjnefmhklbfoblabfodbaaikbpnmabaa\1.1\background.html c:\users\TeamTkac\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jjnefmhklbfoblabfodbaaikbpnmabaa\1.1\content.js c:\users\TeamTkac\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jjnefmhklbfoblabfodbaaikbpnmabaa\1.1\lsdb.js c:\users\TeamTkac\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jjnefmhklbfoblabfodbaaikbpnmabaa\1.1\manifest.json c:\users\TeamTkac\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jjnefmhklbfoblabfodbaaikbpnmabaa\1.1\pXX2qSA4.js c:\users\TeamTkac\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mdmiplpmimgnpdeikafmnkjenncejibe c:\users\TeamTkac\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mdmiplpmimgnpdeikafmnkjenncejibe\2.1\background.html c:\users\TeamTkac\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mdmiplpmimgnpdeikafmnkjenncejibe\2.1\content.js c:\users\TeamTkac\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mdmiplpmimgnpdeikafmnkjenncejibe\2.1\lsdb.js c:\users\TeamTkac\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mdmiplpmimgnpdeikafmnkjenncejibe\2.1\manifest.json c:\users\TeamTkac\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mdmiplpmimgnpdeikafmnkjenncejibe\2.1\newtab.html c:\users\TeamTkac\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mdmiplpmimgnpdeikafmnkjenncejibe\2.1\Rtpc.js c:\users\TeamTkac\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ololnhefdppajhpimaghkdepcgfnoedi c:\users\TeamTkac\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ololnhefdppajhpimaghkdepcgfnoedi\1.0\background.html c:\users\TeamTkac\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ololnhefdppajhpimaghkdepcgfnoedi\1.0\cFf3SbcGPx.js c:\users\TeamTkac\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ololnhefdppajhpimaghkdepcgfnoedi\1.0\content.js c:\users\TeamTkac\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ololnhefdppajhpimaghkdepcgfnoedi\1.0\lsdb.js c:\users\TeamTkac\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ololnhefdppajhpimaghkdepcgfnoedi\1.0\manifest.json c:\users\TeamTkac\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\eimhlfnbjllicocigjdalpodkokffbmm c:\users\TeamTkac\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\eimhlfnbjllicocigjdalpodkokffbmm\175\background.html c:\users\TeamTkac\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\eimhlfnbjllicocigjdalpodkokffbmm\175\content.js c:\users\TeamTkac\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\eimhlfnbjllicocigjdalpodkokffbmm\175\lsdb.js c:\users\TeamTkac\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\eimhlfnbjllicocigjdalpodkokffbmm\175\manifest.json c:\users\TeamTkac\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\eimhlfnbjllicocigjdalpodkokffbmm\175\syacCsuoFs.js c:\users\TeamTkac\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jjnefmhklbfoblabfodbaaikbpnmabaa c:\users\TeamTkac\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jjnefmhklbfoblabfodbaaikbpnmabaa\1.1\background.html c:\users\TeamTkac\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jjnefmhklbfoblabfodbaaikbpnmabaa\1.1\content.js c:\users\TeamTkac\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jjnefmhklbfoblabfodbaaikbpnmabaa\1.1\lsdb.js c:\users\TeamTkac\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jjnefmhklbfoblabfodbaaikbpnmabaa\1.1\manifest.json c:\users\TeamTkac\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jjnefmhklbfoblabfodbaaikbpnmabaa\1.1\pXX2qSA4.js c:\users\TeamTkac\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mdmiplpmimgnpdeikafmnkjenncejibe c:\users\TeamTkac\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mdmiplpmimgnpdeikafmnkjenncejibe\2.1\background.html c:\users\TeamTkac\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mdmiplpmimgnpdeikafmnkjenncejibe\2.1\content.js c:\users\TeamTkac\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mdmiplpmimgnpdeikafmnkjenncejibe\2.1\lsdb.js c:\users\TeamTkac\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mdmiplpmimgnpdeikafmnkjenncejibe\2.1\manifest.json c:\users\TeamTkac\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mdmiplpmimgnpdeikafmnkjenncejibe\2.1\newtab.html c:\users\TeamTkac\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mdmiplpmimgnpdeikafmnkjenncejibe\2.1\Rtpc.js c:\users\TeamTkac\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ololnhefdppajhpimaghkdepcgfnoedi c:\users\TeamTkac\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ololnhefdppajhpimaghkdepcgfnoedi\1.0\background.html c:\users\TeamTkac\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ololnhefdppajhpimaghkdepcgfnoedi\1.0\cFf3SbcGPx.js c:\users\TeamTkac\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ololnhefdppajhpimaghkdepcgfnoedi\1.0\content.js c:\users\TeamTkac\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ololnhefdppajhpimaghkdepcgfnoedi\1.0\lsdb.js c:\users\TeamTkac\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ololnhefdppajhpimaghkdepcgfnoedi\1.0\manifest.json c:\users\TeamTkac\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ololnhefdppajhpimaghkdepcgfnoedi c:\users\TeamTkac\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ololnhefdppajhpimaghkdepcgfnoedi\000054.ldb c:\users\TeamTkac\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ololnhefdppajhpimaghkdepcgfnoedi\000056.ldb c:\users\TeamTkac\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ololnhefdppajhpimaghkdepcgfnoedi\000063.ldb c:\users\TeamTkac\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ololnhefdppajhpimaghkdepcgfnoedi\000066.log c:\users\TeamTkac\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ololnhefdppajhpimaghkdepcgfnoedi\CURRENT c:\users\TeamTkac\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ololnhefdppajhpimaghkdepcgfnoedi\LOCK c:\users\TeamTkac\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ololnhefdppajhpimaghkdepcgfnoedi\LOG c:\users\TeamTkac\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ololnhefdppajhpimaghkdepcgfnoedi\MANIFEST-000065 c:\users\TeamTkac\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ololnhefdppajhpimaghkdepcgfnoedi_0.localstorage-journal c:\users\TeamTkac\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ololnhefdppajhpimaghkdepcgfnoedi_0.localstorage c:\users\TeamTkac\AppData\Local\Google\Chrome\User Data\Default\Preferences c:\users\TeamTkac\AppData\Local\Torch\User Data\Default\Extensions\eimhlfnbjllicocigjdalpodkokffbmm c:\users\TeamTkac\AppData\Local\Torch\User Data\Default\Extensions\eimhlfnbjllicocigjdalpodkokffbmm\175\background.html c:\users\TeamTkac\AppData\Local\Torch\User Data\Default\Extensions\eimhlfnbjllicocigjdalpodkokffbmm\175\content.js c:\users\TeamTkac\AppData\Local\Torch\User Data\Default\Extensions\eimhlfnbjllicocigjdalpodkokffbmm\175\lsdb.js c:\users\TeamTkac\AppData\Local\Torch\User Data\Default\Extensions\eimhlfnbjllicocigjdalpodkokffbmm\175\manifest.json c:\users\TeamTkac\AppData\Local\Torch\User Data\Default\Extensions\eimhlfnbjllicocigjdalpodkokffbmm\175\syacCsuoFs.js c:\users\TeamTkac\AppData\Local\Torch\User Data\Default\Extensions\jjnefmhklbfoblabfodbaaikbpnmabaa c:\users\TeamTkac\AppData\Local\Torch\User Data\Default\Extensions\jjnefmhklbfoblabfodbaaikbpnmabaa\1.1\background.html c:\users\TeamTkac\AppData\Local\Torch\User Data\Default\Extensions\jjnefmhklbfoblabfodbaaikbpnmabaa\1.1\content.js c:\users\TeamTkac\AppData\Local\Torch\User Data\Default\Extensions\jjnefmhklbfoblabfodbaaikbpnmabaa\1.1\lsdb.js c:\users\TeamTkac\AppData\Local\Torch\User Data\Default\Extensions\jjnefmhklbfoblabfodbaaikbpnmabaa\1.1\manifest.json c:\users\TeamTkac\AppData\Local\Torch\User Data\Default\Extensions\jjnefmhklbfoblabfodbaaikbpnmabaa\1.1\pXX2qSA4.js c:\users\TeamTkac\AppData\Local\Torch\User Data\Default\Extensions\mdmiplpmimgnpdeikafmnkjenncejibe c:\users\TeamTkac\AppData\Local\Torch\User Data\Default\Extensions\mdmiplpmimgnpdeikafmnkjenncejibe\2.1\background.html c:\users\TeamTkac\AppData\Local\Torch\User Data\Default\Extensions\mdmiplpmimgnpdeikafmnkjenncejibe\2.1\content.js c:\users\TeamTkac\AppData\Local\Torch\User Data\Default\Extensions\mdmiplpmimgnpdeikafmnkjenncejibe\2.1\lsdb.js c:\users\TeamTkac\AppData\Local\Torch\User Data\Default\Extensions\mdmiplpmimgnpdeikafmnkjenncejibe\2.1\manifest.json c:\users\TeamTkac\AppData\Local\Torch\User Data\Default\Extensions\mdmiplpmimgnpdeikafmnkjenncejibe\2.1\newtab.html c:\users\TeamTkac\AppData\Local\Torch\User Data\Default\Extensions\mdmiplpmimgnpdeikafmnkjenncejibe\2.1\Rtpc.js c:\users\TeamTkac\AppData\Local\Torch\User Data\Default\Extensions\ololnhefdppajhpimaghkdepcgfnoedi c:\users\TeamTkac\AppData\Local\Torch\User Data\Default\Extensions\ololnhefdppajhpimaghkdepcgfnoedi\1.0\background.html c:\users\TeamTkac\AppData\Local\Torch\User Data\Default\Extensions\ololnhefdppajhpimaghkdepcgfnoedi\1.0\cFf3SbcGPx.js c:\users\TeamTkac\AppData\Local\Torch\User Data\Default\Extensions\ololnhefdppajhpimaghkdepcgfnoedi\1.0\content.js c:\users\TeamTkac\AppData\Local\Torch\User Data\Default\Extensions\ololnhefdppajhpimaghkdepcgfnoedi\1.0\lsdb.js c:\users\TeamTkac\AppData\Local\Torch\User Data\Default\Extensions\ololnhefdppajhpimaghkdepcgfnoedi\1.0\manifest.json c:\windows\security\Database\tmp.edb . . CLSID={AB8902B4-09CA-4bb6-B78D-A8F59079A8D5} - infected with Poweliks and removed. You should verify if current CLSID data is correct: . HKEY_CLASSES_ROOT\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5} (Default) REG_SZ Thumbnail Cache Class Factory for Out of Proc Server AppID REG_SZ {AB8902B4-09CA-4bb6-B78D-A8F59079A8D5} . HKEY_CLASSES_ROOT\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\InprocServer32 (Default) REG_SZ c:\windows\system32\thumbcache.dll ThreadingModel REG_SZ Apartment . HKEY_CLASSES_ROOT\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 . HKEY_CLASSES_ROOT\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32\ . ((((((((((((((((((((((((( Files Created from 2014-10-09 to 2014-11-09 ))))))))))))))))))))))))))))))) . . 2014-11-09 21:12 . 2014-11-09 21:12 -------- d-----w- c:\users\TeamTkac\AppData\Local\Ihrsoft 2014-11-09 21:12 . 2014-11-09 22:15 -------- d-----w- c:\users\TeamTkac\AppData\Local\Ascbworks 2014-11-09 02:11 . 2014-11-09 22:03 163504 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10145.bin 2014-11-08 01:34 . 2014-11-09 22:28 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{349EE7B5-7CBC-41AF-9D35-032D9088AF9B}\offreg.dll 2014-11-07 12:08 . 2014-10-14 19:59 11627712 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{349EE7B5-7CBC-41AF-9D35-032D9088AF9B}\mpengine.dll 2014-10-16 10:28 . 2014-10-16 10:28 -------- d-----w- c:\program files (x86)\Common Files\Java 2014-10-16 10:28 . 2014-10-16 10:27 98216 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2014-10-15 10:10 . 2014-07-17 02:07 681984 ----a-w- c:\windows\system32\termsrv.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2014-11-09 21:20 . 2014-04-10 20:50 129752 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys 2014-10-28 10:34 . 2010-11-21 03:27 275080 ------w- c:\windows\system32\MpSigStub.exe 2014-10-16 10:19 . 2014-05-18 14:10 20160 ----a-w- c:\windows\system32\drivers\GUBootStartup.sys 2014-10-16 09:40 . 2011-11-26 23:30 103265616 ----a-w- c:\windows\system32\MRT.exe 2014-10-01 15:11 . 2014-04-10 20:50 63704 ----a-w- c:\windows\system32\drivers\mwac.sys 2014-10-01 15:11 . 2014-04-10 20:50 93400 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys 2014-10-01 15:11 . 2014-04-10 20:50 25816 ----a-w- c:\windows\system32\drivers\mbam.sys 2014-09-25 02:08 . 2014-09-30 18:26 371712 ----a-w- c:\windows\system32\qdvd.dll 2014-09-25 01:40 . 2014-09-30 18:26 519680 ----a-w- c:\windows\SysWow64\qdvd.dll 2014-09-24 21:28 . 2014-04-06 21:24 701104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2014-09-24 21:28 . 2014-04-06 21:24 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2014-09-09 22:11 . 2014-09-23 18:57 2048 ----a-w- c:\windows\system32\tzres.dll 2014-09-09 21:47 . 2014-09-23 18:57 2048 ----a-w- c:\windows\SysWow64\tzres.dll 2014-08-23 02:07 . 2014-08-27 22:59 404480 ----a-w- c:\windows\system32\gdi32.dll 2014-08-23 01:45 . 2014-08-27 22:59 311808 ----a-w- c:\windows\SysWow64\gdi32.dll 2014-08-12 23:00 . 2014-08-12 23:00 4575232 ----a-w- c:\windows\SysWow64\GPhotos.scr . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1] @="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}" [HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}] 2013-05-10 03:21 220632 ----a-w- c:\users\TeamTkac\AppData\Local\Microsoft\SkyDrive\16.4.6003.0710\SkyDriveShell.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2] @="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}" [HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}] 2013-05-10 03:21 220632 ----a-w- c:\users\TeamTkac\AppData\Local\Microsoft\SkyDrive\16.4.6003.0710\SkyDriveShell.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3] @="{BBACC218-34EA-4666-9D7A-C78F2274A524}" [HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}] 2013-05-10 03:21 220632 ----a-w- c:\users\TeamTkac\AppData\Local\Microsoft\SkyDrive\16.4.6003.0710\SkyDriveShell.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)] @="{8BA85C75-763B-4103-94EB-9470F12FE0F7}" [HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}] 2014-09-16 17:57 1729232 ----a-w- c:\progra~2\MICROS~4\Office15\GROOVEEX.DLL . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)] @="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}" [HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}] 2014-09-16 17:57 1729232 ----a-w- c:\progra~2\MICROS~4\Office15\GROOVEEX.DLL . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)] @="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}" [HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}] 2014-09-16 17:57 1729232 ----a-w- c:\progra~2\MICROS~4\Office15\GROOVEEX.DLL . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 129272 ----a-w- c:\users\TeamTkac\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 129272 ----a-w- c:\users\TeamTkac\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 129272 ----a-w- c:\users\TeamTkac\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "GarminExpressTrayApp"="c:\program files (x86)\Garmin\Express Tray\ExpressTray.exe" [2014-07-10 688984] "GUDelayStartup"="c:\program files (x86)\Glary Utilities 5\StartupManager.exe" [2014-10-13 37152] "swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-07-14 39408] "Ihrsoft"="c:\users\TeamTkac\AppData\Local\Ihrsoft\AsusDevinf32.dll" [2014-11-09 32768] "Egqtion"="c:\users\TeamTkac\AppData\Local\Ascbworks\QSCEula.dll" [2014-11-09 35328] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "BackupManagerTray"="c:\program files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" [2011-04-24 297280] "LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2011-07-01 1103440] "Dolby Advanced Audio v2"="c:\dolby pcee4\pcee4.exe" [2011-06-01 506712] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-08-21 959176] "HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208] "YMailAdvisor"="c:\program files (x86)\Yahoo!\Common\YMailAdvisor.exe" [2009-05-08 174424] "AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-07-30 4085896] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2014-09-26 271744] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "GarminExpressTrayApp"="c:\program files (x86)\Garmin\Express Tray\ExpressTray.exe" [2014-07-10 688984] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "IsMyWinLockerReboot"="msiexec.exe" [2010-11-21 73216] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk * \0BootDefrag.exe\0aswBoot.exe /M:36ed1337 /wow /dir:C:\Program . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-disabled] "ArcadeMovieService"="c:\program files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe" "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" . R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~2\mcafee\SITEAD~1\mcsacore.exe;c:\progra~2\mcafee\SITEAD~1\mcsacore.exe [x] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x] R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_flt.sys [x] R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys;c:\windows\SYSNATIVE\drivers\btath_a2dp.sys [x] R3 btath_avdt;Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys;c:\windows\SYSNATIVE\drivers\btath_avdt.sys [x] R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_hcrp.sys [x] R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_lwflt.sys [x] R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_rcp.sys [x] R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x] R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x] R3 EgisTec Ticket Service;EgisTec Ticket Service;c:\program files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe;c:\program files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [x] R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys;c:\windows\SYSNATIVE\Drivers\ANDROIDUSB.sys [x] R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x] R3 mmpDrv;MiniAide Magic Partition Driver;c:\windows\system32\Drivers\mmpDrv.sys;c:\windows\SYSNATIVE\Drivers\mmpDrv.sys [x] R3 mmpguidrv;MiniAide Magic Partition Gui Driver;c:\windows\system32\Drivers\MmpGuiDrv.sys;c:\windows\SYSNATIVE\Drivers\MmpGuiDrv.sys [x] R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x] R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x] R3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe;c:\program files\Intel\TurboBoost\TurboBoost.exe [x] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x] S0 aswRvrt;avast! Revert; [x] S0 aswVmm;avast! VM Monitor; [x] S0 BootDefragDriver;BootDefragDriver;c:\windows\System32\drivers\BootDefragDriver.sys;c:\windows\SYSNATIVE\drivers\BootDefragDriver.sys [x] S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x] S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x] S1 GUBootStartup;GUBootStartup;c:\windows\System32\drivers\GUBootStartup.sys;c:\windows\SYSNATIVE\drivers\GUBootStartup.sys [x] S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDFilter.sys [x] S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDNServ.sys [x] S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDVDisk.sys [x] S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x] S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x] S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe;c:\program files (x86)\Bluetooth Suite\adminservice.exe [x] S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe;c:\program files (x86)\Launch Manager\dsiwmis.exe [x] S2 ePowerSvc;ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [x] S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe;c:\program files (x86)\Acer\Registration\GREGsvc.exe [x] S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x] S2 Live Updater Service;Live Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe;c:\program files\Acer\Acer Updater\UpdaterService.exe [x] S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe;c:\program files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [x] S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe;c:\program files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [x] S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys;c:\windows\SYSNATIVE\DRIVERS\TurboB.sys [x] S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x] S2 ZAtheros Wlan Agent;ZAtheros Wlan Agent;c:\program files (x86)\Qualcomm Atheros Fast Reconnect\Ath_WlanAgent.exe;c:\program files (x86)\Qualcomm Atheros Fast Reconnect\Ath_WlanAgent.exe [x] S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys;c:\windows\SYSNATIVE\DRIVERS\btath_bus.sys [x] S3 Garmin Core Update Service;Garmin Core Update Service;c:\program files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe;c:\program files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [x] S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x] S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . Contents of the 'Scheduled Tasks' folder . 2014-11-09 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-04-06 21:28] . 2014-11-09 c:\windows\Tasks\GlaryInitialize 5.job - c:\program files (x86)\Glary Utilities 5\Initialize.exe [2014-10-13 05:32] . 2014-11-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-14 12:27] . 2014-11-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-14 12:27] . 2014-11-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-563202287-1717114301-743867805-1000Core.job - c:\users\TeamTkac\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-26 23:12] . 2014-11-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-563202287-1717114301-743867805-1000UA.job - c:\users\TeamTkac\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-26 23:12] . 2014-11-09 c:\windows\Tasks\HP Photo Creations Communicator.job - c:\programdata\HP Photo Creations\Communicator.exe [2012-10-07 19:02] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1] @="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}" [HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}] 2013-05-10 03:21 244688 ----a-w- c:\users\TeamTkac\AppData\Local\Microsoft\SkyDrive\16.4.6003.0710\amd64\SkyDriveShell64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2] @="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}" [HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}] 2013-05-10 03:21 244688 ----a-w- c:\users\TeamTkac\AppData\Local\Microsoft\SkyDrive\16.4.6003.0710\amd64\SkyDriveShell64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3] @="{BBACC218-34EA-4666-9D7A-C78F2274A524}" [HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}] 2013-05-10 03:21 244688 ----a-w- c:\users\TeamTkac\AppData\Local\Microsoft\SkyDrive\16.4.6003.0710\amd64\SkyDriveShell64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)] @="{8BA85C75-763B-4103-94EB-9470F12FE0F7}" [HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}] 2014-09-16 17:53 2334416 ----a-w- c:\progra~1\MICROS~2\Office15\GROOVEEX.DLL . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)] @="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}" [HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}] 2014-09-16 17:53 2334416 ----a-w- c:\progra~1\MICROS~2\Office15\GROOVEEX.DLL . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)] @="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}" [HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}] 2014-09-16 17:53 2334416 ----a-w- c:\progra~1\MICROS~2\Office15\GROOVEEX.DLL . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2014-07-08 00:13 634872 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 162552 ----a-w- c:\users\TeamTkac\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 162552 ----a-w- c:\users\TeamTkac\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 162552 ----a-w- c:\users\TeamTkac\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 162552 ----a-w- c:\users\TeamTkac\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}] 2014-01-30 20:05 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}" . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}] 2014-01-30 20:05 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}" . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}] 2014-01-30 20:05 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}] 2014-01-30 20:05 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}] 2014-01-30 20:05 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}] 2014-01-30 20:05 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-06-21 167704] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-06-21 392472] "Persistence"="c:\windows\system32\igfxpers.exe" [2011-06-21 416024] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-08-16 12673128] "RtHDVBg_Dolby"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-08-16 2277480] "Power Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2011-08-02 1831016] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = https://www.yahoo.com/ mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 TCP: DhcpNameServer = 75.75.76.76 75.75.75.75 Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/4.0.4.0/GarminAxControl_32.CAB FF - ProfilePath - c:\users\TeamTkac\AppData\Roaming\Mozilla\Firefox\Profiles\hznau090.default\ FF - prefs.js: browser.search.defaulturl - hxxps://www.google.com/search FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - about:home FF - prefs.js: keyword.URL - hxxps://www.google.com/search . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start Toolbar-Locked - (no file) HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-563202287-1717114301-743867805-1000_Classes\CLSID] @DACL=(02 0000) . [HKEY_USERS\S-1-5-21-563202287-1717114301-743867805-1000_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32\*] @Allowed: (Read) (RestrictedCode) . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_167_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_167_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}] @Denied: (A 2) (Everyone) @="IFlashBroker6" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_167_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_167_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.15" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}] @Denied: (A 2) (Everyone) @="IFlashBroker6" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\McAfee] "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\ . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2014-11-09 17:44:45 ComboFix-quarantined-files.txt 2014-11-09 22:44 . Pre-Run: 485,359,251,456 bytes free Post-Run: 487,682,867,200 bytes free . - - End Of File - - 75ED9952097051F22C4020480D2F95C3