hejeh Postad 13 februari, 2014 Share Postad 13 februari, 2014 Är huvudet dumt så får datorn lida - i brådskan att hinna se en streamad fotbollsmatch installerade jag en spelare vars nedladdning kom komplett med Stink page. Nu får jag inte väck skiten. Har försökt kolla runt lite för att se hur man gör men mina datorkunskaper brister så jag hoppades på lite hjälp här. Med vänligaste hälsningar Henrik Nedan har jag klistrat DDS-loggen och bifogat finns attach.txt DDS (Ver_2012-11-20.01) - NTFS_AMD64Internet Explorer: 9.0.8112.16526 BrowserJavaVersion: 10.51.2Run by Henrik at 12:55:43 on 2014-02-13Microsoft Windows 7 Professional 6.1.7601.1.1252.46.1053.18.8075.4196 [GMT 1:00].AV: Norton AntiVirus *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}SP: Norton AntiVirus *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}.============== Running Processes ===============.C:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\ibmpmsvc.exeC:\Windows\system32\nvvsvc.exeC:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exeC:\Windows\system32\svchost.exe -k RPCSSC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k GPSvcGroupC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\WUDFHost.exeC:\Windows\system32\WUDFHost.exeC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Windows\system32\WLANExt.exeC:\ProgramData\IePluginService\PluginService.exeC:\ProgramData\WPM\wprotectmanager.exeC:\Windows\System32\spoolsv.exeC:\Program Files\LENOVO\HOTKEY\TPHKSVC.exeC:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exeC:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exeC:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exeC:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exeC:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeC:\Program Files\ThinkPad\Bluetooth Software\btwdins.exeC:\Windows\system32\CxAudMsg64.exeC:\ProgramData\DatacardService\DCService.exeC:\Program Files\Intel\WiFi\bin\EvtEng.exeC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonationC:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Program Files (x86)\Intel\Services\IPT\jhi_service.exeC:\Program Files\Lenovo\Communications Utility\CAMMUTE.exeC:\Program Files\LENOVO\HOTKEY\MICMUTE.exeC:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exeC:\Program Files\LENOVO\VIRTSCRL\lvvsst.exeC:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exeC:\Program Files (x86)\Norton AntiVirus\Engine\21.1.0.18\NAV.exeC:\Program Files (x86)\Norton Identity Safe\Engine\2014.6.0.27\NST.exeC:\PROGRA~1\LENOVO\HOTKEY\tpnumlk.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Windows\system32\wbem\unsecapp.exeC:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exeC:\Windows\SysWOW64\SAsrv.exeC:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exeC:\Program Files (x86)\Securepoint SSL VPN\SPOpenVPNService.exeC:\Windows\system32\svchost.exe -k imgsvcC:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exeC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXEC:\Program Files (x86)\Mobile Broadband drivers\WMCore\mini_WMCore.exeC:\Program Files\Intel\WiFi\bin\ZeroConfigService.exeC:\Windows\system32\svchost.exe -k bthsvcsC:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestrictedC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exeC:\Program Files\NVIDIA Corporation\Display\nvxdsync.exeC:\Windows\system32\nvvsvc.exeC:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exeC:\Windows\system32\SearchIndexer.exeC:\Windows\system32\taskhost.exeC:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exeC:\Program Files (x86)\Norton AntiVirus\Engine\21.1.0.18\NAV.exeC:\Program Files (x86)\Norton Identity Safe\Engine\2014.6.0.27\NST.exeC:\Windows\system32\Dwm.exeC:\Windows\system32\rundll32.exeC:\PROGRA~1\Lenovo\Zoom\TPSCREX.EXEC:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXEC:\PROGRA~1\Lenovo\HOTKEY\SHTCTKY.EXEC:\PROGRA~1\LENOVO\HOTKEY\tpnumlkd.exeC:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exeC:\ProgramData\DatacardService\DCSHelper.exeC:\Windows\system32\taskeng.exeC:\Program Files (x86)\Lenovo\Screen Reading Optimizer\SRORest.exeC:\Windows\system32\wbem\unsecapp.exeC:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exeC:\Windows\System32\TpShocks.exeC:\Program Files\Lenovo\Communications Utility\TpKnrres.exeC:\Program Files\CONEXANT\ForteConfig\fmapp.exeC:\Program Files\Lenovo\Client Security Solution\cssauth.exeC:\Program Files\Lenovo\AutoLock\ALCKRESI.exeC:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exeC:\Windows\System32\igfxpers.exeC:\Users\Henrik.CEMENT\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exeC:\Program Files (x86)\Skype\Phone\Skype.exeC:\Users\Henrik.CEMENT\AppData\Local\Google\Update\GoogleUpdate.exeC:\Program Files (x86)\Personal\bin\Personal.exeC:\Program Files\ThinkPad\Bluetooth Software\BTTray.exeC:\Users\Henrik.CEMENT\AppData\Roaming\Dropbox\bin\Dropbox.exeC:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exeC:\Windows\SysWOW64\rundll32.exeC:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exeC:\Windows\system32\rundll32.exeC:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoDashboard.exeC:\Program Files\Lenovo\Client Security Solution\password_manager.exeC:\Program Files (x86)\Common Files\Java\Java Update\jusched.exeC:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exeC:\Program Files (x86)\Lenovo\Client Security Solution\password_manager.exeC:\Program Files (x86)\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exeC:\Program Files\Windows Media Player\wmpnetwk.exeC:\Windows\System32\mobsync.exeC:\Windows\SysWOW64\RunDll32.exeC:\Windows\explorer.exeC:\Program Files\ThinkPad\Bluetooth Software\BtStackServer.exeC:\PROGRA~2\ThinkPad\UTILIT~1\SCHTASK.exeC:\Program Files\ThinkPad\Bluetooth Software\Bluetooth Headset Helper.exeC:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exeC:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exeC:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exeC:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exeC:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exeC:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exeC:\Program Files (x86)\Lenovo\Screen Reading Optimizer\SROSVC.exeC:\Windows\system32\wbem\unsecapp.exeC:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exeC:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exeC:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exeC:\Windows\system32\wuauclt.exeC:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exeC:\Windows\system32\taskeng.exeC:\Windows\system32\rundll32.exeC:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXEC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exeC:\Program Files (x86)\Mozilla Firefox\firefox.exeC:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exeC:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exeC:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXEC:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXEC:\Windows\system32\SearchProtocolHost.exeC:\Windows\system32\SearchFilterHost.exeC:\Windows\System32\cscript.exe.============== Pseudo HJT Report ===============.uStart Page = hxxps://www.google.se/uDefault_Page_URL = hxxp://www.google.commStart Page = hxxp://www.google.commSearch Page = hxxp://www.google.commDefault_Page_URL = hxxp://www.google.commDefault_Search_URL = hxxp://www.google.commWinlogon: Userinit = userinit.exeBHO: IETabPage Class: {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} - C:\Program Files (x86)\SupTab\SupTab.dllBHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton AntiVirus\Engine\21.1.0.18\IPS\ipsbho.dllBHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dllBHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllBHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dllBHO: Norton Identity Protection: {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.6.0.27\coieplg.dllBHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLLBHO: IePasswordManagerHelper Class: {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} - C:\Program Files (x86)\Lenovo\Client Security Solution\tvtpwm_ie_com.dllBHO: Symantec VIP Access Add-On: {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} - C:\Program Files (x86)\Symantec\VIP Access Client\VIPAddOnForIE.dllBHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dllTB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dllTB: Norton Identity Safe Toolbar: {A13C2648-91D4-4BF3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.6.0.27\coieplg.dllTB: Norton Identity Safe Toolbar: {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.6.0.27\coieplg.dllTB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dlluRun: [spotify Web Helper] "C:\Users\Henrik.CEMENT\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrunuRun: [Google Update] "C:\Users\Henrik.CEMENT\AppData\Local\Google\Update\GoogleUpdate.exe" /cuRun: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe RunuRun: [AdobeBridge] <no file>mRun: [seagate Dashboard] C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe --silent --no_uimRun: [RotateImage] C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exemRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottimemRun: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitormRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"mRun: [Lenovo Registration] C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe /bootmRun: [iMSS] "C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe"mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"mRun: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbyloginmRun: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exemRun: [search Protection] C:\ProgramData\Search Protection\SearchProtection.exemRun: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-startStartupFolder: C:\Users\HENRIK~1.CEM\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Henrik.CEMENT\AppData\Roaming\Dropbox\bin\Dropbox.exeStartupFolder: C:\Users\HENRIK~1.CEM\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\PHONEM~1.LNK - C:\Program Files (x86)\Avaya\IP Office\Phone Manager\PhoneManager.exeStartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BANKID~1.LNK - C:\Program Files (x86)\Personal\bin\Personal.exeStartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exeuPolicies-Explorer: NoDriveTypeAutoRun = dword:145mPolicies-Explorer: NoActiveDesktop = dword:1mPolicies-Explorer: NoActiveDesktopChanges = dword:1mPolicies-System: ConsentPromptBehaviorAdmin = dword:0mPolicies-System: ConsentPromptBehaviorUser = dword:3mPolicies-System: EnableLUA = dword:0mPolicies-System: EnableUIADesktopToggle = dword:0mPolicies-System: PromptOnSecureDesktop = dword:0mPolicies-System: RunStartupScriptSync = dword:1mPolicies-System: DisableCAD = dword:1IE: E&xportera till Microsoft Excel - C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000IE: Ski&cka till OneNote - C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-001045-0002-0045-ABCDEFFEDCBC} - <orphaned>IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dllIE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dllIE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dllIE: {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Program Files (x86)\Lenovo\Client Security Solution\tvtpwm_ie_com.dllTrusted Zone: click-clean.comDPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cabTCP: NameServer = 192.168.32.10TCP: Interfaces\{394CE077-BEE1-4724-982A-8D9375123F56} : DHCPNameServer = 192.168.1.254TCP: Interfaces\{394CE077-BEE1-4724-982A-8D9375123F56}\46C696E6B6 : DHCPNameServer = 192.168.0.1TCP: Interfaces\{394CE077-BEE1-4724-982A-8D9375123F56}\77164756273797374756D637 : DHCPNameServer = 172.16.0.2TCP: Interfaces\{394CE077-BEE1-4724-982A-8D9375123F56}\E4546533 : DHCPNameServer = 192.168.2.1TCP: Interfaces\{E536509A-13FC-47CD-B475-6BD50A0882EE} : DHCPNameServer = 192.168.32.10Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLLHandler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dllHandler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dllAppInit_DLLs= ,C:\Windows\SysWOW64\nvinit.dllSSODL: WebCheck - <orphaned>LSA: Notification Packages = scecli ACGina C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll C:\Program Files\ThinkPad\Bluetooth Software\BtwProximityCP.dllIFEO: bitguard.exe - tasklist.exeIFEO: bprotect.exe - tasklist.exeIFEO: bpsvc.exe - tasklist.exeIFEO: browsemngr.exe - tasklist.exeIFEO: browserdefender.exe - tasklist.exex64-mStart Page = hxxp://www.google.comx64-mSearch Page = hxxp://www.google.comx64-mDefault_Page_URL = hxxp://www.google.comx64-mDefault_Search_URL = hxxp://www.google.comx64-BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dllx64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllx64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dllx64-BHO: Norton Identity Protection: {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} - C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.6.0.27\coieplg.dllx64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLLx64-BHO: Symantec VIP Access Add-On: {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} - C:\Program Files (x86)\Symantec\VIP Access Client\64bit\VIPAddOnForIE64.dllx64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dllx64-TB: Norton Identity Safe Toolbar: {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.6.0.27\coieplg.dllx64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dllx64-Run: [TpShocks] TpShocks.exex64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exex64-Run: [smartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe /tx64-Run: [LENOVO.TPKNRRES] C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exex64-Run: [ForteConfig] C:\Program Files\Conexant\ForteConfig\fmapp.exex64-Run: [cssauth] "C:\Program Files\Lenovo\Client Security Solution\cssauth.exe" silentx64-Run: [ALCKRESI.EXE] C:\Program Files\Lenovo\AutoLock\ALCKRESI.EXEx64-Run: [AcWin7Hlpr] C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exex64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"x64-Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exex64-Run: [igfxTray] C:\Windows\System32\igfxtray.exex64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exex64-Run: [Persistence] C:\Windows\System32\igfxpers.exex64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dllx64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dllx64-DPF: {444785F1-DE89-4295-863A-D46C3A781394} - hxxp://webplayer.unity3d.com/download_webplayer/UnityWebPlayer.cabx64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLLx64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>x64-Notify: igfxcui - igfxdev.dllx64-Notify: psfus - C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dllx64-SSODL: WebCheck - <orphaned>x64-IFEO: bitguard.exe - tasklist.exex64-IFEO: bprotect.exe - tasklist.exex64-IFEO: bpsvc.exe - tasklist.exex64-IFEO: browsemngr.exe - tasklist.exex64-IFEO: browserdefender.exe - tasklist.exe.Note: multiple IFEO entries found. Please refer to Attach.txt.================= FIREFOX ===================.FF - ProfilePath - C:\Users\Henrik.CEMENT\AppData\Roaming\Mozilla\Firefox\Profiles\7zhtpabx.default\FF - prefs.js: browser.search.selectedEngine - SecureSearchFF - prefs.js: browser.startup.homepage - hxxps://www.google.se/FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLLFF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLLFF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dllFF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dllFF - plugin: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dllFF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dllFF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dllFF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dllFF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dllFF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dllFF - plugin: C:\Program Files (x86)\OverTheEdge\Unity\WebPlayer\loader\npUnityWeb32.dllFF - plugin: C:\Program Files (x86)\Personal\bin\np_prsnl.dllFF - plugin: C:\Program Files (x86)\Personal\bin\np_prsnl64.dllFF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dllFF - plugin: C:\Users\Henrik.CEMENT\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dllFF - plugin: C:\Users\Henrik.CEMENT\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dllFF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll.============= SERVICES / DRIVERS ===============.R0 DzHDD64;DzHDD64;C:\Windows\System32\drivers\DZHDD64.SYS [2011-10-31 31344]R0 nvpciflt;nvpciflt;C:\Windows\System32\drivers\nvpciflt.sys [2014-2-11 30496]R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2012-4-24 55024]R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\NAVx64\1501000.012\SymDS64.sys [2013-11-15 493656]R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\NAVx64\1501000.012\SymEFA64.sys [2013-11-15 1147480]R0 TPDIGIMN;TPDIGIMN;C:\Windows\System32\drivers\ApsHM64.sys [2011-3-29 23664]R1 BHDrvx64;BHDrvx64;C:\Program Files (x86)\Norton AntiVirus\NortonData\21.1.0.18\Definitions\BASHDefs\20140121.001\BHDrvx64.sys [2014-1-22 1526488]R1 ccSet_NAV;NAV Settings Manager;C:\Windows\System32\drivers\NAVx64\1501000.012\ccSetx64.sys [2013-11-15 162392]R1 ccSet_NST;Norton Identity Safe Settings Manager;C:\Windows\System32\drivers\NSTx64\7DE06000.01B\ccsetx64.sys [2013-10-17 162392]R1 IDSVia64;IDSVia64;C:\Program Files (x86)\Norton AntiVirus\NortonData\21.1.0.18\Definitions\IPSDefs\20140212.001\IDSviA64.sys [2014-2-13 521944]R1 lenovo.smi;Lenovo System Interface Driver;C:\Windows\System32\drivers\smiifx64.sys [2011-8-17 15472]R1 nvkflt;nvkflt;C:\Windows\System32\drivers\nvkflt.sys [2014-2-11 284448]R1 PHCORE;PHCORE;C:\Program Files\Lenovo\RapidBoot\PHCORE64.sys [2011-7-8 32104]R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\NAVx64\1501000.012\Ironx64.sys [2013-11-15 264280]R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\NAVx64\1501000.012\symnets.sys [2013-11-15 590936]R2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-9-6 169312]R2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® + High Speed Service;C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [2013-2-13 770528]R2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® + High Speed Security Service;C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2012-9-12 135984]R2 CxAudMsg;Conexant Audio Message Service;C:\Windows\System32\CxAudMsg64.exe [2011-10-31 198784]R2 DCService.exe;DCService.exe;C:\ProgramData\DatacardService\DCService.exe [2010-8-19 229376]R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2014-2-4 2222416]R2 IePluginService;IePlugin Service;C:\ProgramData\IePluginService\PluginService.exe -service --> C:\ProgramData\IePluginService\PluginService.exe -service [?]R2 jhi_service;Intel® Identity Protection Technology Host Interface Service;C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe [2011-2-24 212944]R2 LENOVO.CAMMUTE;Lenovo Camera Mute;C:\Program Files\Lenovo\Communications Utility\CamMute.exe [2012-5-7 43584]R2 LENOVO.MICMUTE;Lenovo Microphone Mute;C:\Program Files\Lenovo\HOTKEY\micmute.exe [2013-9-12 127072]R2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe [2012-5-7 62016]R2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe [2011-8-17 133992]R2 LMIGuardianSvc;LMIGuardianSvc;C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [2014-2-4 377616]R2 NAV;Norton AntiVirus;C:\Program Files (x86)\Norton AntiVirus\Engine\21.1.0.18\NAV.exe [2013-11-15 262288]R2 NCO;Norton Identity Safe;C:\Program Files (x86)\Norton Identity Safe\Engine\2014.6.0.27\nst.exe [2013-10-17 129424]R2 risdxc;risdxc;C:\Windows\System32\drivers\risdxc64.sys [2011-10-31 101376]R2 SAService;Conexant SmartAudio service;C:\Windows\System32\SAsrv.exe --> C:\Windows\System32\SAsrv.exe [?]R2 SeagateDashboardService;Seagate Dashboard Service;C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe [2011-6-2 14088]R2 Securepoint VPN;Securepoint VPN;C:\Program Files (x86)\Securepoint SSL VPN\SPOpenVPNService.exe [2013-9-26 142216]R2 SROSVC;Screen Reading Optimizer Service Program;C:\Program Files (x86)\Lenovo\Screen Reading Optimizer\SROSVC.exe [2012-5-9 446800]R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-10-28 383776]R2 TeamViewer7;TeamViewer 7;C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-7-16 2673064]R2 TPHKLOAD;Lenovo Hotkey Client Loader;C:\Program Files\Lenovo\HOTKEY\tphkload.exe [2013-9-12 126456]R2 TPHKSVC;Visa på skärmen;C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe [2013-9-12 125504]R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-10-31 2656280]R2 VIPAppService;VIPAppService;C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe [2012-12-2 81552]R2 WMCoreService;Mobile Broadband Service;C:\Program Files (x86)\Mobile Broadband drivers\WMCore\mini_WMCore.exe servicemode --> C:\Program Files (x86)\Mobile Broadband drivers\WMCore\mini_WMCore.exe servicemode [?]R2 Wpm;Wpm Service;C:\ProgramData\WPM\wprotectmanager.exe -service --> C:\ProgramData\WPM\wprotectmanager.exe -service [?]R2 ZeroConfigService;Intel® PROSet/Wireless Zero Configuration Service;C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2013-2-8 3386608]R3 5U877;USB Video Device;C:\Windows\System32\drivers\5U877.sys [2011-10-31 166016]R3 AMPPAL;Intel® Centrino® Wireless Bluetooth® + High Speed Virtuellt kort;C:\Windows\System32\drivers\AmpPal.sys [2013-2-13 163808]R3 BTWAMPFL;BTWAMPFL;C:\Windows\System32\drivers\btwampfl.sys [2011-10-31 598808]R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2013-9-12 39976]R3 ecnssndis; Mobile Broadband Driver;C:\Windows\System32\drivers\wwuss64.sys [2011-10-31 26664]R3 ecnssndisfltr; Mobile Broadband Driver Filter;C:\Windows\System32\drivers\wwussf64.sys [2011-10-31 30248]R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2013-11-22 137648]R3 huawei_enumerator;huawei_enumerator;C:\Windows\System32\drivers\ew_jubusenum.sys [2013-3-22 86016]R3 l36wgps; Mobile Broadband GPS Port;C:\Windows\System32\drivers\l36wgps64.sys [2012-5-7 101416]R3 Mbm3CBus;F5521gw Mobile Broadband Device (WDM);C:\Windows\System32\drivers\Mbm3CBus.sys [2011-10-31 419400]R3 Mbm3DevMt; Mobile Broadband Device Management Driver (WDM);C:\Windows\System32\drivers\Mbm3DevMt.sys [2011-10-31 430664]R3 Mbm3mdfl; Mobile Broadband Modem Port Filter;C:\Windows\System32\drivers\Mbm3mdfl.sys [2011-10-31 19528]R3 Mbm3Mdm; Mobile Broadband Modem Port Driver;C:\Windows\System32\drivers\Mbm3Mdm.sys [2011-10-31 483400]R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2011-2-10 82432]R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2011-2-10 181760]R3 TVTI2C;Lenovo SM bus driver;C:\Windows\System32\drivers\tvti2c.sys [2011-5-30 40248]R3 WwanUsbServ;Mobile Broadband Driver;C:\Windows\System32\drivers\WwanUsbMp64.sys [2012-5-7 268840]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]S2 HyperW7Svc;HyperW7 Service;C:\Program Files\Lenovo\RapidBoot\HyperW7Svc64.exe [2011-11-18 144448]S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-9-5 171680]S3 AMPPALP;Intel® Centrino® Wireless Bluetooth® + High Speed-protokoll;C:\Windows\System32\drivers\AmpPal.sys [2013-2-13 163808]S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2014-1-22 108800]S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2010-11-21 71168]S3 DozeSvc;Lenovo Doze Mode Service;C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [2011-10-31 478056]S3 DraftSight API Service;DraftSight API Service;C:\Program Files (x86)\Dassault Systemes\DraftSight\bin\dsHttpApiService.exe [2012-1-24 78336]S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;C:\Windows\System32\drivers\ew_hwusbdev.sys [2013-3-22 117248]S3 ewusbnet;HUAWEI USB-NDIS miniport;C:\Windows\System32\drivers\ewusbnet.sys [2013-3-22 256000]S3 FsUsbExDisk;FsUsbExDisk;C:\Windows\SysWOW64\FsUsbExDisk.Sys [2013-12-2 37344]S3 hwdatacard;Huawei DataCard USB Modem and USB Serial;C:\Windows\System32\drivers\ewusbmdm.sys [2013-3-22 121600]S3 LSCWinService;LSCWinService;C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [2013-9-25 1674720]S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2013-2-8 273136]S3 Power Manager DBC Service;Power Manager DBC Service;C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe [2011-10-31 87400]S3 PwmEWSvc;Cisco EnergyWise Enabler;C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.exe [2011-10-31 173416]S3 s1018bus;Sony Ericsson Device 1018 driver (WDM);C:\Windows\System32\drivers\s1018bus.sys [2009-3-25 113704]S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;C:\Windows\System32\drivers\s1018mdfl.sys [2009-3-25 19496]S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;C:\Windows\System32\drivers\s1018mdm.sys [2009-3-25 153128]S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);C:\Windows\System32\drivers\s1018mgmt.sys [2009-3-25 133160]S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);C:\Windows\System32\drivers\s1018nd5.sys [2009-3-25 34856]S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;C:\Windows\System32\drivers\s1018obex.sys [2009-3-25 128552]S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);C:\Windows\System32\drivers\s1018unic.sys [2009-3-25 146472]S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2014-1-22 206080]S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 27136]S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392]S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232]S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-23 57184].=============== Created Last 30 ================.2014-02-13 09:20:50 -------- d-----w- C:\FRST2014-02-12 13:06:14 -------- d-----w- C:\Users\Henrik.CEMENT\AppData\Roaming\NVIDIA2014-02-12 08:03:35 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll2014-02-12 08:03:35 2048 ----a-w- C:\Windows\System32\msxml3r.dll2014-02-12 08:03:35 1882112 ----a-w- C:\Windows\System32\msxml3.dll2014-02-12 08:03:35 1237504 ----a-w- C:\Windows\SysWow64\msxml3.dll2014-02-09 16:27:44 -------- d-----w- C:\Users\Henrik.CEMENT\AppData\Local\LogMeIn Hamachi2014-02-09 16:27:44 -------- d-----w- C:\Users\Henrik.CEMENT\AppData\Local\LogMeIn2014-02-09 16:27:44 -------- d-----w- C:\ProgramData\LogMeIn2014-02-09 16:26:02 -------- d-----w- C:\Program Files (x86)\LogMeIn Hamachi2014-02-08 11:17:55 -------- d-----w- C:\Users\Henrik.CEMENT\AppData\Roaming\LavasoftStatistics2014-02-08 09:34:14 -------- d-----w- C:\Users\Henrik.CEMENT\AppData\Roaming\SecureSearch2014-02-08 09:34:07 -------- d-----w- C:\Program Files (x86)\Lavasoft2014-02-05 22:17:29 -------- d-----w- C:\ProgramData\IePluginService2014-02-05 22:17:29 -------- d-----w- C:\Program Files (x86)\SupTab2014-02-05 22:17:27 -------- d-----w- C:\ProgramData\WPM2014-02-01 09:39:11 -------- d-----w- C:\Users\Henrik.CEMENT\AppData\Local\Unity2014-02-01 09:37:05 -------- d-----w- C:\Program Files (x86)\OverTheEdge2014-01-22 07:52:10 206080 ----a-w- C:\Windows\System32\drivers\ssudmdm.sys2014-01-22 07:52:10 108800 ----a-w- C:\Windows\System32\drivers\ssudbus.sys2014-01-17 07:19:00 821824 ----a-w- C:\Windows\SysWow64\dgderapi.dll2014-01-15 07:06:30 99840 ----a-w- C:\Windows\System32\drivers\usbccgp.sys2014-01-15 07:06:30 7808 ----a-w- C:\Windows\System32\drivers\usbd.sys2014-01-15 07:06:30 53248 ----a-w- C:\Windows\System32\drivers\usbehci.sys2014-01-15 07:06:30 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys2014-01-15 07:06:30 325120 ----a-w- C:\Windows\System32\drivers\usbport.sys2014-01-15 07:06:30 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys2014-01-15 07:06:30 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys2014-01-15 07:06:28 3156480 ----a-w- C:\Windows\System32\win32k.sys.==================== Find3M ====================.2014-02-06 06:11:07 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl2014-02-06 06:11:07 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe2013-12-18 20:09:39 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll2013-11-15 20:16:32 177752 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS.============= FINISH: 12:55:55,46 =============== attach.txt Länk till kommentar Dela på andra webbplatser More sharing options...
Cecilia Postad 13 februari, 2014 Share Postad 13 februari, 2014 Hej! 1. Avinstallera SupTab om det går. 2. Ladda ner Malwarebytes Anti-Malware Free (MBAM) från http://www.malwarebytes.org/Dubbelklicka på mbam-setup för att installera programmet.Se till i slutet av installationen att det är bockar för:Uppdatera Malwarebytes' Anti-MalwareStarta Malwarebytes' Anti-MalwareKlicka på SlutförOm det finns någon uppdatering så kommer den att laddas ner och installeras.När programmet startar så välj Utför fullständig skanning och klicka på Skanna.Skanningen tar ett tag.När den är klar så klicka på OK och sedan Visa resultat.Bocka för allt och tryck sedan Ta bort markerade.När borttagningen är klar så öppnar Anteckningar med en logg.Eventuellt så kommer det upp en begäran om att starta om datorn (Restart). I så fall gör det.Om det blir ett felmeddelande Error loading... efter omstarten så starta om datorn än en gång.Om programmet inte kommer igång efter omstarten så starta det.Om loggen inte kommer upp själv i Anteckningar så hittar du loggen på fliken Loggar i MBAM.Kopiera loggen och klistra in den i ditt svar. 3. Spara AdwCleaner av Xplode på Skrivbordet: http://general-changelog-team.fr/fr/downloads/finish/20-outils-de-xplode/2-adwcleanerStäng alla program, inklusive webbläsare.Dubbelklicka på AdwCleaner för att starta programmet.Klicka på Scan-knappen.Vänta tills sökningen är klar.Klicka på Report-knappen.En rapport kommer upp, kopiera innehållet och klistra in i ditt svar.Om rapporten inte kommer upp, så finns den även som C:\AdwCleaner[R0].txt Länk till kommentar Dela på andra webbplatser More sharing options...
hejeh Postad 13 februari, 2014 Trådskapare Share Postad 13 februari, 2014 Hej Cecilia och tack, Det verkar som om det funkade att avinstallera SupTab (tog bort katalogen manuellt efter avinstallation - låg en dll-fil kvar) Malwarebytes logg: Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Databasversion: v2014.02.13.08 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Henrik :: HENRIK-THINK-12 [administratör] 2014-02-13 18:28:03 mbam-log-2014-02-13 (18-28-03).txt Skanningstyp: Fullständig skanning (C:\|Q:\|) Aktiverade skanningsalternativ: Minne | Start | Register | Filsystem | Heuristik/Extra | Heuristik/Shuriken | PUP | PUM Inaktiverade skanningsalternativ: P2P Antal skannade objekt: 479302 Förfluten tid: 24 minut(er), 21 sekund(er) Upptäckta minnesprocesser: 2 C:\ProgramData\IePluginService\PluginService.exe (PUP.Optional.IePluginService.A) -> 1840 -> Ta bort vid nästa datorstart. C:\ProgramData\WPM\wprotectmanager.exe (PUP.Optional.WpManager.A) -> 1876 -> Ta bort vid nästa datorstart. Upptäckta minnesmoduler: 0 (Inga skadliga poster hittades) Upptäckta registernycklar: 9 HKLM\SYSTEM\CurrentControlSet\Services\IePluginService (PUP.Optional.IePluginService.A) -> Sattes i karantän och togs bort. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IePlugins (PUP.Optional.IePluginService.A) -> Sattes i karantän och togs bort. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} (PUP.Optional.SupTab.A) -> Sattes i karantän och togs bort. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} (PUP.Optional.SupTab.A) -> Sattes i karantän och togs bort. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} (PUP.Optional.SupTab.A) -> Sattes i karantän och togs bort. HKLM\SYSTEM\CurrentControlSet\Services\Wpm (PUP.Optional.WpManager.A) -> Sattes i karantän och togs bort. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WPM (PUP.Optional.WpManager.A) -> Sattes i karantän och togs bort. HKLM\SOFTWARE\sweet-pageSoftware (PUP.Optional.SweetPage.A) -> Sattes i karantän och togs bort. HKLM\SOFTWARE\Google\Chrome\Extensions\pkndmigholgfjlniaohblojbhgjbkakn (PUP.Optional.NewTab.A) -> Sattes i karantän och togs bort. Upptäckta registervärden: 3 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Search Protection (PUP.Optional.SearchProtection.A) -> Data: C:\ProgramData\Search Protection\SearchProtection.exe -> Sattes i karantän och togs bort. HKLM\SOFTWARE\Mozilla\Firefox\Extensions|lightningnewtab@gmail.com (PUP.Optional.Lightning.A) -> Data: C:\Users\Henrik.CEMENT\AppData\Roaming\Mozilla\Firefox\Profiles\7zhtpabx.default\extensions\lightningnewtab@gmail.com.xpi -> Sattes i karantän och togs bort. HKLM\SYSTEM\CurrentControlSet\Services\Wpm|ImagePath (PUP.Optional.WpManager.A) -> Data: C:\ProgramData\WPM\wprotectmanager.exe -service -> Sattes i karantän och togs bort. Upptäckta registerdataposter: 0 (Inga skadliga poster hittades) Upptäckta mappar: 3 C:\ProgramData\Datamngr (PUP.Optional.Datamngr.A) -> Sattes i karantän och togs bort. C:\ProgramData\IePluginService (PUP.Optional.IePluginService.A) -> Ta bort vid nästa datorstart. C:\ProgramData\IePluginService\update (PUP.Optional.IePluginService.A) -> Sattes i karantän och togs bort. Upptäckta filer: 44 C:\ProgramData\IePluginService\PluginService.exe (PUP.Optional.IePluginService.A) -> Ta bort vid nästa datorstart. C:\$Recycle.Bin\S-1-5-21-1930276774-2984886965-450592802-1155\$R8FBX53.exe (PUP.Optional.CoolApp) -> Sattes i karantän och togs bort. C:\$Recycle.Bin\S-1-5-21-1930276774-2984886965-450592802-1155\$R56BVBU\SupTab.dll (PUP.Optional.SupTab.A) -> Sattes i karantän och togs bort. C:\Users\Henrik.CEMENT\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000180 (PUP.Optional.CoolApp) -> Sattes i karantän och togs bort. C:\Users\Henrik.CEMENT\AppData\Local\Mozilla\Firefox\Profiles\7zhtpabx.default\Cache\F\3F\4F3B0d01 (PUP.Optional.Bandoo.A) -> Sattes i karantän och togs bort. C:\Users\Henrik.CEMENT\AppData\Local\Temp\fullpackage_temp1391638608\package1.zip (PUP.Optional.SkyTech.A) -> Sattes i karantän och togs bort. C:\Users\Henrik.CEMENT\AppData\Local\Temp\fullpackage_temp1391638608\tmp\SupTab.exe (PUP.Optional.SupTab.A) -> Sattes i karantän och togs bort. C:\Users\Henrik.CEMENT\AppData\Roaming\Mozilla\Firefox\Profiles\7zhtpabx.default\extensions\{42BA5B64-9D40-5524-BA08-32E2FE81AE25}\components\DatamngrHlpFF10.dll (PUP.Optional.Bandoo.A) -> Sattes i karantän och togs bort. C:\Users\Henrik.CEMENT\AppData\Roaming\Mozilla\Firefox\Profiles\7zhtpabx.default\extensions\{42BA5B64-9D40-5524-BA08-32E2FE81AE25}\components\DatamngrHlpFF11.dll (PUP.Optional.Bandoo.A) -> Sattes i karantän och togs bort. C:\Users\Henrik.CEMENT\AppData\Roaming\Mozilla\Firefox\Profiles\7zhtpabx.default\extensions\{42BA5B64-9D40-5524-BA08-32E2FE81AE25}\components\DatamngrHlpFF12.dll (PUP.Optional.Bandoo.A) -> Sattes i karantän och togs bort. C:\Users\Henrik.CEMENT\AppData\Roaming\Mozilla\Firefox\Profiles\7zhtpabx.default\extensions\{42BA5B64-9D40-5524-BA08-32E2FE81AE25}\components\DatamngrHlpFF13.dll (PUP.Optional.Bandoo.A) -> Sattes i karantän och togs bort. C:\Users\Henrik.CEMENT\AppData\Roaming\Mozilla\Firefox\Profiles\7zhtpabx.default\extensions\{42BA5B64-9D40-5524-BA08-32E2FE81AE25}\components\DatamngrHlpFF14.dll (PUP.Optional.Bandoo.A) -> Sattes i karantän och togs bort. C:\Users\Henrik.CEMENT\AppData\Roaming\Mozilla\Firefox\Profiles\7zhtpabx.default\extensions\{42BA5B64-9D40-5524-BA08-32E2FE81AE25}\components\DatamngrHlpFF15.dll (PUP.Optional.Bandoo.A) -> Sattes i karantän och togs bort. C:\Users\Henrik.CEMENT\AppData\Roaming\Mozilla\Firefox\Profiles\7zhtpabx.default\extensions\{42BA5B64-9D40-5524-BA08-32E2FE81AE25}\components\DatamngrHlpFF16.dll (PUP.Optional.Bandoo.A) -> Sattes i karantän och togs bort. C:\Users\Henrik.CEMENT\AppData\Roaming\Mozilla\Firefox\Profiles\7zhtpabx.default\extensions\{42BA5B64-9D40-5524-BA08-32E2FE81AE25}\components\DatamngrHlpFF17.dll (PUP.Optional.Bandoo.A) -> Sattes i karantän och togs bort. C:\Users\Henrik.CEMENT\AppData\Roaming\Mozilla\Firefox\Profiles\7zhtpabx.default\extensions\{42BA5B64-9D40-5524-BA08-32E2FE81AE25}\components\DatamngrHlpFF18.dll (PUP.Optional.Bandoo.A) -> Sattes i karantän och togs bort. C:\Users\Henrik.CEMENT\AppData\Roaming\Mozilla\Firefox\Profiles\7zhtpabx.default\extensions\{42BA5B64-9D40-5524-BA08-32E2FE81AE25}\components\DatamngrHlpFF19.dll (PUP.Optional.Bandoo.A) -> Sattes i karantän och togs bort. C:\Users\Henrik.CEMENT\AppData\Roaming\Mozilla\Firefox\Profiles\7zhtpabx.default\extensions\{42BA5B64-9D40-5524-BA08-32E2FE81AE25}\components\DatamngrHlpFF2.dll (PUP.Optional.Bandoo.A) -> Sattes i karantän och togs bort. C:\Users\Henrik.CEMENT\AppData\Roaming\Mozilla\Firefox\Profiles\7zhtpabx.default\extensions\{42BA5B64-9D40-5524-BA08-32E2FE81AE25}\components\DatamngrHlpFF20.dll (PUP.Optional.Bandoo.A) -> Sattes i karantän och togs bort. C:\Users\Henrik.CEMENT\AppData\Roaming\Mozilla\Firefox\Profiles\7zhtpabx.default\extensions\{42BA5B64-9D40-5524-BA08-32E2FE81AE25}\components\DatamngrHlpFF21.dll (PUP.Optional.Bandoo.A) -> Sattes i karantän och togs bort. C:\Users\Henrik.CEMENT\AppData\Roaming\Mozilla\Firefox\Profiles\7zhtpabx.default\extensions\{42BA5B64-9D40-5524-BA08-32E2FE81AE25}\components\DatamngrHlpFF22.dll (PUP.Optional.Bandoo.A) -> Sattes i karantän och togs bort. C:\Users\Henrik.CEMENT\AppData\Roaming\Mozilla\Firefox\Profiles\7zhtpabx.default\extensions\{42BA5B64-9D40-5524-BA08-32E2FE81AE25}\components\DatamngrHlpFF23.dll (PUP.Optional.Bandoo.A) -> Sattes i karantän och togs bort. C:\Users\Henrik.CEMENT\AppData\Roaming\Mozilla\Firefox\Profiles\7zhtpabx.default\extensions\{42BA5B64-9D40-5524-BA08-32E2FE81AE25}\components\DatamngrHlpFF24.dll (PUP.Optional.Bandoo.A) -> Sattes i karantän och togs bort. C:\Users\Henrik.CEMENT\AppData\Roaming\Mozilla\Firefox\Profiles\7zhtpabx.default\extensions\{42BA5B64-9D40-5524-BA08-32E2FE81AE25}\components\DatamngrHlpFF25.dll (PUP.Optional.Bandoo.A) -> Sattes i karantän och togs bort. C:\Users\Henrik.CEMENT\AppData\Roaming\Mozilla\Firefox\Profiles\7zhtpabx.default\extensions\{42BA5B64-9D40-5524-BA08-32E2FE81AE25}\components\DatamngrHlpFF26.dll (PUP.Optional.Bandoo.A) -> Sattes i karantän och togs bort. C:\Users\Henrik.CEMENT\AppData\Roaming\Mozilla\Firefox\Profiles\7zhtpabx.default\extensions\{42BA5B64-9D40-5524-BA08-32E2FE81AE25}\components\DatamngrHlpFF4.dll (PUP.Optional.Bandoo.A) -> Sattes i karantän och togs bort. C:\Users\Henrik.CEMENT\AppData\Roaming\Mozilla\Firefox\Profiles\7zhtpabx.default\extensions\{42BA5B64-9D40-5524-BA08-32E2FE81AE25}\components\DatamngrHlpFF5.dll (PUP.Optional.Bandoo.A) -> Sattes i karantän och togs bort. C:\Users\Henrik.CEMENT\AppData\Roaming\Mozilla\Firefox\Profiles\7zhtpabx.default\extensions\{42BA5B64-9D40-5524-BA08-32E2FE81AE25}\components\DatamngrHlpFF6.dll (PUP.Optional.Bandoo.A) -> Sattes i karantän och togs bort. C:\Users\Henrik.CEMENT\AppData\Roaming\Mozilla\Firefox\Profiles\7zhtpabx.default\extensions\{42BA5B64-9D40-5524-BA08-32E2FE81AE25}\components\DatamngrHlpFF7.dll (PUP.Optional.Bandoo.A) -> Sattes i karantän och togs bort. C:\Users\Henrik.CEMENT\AppData\Roaming\Mozilla\Firefox\Profiles\7zhtpabx.default\extensions\{42BA5B64-9D40-5524-BA08-32E2FE81AE25}\components\DatamngrHlpFF8.dll (PUP.Optional.Bandoo.A) -> Sattes i karantän och togs bort. C:\Users\Henrik.CEMENT\AppData\Roaming\Mozilla\Firefox\Profiles\7zhtpabx.default\extensions\{42BA5B64-9D40-5524-BA08-32E2FE81AE25}\components\DatamngrHlpFF9.dll (PUP.Optional.Bandoo.A) -> Sattes i karantän och togs bort. C:\Users\Henrik.CEMENT\Downloads\Minecraft ModLoader (1).exe (PUP.Optional.Firseria) -> Sattes i karantän och togs bort. C:\Users\Henrik.CEMENT\Downloads\Minecraft ModLoader (2).exe (PUP.Optional.Firseria) -> Sattes i karantän och togs bort. C:\Users\Henrik.CEMENT\Downloads\Minecraft ModLoader.exe (PUP.Optional.Firseria) -> Sattes i karantän och togs bort. C:\Users\Henrik.CEMENT\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtabv2.crx (PUP.Optional.NewTab.A) -> Sattes i karantän och togs bort. C:\ProgramData\Wincert\win32cert.dll (PUP.Optional.Datamngr.A) -> Sattes i karantän och togs bort. C:\ProgramData\Wincert\win64cert.dll (PUP.Optional.Datamngr.A) -> Sattes i karantän och togs bort. C:\ProgramData\Wincert\win32prop.dll (PUP.Optional.Datamngr.A) -> Sattes i karantän och togs bort. C:\ProgramData\Wincert\win64prop.dll (PUP.Optional.Datamngr.A) -> Sattes i karantän och togs bort. C:\ProgramData\Datamngr\coordinator.cfg (PUP.Optional.Datamngr.A) -> Sattes i karantän och togs bort. C:\ProgramData\Datamngr\general.cfg (PUP.Optional.Datamngr.A) -> Sattes i karantän och togs bort. C:\ProgramData\Datamngr\S-1-5-21-1930276774-2984886965-450592802-1155.cfg (PUP.Optional.Datamngr.A) -> Sattes i karantän och togs bort. C:\ProgramData\WPM\wprotectmanager.exe (PUP.Optional.WpManager.A) -> Ta bort vid nästa datorstart. C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\sweet-page.xml (PUP.Optional.SweetPage.A) -> Sattes i karantän och togs bort. (klar) Adwarecleaner report: # AdwCleaner v3.018 - Report created 13/02/2014 at 19:06:31 # Updated 28/01/2014 by Xplode # Operating System : Windows 7 Professional Service Pack 1 (64 bits) # Username : Henrik - HENRIK-THINK-12 # Running from : C:\Users\Henrik.CEMENT\Desktop\Adware Cleaner\adwcleaner.exe # Option : Scan ***** [ Services ] ***** ***** [ Files / Folders ] ***** ***** [ Shortcuts ] ***** Shortcut Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk ( hxxp://www.sweet-page.com/?type=sc&ts=1391638620&from=cor&uid=INTELXSSDSA2CW120G3_BTPR2096028V120LGN ) Shortcut Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk ( hxxp://www.sweet-page.com/?type=sc&ts=1391638620&from=cor&uid=INTELXSSDSA2CW120G3_BTPR2096028V120LGN ) Shortcut Found : C:\Users\Henrik.CEMENT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk ( hxxp://www.sweet-page.com/?type=sc&ts=1391638620&from=cor&uid=INTELXSSDSA2CW120G3_BTPR2096028V120LGN ) Shortcut Found : C:\Users\Henrik.CEMENT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk ( hxxp://www.sweet-page.com/?type=sc&ts=1391638620&from=cor&uid=INTELXSSDSA2CW120G3_BTPR2096028V120LGN ) Shortcut Found : C:\Users\Henrik.CEMENT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk ( hxxp://www.sweet-page.com/?type=sc&ts=1391638620&from=cor&uid=INTELXSSDSA2CW120G3_BTPR2096028V120LGN ) Shortcut Found : C:\Users\Henrik.CEMENT\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk ( hxxp://www.sweet-page.com/?type=sc&ts=1391638620&from=cor&uid=INTELXSSDSA2CW120G3_BTPR2096028V120LGN ) Shortcut Found : C:\Users\Henrik.CEMENT\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk ( hxxp://www.sweet-page.com/?type=sc&ts=1391638620&from=cor&uid=INTELXSSDSA2CW120G3_BTPR2096028V120LGN ) Shortcut Found : C:\Users\Henrik.CEMENT\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer (64-bit).lnk ( hxxp://www.sweet-page.com/?type=sc&ts=1391638620&from=cor&uid=INTELXSSDSA2CW120G3_BTPR2096028V120LGN ) Shortcut Found : C:\Users\Henrik.CEMENT\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk ( hxxp://www.sweet-page.com/?type=sc&ts=1391638620&from=cor&uid=INTELXSSDSA2CW120G3_BTPR2096028V120LGN ) Shortcut Found : C:\Users\Henrik.CEMENT\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Internet Explorer.lnk ( hxxp://www.sweet-page.com/?type=sc&ts=1391638620&from=cor&uid=INTELXSSDSA2CW120G3_BTPR2096028V120LGN ) ***** [ Registry ] ***** Key Found : HKLM\Software\DataMngr Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32 Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs ***** [ Browsers ] ***** -\\ Internet Explorer v9.0.8112.16533 -\\ Mozilla Firefox v26.0 (sv-SE) [ File : C:\Users\Henrik.CEMENT\AppData\Roaming\Mozilla\Firefox\Profiles\7zhtpabx.default\prefs.js ] -\\ Google Chrome v12.0.742.112 [ File : C:\Users\Henrik.CEMENT\AppData\Local\Google\Chrome\User Data\Default\preferences ] Found : urls_to_restore_on_startup ************************* AdwCleaner[R1].txt - [3333 octets] - [13/02/2014 19:06:31] ########## EOF - H:\AdwCleaner\AdwCleaner[R1].txt - [3393 octets] ########## Länk till kommentar Dela på andra webbplatser More sharing options...
Cecilia Postad 14 februari, 2014 Share Postad 14 februari, 2014 Hej! 1. Stäng alla program, inklusive webbläsare. Dubbelklicka på AdwCleaner för att starta programmet. Klicka på Scan-knappen. Vänta tills sökningen är klar. Klicka på Clean-knappen. Tryck på OK. Tryck på OK fler gånger om det kommer upp meddelanden. Datorn kommer att startas om. En rapport kommer upp, kopiera innehållet och klistra in i ditt svar. Om rapporten inte kommer upp, så finns den även som C:\AdwCleaner[s0].txt 2. Spara ShortcutCleaner på skrivbordet: http://www.bleepingcomputer.com/download/shortcut-cleaner/dl/172/ Starta den nedladdade filen ss-cleaner.exe. Vänta tills den är klar. En rapport kommer upp, bifoga den till ditt svar. 3. Kör FRST igen och klistra in den nya FRST.txt så får vi se vad som återstår. 4. Skanna datorn online på http://www.eset.com/onlinescan/ För att inte skannern ska ta för lång tid på sig stäng av ditt antivirusprogram under tiden. Avbocka alternativet Remove found threats Bocka för Scan Archives Klicka på Advanced Settings Bocka för: Scan for potentially unwanted applications Scan for potentially unsafe applications Enable Anti-Stealth Technology Klicka på Scan När skanningen är klar klicka på List of threats found, följt av Export to a text file. Spara till en fil på skrivbordet, öppna filen, kopiera resultatet och klistra sedan in det i ditt svar. Länk till kommentar Dela på andra webbplatser More sharing options...
hejeh Postad 14 februari, 2014 Trådskapare Share Postad 14 februari, 2014 Du skriver kör FRST igen men FRST skriver du inget om ovan så den har jag inte kört förut... Skall jag följa körschemat ändå? /henrik Länk till kommentar Dela på andra webbplatser More sharing options...
Cecilia Postad 14 februari, 2014 Share Postad 14 februari, 2014 Förlåt, det var visst DDS i den här tråden. Kör DDS igen och klistra in den nya DDS.txt. Länk till kommentar Dela på andra webbplatser More sharing options...
hejeh Postad 14 februari, 2014 Trådskapare Share Postad 14 februari, 2014 Hehe, det finns alltså för många klantskallar med skräp i datorerna... Adware cleaner: # AdwCleaner v3.018 - Report created 14/02/2014 at 14:19:13 # Updated 28/01/2014 by Xplode # Operating System : Windows 7 Professional Service Pack 1 (64 bits) # Username : Henrik - HENRIK-THINK-12 # Running from : C:\Users\Henrik.CEMENT\Desktop\Adware Cleaner\adwcleaner (2).exe # Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** ***** [ Shortcuts ] ***** ***** [ Registry ] ***** ***** [ Browsers ] ***** -\\ Internet Explorer v9.0.8112.16533 -\\ Mozilla Firefox v26.0 (sv-SE) [ File : C:\Users\Henrik.CEMENT\AppData\Roaming\Mozilla\Firefox\Profiles\7zhtpabx.default\prefs.js ] -\\ Google Chrome v12.0.742.112 [ File : C:\Users\Henrik.CEMENT\AppData\Local\Google\Chrome\User Data\Default\preferences ] Deleted : urls_to_restore_on_startup ************************* AdwCleaner[R1].txt - [3473 octets] - [13/02/2014 19:06:47] AdwCleaner[R4].txt - [1041 octets] - [14/02/2014 14:19:05] AdwCleaner[s3].txt - [966 octets] - [14/02/2014 14:19:13] ########## EOF - H:\AdwCleaner\AdwCleaner[s3].txt - [1025 octets] ########## Shortcut Cleaner 1.2.8 by Lawrence Abrams (Grinler) http://www.bleepingcomputer.com/ Copyright 2008-2014 BleepingComputer.com More Information about Shortcut Cleaner can be found at this link: http://www.bleepingcomputer.com/download/shortcut-cleaner/ Windows Version: Windows 7 Professional Service Pack 1 Program started at: 02/14/2014 02:26:30 PM. Scanning for registry hijacks: * No issues found in the Registry. Searching for Hijacked Shortcuts: Searching C:\Users\Henrik.CEMENT\AppData\Roaming\Microsoft\Windows\Start Menu\ Searching C:\ProgramData\Microsoft\Windows\Start Menu\ Searching C:\Users\Henrik.CEMENT\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\ Searching C:\Users\Public\Desktop\ Searching C:\Users\Henrik.CEMENT\Desktop 0 bad shortcuts found. Program finished at: 02/14/2014 02:26:31 PM Execution time: 0 hours(s), 0 minute(s), and 1 seconds(s) DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 9.0.8112.16533 BrowserJavaVersion: 10.51.2 Run by Henrik at 14:27:48 on 2014-02-14 Microsoft Windows 7 Professional 6.1.7601.1.1252.46.1053.18.8075.5972 [GMT 1:00] . AV: Norton AntiVirus *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Norton AntiVirus *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202} . ============== Running Processes =============== . C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\ibmpmsvc.exe C:\Windows\system32\nvvsvc.exe C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\WUDFHost.exe C:\Windows\system32\WUDFHost.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\WLANExt.exe C:\Windows\system32\taskeng.exe C:\Windows\System32\spoolsv.exe C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe C:\Windows\system32\CxAudMsg64.exe C:\ProgramData\DatacardService\DCService.exe C:\Program Files\Intel\WiFi\bin\EvtEng.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe C:\Program Files (x86)\Norton AntiVirus\Engine\21.1.0.18\NAV.exe C:\Program Files (x86)\Norton Identity Safe\Engine\2014.6.0.27\NST.exe C:\PROGRA~1\LENOVO\HOTKEY\tpnumlk.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe C:\Windows\SysWOW64\SAsrv.exe C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe C:\Program Files (x86)\Securepoint SSL VPN\SPOpenVPNService.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files (x86)\Mobile Broadband drivers\WMCore\mini_WMCore.exe C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe C:\Windows\servicing\TrustedInstaller.exe C:\Windows\system32\svchost.exe -k bthsvcs C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe C:\Windows\system32\nvvsvc.exe C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\taskhost.exe C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe C:\Program Files (x86)\Norton Identity Safe\Engine\2014.6.0.27\NST.exe C:\Program Files (x86)\Norton AntiVirus\Engine\21.1.0.18\NAV.exe C:\Windows\system32\rundll32.exe C:\PROGRA~1\Lenovo\Zoom\TPSCREX.EXE C:\Windows\system32\Dwm.exe C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE C:\PROGRA~1\Lenovo\HOTKEY\SHTCTKY.EXE C:\PROGRA~1\LENOVO\HOTKEY\tpnumlkd.exe C:\ProgramData\DatacardService\DCSHelper.exe C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe C:\Windows\system32\taskeng.exe C:\Program Files (x86)\Lenovo\Screen Reading Optimizer\SRORest.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe C:\Windows\System32\TpShocks.exe C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe C:\Program Files\CONEXANT\ForteConfig\fmapp.exe C:\Program Files\Lenovo\Client Security Solution\cssauth.exe C:\Program Files\Lenovo\AutoLock\ALCKRESI.exe C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Users\Henrik.CEMENT\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe C:\Users\Henrik.CEMENT\AppData\Local\Google\Update\GoogleUpdate.exe C:\Program Files (x86)\Personal\bin\Personal.exe C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe C:\Users\Henrik.CEMENT\AppData\Roaming\Dropbox\bin\Dropbox.exe C:\Program Files\Lenovo\Client Security Solution\password_manager.exe C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe C:\Windows\SysWOW64\rundll32.exe C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoDashboard.exe C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe C:\Windows\system32\rundll32.exe C:\Program Files (x86)\Lenovo\Client Security Solution\password_manager.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\explorer.exe C:\Windows\SysWOW64\RunDll32.exe C:\Program Files\ThinkPad\Bluetooth Software\BtStackServer.exe C:\PROGRA~2\ThinkPad\UTILIT~1\SCHTASK.exe C:\Program Files\ThinkPad\Bluetooth Software\Bluetooth Headset Helper.exe C:\Windows\System32\mobsync.exe C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe C:\Windows\system32\sppsvc.exe C:\Program Files (x86)\Lenovo\Screen Reading Optimizer\SROSVC.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe C:\Windows\system32\SearchFilterHost.exe C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxps://www.google.se/ uDefault_Page_URL = hxxp://www.google.com mStart Page = hxxp://www.google.com mSearch Page = hxxp://www.google.com mDefault_Page_URL = hxxp://www.google.com mDefault_Search_URL = hxxp://www.google.com mWinlogon: Userinit = userinit.exe, BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton AntiVirus\Engine\21.1.0.18\IPS\ipsbho.dll BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll BHO: Norton Identity Protection: {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.6.0.27\coieplg.dll BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL BHO: IePasswordManagerHelper Class: {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} - C:\Program Files (x86)\Lenovo\Client Security Solution\tvtpwm_ie_com.dll BHO: Symantec VIP Access Add-On: {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} - C:\Program Files (x86)\Symantec\VIP Access Client\VIPAddOnForIE.dll BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll TB: Norton Identity Safe Toolbar: {A13C2648-91D4-4BF3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.6.0.27\coieplg.dll TB: Norton Identity Safe Toolbar: {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.6.0.27\coieplg.dll TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll uRun: [spotify Web Helper] "C:\Users\Henrik.CEMENT\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun uRun: [Google Update] "C:\Users\Henrik.CEMENT\AppData\Local\Google\Update\GoogleUpdate.exe" /c uRun: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe Run uRun: [AdobeBridge] <no file> mRun: [seagate Dashboard] C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe --silent --no_ui mRun: [RotateImage] C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" mRun: [Lenovo Registration] C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe /boot mRun: [iMSS] "C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe" mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin mRun: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe mRun: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start StartupFolder: C:\Users\HENRIK~1.CEM\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Henrik.CEMENT\AppData\Roaming\Dropbox\bin\Dropbox.exe StartupFolder: C:\Users\HENRIK~1.CEM\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\PHONEM~1.LNK - C:\Program Files (x86)\Avaya\IP Office\Phone Manager\PhoneManager.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BANKID~1.LNK - C:\Program Files (x86)\Personal\bin\Personal.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe uPolicies-Explorer: NoDriveTypeAutoRun = dword:145 mPolicies-Explorer: NoActiveDesktop = dword:1 mPolicies-Explorer: NoActiveDesktopChanges = dword:1 mPolicies-System: ConsentPromptBehaviorAdmin = dword:0 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableLUA = dword:0 mPolicies-System: EnableUIADesktopToggle = dword:0 mPolicies-System: PromptOnSecureDesktop = dword:0 mPolicies-System: RunStartupScriptSync = dword:1 mPolicies-System: DisableCAD = dword:1 IE: E&xportera till Microsoft Excel - C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000 IE: Ski&cka till OneNote - C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105 IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-001045-0002-0045-ABCDEFFEDCBC} - <orphaned> IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll IE: {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Program Files (x86)\Lenovo\Client Security Solution\tvtpwm_ie_com.dll Trusted Zone: click-clean.com DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab TCP: NameServer = 192.168.1.254 TCP: Interfaces\{394CE077-BEE1-4724-982A-8D9375123F56} : DHCPNameServer = 192.168.1.254 TCP: Interfaces\{394CE077-BEE1-4724-982A-8D9375123F56}\46C696E6B6 : DHCPNameServer = 192.168.0.1 TCP: Interfaces\{394CE077-BEE1-4724-982A-8D9375123F56}\77164756273797374756D637 : DHCPNameServer = 172.16.0.2 TCP: Interfaces\{394CE077-BEE1-4724-982A-8D9375123F56}\E4546533 : DHCPNameServer = 192.168.2.1 TCP: Interfaces\{E536509A-13FC-47CD-B475-6BD50A0882EE} : DHCPNameServer = 192.168.32.10 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll AppInit_DLLs= C:\Windows\SysWOW64\nvinit.dll SSODL: WebCheck - <orphaned> LSA: Notification Packages = scecli ACGina C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll C:\Program Files\ThinkPad\Bluetooth Software\BtwProximityCP.dll IFEO: bitguard.exe - tasklist.exe IFEO: bprotect.exe - tasklist.exe IFEO: bpsvc.exe - tasklist.exe IFEO: browsemngr.exe - tasklist.exe IFEO: browserdefender.exe - tasklist.exe x64-mStart Page = hxxp://www.google.com x64-mSearch Page = hxxp://www.google.com x64-mDefault_Page_URL = hxxp://www.google.com x64-mDefault_Search_URL = hxxp://www.google.com x64-BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll x64-BHO: Norton Identity Protection: {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} - C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.6.0.27\coieplg.dll x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL x64-BHO: Symantec VIP Access Add-On: {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} - C:\Program Files (x86)\Symantec\VIP Access Client\64bit\VIPAddOnForIE64.dll x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll x64-TB: Norton Identity Safe Toolbar: {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.6.0.27\coieplg.dll x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll x64-Run: [TpShocks] TpShocks.exe x64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe x64-Run: [smartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe /t x64-Run: [LENOVO.TPKNRRES] C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe x64-Run: [ForteConfig] C:\Program Files\Conexant\ForteConfig\fmapp.exe x64-Run: [cssauth] "C:\Program Files\Lenovo\Client Security Solution\cssauth.exe" silent x64-Run: [ALCKRESI.EXE] C:\Program Files\Lenovo\AutoLock\ALCKRESI.EXE x64-Run: [AcWin7Hlpr] C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" x64-Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll x64-DPF: {444785F1-DE89-4295-863A-D46C3A781394} - hxxp://webplayer.unity3d.com/download_webplayer/UnityWebPlayer.cab x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned> x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned> x64-Notify: igfxcui - igfxdev.dll x64-Notify: psfus - C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll x64-SSODL: WebCheck - <orphaned> x64-IFEO: bitguard.exe - tasklist.exe x64-IFEO: bprotect.exe - tasklist.exe x64-IFEO: bpsvc.exe - tasklist.exe x64-IFEO: browsemngr.exe - tasklist.exe x64-IFEO: browserdefender.exe - tasklist.exe . Note: multiple IFEO entries found. Please refer to Attach.txt . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Henrik.CEMENT\AppData\Roaming\Mozilla\Firefox\Profiles\7zhtpabx.default\ FF - prefs.js: browser.search.selectedEngine - SecureSearch FF - prefs.js: browser.startup.homepage - hxxps://www.google.se/ FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll FF - plugin: C:\Program Files (x86)\OverTheEdge\Unity\WebPlayer\loader\npUnityWeb32.dll FF - plugin: C:\Program Files (x86)\Personal\bin\np_prsnl.dll FF - plugin: C:\Program Files (x86)\Personal\bin\np_prsnl64.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\Users\Henrik.CEMENT\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll FF - plugin: C:\Users\Henrik.CEMENT\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll . ============= SERVICES / DRIVERS =============== . R0 DzHDD64;DzHDD64;C:\Windows\System32\drivers\DZHDD64.SYS [2011-10-31 31344] R0 nvpciflt;nvpciflt;C:\Windows\System32\drivers\nvpciflt.sys [2014-2-11 30496] R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2012-4-24 55024] R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\NAVx64\1501000.012\SymDS64.sys [2013-11-15 493656] R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\NAVx64\1501000.012\SymEFA64.sys [2013-11-15 1147480] R0 TPDIGIMN;TPDIGIMN;C:\Windows\System32\drivers\ApsHM64.sys [2011-3-29 23664] R1 BHDrvx64;BHDrvx64;C:\Program Files (x86)\Norton AntiVirus\NortonData\21.1.0.18\Definitions\BASHDefs\20140121.001\BHDrvx64.sys [2014-1-22 1526488] R1 ccSet_NAV;NAV Settings Manager;C:\Windows\System32\drivers\NAVx64\1501000.012\ccSetx64.sys [2013-11-15 162392] R1 ccSet_NST;Norton Identity Safe Settings Manager;C:\Windows\System32\drivers\NSTx64\7DE06000.01B\ccsetx64.sys [2013-10-17 162392] R1 IDSVia64;IDSVia64;C:\Program Files (x86)\Norton AntiVirus\NortonData\21.1.0.18\Definitions\IPSDefs\20140213.002\IDSviA64.sys [2014-2-14 521944] R1 lenovo.smi;Lenovo System Interface Driver;C:\Windows\System32\drivers\smiifx64.sys [2011-8-17 15472] R1 nvkflt;nvkflt;C:\Windows\System32\drivers\nvkflt.sys [2014-2-11 284448] R1 PHCORE;PHCORE;C:\Program Files\Lenovo\RapidBoot\PHCORE64.sys [2011-7-8 32104] R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\NAVx64\1501000.012\Ironx64.sys [2013-11-15 264280] R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\NAVx64\1501000.012\symnets.sys [2013-11-15 590936] R2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-9-6 169312] R2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® + High Speed Service;C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [2013-2-13 770528] R2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® + High Speed Security Service;C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2012-9-12 135984] R2 CxAudMsg;Conexant Audio Message Service;C:\Windows\System32\CxAudMsg64.exe [2011-10-31 198784] R2 DCService.exe;DCService.exe;C:\ProgramData\DatacardService\DCService.exe [2010-8-19 229376] R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2014-2-4 2222416] R2 jhi_service;Intel® Identity Protection Technology Host Interface Service;C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe [2011-2-24 212944] R2 LENOVO.CAMMUTE;Lenovo Camera Mute;C:\Program Files\Lenovo\Communications Utility\CamMute.exe [2012-5-7 43584] R2 LENOVO.MICMUTE;Lenovo Microphone Mute;C:\Program Files\Lenovo\HOTKEY\micmute.exe [2013-9-12 127072] R2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe [2012-5-7 62016] R2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe [2011-8-17 133992] R2 LMIGuardianSvc;LMIGuardianSvc;C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [2014-2-4 377616] R2 NAV;Norton AntiVirus;C:\Program Files (x86)\Norton AntiVirus\Engine\21.1.0.18\NAV.exe [2013-11-15 262288] R2 NCO;Norton Identity Safe;C:\Program Files (x86)\Norton Identity Safe\Engine\2014.6.0.27\nst.exe [2013-10-17 129424] R2 risdxc;risdxc;C:\Windows\System32\drivers\risdxc64.sys [2011-10-31 101376] R2 SAService;Conexant SmartAudio service;C:\Windows\System32\SAsrv.exe --> C:\Windows\System32\SAsrv.exe [?] R2 SeagateDashboardService;Seagate Dashboard Service;C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe [2011-6-2 14088] R2 Securepoint VPN;Securepoint VPN;C:\Program Files (x86)\Securepoint SSL VPN\SPOpenVPNService.exe [2013-9-26 142216] R2 SROSVC;Screen Reading Optimizer Service Program;C:\Program Files (x86)\Lenovo\Screen Reading Optimizer\SROSVC.exe [2012-5-9 446800] R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-10-28 383776] R2 TeamViewer7;TeamViewer 7;C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-7-16 2673064] R2 TPHKLOAD;Lenovo Hotkey Client Loader;C:\Program Files\Lenovo\HOTKEY\tphkload.exe [2013-9-12 126456] R2 TPHKSVC;Visa på skärmen;C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe [2013-9-12 125504] R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-10-31 2656280] R2 VIPAppService;VIPAppService;C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe [2012-12-2 81552] R2 WMCoreService;Mobile Broadband Service;C:\Program Files (x86)\Mobile Broadband drivers\WMCore\mini_WMCore.exe servicemode --> C:\Program Files (x86)\Mobile Broadband drivers\WMCore\mini_WMCore.exe servicemode [?] R2 ZeroConfigService;Intel® PROSet/Wireless Zero Configuration Service;C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2013-2-8 3386608] R3 5U877;USB Video Device;C:\Windows\System32\drivers\5U877.sys [2011-10-31 166016] R3 AMPPAL;Intel® Centrino® Wireless Bluetooth® + High Speed Virtuellt kort;C:\Windows\System32\drivers\AmpPal.sys [2013-2-13 163808] R3 BTWAMPFL;BTWAMPFL;C:\Windows\System32\drivers\btwampfl.sys [2011-10-31 598808] R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2013-9-12 39976] R3 ecnssndis; Mobile Broadband Driver;C:\Windows\System32\drivers\wwuss64.sys [2011-10-31 26664] R3 ecnssndisfltr; Mobile Broadband Driver Filter;C:\Windows\System32\drivers\wwussf64.sys [2011-10-31 30248] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2013-11-22 137648] R3 huawei_enumerator;huawei_enumerator;C:\Windows\System32\drivers\ew_jubusenum.sys [2013-3-22 86016] R3 l36wgps; Mobile Broadband GPS Port;C:\Windows\System32\drivers\l36wgps64.sys [2012-5-7 101416] R3 Mbm3CBus;F5521gw Mobile Broadband Device (WDM);C:\Windows\System32\drivers\Mbm3CBus.sys [2011-10-31 419400] R3 Mbm3DevMt; Mobile Broadband Device Management Driver (WDM);C:\Windows\System32\drivers\Mbm3DevMt.sys [2011-10-31 430664] R3 Mbm3mdfl; Mobile Broadband Modem Port Filter;C:\Windows\System32\drivers\Mbm3mdfl.sys [2011-10-31 19528] R3 Mbm3Mdm; Mobile Broadband Modem Port Driver;C:\Windows\System32\drivers\Mbm3Mdm.sys [2011-10-31 483400] R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2011-2-10 82432] R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2011-2-10 181760] R3 TVTI2C;Lenovo SM bus driver;C:\Windows\System32\drivers\tvti2c.sys [2011-5-30 40248] R3 WwanUsbServ;Mobile Broadband Driver;C:\Windows\System32\drivers\WwanUsbMp64.sys [2012-5-7 268840] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 HyperW7Svc;HyperW7 Service;C:\Program Files\Lenovo\RapidBoot\HyperW7Svc64.exe [2011-11-18 144448] S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-9-5 171680] S3 AMPPALP;Intel® Centrino® Wireless Bluetooth® + High Speed-protokoll;C:\Windows\System32\drivers\AmpPal.sys [2013-2-13 163808] S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2014-1-22 108800] S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2010-11-21 71168] S3 DozeSvc;Lenovo Doze Mode Service;C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [2011-10-31 478056] S3 DraftSight API Service;DraftSight API Service;C:\Program Files (x86)\Dassault Systemes\DraftSight\bin\dsHttpApiService.exe [2012-1-24 78336] S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;C:\Windows\System32\drivers\ew_hwusbdev.sys [2013-3-22 117248] S3 ewusbnet;HUAWEI USB-NDIS miniport;C:\Windows\System32\drivers\ewusbnet.sys [2013-3-22 256000] S3 FsUsbExDisk;FsUsbExDisk;C:\Windows\SysWOW64\FsUsbExDisk.Sys [2013-12-2 37344] S3 hwdatacard;Huawei DataCard USB Modem and USB Serial;C:\Windows\System32\drivers\ewusbmdm.sys [2013-3-22 121600] S3 LSCWinService;LSCWinService;C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [2013-9-25 1674720] S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2013-2-8 273136] S3 Power Manager DBC Service;Power Manager DBC Service;C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe [2011-10-31 87400] S3 PwmEWSvc;Cisco EnergyWise Enabler;C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.exe [2011-10-31 173416] S3 s1018bus;Sony Ericsson Device 1018 driver (WDM);C:\Windows\System32\drivers\s1018bus.sys [2009-3-25 113704] S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;C:\Windows\System32\drivers\s1018mdfl.sys [2009-3-25 19496] S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;C:\Windows\System32\drivers\s1018mdm.sys [2009-3-25 153128] S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);C:\Windows\System32\drivers\s1018mgmt.sys [2009-3-25 133160] S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);C:\Windows\System32\drivers\s1018nd5.sys [2009-3-25 34856] S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;C:\Windows\System32\drivers\s1018obex.sys [2009-3-25 128552] S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);C:\Windows\System32\drivers\s1018unic.sys [2009-3-25 146472] S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2014-1-22 206080] S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 27136] S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392] S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232] S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-23 57184] . =============== Created Last 30 ================ . 2014-02-14 08:04:17 -------- d-----w- C:\Program Files (x86)\ESET 2014-02-13 17:27:05 -------- d-----w- C:\Users\Henrik.CEMENT\AppData\Roaming\Malwarebytes 2014-02-13 17:26:48 -------- d-----w- C:\ProgramData\Malwarebytes 2014-02-13 17:26:47 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys 2014-02-13 17:26:47 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2014-02-13 09:20:50 -------- d-----w- C:\FRST 2014-02-12 13:06:14 -------- d-----w- C:\Users\Henrik.CEMENT\AppData\Roaming\NVIDIA 2014-02-12 08:03:35 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll 2014-02-12 08:03:35 2048 ----a-w- C:\Windows\System32\msxml3r.dll 2014-02-12 08:03:35 1882112 ----a-w- C:\Windows\System32\msxml3.dll 2014-02-12 08:03:35 1237504 ----a-w- C:\Windows\SysWow64\msxml3.dll 2014-02-09 16:27:44 -------- d-----w- C:\Users\Henrik.CEMENT\AppData\Local\LogMeIn Hamachi 2014-02-09 16:27:44 -------- d-----w- C:\Users\Henrik.CEMENT\AppData\Local\LogMeIn 2014-02-09 16:27:44 -------- d-----w- C:\ProgramData\LogMeIn 2014-02-09 16:26:02 -------- d-----w- C:\Program Files (x86)\LogMeIn Hamachi 2014-02-08 11:17:55 -------- d-----w- C:\Users\Henrik.CEMENT\AppData\Roaming\LavasoftStatistics 2014-02-08 09:34:14 -------- d-----w- C:\Users\Henrik.CEMENT\AppData\Roaming\SecureSearch 2014-02-08 09:34:07 -------- d-----w- C:\Program Files (x86)\Lavasoft 2014-02-05 22:17:27 -------- d-----w- C:\ProgramData\WPM 2014-02-01 09:39:11 -------- d-----w- C:\Users\Henrik.CEMENT\AppData\Local\Unity 2014-02-01 09:37:05 -------- d-----w- C:\Program Files (x86)\OverTheEdge 2014-01-22 07:52:10 206080 ----a-w- C:\Windows\System32\drivers\ssudmdm.sys 2014-01-22 07:52:10 108800 ----a-w- C:\Windows\System32\drivers\ssudbus.sys 2014-01-17 07:19:00 821824 ----a-w- C:\Windows\SysWow64\dgderapi.dll . ==================== Find3M ==================== . 2014-02-06 06:11:07 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2014-02-06 06:11:07 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2014-02-05 10:00:21 2334720 ----a-w- C:\Windows\System32\jscript9.dll 2014-02-05 09:54:06 1392128 ----a-w- C:\Windows\System32\wininet.dll 2014-02-05 09:52:51 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl 2014-02-05 09:51:59 173056 ----a-w- C:\Windows\System32\ieUnatt.exe 2014-02-05 09:51:52 599040 ----a-w- C:\Windows\System32\vbscript.dll 2014-02-05 09:50:40 2382848 ----a-w- C:\Windows\System32\mshtml.tlb 2014-02-05 08:56:17 1806848 ----a-w- C:\Windows\SysWow64\jscript9.dll 2014-02-05 08:50:39 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll 2014-02-05 08:49:56 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2014-02-05 08:48:40 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe 2014-02-05 08:48:27 421376 ----a-w- C:\Windows\SysWow64\vbscript.dll 2014-02-05 08:47:16 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2013-12-18 20:09:39 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll 2013-11-27 01:41:37 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys 2013-11-27 01:41:15 99840 ----a-w- C:\Windows\System32\drivers\usbccgp.sys 2013-11-27 01:41:11 53248 ----a-w- C:\Windows\System32\drivers\usbehci.sys 2013-11-27 01:41:11 325120 ----a-w- C:\Windows\System32\drivers\usbport.sys 2013-11-27 01:41:09 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys 2013-11-27 01:41:06 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys 2013-11-27 01:41:03 7808 ----a-w- C:\Windows\System32\drivers\usbd.sys 2013-11-26 10:32:56 3156480 ----a-w- C:\Windows\System32\win32k.sys . ============= FINISH: 14:28:02,02 =============== ESET C:\Users\Henrik.CEMENT\AppData\Local\Temp\42bdfe30-48e5-4368-a9fc-ad1b2cccce86.exe a variant of Win32/Toolbar.Visicom.A potentially unwanted application C:\Users\Henrik.CEMENT\AppData\Local\Temp\fullpackage_temp1391638608\tmp\wpm.exe a variant of Win32/ELEX.Y potentially unwanted application C:\Users\Henrik.CEMENT\AppData\Local\Temp\is1315000151\1455308_stp.EXE a variant of Win32/InstallCore.ES potentially unwanted application C:\Users\Henrik.CEMENT\Downloads\ccsetup402.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application Attach_2.txt Länk till kommentar Dela på andra webbplatser More sharing options...
Cecilia Postad 14 februari, 2014 Share Postad 14 februari, 2014 Nja, klantskallar vill jag inte kalla några men det har varit många med denna typ av skadliga tillägg de senaste två veckorna. 1. Trusted Zone: click-clean.com Känner du till ovanstående webbplats och litar du på den väldigt mycket? 2. Avinstallera "Java 7 Update 45 (64-bit)" eftersom det är en gammal version med kända säkerhetshål som gör det lätt att infektera datorn från en webbsida. De flesta behöver inte ha Java installerat över huvud taget, men om du måste är det väldigt viktigt att alltid ha den senaste versionen. 3. FRST behövs även här. Ladda ner Farbar Recovery Scan Tool (FRST) och spara på skrivbordet: http://download.bleepingcomputer.com/farbar/FRST64.exe Starta FRST. Läs villkoren för programmet. Klicka på Yes för att acceptera. Klicka på Scan-knappen. När det är klart kommer det att ha skapats två loggar FRST.txt och Addition.txt på skrivbordet. Klistra in innehållet i FRST.txt direkt i ditt svar och bifoga Addition.txt. Länk till kommentar Dela på andra webbplatser More sharing options...
hejeh Postad 14 februari, 2014 Trådskapare Share Postad 14 februari, 2014 1. Ja, Click+Clean är ett verktyg vi använder i jobbet och jag träffade distributören senast i fredags. 2. Fixat. 3: Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-02-2014 01 Ran by Henrik (administrator) on HENRIK-THINK-12 on 14-02-2014 18:32:36 Running from C:\Users\Henrik.CEMENT\Desktop Windows 7 Professional Service Pack 1 (X64) OS Language: Swedish Internet Explorer Version 9 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (Lenovo.) C:\Windows\system32\ibmpmsvc.exe (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (Microsoft Corporation) C:\Windows\system32\WLANExt.exe (Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe (Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe (Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe (Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe (Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe (Conexant Systems Inc.) C:\Windows\system32\CxAudMsg64.exe () C:\ProgramData\DatacardService\DCService.exe (Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe (LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe (Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe (Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe (Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe (Lenovo Group Limited) C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe (LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe (Symantec Corporation) C:\Program Files (x86)\Norton AntiVirus\Engine\21.1.0.18\NAV.exe (Symantec Corporation) C:\Program Files (x86)\Norton Identity Safe\Engine\2014.6.0.27\NST.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlk.exe (Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Conexant Systems, Inc.) C:\Windows\SysWOW64\SAsrv.exe (Memeo) C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe () C:\Program Files (x86)\Securepoint SSL VPN\SPOpenVPNService.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Ericsson AB) C:\Program Files (x86)\Mobile Broadband drivers\WMCore\mini_WMCore.exe (Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (Authentec Inc.) C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe (Symantec Corporation) C:\Program Files (x86)\Norton Identity Safe\Engine\2014.6.0.27\NST.exe (Symantec Corporation) C:\Program Files (x86)\Norton AntiVirus\Engine\21.1.0.18\NAV.exe (Lenovo Group Limited) C:\Program Files\Lenovo\ZOOM\TpScrex.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\shtctky.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe (Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe (Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe (Lenovo Group Limited) C:\Program Files (x86)\Lenovo\Screen Reading Optimizer\SRORest.exe (Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe (Lenovo.) C:\Windows\System32\TpShocks.exe (Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe () C:\Program Files\CONEXANT\ForteConfig\fmapp.exe (Lenovo Group Limited) C:\Program Files\Lenovo\Client Security Solution\cssauth.exe (Lenovo Group Limited) C:\Program Files\Lenovo\AutoLock\ALCKRESI.exe (Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Spotify Ltd) C:\Users\Henrik.CEMENT\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Google Inc.) C:\Users\Henrik.CEMENT\AppData\Local\Google\Update\GoogleUpdate.exe (Technology Nexus AB) C:\Program Files (x86)\Personal\bin\Personal.exe (Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (Dropbox, Inc.) C:\Users\Henrik.CEMENT\AppData\Roaming\Dropbox\bin\Dropbox.exe (Lenovo Group Limited) C:\Program Files\Lenovo\Client Security Solution\password_manager.exe (Ricoh co.,Ltd.) C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe (Memeo) C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoDashboard.exe (Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Lenovo Group Limited) C:\Program Files (x86)\Lenovo\Client Security Solution\password_manager.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Axentra Corporation) C:\Program Files (x86)\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe (Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BtStackServer.exe (Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE (Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\Bluetooth Headset Helper.exe (Microsoft Corporation) C:\Windows\System32\mobsync.exe (Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe (Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe (Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Lenovo Group Limited) C:\Program Files (x86)\Lenovo\Screen Reading Optimizer\SROSVC.exe (Lenovo Group Limited) C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe (Symantec Corporation) C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe () C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe (Microsoft Corporation) C:\Windows\system32\msiexec.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [TpShocks] - C:\Windows\SYSTEM32\TpShocks.exe [380776 2011-03-29] (Lenovo.) HKLM\...\Run: [synTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2868496 2011-12-23] (Synaptics Incorporated) HKLM\...\Run: [smartAudio] - C:\Program Files\CONEXANT\SAII\SAIICpl.exe [316032 2010-12-14] (Conexant systems, Inc.) HKLM\...\Run: [LENOVO.TPKNRRES] - C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [44096 2012-01-16] (Lenovo Group Limited) HKLM\...\Run: [ForteConfig] - C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-26] () HKLM\...\Run: [cssauth] - C:\Program Files\Lenovo\Client Security Solution\cssauth.exe [5990200 2011-06-10] (Lenovo Group Limited) HKLM\...\Run: [ALCKRESI.EXE] - C:\Program Files\Lenovo\AutoLock\ALCKRESI.EXE [386408 2011-09-27] (Lenovo Group Limited) HKLM\...\Run: [AcWin7Hlpr] - C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe [33344 2011-10-20] (Lenovo) HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated) HKLM\...\Run: [KiesTrayAgent] - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311152 2013-12-11] (Samsung Electronics Co., Ltd.) HKLM-x32\...\Run: [seagate Dashboard] - C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe [79112 2011-06-02] () HKLM-x32\...\Run: [RotateImage] - C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe [55808 2008-10-30] (Ricoh co.,Ltd.) HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.) HKLM-x32\...\Run: [PWMTRV] - rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor HKLM-x32\...\Run: [NUSB3MON] - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation) HKLM-x32\...\Run: [Lenovo Registration] - C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe [4351712 2011-07-14] (Lenovo, Inc.) HKLM-x32\...\Run: [iMSS] - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe [112152 2011-01-17] (Intel Corporation) HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-10-11] (Apple Inc.) HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [AdobeCS6ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated) HKLM-x32\...\Run: [KiesTrayAgent] - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311152 2013-12-11] (Samsung Electronics Co., Ltd.) HKLM-x32\...\Run: [LogMeIn Hamachi Ui] - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3813712 2014-02-04] (LogMeIn Inc.) Winlogon\Notify\igfxcui: C:\Windows\SYSTEM32\igfxdev.dll (Intel Corporation) Winlogon\Notify\psfus: C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll (Authentec Inc.) HKU\S-1-5-21-1930276774-2984886965-450592802-1155\...\Run: [spotify Web Helper] - C:\Users\Henrik.CEMENT\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1168896 2014-02-14] (Spotify Ltd) HKU\S-1-5-21-1930276774-2984886965-450592802-1155\...\Run: [skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.) HKU\S-1-5-21-1930276774-2984886965-450592802-1155\...\Run: [Google Update] - C:\Users\Henrik.CEMENT\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-09-19] (Google Inc.) HKU\S-1-5-21-1930276774-2984886965-450592802-1155\...\Run: [] - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [845168 2013-12-11] (Samsung) HKU\S-1-5-21-1930276774-2984886965-450592802-1155\...\Run: [AdobeBridge] - [X] HKU\S-1-5-21-1930276774-2984886965-450592802-1155\...\Run: [KiesAirMessage] - C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup HKU\S-1-5-21-1930276774-2984886965-450592802-1155\...\MountPoints2: {5810a980-9286-11e2-b6ee-60d819d76468} - E:\AutoRun.exe HKU\S-1-5-21-1930276774-2984886965-450592802-1155\...\MountPoints2: {75f0f6b7-a59d-11e1-9679-60d819d76468} - D:\AutoRun.exe HKU\S-1-5-21-1930276774-2984886965-450592802-1155\...\MountPoints2: {75f0f6c8-a59d-11e1-9679-60d819d76468} - E:\AutoRun.exe HKU\S-1-5-21-1930276774-2984886965-450592802-1155\...\MountPoints2: {95a067c4-89bc-11e1-b119-806e6f6e6963} - Q:\LenovoQDrive.exe HKU\S-1-5-21-1930276774-2984886965-450592802-1155\...\MountPoints2: {bf134581-3792-11e2-8252-60d819d76468} - E:\MotoCastSetup.exe -a AppInit_DLLs: ,C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [245872 2013-10-29] (NVIDIA Corporation) AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [201576 2013-10-29] (NVIDIA Corporation) IFEO\bitguard.exe: [Debugger] tasklist.exe IFEO\bprotect.exe: [Debugger] tasklist.exe IFEO\bpsvc.exe: [Debugger] tasklist.exe IFEO\browsemngr.exe: [Debugger] tasklist.exe IFEO\browserdefender.exe: [Debugger] tasklist.exe IFEO\browsermngr.exe: [Debugger] tasklist.exe IFEO\browserprotect.exe: [Debugger] tasklist.exe IFEO\browsersafeguard.exe: [Debugger] tasklist.exe IFEO\bundlesweetimsetup.exe: [Debugger] tasklist.exe IFEO\cltmngsvc.exe: [Debugger] tasklist.exe IFEO\delta babylon.exe: [Debugger] tasklist.exe IFEO\delta tb.exe: [Debugger] tasklist.exe IFEO\delta2.exe: [Debugger] tasklist.exe IFEO\deltainstaller.exe: [Debugger] tasklist.exe IFEO\deltasetup.exe: [Debugger] tasklist.exe IFEO\deltatb.exe: [Debugger] tasklist.exe IFEO\deltatb_2501-c733154b.exe: [Debugger] tasklist.exe IFEO\iminentsetup.exe: [Debugger] tasklist.exe IFEO\protectedsearch.exe: [Debugger] tasklist.exe IFEO\rjatydimofu.exe: [Debugger] tasklist.exe IFEO\snapdo.exe: [Debugger] tasklist.exe IFEO\stinst32.exe: [Debugger] tasklist.exe IFEO\stinst64.exe: [Debugger] tasklist.exe IFEO\sweetimsetup.exe: [Debugger] tasklist.exe IFEO\tbdelta.exetoolbar783881609.exe: [Debugger] tasklist.exe Lsa: [Notification Packages] scecli ACGina C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll C:\Program Files\ThinkPad\Bluetooth Software\BtwProximityCP.dll Startup: C:\Users\Henrik.CEMENT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\Henrik.CEMENT\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) Startup: C:\Users\Henrik.CEMENT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PhoneManager.lnk ShortcutTarget: PhoneManager.lnk -> C:\Program Files (x86)\Avaya\IP Office\Phone Manager\PhoneManager.exe (Avaya Inc.) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.se/ HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com/welcome/thinkpad StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENP_svSE480 BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) BHO: Norton Identity Protection - {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} - C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.6.0.27\coIEPlg.dll (Symantec Corporation) BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO: Symantec VIP Access Add-On - {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} - C:\Program Files (x86)\Symantec\VIP Access Client\64bit\VIPAddOnForIE64.dll (Symantec Corporation) BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton AntiVirus\Engine\21.1.0.18\IPS\IPSBHO.DLL (Symantec Corporation) BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) BHO-x32: Norton Identity Protection - {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.6.0.27\coIEPlg.dll (Symantec Corporation) BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: IePasswordManagerHelper Class - {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} - C:\Program Files (x86)\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited) BHO-x32: Symantec VIP Access Add-On - {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} - C:\Program Files (x86)\Symantec\VIP Access Client\VIPAddOnForIE.dll (Symantec Corporation) BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - Norton Identity Safe Toolbar - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.6.0.27\coIEPlg.dll (Symantec Corporation) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) Toolbar: HKLM-x32 - Norton Identity Safe Toolbar - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.6.0.27\coIEPlg.dll (Symantec Corporation) Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) Toolbar: HKCU - Norton Identity Safe Toolbar - {A13C2648-91D4-4BF3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.6.0.27\coIEPlg.dll (Symantec Corporation) DPF: HKLM {444785F1-DE89-4295-863A-D46C3A781394} http://webplayer.unity3d.com/download_webplayer/UnityWebPlayer.cab DPF: HKLM-x32 {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 FireFox: ======== FF ProfilePath: C:\Users\Henrik.CEMENT\AppData\Roaming\Mozilla\Firefox\Profiles\7zhtpabx.default FF DefaultSearchEngine: SecureSearch FF SelectedSearchEngine: SecureSearch FF Homepage: https://www.google.se/ FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll () FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF Plugin-x32: @otee.dk/UnityWebPlayer - C:\Program Files (x86)\OverTheEdge\Unity\WebPlayer\loader\npUnityWeb32.dll (OverTheEdge I/S) FF Plugin-x32: @se.nexus/Personal - C:\Program Files (x86)\Personal\bin\np_prsnl.dll (Technology Nexus AB) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Henrik.CEMENT\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Henrik.CEMENT\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Henrik.CEMENT\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\adawaretb.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\allaannonser-sv-SE.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\Ask.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\prisjakt-sv-SE.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\tyda-sv-SE.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\wikipedia-sv-SE.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-sv-SE.xml FF Extension: New tab - C:\Users\Henrik.CEMENT\AppData\Roaming\Mozilla\Firefox\Profiles\7zhtpabx.default\Extensions\{42BA5B64-9D40-5524-BA08-32E2FE81AE25} [2013-12-18] FF Extension: Extension_Protected - C:\Users\Henrik.CEMENT\AppData\Roaming\Mozilla\Firefox\Profiles\7zhtpabx.default\Extensions\jid0-O6MIff3eO5dIGf5Tcv8RsJDKxrs@jetpack.xpi [2014-02-05] FF Extension: Lightning Speed Dial - C:\Users\Henrik.CEMENT\AppData\Roaming\Mozilla\Firefox\Profiles\7zhtpabx.default\Extensions\lightningnewtab@gmail.com.xpi [2014-02-05] FF HKLM-x32\...\Firefox\Extensions: [VIP1X@verisign.com] - C:\Program Files (x86)\Symantec\VIP Access Client\ FF Extension: Symantec VIP Access Add-On - C:\Program Files (x86)\Symantec\VIP Access Client\ [] FF HKLM-x32\...\Firefox\Extensions: [VIP2X@verisign.com] - C:\Program Files (x86)\Symantec\VIP Access Client\ FF Extension: Symantec VIP Access Add-On - C:\Program Files (x86)\Symantec\VIP Access Client\ [] FF HKLM-x32\...\Firefox\Extensions: [{F04D2D30-776C-4d02-8627-8E4385ECA58D}] - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2014.5.0.67\coFFPlgn\ FF Extension: Norton Identity Safe Toolbar - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2014.5.0.67\coFFPlgn\ [] FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_21.1.0.18\IPSFF FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_21.1.0.18\IPSFF [2013-11-16] FF HKCU\...\Firefox\Extensions: [{F74D5734-46F5-4B16-96F0-1E7FBF41B750}] - C:\Program Files (x86)\Lenovo\Client Security Solution\PWM Firefox Extension\2.0b12 FF Extension: ThinkVantage Password Manager - C:\Program Files (x86)\Lenovo\Client Security Solution\PWM Firefox Extension\2.0b12 [2012-05-02] Chrome: ======= CHR HomePage: hxxp://securedsearch2.lavasoft.com/index.php?pr=vmn&id=adawaretb&v=3_8&idate=2014-02-08&ent=hp&u=A1EA6086834563E2AEC83552F5FA10C3 CHR RestoreOnStartup: "hxxp://www.google.com" CHR DefaultSearchProvider: sweet-page CHR DefaultSearchURL: http://www.google.com CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\12.0.742.112\gcswf32.dll () CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll No File CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation) CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation) CHR Plugin: (Chrome NaCl) - C:\Program Files (x86)\Google\Chrome\Application\12.0.742.112\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\12.0.742.112\pdf.dll () CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) CHR Plugin: (Nexus Personal) - C:\Program Files (x86)\Personal\bin\np_prsnl.dll (Technology Nexus AB) CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File CHR Plugin: (Default Plug-in) - default_plugin No File CHR Extension: (Movies Toolbar) - C:\Users\Henrik.CEMENT\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaabcbmongicmdegkmmfgdickgnnob [2013-09-10] CHR Extension: (Lavasoft NewTab) - C:\Users\Henrik.CEMENT\AppData\Local\Google\Chrome\User Data\Default\Extensions\oejkcgajlodefenbbjdnaiahmbnnoole [2014-02-08] CHR HKLM-x32\...\Chrome\Extension: [aaaaabcbmongicmdegkmmfgdickgnnob] - C:\Users\Henrik.CEMENT\AppData\Local\ilividmoviestoolbardla\GC\toolbar.crx [2014-02-08] CHR HKLM-x32\...\Chrome\Extension: [nppllibpnmahfaklnpggkibhkapjkeob] - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.6.0.27\Exts\Chrome.crx [2014-01-22] CHR HKLM-x32\...\Chrome\Extension: [oejkcgajlodefenbbjdnaiahmbnnoole] - C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\chrome-newtab-search.crx [2014-01-22] ==================== Services (Whitelisted) ================= R2 DCService.exe; C:\ProgramData\DatacardService\DCService.exe [229376 2010-08-19] () S3 DozeSvc; C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [478056 2011-08-31] (Lenovo.) S3 DraftSight API Service; C:\Program Files (x86)\Dassault Systemes\DraftSight\bin\dsHttpApiService.exe [78336 2012-01-24] (Dassault Systèmes) R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [133992 2011-07-12] (Lenovo Group Limited) R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [377616 2014-02-04] (LogMeIn, Inc.) S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [1674720 2013-09-25] () S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-02-08] () R2 NAV; C:\Program Files (x86)\Norton AntiVirus\Engine\21.1.0.18\NAV.exe [262288 2013-10-08] (Symantec Corporation) R2 NCO; C:\Program Files (x86)\Norton Identity Safe\Engine\2014.6.0.27\NST.exe [129424 2013-10-06] (Symantec Corporation) R2 Securepoint VPN; C:\Program Files (x86)\Securepoint SSL VPN\SPOpenVPNService.exe [142216 2010-11-22] () R2 SROSVC; C:\Program Files (x86)\Lenovo\Screen Reading Optimizer\SROSVC.exe [446800 2011-09-01] (Lenovo Group Limited) S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [22888 2013-09-17] () R2 ThinkVantage Registry Monitor Service; C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe [1028096 2010-08-31] (Lenovo Group Limited) S3 TVT Backup Service; C:\Program Files (x86)\Lenovo\Rescue and Recovery\rrservice.exe [1492280 2011-08-18] (Lenovo Group Limited) R2 VIPAppService; C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe [81552 2012-12-02] (Symantec Corporation) R2 WMCoreService; C:\Program Files (x86)\Mobile Broadband drivers\WMCore\mini_WMCore.exe [648744 2011-08-12] (Ericsson AB) R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3386608 2013-02-08] (Intel® Corporation) ==================== Drivers (Whitelisted) ==================== R1 BHDrvx64; C:\Program Files (x86)\Norton AntiVirus\NortonData\21.1.0.18\Definitions\BASHDefs\20140121.001\BHDrvx64.sys [1526488 2013-12-18] (Symantec Corporation) R1 ccSet_NAV; C:\Windows\system32\drivers\NAVx64\1501000.012\ccSetx64.sys [162392 2013-09-26] (Symantec Corporation) R1 ccSet_NST; C:\Windows\system32\drivers\NSTx64\7DE06000.01B\ccSetx64.sys [162392 2013-09-27] (Symantec Corporation) R3 ecnssndis; C:\Windows\System32\Drivers\wwuss64.sys [26664 2010-02-24] (Ericsson AB) R3 ecnssndisfltr; C:\Windows\System32\Drivers\wwussf64.sys [30248 2010-02-24] (Ericsson AB) R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-11-21] (Symantec Corporation) R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [137648 2013-11-21] (Symantec Corporation) S3 ewusbnet; C:\Windows\System32\DRIVERS\ewusbnet.sys [256000 2010-08-31] (Huawei Technologies Co., Ltd.) S3 FsUsbExDisk; C:\Windows\SysWOW64\FsUsbExDisk.SYS [37344 2013-10-30] () R1 IDSVia64; C:\Program Files (x86)\Norton AntiVirus\NortonData\21.1.0.18\Definitions\IPSDefs\20140213.002\IDSvia64.sys [521944 2014-01-21] (Symantec Corporation) R3 l36wgps; C:\Windows\System32\DRIVERS\l36wgps64.sys [101416 2011-07-01] (Ericsson AB) R3 Mbm3CBus; C:\Windows\System32\DRIVERS\Mbm3CBus.sys [419400 2011-04-13] (MCCI Corporation) R3 Mbm3DevMt; C:\Windows\System32\DRIVERS\Mbm3DevMt.sys [430664 2011-04-13] (MCCI Corporation) R3 Mbm3mdfl; C:\Windows\System32\DRIVERS\Mbm3mdfl.sys [19528 2011-04-13] (MCCI Corporation) R3 Mbm3Mdm; C:\Windows\System32\DRIVERS\Mbm3Mdm.sys [483400 2011-04-13] (MCCI Corporation) R3 NAVENG; C:\Program Files (x86)\Norton AntiVirus\NortonData\21.1.0.18\Definitions\VirusDefs\20140213.033\ENG64.SYS [126040 2014-01-29] (Symantec Corporation) R3 NAVEX15; C:\Program Files (x86)\Norton AntiVirus\NortonData\21.1.0.18\Definitions\VirusDefs\20140213.033\EX64.SYS [2099288 2014-01-29] (Symantec Corporation) R1 nvkflt; C:\Windows\System32\DRIVERS\nvkflt.sys [284448 2013-10-29] (NVIDIA Corporation) S3 s1018bus; C:\Windows\System32\DRIVERS\s1018bus.sys [113704 2009-03-25] (MCCI Corporation) S3 s1018mdfl; C:\Windows\System32\DRIVERS\s1018mdfl.sys [19496 2009-03-25] (MCCI Corporation) S3 s1018mdm; C:\Windows\System32\DRIVERS\s1018mdm.sys [153128 2009-03-25] (MCCI Corporation) S3 s1018mgmt; C:\Windows\System32\DRIVERS\s1018mgmt.sys [133160 2009-03-25] (MCCI Corporation) S3 s1018nd5; C:\Windows\System32\DRIVERS\s1018nd5.sys [34856 2009-03-25] (MCCI Corporation) S3 s1018obex; C:\Windows\System32\DRIVERS\s1018obex.sys [128552 2009-03-25] (MCCI Corporation) S3 s1018unic; C:\Windows\System32\DRIVERS\s1018unic.sys [146472 2009-03-25] (MCCI Corporation) R3 SRTSP; C:\Windows\System32\Drivers\NAVx64\1501000.012\SRTSP64.SYS [858200 2013-09-27] (Symantec Corporation) R1 SRTSPX; C:\Windows\system32\drivers\NAVx64\1501000.012\SRTSPX64.SYS [36952 2013-09-10] (Symantec Corporation) R0 SymDS; C:\Windows\System32\drivers\NAVx64\1501000.012\SYMDS64.SYS [493656 2013-09-10] (Symantec Corporation) R0 SymEFA; C:\Windows\System32\drivers\NAVx64\1501000.012\SYMEFA64.SYS [1147480 2013-09-27] (Symantec Corporation) R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2013-11-15] (Symantec Corporation) R1 SymIRON; C:\Windows\system32\drivers\NAVx64\1501000.012\Ironx64.SYS [264280 2013-09-27] (Symantec Corporation) R1 SymNetS; C:\Windows\System32\Drivers\NAVx64\1501000.012\SYMNETS.SYS [590936 2013-09-26] (Symantec Corporation) R3 TVTI2C; C:\Windows\System32\DRIVERS\Tvti2c.sys [40248 2011-05-30] (Lenovo Information Product(ShenZhen China) Inc.) R3 WwanUsbServ; C:\Windows\System32\DRIVERS\WwanUsbMp64.sys [268840 2011-08-12] (Ericsson AB) S3 dgderdrv; System32\drivers\dgderdrv.sys [X] S2 smihlp; \??\C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-02-14 18:28 - 2014-02-14 18:32 - 00033240 _____ () C:\Users\Henrik.CEMENT\Desktop\FRST.txt 2014-02-14 14:28 - 2014-02-14 14:28 - 00013048 _____ () C:\Users\Henrik.CEMENT\Desktop\Attach_2.txt 2014-02-14 14:26 - 2014-02-14 14:25 - 00406264 _____ (Bleeping Computer, LLC) C:\Users\Henrik.CEMENT\Desktop\sc-cleaner.exe 2014-02-14 14:25 - 2014-02-14 14:25 - 00000154 _____ () C:\Users\Henrik.CEMENT\Desktop\Shortcutcleaner.url 2014-02-14 14:16 - 2014-02-14 14:27 - 00001325 _____ () C:\Users\Henrik.CEMENT\Desktop\Instruktioner.txt 2014-02-14 13:47 - 2014-02-14 13:47 - 00090112 _____ () C:\Users\Henrik.CEMENT\Downloads\Export_1392382060.xls 2014-02-14 10:34 - 2014-02-14 18:26 - 02152960 _____ (Farbar) C:\Users\Henrik.CEMENT\Desktop\FRST64.exe 2014-02-14 10:28 - 2014-02-14 18:32 - 00000000 ____D () C:\Users\Henrik.CEMENT\Desktop\FRST 2014-02-14 09:04 - 2014-02-14 09:04 - 00000000 ____D () C:\Program Files (x86)\ESET 2014-02-14 09:03 - 2014-02-14 15:49 - 00000000 ____D () C:\Users\Henrik.CEMENT\Desktop\Eset scan 2014-02-14 09:01 - 2014-02-14 14:26 - 00001844 _____ () C:\sc-cleaner.txt 2014-02-14 08:57 - 2014-02-14 08:57 - 00000143 _____ () C:\Users\Henrik.CEMENT\Desktop\Eset scan.url 2014-02-14 08:57 - 2014-02-14 08:56 - 00406264 _____ (Bleeping Computer, LLC) C:\Users\Henrik.CEMENT\Desktop\Shortcut cleaner.exe 2014-02-14 08:55 - 2014-02-14 18:26 - 00000103 _____ () C:\Users\Henrik.CEMENT\Desktop\Svarstext.txt 2014-02-13 18:32 - 2014-02-14 08:50 - 00000000 ____D () C:\Users\Henrik.CEMENT\Desktop\Adware Cleaner 2014-02-13 18:27 - 2014-02-13 18:27 - 00000000 ____D () C:\Users\Henrik.CEMENT\AppData\Roaming\Malwarebytes 2014-02-13 18:26 - 2014-02-13 18:26 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Henrik.CEMENT\Desktop\mbam-setup-1.75.0.1300.exe 2014-02-13 18:26 - 2014-02-13 18:26 - 00001080 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2014-02-13 18:26 - 2014-02-13 18:26 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-02-13 18:26 - 2014-02-13 18:26 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware 2014-02-13 18:26 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-02-13 13:08 - 2014-02-05 11:19 - 17849344 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-02-13 13:08 - 2014-02-05 11:02 - 10926080 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-02-13 13:08 - 2014-02-05 11:00 - 02334720 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-02-13 13:08 - 2014-02-05 10:54 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-02-13 13:08 - 2014-02-05 10:54 - 01347072 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-02-13 13:08 - 2014-02-05 10:52 - 01494528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-02-13 13:08 - 2014-02-05 10:52 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll 2014-02-13 13:08 - 2014-02-05 10:52 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-02-13 13:08 - 2014-02-05 10:51 - 02147840 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-02-13 13:08 - 2014-02-05 10:51 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2014-02-13 13:08 - 2014-02-05 10:51 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-02-13 13:08 - 2014-02-05 10:51 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-02-13 13:08 - 2014-02-05 10:51 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-02-13 13:08 - 2014-02-05 10:50 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-02-13 13:08 - 2014-02-05 10:50 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-02-13 13:08 - 2014-02-05 10:50 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-02-13 13:08 - 2014-02-05 09:58 - 12345344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-02-13 13:08 - 2014-02-05 09:56 - 01806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-02-13 13:08 - 2014-02-05 09:53 - 09739264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-02-13 13:08 - 2014-02-05 09:51 - 01105408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-02-13 13:08 - 2014-02-05 09:50 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-02-13 13:08 - 2014-02-05 09:49 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-02-13 13:08 - 2014-02-05 09:49 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll 2014-02-13 13:08 - 2014-02-05 09:48 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-02-13 13:08 - 2014-02-05 09:48 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2014-02-13 13:08 - 2014-02-05 09:48 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-02-13 13:08 - 2014-02-05 09:48 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-02-13 13:08 - 2014-02-05 09:48 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-02-13 13:08 - 2014-02-05 09:47 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-02-13 13:08 - 2014-02-05 09:47 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-02-13 13:08 - 2014-02-05 09:47 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-02-13 13:08 - 2014-02-05 09:46 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-02-13 13:07 - 2014-02-13 13:08 - 00000160 _____ () C:\Users\Henrik.CEMENT\Desktop\Sweet page - PC för alla.url 2014-02-13 12:56 - 2014-02-14 14:28 - 00033406 _____ () C:\Users\Henrik.CEMENT\Desktop\dds.txt 2014-02-13 12:56 - 2014-02-14 14:28 - 00013048 _____ () C:\Users\Henrik.CEMENT\Desktop\attach.txt 2014-02-13 11:00 - 2014-02-13 11:00 - 00000000 ____D () C:\Windows\ERDNT 2014-02-13 10:59 - 2014-02-13 10:59 - 00000895 _____ () C:\Users\UpdatusUser\Desktop\NTREGOPT.lnk 2014-02-13 10:59 - 2014-02-13 10:59 - 00000895 _____ () C:\Users\petermickelsson\Desktop\NTREGOPT.lnk 2014-02-13 10:59 - 2014-02-13 10:59 - 00000895 _____ () C:\Users\Henrik\Desktop\NTREGOPT.lnk 2014-02-13 10:59 - 2014-02-13 10:59 - 00000895 _____ () C:\Users\Henrik.CEMENT\Desktop\NTREGOPT.lnk 2014-02-13 10:59 - 2014-02-13 10:59 - 00000876 _____ () C:\Users\UpdatusUser\Desktop\ERUNT.lnk 2014-02-13 10:59 - 2014-02-13 10:59 - 00000876 _____ () C:\Users\petermickelsson\Desktop\ERUNT.lnk 2014-02-13 10:59 - 2014-02-13 10:59 - 00000876 _____ () C:\Users\Henrik\Desktop\ERUNT.lnk 2014-02-13 10:59 - 2014-02-13 10:59 - 00000876 _____ () C:\Users\Henrik.CEMENT\Desktop\ERUNT.lnk 2014-02-13 10:59 - 2014-02-13 10:59 - 00000000 ____D () C:\Program Files (x86)\ERUNT 2014-02-13 10:58 - 2014-02-13 10:58 - 00791393 _____ (Lars Hederer ) C:\Users\Henrik.CEMENT\Desktop\erunt-setup.exe 2014-02-13 10:52 - 2014-02-13 10:52 - 00688992 ____R (Swearware) C:\Users\Henrik.CEMENT\Desktop\dds.scr 2014-02-13 10:20 - 2014-02-14 18:32 - 00000000 ____D () C:\FRST 2014-02-13 10:19 - 2014-02-13 10:19 - 01166132 _____ () C:\Users\Henrik.CEMENT\Downloads\adwcleaner (1).exe 2014-02-13 10:13 - 2014-02-13 10:13 - 02152448 _____ (Farbar) C:\Users\Henrik.CEMENT\Downloads\FRST64.exe 2014-02-13 10:13 - 2014-02-13 10:13 - 01166132 _____ () C:\Users\Henrik.CEMENT\Downloads\adwcleaner.exe 2014-02-12 14:06 - 2014-02-12 14:06 - 00000000 ____D () C:\Users\Henrik.CEMENT\AppData\Roaming\NVIDIA 2014-02-12 09:03 - 2013-12-06 03:30 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll 2014-02-12 09:03 - 2013-12-06 03:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll 2014-02-12 09:03 - 2013-12-06 03:02 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll 2014-02-12 09:03 - 2013-12-06 03:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll 2014-02-11 15:47 - 2013-10-29 08:17 - 26940704 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll 2014-02-11 15:47 - 2013-10-29 08:17 - 25256224 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll 2014-02-11 15:47 - 2013-10-29 08:17 - 20461344 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll 2014-02-11 15:47 - 2013-10-29 08:17 - 17560352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll 2014-02-11 15:47 - 2013-10-29 08:17 - 12641480 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll 2014-02-11 15:47 - 2013-10-29 08:17 - 11137824 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys 2014-02-11 15:47 - 2013-10-29 08:17 - 09393856 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll 2014-02-11 15:47 - 2013-10-29 08:17 - 07935352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll 2014-02-11 15:47 - 2013-10-29 08:17 - 07566624 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll 2014-02-11 15:47 - 2013-10-29 08:17 - 06264144 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll 2014-02-11 15:47 - 2013-10-29 08:17 - 02907936 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll 2014-02-11 15:47 - 2013-10-29 08:17 - 02723616 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll 2014-02-11 15:47 - 2013-10-29 08:17 - 02511312 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll 2014-02-11 15:47 - 2013-10-29 08:17 - 02346784 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll 2014-02-11 15:47 - 2013-10-29 08:17 - 01987360 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll 2014-02-11 15:47 - 2013-10-29 08:17 - 01814304 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6431269.dll 2014-02-11 15:47 - 2013-10-29 08:17 - 01511712 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6431269.dll 2014-02-11 15:47 - 2013-10-29 08:17 - 00961192 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll 2014-02-11 15:47 - 2013-10-29 08:17 - 00284448 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvkflt.sys 2014-02-11 15:47 - 2013-10-29 08:17 - 00245872 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll 2014-02-11 15:47 - 2013-10-29 08:17 - 00201576 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll 2014-02-11 15:47 - 2013-10-29 08:17 - 00030496 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvpciflt.sys 2014-02-11 15:47 - 2013-02-25 09:57 - 00194848 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys 2014-02-11 15:47 - 2013-02-25 09:57 - 00031520 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll 2014-02-11 15:47 - 2013-01-29 13:05 - 01510176 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll 2014-02-09 18:27 - 2014-02-09 18:32 - 00000000 ____D () C:\Users\Henrik.CEMENT\Desktop\Minecraft server 2014-02-09 18:27 - 2014-02-09 18:30 - 00000000 ____D () C:\Users\Henrik.CEMENT\Desktop\world 2014-02-09 17:27 - 2014-02-14 14:22 - 00000000 ____D () C:\Users\Henrik.CEMENT\AppData\Local\LogMeIn Hamachi 2014-02-09 17:27 - 2014-02-09 17:27 - 00000000 ____D () C:\Users\Henrik.CEMENT\AppData\Local\LogMeIn 2014-02-09 17:27 - 2014-02-09 17:27 - 00000000 ____D () C:\ProgramData\LogMeIn 2014-02-09 17:26 - 2014-02-09 17:26 - 00000897 _____ () C:\Users\Public\Desktop\LogMeIn Hamachi.lnk 2014-02-09 17:26 - 2014-02-09 17:26 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi 2014-02-09 17:25 - 2014-02-09 17:25 - 00000000 ____D () C:\Users\Henrik.CEMENT\Desktop\Hamachi 2014-02-08 16:55 - 2014-02-13 18:58 - 00023252 _____ () C:\Windows\PFRO.log 2014-02-08 12:17 - 2014-02-08 12:17 - 00000000 ____D () C:\Users\Henrik.CEMENT\AppData\Roaming\LavasoftStatistics 2014-02-08 10:34 - 2014-02-08 12:17 - 00000000 ____D () C:\Program Files (x86)\Lavasoft 2014-02-08 10:34 - 2014-02-08 10:34 - 00000000 ____D () C:\Users\Henrik.CEMENT\AppData\Roaming\SecureSearch 2014-02-08 10:31 - 2014-02-08 10:31 - 00000000 ____D () C:\ProgramData\Lavasoft 2014-02-08 10:30 - 2014-02-08 10:30 - 01727624 _____ () C:\Users\Henrik.CEMENT\Downloads\Adaware_Installer.exe 2014-02-08 10:30 - 2014-02-08 10:30 - 01727624 _____ () C:\Users\Henrik.CEMENT\Downloads\Adaware_Installer (1).exe 2014-02-06 07:01 - 2014-02-14 14:20 - 00010407 _____ () C:\Windows\setupact.log 2014-02-06 07:01 - 2014-02-06 07:01 - 00000000 _____ () C:\Windows\setuperr.log 2014-02-05 23:17 - 2014-02-13 18:58 - 00000000 ____D () C:\ProgramData\WPM 2014-02-03 10:39 - 2014-01-30 17:00 - 09622528 _____ () C:\Users\Henrik.CEMENT\Desktop\Kopia 140203 10.40 Infohäfte_20s.pub 2014-02-01 10:39 - 2014-02-01 10:39 - 00000000 ____D () C:\Users\Henrik.CEMENT\AppData\Local\Unity 2014-02-01 10:37 - 2014-02-01 10:37 - 00000000 ____D () C:\Program Files (x86)\OverTheEdge 2014-01-22 08:52 - 2014-01-22 08:52 - 00206080 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\system32\Drivers\ssudmdm.sys 2014-01-22 08:52 - 2014-01-22 08:52 - 00108800 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\system32\Drivers\ssudbus.sys 2014-01-20 06:44 - 2014-01-20 06:44 - 00005305 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log 2014-01-17 08:19 - 2013-10-30 12:06 - 00821824 _____ (Devguru Co., Ltd.) C:\Windows\SysWOW64\dgderapi.dll 2014-01-15 08:06 - 2013-11-27 02:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys 2014-01-15 08:06 - 2013-11-27 02:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys 2014-01-15 08:06 - 2013-11-27 02:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys 2014-01-15 08:06 - 2013-11-27 02:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys 2014-01-15 08:06 - 2013-11-27 02:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys 2014-01-15 08:06 - 2013-11-27 02:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys 2014-01-15 08:06 - 2013-11-27 02:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys 2014-01-15 08:06 - 2013-11-26 11:32 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys ==================== One Month Modified Files and Folders ======= 2014-02-14 18:32 - 2014-02-14 18:28 - 00033240 _____ () C:\Users\Henrik.CEMENT\Desktop\FRST.txt 2014-02-14 18:32 - 2014-02-14 10:28 - 00000000 ____D () C:\Users\Henrik.CEMENT\Desktop\FRST 2014-02-14 18:32 - 2014-02-13 10:20 - 00000000 ____D () C:\FRST 2014-02-14 18:32 - 2012-04-18 16:15 - 00000528 _____ () C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job 2014-02-14 18:26 - 2014-02-14 10:34 - 02152960 _____ (Farbar) C:\Users\Henrik.CEMENT\Desktop\FRST64.exe 2014-02-14 18:26 - 2014-02-14 08:55 - 00000103 _____ () C:\Users\Henrik.CEMENT\Desktop\Svarstext.txt 2014-02-14 18:26 - 2012-04-18 16:15 - 00000466 _____ () C:\Windows\Tasks\SystemToolsDailyTest.job 2014-02-14 18:21 - 2012-04-18 16:14 - 01898121 _____ () C:\Windows\WindowsUpdate.log 2014-02-14 18:19 - 2012-10-05 16:26 - 00001022 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1930276774-2984886965-450592802-1155UA.job 2014-02-14 18:19 - 2011-10-31 23:57 - 00001008 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-02-14 18:11 - 2012-10-31 14:51 - 00000868 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-02-14 15:49 - 2014-02-14 09:03 - 00000000 ____D () C:\Users\Henrik.CEMENT\Desktop\Eset scan 2014-02-14 14:28 - 2014-02-14 14:28 - 00013048 _____ () C:\Users\Henrik.CEMENT\Desktop\Attach_2.txt 2014-02-14 14:28 - 2014-02-13 12:56 - 00033406 _____ () C:\Users\Henrik.CEMENT\Desktop\dds.txt 2014-02-14 14:28 - 2014-02-13 12:56 - 00013048 _____ () C:\Users\Henrik.CEMENT\Desktop\attach.txt 2014-02-14 14:27 - 2014-02-14 14:16 - 00001325 _____ () C:\Users\Henrik.CEMENT\Desktop\Instruktioner.txt 2014-02-14 14:27 - 2009-07-14 05:45 - 00031072 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-02-14 14:27 - 2009-07-14 05:45 - 00031072 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-02-14 14:26 - 2014-02-14 09:01 - 00001844 _____ () C:\sc-cleaner.txt 2014-02-14 14:25 - 2014-02-14 14:26 - 00406264 _____ (Bleeping Computer, LLC) C:\Users\Henrik.CEMENT\Desktop\sc-cleaner.exe 2014-02-14 14:25 - 2014-02-14 14:25 - 00000154 _____ () C:\Users\Henrik.CEMENT\Desktop\Shortcutcleaner.url 2014-02-14 14:24 - 2011-10-31 23:13 - 00664850 _____ () C:\Windows\system32\perfh01D.dat 2014-02-14 14:24 - 2011-10-31 23:13 - 00142920 _____ () C:\Windows\system32\perfc01D.dat 2014-02-14 14:24 - 2009-07-14 06:13 - 01582372 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-02-14 14:22 - 2014-02-09 17:27 - 00000000 ____D () C:\Users\Henrik.CEMENT\AppData\Local\LogMeIn Hamachi 2014-02-14 14:22 - 2013-11-20 15:13 - 00000000 ___RD () C:\Users\Henrik.CEMENT\Desktop\Dropbox 2014-02-14 14:22 - 2013-11-20 15:06 - 00000000 ____D () C:\Users\Henrik.CEMENT\AppData\Roaming\Dropbox 2014-02-14 14:22 - 2012-04-20 10:39 - 00000000 ____D () C:\Users\Henrik.CEMENT\AppData\Roaming\Skype 2014-02-14 14:21 - 2011-10-31 23:57 - 00001004 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-02-14 14:20 - 2014-02-06 07:01 - 00010407 _____ () C:\Windows\setupact.log 2014-02-14 14:20 - 2011-10-31 23:50 - 00000000 ____D () C:\ProgramData\NVIDIA 2014-02-14 14:20 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-02-14 14:19 - 2012-10-05 16:26 - 00000970 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1930276774-2984886965-450592802-1155Core.job 2014-02-14 13:47 - 2014-02-14 13:47 - 00090112 _____ () C:\Users\Henrik.CEMENT\Downloads\Export_1392382060.xls 2014-02-14 13:45 - 2013-05-27 05:46 - 00000000 ____D () C:\Users\Henrik.CEMENT\AppData\Local\CrashDumps 2014-02-14 13:33 - 2013-08-03 21:26 - 00000000 ____D () C:\Users\Henrik.CEMENT\AppData\Roaming\Spotify 2014-02-14 12:19 - 2012-04-19 09:21 - 00000120 _____ () C:\Windows\system32\config\netlogon.ftl 2014-02-14 11:39 - 2013-08-03 21:28 - 00000000 ____D () C:\Users\Henrik.CEMENT\AppData\Local\Spotify 2014-02-14 11:39 - 2012-04-23 07:51 - 00000000 ____D () C:\Users\Henrik.CEMENT\AppData\Roaming\Winamp 2014-02-14 10:02 - 2013-09-06 09:35 - 00003920 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{912A2F75-59F9-40DE-8D54-318D02E92FB1} 2014-02-14 09:04 - 2014-02-14 09:04 - 00000000 ____D () C:\Program Files (x86)\ESET 2014-02-14 08:57 - 2014-02-14 08:57 - 00000143 _____ () C:\Users\Henrik.CEMENT\Desktop\Eset scan.url 2014-02-14 08:56 - 2014-02-14 08:57 - 00406264 _____ (Bleeping Computer, LLC) C:\Users\Henrik.CEMENT\Desktop\Shortcut cleaner.exe 2014-02-14 08:52 - 2012-04-19 09:29 - 00000980 _____ () C:\Users\Henrik.CEMENT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk 2014-02-14 08:52 - 2012-04-19 09:28 - 00001123 _____ () C:\Users\Henrik.CEMENT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2014-02-14 08:50 - 2014-02-13 18:32 - 00000000 ____D () C:\Users\Henrik.CEMENT\Desktop\Adware Cleaner 2014-02-14 02:00 - 2012-04-22 18:13 - 00000000 ____D () C:\Users\Henrik.CEMENT\AppData\Local\Adobe 2014-02-13 18:58 - 2014-02-08 16:55 - 00023252 _____ () C:\Windows\PFRO.log 2014-02-13 18:58 - 2014-02-05 23:17 - 00000000 ____D () C:\ProgramData\WPM 2014-02-13 18:54 - 2013-09-08 11:24 - 00000000 ____D () C:\ProgramData\Wincert 2014-02-13 18:27 - 2014-02-13 18:27 - 00000000 ____D () C:\Users\Henrik.CEMENT\AppData\Roaming\Malwarebytes 2014-02-13 18:26 - 2014-02-13 18:26 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Henrik.CEMENT\Desktop\mbam-setup-1.75.0.1300.exe 2014-02-13 18:26 - 2014-02-13 18:26 - 00001080 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2014-02-13 18:26 - 2014-02-13 18:26 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-02-13 18:26 - 2014-02-13 18:26 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware 2014-02-13 13:08 - 2014-02-13 13:07 - 00000160 _____ () C:\Users\Henrik.CEMENT\Desktop\Sweet page - PC för alla.url 2014-02-13 11:00 - 2014-02-13 11:00 - 00000000 ____D () C:\Windows\ERDNT 2014-02-13 10:59 - 2014-02-13 10:59 - 00000895 _____ () C:\Users\UpdatusUser\Desktop\NTREGOPT.lnk 2014-02-13 10:59 - 2014-02-13 10:59 - 00000895 _____ () C:\Users\petermickelsson\Desktop\NTREGOPT.lnk 2014-02-13 10:59 - 2014-02-13 10:59 - 00000895 _____ () C:\Users\Henrik\Desktop\NTREGOPT.lnk 2014-02-13 10:59 - 2014-02-13 10:59 - 00000895 _____ () C:\Users\Henrik.CEMENT\Desktop\NTREGOPT.lnk 2014-02-13 10:59 - 2014-02-13 10:59 - 00000876 _____ () C:\Users\UpdatusUser\Desktop\ERUNT.lnk 2014-02-13 10:59 - 2014-02-13 10:59 - 00000876 _____ () C:\Users\petermickelsson\Desktop\ERUNT.lnk 2014-02-13 10:59 - 2014-02-13 10:59 - 00000876 _____ () C:\Users\Henrik\Desktop\ERUNT.lnk 2014-02-13 10:59 - 2014-02-13 10:59 - 00000876 _____ () C:\Users\Henrik.CEMENT\Desktop\ERUNT.lnk 2014-02-13 10:59 - 2014-02-13 10:59 - 00000000 ____D () C:\Program Files (x86)\ERUNT 2014-02-13 10:58 - 2014-02-13 10:58 - 00791393 _____ (Lars Hederer ) C:\Users\Henrik.CEMENT\Desktop\erunt-setup.exe 2014-02-13 10:54 - 2009-07-14 06:32 - 00000000 ____D () C:\Windows\system32\restore 2014-02-13 10:52 - 2014-02-13 10:52 - 00688992 ____R (Swearware) C:\Users\Henrik.CEMENT\Desktop\dds.scr 2014-02-13 10:19 - 2014-02-13 10:19 - 01166132 _____ () C:\Users\Henrik.CEMENT\Downloads\adwcleaner (1).exe 2014-02-13 10:13 - 2014-02-13 10:13 - 02152448 _____ (Farbar) C:\Users\Henrik.CEMENT\Downloads\FRST64.exe 2014-02-13 10:13 - 2014-02-13 10:13 - 01166132 _____ () C:\Users\Henrik.CEMENT\Downloads\adwcleaner.exe 2014-02-13 08:38 - 2012-04-18 16:15 - 00003448 _____ () C:\Windows\System32\Tasks\PCDEventLauncher 2014-02-13 08:38 - 2011-10-31 23:57 - 00000000 ____D () C:\ProgramData\PCDr 2014-02-13 05:14 - 2011-10-31 23:57 - 00004004 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2014-02-13 05:14 - 2011-10-31 23:57 - 00003752 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2014-02-12 14:14 - 2012-11-09 17:59 - 00000000 ____D () C:\Users\Henrik.CEMENT\AppData\Roaming\.minecraft 2014-02-12 14:06 - 2014-02-12 14:06 - 00000000 ____D () C:\Users\Henrik.CEMENT\AppData\Roaming\NVIDIA 2014-02-12 13:21 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF 2014-02-12 09:06 - 2012-04-19 10:05 - 01561158 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI 2014-02-12 09:06 - 2012-04-19 07:13 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-02-12 08:59 - 2009-07-14 03:34 - 00000478 _____ () C:\Windows\win.ini 2014-02-12 07:37 - 2011-10-31 23:52 - 00000000 ____D () C:\Windows\SysWOW64\NV 2014-02-12 07:37 - 2011-10-31 23:52 - 00000000 ____D () C:\Windows\system32\NV 2014-02-11 15:48 - 2011-10-31 23:49 - 00000000 ____D () C:\Program Files\NVIDIA Corporation 2014-02-11 15:48 - 2011-10-31 23:49 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation 2014-02-09 18:32 - 2014-02-09 18:27 - 00000000 ____D () C:\Users\Henrik.CEMENT\Desktop\Minecraft server 2014-02-09 18:30 - 2014-02-09 18:27 - 00000000 ____D () C:\Users\Henrik.CEMENT\Desktop\world 2014-02-09 17:52 - 2014-01-02 18:12 - 00000000 ____D () C:\Users\Henrik.CEMENT\Desktop\minecraft 2014-02-09 17:27 - 2014-02-09 17:27 - 00000000 ____D () C:\Users\Henrik.CEMENT\AppData\Local\LogMeIn 2014-02-09 17:27 - 2014-02-09 17:27 - 00000000 ____D () C:\ProgramData\LogMeIn 2014-02-09 17:26 - 2014-02-09 17:26 - 00000897 _____ () C:\Users\Public\Desktop\LogMeIn Hamachi.lnk 2014-02-09 17:26 - 2014-02-09 17:26 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi 2014-02-09 17:25 - 2014-02-09 17:25 - 00000000 ____D () C:\Users\Henrik.CEMENT\Desktop\Hamachi 2014-02-08 16:57 - 2013-07-26 20:50 - 00000000 ____D () C:\Program Files (x86)\SwordsSandals2 2014-02-08 12:17 - 2014-02-08 12:17 - 00000000 ____D () C:\Users\Henrik.CEMENT\AppData\Roaming\LavasoftStatistics 2014-02-08 12:17 - 2014-02-08 10:34 - 00000000 ____D () C:\Program Files (x86)\Lavasoft 2014-02-08 10:34 - 2014-02-08 10:34 - 00000000 ____D () C:\Users\Henrik.CEMENT\AppData\Roaming\SecureSearch 2014-02-08 10:31 - 2014-02-08 10:31 - 00000000 ____D () C:\ProgramData\Lavasoft 2014-02-08 10:30 - 2014-02-08 10:30 - 01727624 _____ () C:\Users\Henrik.CEMENT\Downloads\Adaware_Installer.exe 2014-02-08 10:30 - 2014-02-08 10:30 - 01727624 _____ () C:\Users\Henrik.CEMENT\Downloads\Adaware_Installer (1).exe 2014-02-06 07:11 - 2012-10-31 14:51 - 00003806 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-02-06 07:11 - 2012-04-23 11:05 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-02-06 07:11 - 2012-04-23 11:05 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-02-06 07:01 - 2014-02-06 07:01 - 00000000 _____ () C:\Windows\setuperr.log 2014-02-05 11:19 - 2014-02-13 13:08 - 17849344 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-02-05 11:02 - 2014-02-13 13:08 - 10926080 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-02-05 11:00 - 2014-02-13 13:08 - 02334720 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-02-05 10:54 - 2014-02-13 13:08 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-02-05 10:54 - 2014-02-13 13:08 - 01347072 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-02-05 10:52 - 2014-02-13 13:08 - 01494528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-02-05 10:52 - 2014-02-13 13:08 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll 2014-02-05 10:52 - 2014-02-13 13:08 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-02-05 10:51 - 2014-02-13 13:08 - 02147840 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-02-05 10:51 - 2014-02-13 13:08 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2014-02-05 10:51 - 2014-02-13 13:08 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-02-05 10:51 - 2014-02-13 13:08 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-02-05 10:51 - 2014-02-13 13:08 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-02-05 10:50 - 2014-02-13 13:08 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-02-05 10:50 - 2014-02-13 13:08 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-02-05 10:50 - 2014-02-13 13:08 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-02-05 09:58 - 2014-02-13 13:08 - 12345344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-02-05 09:56 - 2014-02-13 13:08 - 01806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-02-05 09:53 - 2014-02-13 13:08 - 09739264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-02-05 09:51 - 2014-02-13 13:08 - 01105408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-02-05 09:50 - 2014-02-13 13:08 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-02-05 09:49 - 2014-02-13 13:08 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-02-05 09:49 - 2014-02-13 13:08 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll 2014-02-05 09:48 - 2014-02-13 13:08 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-02-05 09:48 - 2014-02-13 13:08 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2014-02-05 09:48 - 2014-02-13 13:08 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-02-05 09:48 - 2014-02-13 13:08 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-02-05 09:48 - 2014-02-13 13:08 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-02-05 09:47 - 2014-02-13 13:08 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-02-05 09:47 - 2014-02-13 13:08 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-02-05 09:47 - 2014-02-13 13:08 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-02-05 09:46 - 2014-02-13 13:08 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-02-04 09:08 - 2013-06-21 14:51 - 00000000 ____D () C:\Users\Henrik.CEMENT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth-enheter 2014-02-03 20:22 - 2012-04-19 10:33 - 00000000 ____D () C:\Users\Henrik.CEMENT\AppData\Roaming\Adobe 2014-02-03 03:30 - 2013-12-21 22:35 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-02-01 10:39 - 2014-02-01 10:39 - 00000000 ____D () C:\Users\Henrik.CEMENT\AppData\Local\Unity 2014-02-01 10:37 - 2014-02-01 10:37 - 00000000 ____D () C:\Program Files (x86)\OverTheEdge 2014-01-31 09:19 - 2012-09-20 10:49 - 00000000 ____D () C:\Users\Henrik.CEMENT\AppData\Roaming\FileZilla 2014-01-30 17:00 - 2014-02-03 10:39 - 09622528 _____ () C:\Users\Henrik.CEMENT\Desktop\Kopia 140203 10.40 Infohäfte_20s.pub 2014-01-30 12:00 - 2012-04-19 09:28 - 00000000 ___RD () C:\Users\Henrik.CEMENT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-01-23 15:18 - 2013-11-20 15:10 - 00000000 ____D () C:\Users\Henrik.CEMENT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2014-01-23 12:45 - 2013-09-26 07:34 - 00000000 ____D () C:\Program Files (x86)\Securepoint SSL VPN 2014-01-22 16:47 - 2012-04-26 07:36 - 00000000 ____D () C:\Users\Henrik.CEMENT\AppData\Local\Downloaded Installations 2014-01-22 16:47 - 2012-04-26 07:36 - 00000000 ____D () C:\Program Files (x86)\Samsung 2014-01-22 16:47 - 2011-10-31 23:42 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information 2014-01-22 08:52 - 2014-01-22 08:52 - 00206080 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\system32\Drivers\ssudmdm.sys 2014-01-22 08:52 - 2014-01-22 08:52 - 00108800 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\system32\Drivers\ssudbus.sys 2014-01-20 06:44 - 2014-01-20 06:44 - 00005305 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log 2014-01-20 06:44 - 2013-10-21 07:19 - 00000000 ____D () C:\ProgramData\Oracle 2014-01-20 06:44 - 2012-11-09 17:58 - 00000000 ____D () C:\Program Files (x86)\Java 2014-01-17 08:22 - 2012-04-26 07:38 - 00000000 ____D () C:\Users\Henrik.CEMENT\AppData\Local\Samsung 2014-01-17 08:18 - 2012-04-26 07:36 - 00000000 ____D () C:\ProgramData\Samsung 2014-01-16 09:23 - 2013-04-19 06:54 - 00000000 ____D () C:\Program Files (x86)\Series2 2014-01-15 08:40 - 2009-07-14 05:45 - 05082328 _____ () C:\Windows\system32\FNTCACHE.DAT Some content of TEMP: ==================== C:\Users\Henrik.CEMENT\AppData\Local\Temp\42bdfe30-48e5-4368-a9fc-ad1b2cccce86.exe C:\Users\Henrik.CEMENT\AppData\Local\Temp\nvSCPAPI64.dll C:\Users\Henrik.CEMENT\AppData\Local\Temp\nvStereoApiI64.dll C:\Users\Henrik.CEMENT\AppData\Local\Temp\nvStInst.exe C:\Users\Henrik.CEMENT\AppData\Local\Temp\Quarantine.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-02-08 14:51 ==================== End Of Log ============================ Addition.txt Länk till kommentar Dela på andra webbplatser More sharing options...
Cecilia Postad 15 februari, 2014 Share Postad 15 februari, 2014 1. Att lita på företaget och personerna där i största allmänhet är en sak och att lita på att inte någon av deras webbsidor blir hackade är en annan sak. När man lägger en webbplats i tillförlitliga zonen tar man bort väldigt mycket av säkerheten i Internet Explorer. 2. Gamla Java-versionen finns med i FRST-loggen. Firefox är inte uppdaterad till senaste versionen och det är också ett säkerhetsproblem. Avinstallera: Movies Toolbar for Chrome pga http://www.systemlookup.com/CLSID/80141-searchresultsDx_dll.html SupTab (MBAM har tagit bort det mesta av det) 3. Starta Anteckningar. Kopiera alla rader i rutan: IFEO\bitguard.exe: [Debugger] tasklist.exe IFEO\bprotect.exe: [Debugger] tasklist.exe IFEO\bpsvc.exe: [Debugger] tasklist.exe IFEO\browsemngr.exe: [Debugger] tasklist.exe IFEO\browserdefender.exe: [Debugger] tasklist.exe IFEO\browsermngr.exe: [Debugger] tasklist.exe IFEO\browserprotect.exe: [Debugger] tasklist.exe IFEO\browsersafeguard.exe: [Debugger] tasklist.exe IFEO\bundlesweetimsetup.exe: [Debugger] tasklist.exe IFEO\cltmngsvc.exe: [Debugger] tasklist.exe IFEO\delta babylon.exe: [Debugger] tasklist.exe IFEO\delta tb.exe: [Debugger] tasklist.exe IFEO\delta2.exe: [Debugger] tasklist.exe IFEO\deltainstaller.exe: [Debugger] tasklist.exe IFEO\deltasetup.exe: [Debugger] tasklist.exe IFEO\deltatb.exe: [Debugger] tasklist.exe IFEO\deltatb_2501-c733154b.exe: [Debugger] tasklist.exe IFEO\iminentsetup.exe: [Debugger] tasklist.exe IFEO\protectedsearch.exe: [Debugger] tasklist.exe IFEO\rjatydimofu.exe: [Debugger] tasklist.exe IFEO\snapdo.exe: [Debugger] tasklist.exe IFEO\stinst32.exe: [Debugger] tasklist.exe IFEO\stinst64.exe: [Debugger] tasklist.exe IFEO\sweetimsetup.exe: [Debugger] tasklist.exe IFEO\tbdelta.exetoolbar783881609.exe: [Debugger] tasklist.exe FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\Ask.xml FF Extension: New tab - C:\Users\Henrik.CEMENT\AppData\Roaming\Mozilla\Firefox\Profiles\7zhtpabx.default\Extensions\{42BA5B64-9D40-5524-BA08-32E2FE81AE25} [2013-12-18] FF Extension: Extension_Protected - C:\Users\Henrik.CEMENT\AppData\Roaming\Mozilla\Firefox\Profiles\7zhtpabx.default\Extensions\jid0-O6MIff3eO5dIGf5Tcv8RsJDKxrs@jetpack.xpi [2014-02-05] FF Extension: Lightning Speed Dial - C:\Users\Henrik.CEMENT\AppData\Roaming\Mozilla\Firefox\Profiles\7zhtpabx.default\Extensions\lightningnewtab@gmail.com.xpi [2014-02-05] CHR HKLM-x32\...\Chrome\Extension: [aaaaabcbmongicmdegkmmfgdickgnnob] - C:\Users\Henrik.CEMENT\AppData\Local\ilividmoviestoolbardla\GC\toolbar.crx [2014-02-08] 2014-02-13 18:58 - 2014-02-05 23:17 - 00000000 ____D () C:\ProgramData\WPM C:\Users\Henrik.CEMENT\AppData\Local\Temp\42bdfe30-48e5-4368-a9fc-ad1b2cccce86.exe C:\Users\Henrik.CEMENT\AppData\Local\Temp\fullpackage_temp1391638608\tmp\wpm.exe C:\Users\Henrik.CEMENT\AppData\Local\Temp\is1315000151\1455308_stp.EXE och klistra in i Anteckningar. Kontrollera att inga filer har delats upp på två rader.Spara filen på skrivbordet med namnet fixlist.txt. Starta FRST som finns på skrivbordet. Klicka på knappen Fix. Vänta tills programmet är klart. Programmet skapar en logg Fixlog.txt på skrivbordet. Klistra in innehållet i den i ditt svar. 4. Gå igenom alla tillägg i Chrome och avinstallera de du inte använder: https://support.google.com/chrome/answer/113907?hl=sv Du ska åtminstone avinstallera denna: CHR Extension: (Movies Toolbar) - C:\Users\Henrik.CEMENT\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaabcbmongicmdegkmmfgdickgnnob [2013-09-10] pga http://www.systemlookup.com/CLSID/80141-searchresultsDx_dll.html Sätt en ny standardsökmotor i Chrome eftersom den nuvarande är Sweet-page: https://support.google.com/chrome/answer/95426?hl=sv 5. Starta om datorn och kör FRST igen. Bifoga den nya FRST.txt Länk till kommentar Dela på andra webbplatser More sharing options...
hejeh Postad 15 februari, 2014 Trådskapare Share Postad 15 februari, 2014 1. Att lita på företaget och personerna där i största allmänhet är en sak och att lita på att inte någon av deras webbsidor blir hackade är en annan sak. När man lägger en webbplats i tillförlitliga zonen tar man bort väldigt mycket av säkerheten i Internet Explorer. 2. Gamla Java-versionen finns med i FRST-loggen. Firefox är inte uppdaterad till senaste versionen och det är också ett säkerhetsproblem. Avinstallera: Movies Toolbar for Chrome pga http://www.systemlookup.com/CLSID/80141-searchresultsDx_dll.html SupTab (MBAM har tagit bort det mesta av det) [...] 1. Sant - men vad kan jag göra - Websiten krävs för jobbet... Har du någon specifik misstanke om att just den sajten skulle vara hackad? Är ett lösenordsskyddat webverktyg för att visa driftsdata med väldigt få användare - känns inte lönt att ge sig på för en hacker men vad vet jag. Lösenord är till för att knäcka, det vet jag. 2. -avinstallerade firefox - användes inte - Konstigt med gamla Java - avinstallerade den med programhanteraren igår - krävs det mer? - Movies toolbar borta - SupTab tog jag bort igår på din inrådan - finns den alltså kvar? 3-5 klart FRST FIX Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-02-2014 01 Ran by Henrik at 2014-02-15 09:53:02 Run:1 Running from C:\Users\Henrik.CEMENT\Desktop Boot Mode: Normal ============================================== Content of fixlist: ***************** IFEO\bitguard.exe: [Debugger] tasklist.exe IFEO\bprotect.exe: [Debugger] tasklist.exe IFEO\bpsvc.exe: [Debugger] tasklist.exe IFEO\browsemngr.exe: [Debugger] tasklist.exe IFEO\browserdefender.exe: [Debugger] tasklist.exe IFEO\browsermngr.exe: [Debugger] tasklist.exe IFEO\browserprotect.exe: [Debugger] tasklist.exe IFEO\browsersafeguard.exe: [Debugger] tasklist.exe IFEO\bundlesweetimsetup.exe: [Debugger] tasklist.exe IFEO\cltmngsvc.exe: [Debugger] tasklist.exe IFEO\delta babylon.exe: [Debugger] tasklist.exe IFEO\delta tb.exe: [Debugger] tasklist.exe IFEO\delta2.exe: [Debugger] tasklist.exe IFEO\deltainstaller.exe: [Debugger] tasklist.exe IFEO\deltasetup.exe: [Debugger] tasklist.exe IFEO\deltatb.exe: [Debugger] tasklist.exe IFEO\deltatb_2501-c733154b.exe: [Debugger] tasklist.exe IFEO\iminentsetup.exe: [Debugger] tasklist.exe IFEO\protectedsearch.exe: [Debugger] tasklist.exe IFEO\rjatydimofu.exe: [Debugger] tasklist.exe IFEO\snapdo.exe: [Debugger] tasklist.exe IFEO\stinst32.exe: [Debugger] tasklist.exe IFEO\stinst64.exe: [Debugger] tasklist.exe IFEO\sweetimsetup.exe: [Debugger] tasklist.exe IFEO\tbdelta.exetoolbar783881609.exe: [Debugger] tasklist.exe FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\Ask.xml FF Extension: New tab - C:\Users\Henrik.CEMENT\AppData\Roaming\Mozilla\Firefox\Profiles\7zhtpabx.default\Extensions\{42BA5B64-9D40-5524-BA08-32E2FE81AE25} [2013-12-18] FF Extension: Extension_Protected - C:\Users\Henrik.CEMENT\AppData\Roaming\Mozilla\Firefox\Profiles\7zhtpabx.default\Extensions\jid0-O6MIff3eO5dIGf5Tcv8RsJDKxrs@jetpack.xpi [2014-02-05] FF Extension: Lightning Speed Dial - C:\Users\Henrik.CEMENT\AppData\Roaming\Mozilla\Firefox\Profiles\7zhtpabx.default\Extensions\lightningnewtab@gmail.com.xpi [2014-02-05] CHR HKLM-x32\...\Chrome\Extension: [aaaaabcbmongicmdegkmmfgdickgnnob] - C:\Users\Henrik.CEMENT\AppData\Local\ilividmoviestoolbardla\GC\toolbar.crx [2014-02-08] 2014-02-13 18:58 - 2014-02-05 23:17 - 00000000 ____D () C:\ProgramData\WPM C:\Users\Henrik.CEMENT\AppData\Local\Temp\42bdfe30-48e5-4368-a9fc-ad1b2cccce86.exe C:\Users\Henrik.CEMENT\AppData\Local\Temp\fullpackage_temp1391638608\tmp\wpm.exe C:\Users\Henrik.CEMENT\AppData\Local\Temp\is1315000151\1455308_stp.EXE ***************** HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\bitguard.exe => Key deleted successfully. HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\bprotect.exe => Key deleted successfully. HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\bpsvc.exe => Key deleted successfully. HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\browsemngr.exe => Key deleted successfully. HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\browserdefender.exe => Key deleted successfully. HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\browsermngr.exe => Key deleted successfully. HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\browserprotect.exe => Key deleted successfully. HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\browsersafeguard.exe => Key deleted successfully. HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\bundlesweetimsetup.exe => Key deleted successfully. HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\cltmngsvc.exe => Key deleted successfully. HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\delta babylon.exe => Key deleted successfully. HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\delta tb.exe => Key deleted successfully. HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\delta2.exe => Key deleted successfully. HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\deltainstaller.exe => Key deleted successfully. HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\deltasetup.exe => Key deleted successfully. HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\deltatb.exe => Key deleted successfully. HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\deltatb_2501-c733154b.exe => Key deleted successfully. HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\iminentsetup.exe => Key deleted successfully. HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\protectedsearch.exe => Key deleted successfully. HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\rjatydimofu.exe => Key deleted successfully. HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\snapdo.exe => Key deleted successfully. HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\stinst32.exe => Key deleted successfully. HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\stinst64.exe => Key deleted successfully. HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\sweetimsetup.exe => Key deleted successfully. HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\tbdelta.exetoolbar783881609.exe => Key deleted successfully. C:\Program Files (x86)\mozilla firefox\browser\searchplugins\Ask.xml => Moved successfully. C:\Users\Henrik.CEMENT\AppData\Roaming\Mozilla\Firefox\Profiles\7zhtpabx.default\Extensions\{42BA5B64-9D40-5524-BA08-32E2FE81AE25} not found. C:\Users\Henrik.CEMENT\AppData\Roaming\Mozilla\Firefox\Profiles\7zhtpabx.default\Extensions\jid0-O6MIff3eO5dIGf5Tcv8RsJDKxrs@jetpack.xpi not found. C:\Users\Henrik.CEMENT\AppData\Roaming\Mozilla\Firefox\Profiles\7zhtpabx.default\Extensions\lightningnewtab@gmail.com.xpi not found. HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\aaaaabcbmongicmdegkmmfgdickgnnob => Key deleted successfully. "C:\Users\Henrik.CEMENT\AppData\Local\ilividmoviestoolbardla\GC\toolbar.crx" => File/Directory not found. C:\ProgramData\WPM => Moved successfully. "C:\Users\Henrik.CEMENT\AppData\Local\Temp\42bdfe30-48e5-4368-a9fc-ad1b2cccce86.exe" => File/Directory not found. "C:\Users\Henrik.CEMENT\AppData\Local\Temp\fullpackage_temp1391638608\tmp\wpm.exe" => File/Directory not found. "C:\Users\Henrik.CEMENT\AppData\Local\Temp\is1315000151\1455308_stp.EXE" => File/Directory not found. ==== End of Fixlog ==== Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-02-2014 01 Ran by Henrik (administrator) on HENRIK-THINK-12 on 15-02-2014 10:36:27 Running from C:\Users\Henrik.CEMENT\Desktop Windows 7 Professional Service Pack 1 (X64) OS Language: Swedish Internet Explorer Version 9 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (Lenovo.) C:\Windows\system32\ibmpmsvc.exe (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (Microsoft Corporation) C:\Windows\system32\WLANExt.exe (Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe (Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe (Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe (Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe (Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe (Conexant Systems Inc.) C:\Windows\system32\CxAudMsg64.exe () C:\ProgramData\DatacardService\DCService.exe (Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe (LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe (Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe (Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe (Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe (Lenovo Group Limited) C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe (LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe (Symantec Corporation) C:\Program Files (x86)\Norton AntiVirus\Engine\21.1.0.18\NAV.exe (Symantec Corporation) C:\Program Files (x86)\Norton Identity Safe\Engine\2014.6.0.27\NST.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlk.exe (Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Conexant Systems, Inc.) C:\Windows\SysWOW64\SAsrv.exe (Memeo) C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe () C:\Program Files (x86)\Securepoint SSL VPN\SPOpenVPNService.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Ericsson AB) C:\Program Files (x86)\Mobile Broadband drivers\WMCore\mini_WMCore.exe (Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (Authentec Inc.) C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe (Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe (Symantec Corporation) C:\Program Files (x86)\Norton Identity Safe\Engine\2014.6.0.27\NST.exe (Symantec Corporation) C:\Program Files (x86)\Norton AntiVirus\Engine\21.1.0.18\NAV.exe (Lenovo Group Limited) C:\Program Files\Lenovo\ZOOM\TpScrex.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\shtctky.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe (Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe (Lenovo.) C:\Windows\System32\TpShocks.exe (Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe () C:\Program Files\CONEXANT\ForteConfig\fmapp.exe (Lenovo Group Limited) C:\Program Files\Lenovo\Client Security Solution\cssauth.exe (Lenovo Group Limited) C:\Program Files\Lenovo\AutoLock\ALCKRESI.exe (Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Spotify Ltd) C:\Users\Henrik.CEMENT\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe (Google Inc.) C:\Users\Henrik.CEMENT\AppData\Local\Google\Update\GoogleUpdate.exe (Technology Nexus AB) C:\Program Files (x86)\Personal\bin\Personal.exe (Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (Dropbox, Inc.) C:\Users\Henrik.CEMENT\AppData\Roaming\Dropbox\bin\Dropbox.exe (Ricoh co.,Ltd.) C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe (Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Memeo) C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoDashboard.exe (LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (Lenovo Group Limited) C:\Program Files\Lenovo\Client Security Solution\password_manager.exe (Lenovo Group Limited) C:\Program Files (x86)\Lenovo\Client Security Solution\password_manager.exe (Axentra Corporation) C:\Program Files (x86)\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe (Lenovo Group Limited) C:\Program Files (x86)\Lenovo\Screen Reading Optimizer\SRORest.exe (Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BtStackServer.exe (Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\Bluetooth Headset Helper.exe (Microsoft Corporation) C:\Windows\System32\mobsync.exe (Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe (Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe (Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe (Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Lenovo Group Limited) C:\Program Files (x86)\Lenovo\Screen Reading Optimizer\SROSVC.exe (Lenovo Group Limited) C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe (Symantec Corporation) C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [TpShocks] - C:\Windows\SYSTEM32\TpShocks.exe [380776 2011-03-29] (Lenovo.) HKLM\...\Run: [synTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2868496 2011-12-23] (Synaptics Incorporated) HKLM\...\Run: [smartAudio] - C:\Program Files\CONEXANT\SAII\SAIICpl.exe [316032 2010-12-14] (Conexant systems, Inc.) HKLM\...\Run: [LENOVO.TPKNRRES] - C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [44096 2012-01-16] (Lenovo Group Limited) HKLM\...\Run: [ForteConfig] - C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-26] () HKLM\...\Run: [cssauth] - C:\Program Files\Lenovo\Client Security Solution\cssauth.exe [5990200 2011-06-10] (Lenovo Group Limited) HKLM\...\Run: [ALCKRESI.EXE] - C:\Program Files\Lenovo\AutoLock\ALCKRESI.EXE [386408 2011-09-27] (Lenovo Group Limited) HKLM\...\Run: [AcWin7Hlpr] - C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe [33344 2011-10-20] (Lenovo) HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated) HKLM\...\Run: [KiesTrayAgent] - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311152 2013-12-11] (Samsung Electronics Co., Ltd.) HKLM-x32\...\Run: [seagate Dashboard] - C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe [79112 2011-06-02] () HKLM-x32\...\Run: [RotateImage] - C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe [55808 2008-10-30] (Ricoh co.,Ltd.) HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.) HKLM-x32\...\Run: [PWMTRV] - rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor HKLM-x32\...\Run: [NUSB3MON] - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation) HKLM-x32\...\Run: [Lenovo Registration] - C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe [4351712 2011-07-14] (Lenovo, Inc.) HKLM-x32\...\Run: [iMSS] - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe [112152 2011-01-17] (Intel Corporation) HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-10-11] (Apple Inc.) HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [AdobeCS6ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated) HKLM-x32\...\Run: [KiesTrayAgent] - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311152 2013-12-11] (Samsung Electronics Co., Ltd.) HKLM-x32\...\Run: [LogMeIn Hamachi Ui] - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3813712 2014-02-04] (LogMeIn Inc.) Winlogon\Notify\igfxcui: C:\Windows\SYSTEM32\igfxdev.dll (Intel Corporation) Winlogon\Notify\psfus: C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll (Authentec Inc.) HKU\S-1-5-21-1930276774-2984886965-450592802-1155\...\Run: [spotify Web Helper] - C:\Users\Henrik.CEMENT\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1168896 2014-02-14] (Spotify Ltd) HKU\S-1-5-21-1930276774-2984886965-450592802-1155\...\Run: [skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.) HKU\S-1-5-21-1930276774-2984886965-450592802-1155\...\Run: [Google Update] - C:\Users\Henrik.CEMENT\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-09-19] (Google Inc.) HKU\S-1-5-21-1930276774-2984886965-450592802-1155\...\Run: [] - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [845168 2013-12-11] (Samsung) HKU\S-1-5-21-1930276774-2984886965-450592802-1155\...\Run: [AdobeBridge] - [X] HKU\S-1-5-21-1930276774-2984886965-450592802-1155\...\Run: [KiesAirMessage] - C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup HKU\S-1-5-21-1930276774-2984886965-450592802-1155\...\MountPoints2: {5810a980-9286-11e2-b6ee-60d819d76468} - E:\AutoRun.exe HKU\S-1-5-21-1930276774-2984886965-450592802-1155\...\MountPoints2: {75f0f6b7-a59d-11e1-9679-60d819d76468} - D:\AutoRun.exe HKU\S-1-5-21-1930276774-2984886965-450592802-1155\...\MountPoints2: {75f0f6c8-a59d-11e1-9679-60d819d76468} - E:\AutoRun.exe HKU\S-1-5-21-1930276774-2984886965-450592802-1155\...\MountPoints2: {95a067c4-89bc-11e1-b119-806e6f6e6963} - Q:\LenovoQDrive.exe HKU\S-1-5-21-1930276774-2984886965-450592802-1155\...\MountPoints2: {bf134581-3792-11e2-8252-60d819d76468} - E:\MotoCastSetup.exe -a AppInit_DLLs: ,C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [245872 2013-10-29] (NVIDIA Corporation) AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [201576 2013-10-29] (NVIDIA Corporation) Lsa: [Notification Packages] scecli ACGina C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll C:\Program Files\ThinkPad\Bluetooth Software\BtwProximityCP.dll Startup: C:\Users\Henrik.CEMENT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\Henrik.CEMENT\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) Startup: C:\Users\Henrik.CEMENT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PhoneManager.lnk ShortcutTarget: PhoneManager.lnk -> C:\Program Files (x86)\Avaya\IP Office\Phone Manager\PhoneManager.exe (Avaya Inc.) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.se/ HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com/welcome/thinkpad StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKCU - DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENP_svSE480 SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENP_svSE480 BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Norton Identity Protection - {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} - C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.6.0.27\coIEPlg.dll (Symantec Corporation) BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO: Symantec VIP Access Add-On - {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} - C:\Program Files (x86)\Symantec\VIP Access Client\64bit\VIPAddOnForIE64.dll (Symantec Corporation) BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton AntiVirus\Engine\21.1.0.18\IPS\IPSBHO.DLL (Symantec Corporation) BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Norton Identity Protection - {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.6.0.27\coIEPlg.dll (Symantec Corporation) BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: IePasswordManagerHelper Class - {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} - C:\Program Files (x86)\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited) BHO-x32: Symantec VIP Access Add-On - {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} - C:\Program Files (x86)\Symantec\VIP Access Client\VIPAddOnForIE.dll (Symantec Corporation) Toolbar: HKLM - Norton Identity Safe Toolbar - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.6.0.27\coIEPlg.dll (Symantec Corporation) Toolbar: HKLM-x32 - Norton Identity Safe Toolbar - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.6.0.27\coIEPlg.dll (Symantec Corporation) Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll No File Toolbar: HKCU - Norton Identity Safe Toolbar - {A13C2648-91D4-4BF3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.6.0.27\coIEPlg.dll (Symantec Corporation) DPF: HKLM {444785F1-DE89-4295-863A-D46C3A781394} http://webplayer.unity3d.com/download_webplayer/UnityWebPlayer.cab DPF: HKLM-x32 {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 Chrome: ======= CHR HomePage: hxxp://securedsearch2.lavasoft.com/index.php?pr=vmn&id=adawaretb&v=3_8&idate=2014-02-08&ent=hp&u=A1EA6086834563E2AEC83552F5FA10C3 CHR RestoreOnStartup: "hxxp://www.google.com" CHR DefaultSearchURL: {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\12.0.742.112\gcswf32.dll () CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll No File CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation) CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation) CHR Plugin: (Chrome NaCl) - C:\Program Files (x86)\Google\Chrome\Application\12.0.742.112\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\12.0.742.112\pdf.dll () CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) CHR Plugin: (Nexus Personal) - C:\Program Files (x86)\Personal\bin\np_prsnl.dll (Technology Nexus AB) CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File CHR Plugin: (Default Plug-in) - default_plugin No File CHR HKLM-x32\...\Chrome\Extension: [nppllibpnmahfaklnpggkibhkapjkeob] - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.6.0.27\Exts\Chrome.crx [2014-01-22] CHR HKLM-x32\...\Chrome\Extension: [oejkcgajlodefenbbjdnaiahmbnnoole] - C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\chrome-newtab-search.crx [2014-01-22] ==================== Services (Whitelisted) ================= R2 DCService.exe; C:\ProgramData\DatacardService\DCService.exe [229376 2010-08-19] () S3 DozeSvc; C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [478056 2011-08-31] (Lenovo.) R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [133992 2011-07-12] (Lenovo Group Limited) R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [377616 2014-02-04] (LogMeIn, Inc.) S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [1674720 2013-09-25] () S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-02-08] () R2 NAV; C:\Program Files (x86)\Norton AntiVirus\Engine\21.1.0.18\NAV.exe [262288 2013-10-08] (Symantec Corporation) R2 NCO; C:\Program Files (x86)\Norton Identity Safe\Engine\2014.6.0.27\NST.exe [129424 2013-10-06] (Symantec Corporation) R2 Securepoint VPN; C:\Program Files (x86)\Securepoint SSL VPN\SPOpenVPNService.exe [142216 2010-11-22] () R2 SROSVC; C:\Program Files (x86)\Lenovo\Screen Reading Optimizer\SROSVC.exe [446800 2011-09-01] (Lenovo Group Limited) S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [22888 2013-09-17] () R2 ThinkVantage Registry Monitor Service; C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe [1028096 2010-08-31] (Lenovo Group Limited) S3 TVT Backup Service; C:\Program Files (x86)\Lenovo\Rescue and Recovery\rrservice.exe [1492280 2011-08-18] (Lenovo Group Limited) R2 VIPAppService; C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe [81552 2012-12-02] (Symantec Corporation) R2 WMCoreService; C:\Program Files (x86)\Mobile Broadband drivers\WMCore\mini_WMCore.exe [648744 2011-08-12] (Ericsson AB) R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3386608 2013-02-08] (Intel® Corporation) ==================== Drivers (Whitelisted) ==================== R1 BHDrvx64; C:\Program Files (x86)\Norton AntiVirus\NortonData\21.1.0.18\Definitions\BASHDefs\20140121.001\BHDrvx64.sys [1526488 2013-12-18] (Symantec Corporation) R1 ccSet_NAV; C:\Windows\system32\drivers\NAVx64\1501000.012\ccSetx64.sys [162392 2013-09-26] (Symantec Corporation) R1 ccSet_NST; C:\Windows\system32\drivers\NSTx64\7DE06000.01B\ccSetx64.sys [162392 2013-09-27] (Symantec Corporation) R3 ecnssndis; C:\Windows\System32\Drivers\wwuss64.sys [26664 2010-02-24] (Ericsson AB) R3 ecnssndisfltr; C:\Windows\System32\Drivers\wwussf64.sys [30248 2010-02-24] (Ericsson AB) R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-11-21] (Symantec Corporation) R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [137648 2013-11-21] (Symantec Corporation) S3 ewusbnet; C:\Windows\System32\DRIVERS\ewusbnet.sys [256000 2010-08-31] (Huawei Technologies Co., Ltd.) S3 FsUsbExDisk; C:\Windows\SysWOW64\FsUsbExDisk.SYS [37344 2013-10-30] () R1 IDSVia64; C:\Program Files (x86)\Norton AntiVirus\NortonData\21.1.0.18\Definitions\IPSDefs\20140214.001\IDSvia64.sys [521944 2014-01-21] (Symantec Corporation) R3 l36wgps; C:\Windows\System32\DRIVERS\l36wgps64.sys [101416 2011-07-01] (Ericsson AB) R3 Mbm3CBus; C:\Windows\System32\DRIVERS\Mbm3CBus.sys [419400 2011-04-13] (MCCI Corporation) R3 Mbm3DevMt; C:\Windows\System32\DRIVERS\Mbm3DevMt.sys [430664 2011-04-13] (MCCI Corporation) R3 Mbm3mdfl; C:\Windows\System32\DRIVERS\Mbm3mdfl.sys [19528 2011-04-13] (MCCI Corporation) R3 Mbm3Mdm; C:\Windows\System32\DRIVERS\Mbm3Mdm.sys [483400 2011-04-13] (MCCI Corporation) R3 NAVENG; C:\Program Files (x86)\Norton AntiVirus\NortonData\21.1.0.18\Definitions\VirusDefs\20140214.016\ENG64.SYS [126040 2014-01-29] (Symantec Corporation) R3 NAVEX15; C:\Program Files (x86)\Norton AntiVirus\NortonData\21.1.0.18\Definitions\VirusDefs\20140214.016\EX64.SYS [2099288 2014-01-29] (Symantec Corporation) R1 nvkflt; C:\Windows\System32\DRIVERS\nvkflt.sys [284448 2013-10-29] (NVIDIA Corporation) S3 s1018bus; C:\Windows\System32\DRIVERS\s1018bus.sys [113704 2009-03-25] (MCCI Corporation) S3 s1018mdfl; C:\Windows\System32\DRIVERS\s1018mdfl.sys [19496 2009-03-25] (MCCI Corporation) S3 s1018mdm; C:\Windows\System32\DRIVERS\s1018mdm.sys [153128 2009-03-25] (MCCI Corporation) S3 s1018mgmt; C:\Windows\System32\DRIVERS\s1018mgmt.sys [133160 2009-03-25] (MCCI Corporation) S3 s1018nd5; C:\Windows\System32\DRIVERS\s1018nd5.sys [34856 2009-03-25] (MCCI Corporation) S3 s1018obex; C:\Windows\System32\DRIVERS\s1018obex.sys [128552 2009-03-25] (MCCI Corporation) S3 s1018unic; C:\Windows\System32\DRIVERS\s1018unic.sys [146472 2009-03-25] (MCCI Corporation) R3 SRTSP; C:\Windows\System32\Drivers\NAVx64\1501000.012\SRTSP64.SYS [858200 2013-09-27] (Symantec Corporation) R1 SRTSPX; C:\Windows\system32\drivers\NAVx64\1501000.012\SRTSPX64.SYS [36952 2013-09-10] (Symantec Corporation) R0 SymDS; C:\Windows\System32\drivers\NAVx64\1501000.012\SYMDS64.SYS [493656 2013-09-10] (Symantec Corporation) R0 SymEFA; C:\Windows\System32\drivers\NAVx64\1501000.012\SYMEFA64.SYS [1147480 2013-09-27] (Symantec Corporation) R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2013-11-15] (Symantec Corporation) R1 SymIRON; C:\Windows\system32\drivers\NAVx64\1501000.012\Ironx64.SYS [264280 2013-09-27] (Symantec Corporation) R1 SymNetS; C:\Windows\System32\Drivers\NAVx64\1501000.012\SYMNETS.SYS [590936 2013-09-26] (Symantec Corporation) R3 TVTI2C; C:\Windows\System32\DRIVERS\Tvti2c.sys [40248 2011-05-30] (Lenovo Information Product(ShenZhen China) Inc.) R3 WwanUsbServ; C:\Windows\System32\DRIVERS\WwanUsbMp64.sys [268840 2011-08-12] (Ericsson AB) S3 dgderdrv; System32\drivers\dgderdrv.sys [X] S2 smihlp; \??\C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-02-15 10:32 - 2014-02-15 10:32 - 00037881 _____ () C:\Users\Henrik.CEMENT\Desktop\PWMTR64V.dll 2014-02-15 09:55 - 2014-02-15 10:29 - 00000280 _____ () C:\Windows\setupact.log 2014-02-15 09:55 - 2014-02-15 09:55 - 00003694 _____ () C:\Windows\PFRO.log 2014-02-15 09:55 - 2014-02-15 09:55 - 00000000 _____ () C:\Windows\setuperr.log 2014-02-14 18:28 - 2014-02-15 10:36 - 00024935 _____ () C:\Users\Henrik.CEMENT\Desktop\FRST.txt 2014-02-14 14:28 - 2014-02-14 14:28 - 00013048 _____ () C:\Users\Henrik.CEMENT\Desktop\Attach_2.txt 2014-02-14 14:26 - 2014-02-14 14:25 - 00406264 _____ (Bleeping Computer, LLC) C:\Users\Henrik.CEMENT\Desktop\sc-cleaner.exe 2014-02-14 14:25 - 2014-02-14 14:25 - 00000154 _____ () C:\Users\Henrik.CEMENT\Desktop\Shortcutcleaner.url 2014-02-14 14:16 - 2014-02-15 10:16 - 00000000 _____ () C:\Users\Henrik.CEMENT\Desktop\Instruktioner.txt 2014-02-14 13:47 - 2014-02-14 13:47 - 00090112 _____ () C:\Users\Henrik.CEMENT\Downloads\Export_1392382060.xls 2014-02-14 10:34 - 2014-02-14 18:26 - 02152960 _____ (Farbar) C:\Users\Henrik.CEMENT\Desktop\FRST64.exe 2014-02-14 10:28 - 2014-02-14 18:32 - 00000000 ____D () C:\Users\Henrik.CEMENT\Desktop\FRST 2014-02-14 09:04 - 2014-02-14 09:04 - 00000000 ____D () C:\Program Files (x86)\ESET 2014-02-14 09:03 - 2014-02-14 15:49 - 00000000 ____D () C:\Users\Henrik.CEMENT\Desktop\Eset scan 2014-02-14 09:01 - 2014-02-14 14:26 - 00001844 _____ () C:\sc-cleaner.txt 2014-02-14 08:57 - 2014-02-14 08:57 - 00000143 _____ () C:\Users\Henrik.CEMENT\Desktop\Eset scan.url 2014-02-14 08:55 - 2014-02-15 10:15 - 00000000 _____ () C:\Users\Henrik.CEMENT\Desktop\Svarstext.txt 2014-02-13 18:32 - 2014-02-14 08:50 - 00000000 ____D () C:\Users\Henrik.CEMENT\Desktop\Adware Cleaner 2014-02-13 18:27 - 2014-02-13 18:27 - 00000000 ____D () C:\Users\Henrik.CEMENT\AppData\Roaming\Malwarebytes 2014-02-13 18:26 - 2014-02-13 18:26 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Henrik.CEMENT\Desktop\mbam-setup-1.75.0.1300.exe 2014-02-13 18:26 - 2014-02-13 18:26 - 00001080 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2014-02-13 18:26 - 2014-02-13 18:26 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-02-13 18:26 - 2014-02-13 18:26 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware 2014-02-13 18:26 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-02-13 13:08 - 2014-02-05 11:19 - 17849344 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-02-13 13:08 - 2014-02-05 11:02 - 10926080 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-02-13 13:08 - 2014-02-05 11:00 - 02334720 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-02-13 13:08 - 2014-02-05 10:54 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-02-13 13:08 - 2014-02-05 10:54 - 01347072 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-02-13 13:08 - 2014-02-05 10:52 - 01494528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-02-13 13:08 - 2014-02-05 10:52 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll 2014-02-13 13:08 - 2014-02-05 10:52 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-02-13 13:08 - 2014-02-05 10:51 - 02147840 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-02-13 13:08 - 2014-02-05 10:51 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2014-02-13 13:08 - 2014-02-05 10:51 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-02-13 13:08 - 2014-02-05 10:51 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-02-13 13:08 - 2014-02-05 10:51 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-02-13 13:08 - 2014-02-05 10:50 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-02-13 13:08 - 2014-02-05 10:50 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-02-13 13:08 - 2014-02-05 10:50 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-02-13 13:08 - 2014-02-05 09:58 - 12345344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-02-13 13:08 - 2014-02-05 09:56 - 01806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-02-13 13:08 - 2014-02-05 09:53 - 09739264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-02-13 13:08 - 2014-02-05 09:51 - 01105408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-02-13 13:08 - 2014-02-05 09:50 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-02-13 13:08 - 2014-02-05 09:49 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-02-13 13:08 - 2014-02-05 09:49 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll 2014-02-13 13:08 - 2014-02-05 09:48 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-02-13 13:08 - 2014-02-05 09:48 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2014-02-13 13:08 - 2014-02-05 09:48 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-02-13 13:08 - 2014-02-05 09:48 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-02-13 13:08 - 2014-02-05 09:48 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-02-13 13:08 - 2014-02-05 09:47 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-02-13 13:08 - 2014-02-05 09:47 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-02-13 13:08 - 2014-02-05 09:47 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-02-13 13:08 - 2014-02-05 09:46 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-02-13 13:07 - 2014-02-13 13:08 - 00000160 _____ () C:\Users\Henrik.CEMENT\Desktop\Sweet page - PC för alla.url 2014-02-13 12:56 - 2014-02-14 14:28 - 00033406 _____ () C:\Users\Henrik.CEMENT\Desktop\dds.txt 2014-02-13 12:56 - 2014-02-14 14:28 - 00013048 _____ () C:\Users\Henrik.CEMENT\Desktop\attach.txt 2014-02-13 11:00 - 2014-02-13 11:00 - 00000000 ____D () C:\Windows\ERDNT 2014-02-13 10:59 - 2014-02-13 10:59 - 00000895 _____ () C:\Users\UpdatusUser\Desktop\NTREGOPT.lnk 2014-02-13 10:59 - 2014-02-13 10:59 - 00000895 _____ () C:\Users\petermickelsson\Desktop\NTREGOPT.lnk 2014-02-13 10:59 - 2014-02-13 10:59 - 00000895 _____ () C:\Users\Henrik\Desktop\NTREGOPT.lnk 2014-02-13 10:59 - 2014-02-13 10:59 - 00000895 _____ () C:\Users\Henrik.CEMENT\Desktop\NTREGOPT.lnk 2014-02-13 10:59 - 2014-02-13 10:59 - 00000876 _____ () C:\Users\UpdatusUser\Desktop\ERUNT.lnk 2014-02-13 10:59 - 2014-02-13 10:59 - 00000876 _____ () C:\Users\petermickelsson\Desktop\ERUNT.lnk 2014-02-13 10:59 - 2014-02-13 10:59 - 00000876 _____ () C:\Users\Henrik\Desktop\ERUNT.lnk 2014-02-13 10:59 - 2014-02-13 10:59 - 00000876 _____ () C:\Users\Henrik.CEMENT\Desktop\ERUNT.lnk 2014-02-13 10:59 - 2014-02-13 10:59 - 00000000 ____D () C:\Program Files (x86)\ERUNT 2014-02-13 10:58 - 2014-02-13 10:58 - 00791393 _____ (Lars Hederer ) C:\Users\Henrik.CEMENT\Desktop\erunt-setup.exe 2014-02-13 10:52 - 2014-02-13 10:52 - 00688992 ____R (Swearware) C:\Users\Henrik.CEMENT\Desktop\dds.scr 2014-02-13 10:20 - 2014-02-15 10:36 - 00000000 ____D () C:\FRST 2014-02-13 10:19 - 2014-02-13 10:19 - 01166132 _____ () C:\Users\Henrik.CEMENT\Downloads\adwcleaner (1).exe 2014-02-13 10:13 - 2014-02-13 10:13 - 02152448 _____ (Farbar) C:\Users\Henrik.CEMENT\Downloads\FRST64.exe 2014-02-13 10:13 - 2014-02-13 10:13 - 01166132 _____ () C:\Users\Henrik.CEMENT\Downloads\adwcleaner.exe 2014-02-12 14:06 - 2014-02-12 14:06 - 00000000 ____D () C:\Users\Henrik.CEMENT\AppData\Roaming\NVIDIA 2014-02-12 09:03 - 2013-12-06 03:30 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll 2014-02-12 09:03 - 2013-12-06 03:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll 2014-02-12 09:03 - 2013-12-06 03:02 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll 2014-02-12 09:03 - 2013-12-06 03:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll 2014-02-11 15:47 - 2013-10-29 08:17 - 26940704 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll 2014-02-11 15:47 - 2013-10-29 08:17 - 25256224 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll 2014-02-11 15:47 - 2013-10-29 08:17 - 20461344 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll 2014-02-11 15:47 - 2013-10-29 08:17 - 17560352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll 2014-02-11 15:47 - 2013-10-29 08:17 - 12641480 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll 2014-02-11 15:47 - 2013-10-29 08:17 - 11137824 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys 2014-02-11 15:47 - 2013-10-29 08:17 - 09393856 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll 2014-02-11 15:47 - 2013-10-29 08:17 - 07935352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll 2014-02-11 15:47 - 2013-10-29 08:17 - 07566624 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll 2014-02-11 15:47 - 2013-10-29 08:17 - 06264144 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll 2014-02-11 15:47 - 2013-10-29 08:17 - 02907936 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll 2014-02-11 15:47 - 2013-10-29 08:17 - 02723616 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll 2014-02-11 15:47 - 2013-10-29 08:17 - 02511312 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll 2014-02-11 15:47 - 2013-10-29 08:17 - 02346784 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll 2014-02-11 15:47 - 2013-10-29 08:17 - 01987360 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll 2014-02-11 15:47 - 2013-10-29 08:17 - 01814304 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6431269.dll 2014-02-11 15:47 - 2013-10-29 08:17 - 01511712 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6431269.dll 2014-02-11 15:47 - 2013-10-29 08:17 - 00961192 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll 2014-02-11 15:47 - 2013-10-29 08:17 - 00284448 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvkflt.sys 2014-02-11 15:47 - 2013-10-29 08:17 - 00245872 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll 2014-02-11 15:47 - 2013-10-29 08:17 - 00201576 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll 2014-02-11 15:47 - 2013-10-29 08:17 - 00030496 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvpciflt.sys 2014-02-11 15:47 - 2013-02-25 09:57 - 00194848 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys 2014-02-11 15:47 - 2013-02-25 09:57 - 00031520 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll 2014-02-11 15:47 - 2013-01-29 13:05 - 01510176 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll 2014-02-09 18:27 - 2014-02-09 18:32 - 00000000 ____D () C:\Users\Henrik.CEMENT\Desktop\Minecraft server 2014-02-09 18:27 - 2014-02-09 18:30 - 00000000 ____D () C:\Users\Henrik.CEMENT\Desktop\world 2014-02-09 17:27 - 2014-02-15 10:31 - 00000000 ____D () C:\Users\Henrik.CEMENT\AppData\Local\LogMeIn Hamachi 2014-02-09 17:27 - 2014-02-09 17:27 - 00000000 ____D () C:\Users\Henrik.CEMENT\AppData\Local\LogMeIn 2014-02-09 17:27 - 2014-02-09 17:27 - 00000000 ____D () C:\ProgramData\LogMeIn 2014-02-09 17:26 - 2014-02-09 17:26 - 00000897 _____ () C:\Users\Public\Desktop\LogMeIn Hamachi.lnk 2014-02-09 17:26 - 2014-02-09 17:26 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi 2014-02-09 17:25 - 2014-02-09 17:25 - 00000000 ____D () C:\Users\Henrik.CEMENT\Desktop\Hamachi 2014-02-08 12:17 - 2014-02-08 12:17 - 00000000 ____D () C:\Users\Henrik.CEMENT\AppData\Roaming\LavasoftStatistics 2014-02-08 10:34 - 2014-02-08 12:17 - 00000000 ____D () C:\Program Files (x86)\Lavasoft 2014-02-08 10:34 - 2014-02-08 10:34 - 00000000 ____D () C:\Users\Henrik.CEMENT\AppData\Roaming\SecureSearch 2014-02-08 10:31 - 2014-02-08 10:31 - 00000000 ____D () C:\ProgramData\Lavasoft 2014-02-08 10:30 - 2014-02-08 10:30 - 01727624 _____ () C:\Users\Henrik.CEMENT\Downloads\Adaware_Installer.exe 2014-02-08 10:30 - 2014-02-08 10:30 - 01727624 _____ () C:\Users\Henrik.CEMENT\Downloads\Adaware_Installer (1).exe 2014-02-01 10:39 - 2014-02-01 10:39 - 00000000 ____D () C:\Users\Henrik.CEMENT\AppData\Local\Unity 2014-02-01 10:37 - 2014-02-01 10:37 - 00000000 ____D () C:\Program Files (x86)\OverTheEdge 2014-01-22 08:52 - 2014-01-22 08:52 - 00206080 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\system32\Drivers\ssudmdm.sys 2014-01-22 08:52 - 2014-01-22 08:52 - 00108800 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\system32\Drivers\ssudbus.sys 2014-01-20 06:44 - 2014-01-20 06:44 - 00005305 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log 2014-01-17 08:19 - 2013-10-30 12:06 - 00821824 _____ (Devguru Co., Ltd.) C:\Windows\SysWOW64\dgderapi.dll ==================== One Month Modified Files and Folders ======= 2014-02-15 10:36 - 2014-02-14 18:28 - 00024935 _____ () C:\Users\Henrik.CEMENT\Desktop\FRST.txt 2014-02-15 10:36 - 2014-02-13 10:20 - 00000000 ____D () C:\FRST 2014-02-15 10:33 - 2013-11-20 15:06 - 00000000 ____D () C:\Users\Henrik.CEMENT\AppData\Roaming\Dropbox 2014-02-15 10:33 - 2012-04-18 16:14 - 02042908 _____ () C:\Windows\WindowsUpdate.log 2014-02-15 10:33 - 2011-10-31 23:13 - 00664850 _____ () C:\Windows\system32\perfh01D.dat 2014-02-15 10:33 - 2011-10-31 23:13 - 00142920 _____ () C:\Windows\system32\perfc01D.dat 2014-02-15 10:33 - 2009-07-14 06:13 - 01582372 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-02-15 10:32 - 2014-02-15 10:32 - 00037881 _____ () C:\Users\Henrik.CEMENT\Desktop\PWMTR64V.dll 2014-02-15 10:32 - 2012-04-20 10:39 - 00000000 ____D () C:\Users\Henrik.CEMENT\AppData\Roaming\Skype 2014-02-15 10:31 - 2014-02-09 17:27 - 00000000 ____D () C:\Users\Henrik.CEMENT\AppData\Local\LogMeIn Hamachi 2014-02-15 10:31 - 2013-11-20 15:13 - 00000000 ___RD () C:\Users\Henrik.CEMENT\Desktop\Dropbox 2014-02-15 10:31 - 2011-10-31 23:57 - 00001004 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-02-15 10:29 - 2014-02-15 09:55 - 00000280 _____ () C:\Windows\setupact.log 2014-02-15 10:29 - 2012-04-18 16:15 - 00000528 _____ () C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job 2014-02-15 10:29 - 2011-10-31 23:50 - 00000000 ____D () C:\ProgramData\NVIDIA 2014-02-15 10:29 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-02-15 10:28 - 2012-04-18 16:15 - 00000466 _____ () C:\Windows\Tasks\SystemToolsDailyTest.job 2014-02-15 10:25 - 2009-07-14 05:45 - 00031072 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-02-15 10:25 - 2009-07-14 05:45 - 00031072 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-02-15 10:19 - 2012-10-05 16:26 - 00001022 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1930276774-2984886965-450592802-1155UA.job 2014-02-15 10:19 - 2011-10-31 23:57 - 00001008 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-02-15 10:16 - 2014-02-14 14:16 - 00000000 _____ () C:\Users\Henrik.CEMENT\Desktop\Instruktioner.txt 2014-02-15 10:15 - 2014-02-14 08:55 - 00000000 _____ () C:\Users\Henrik.CEMENT\Desktop\Svarstext.txt 2014-02-15 10:11 - 2012-10-31 14:51 - 00000868 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-02-15 09:55 - 2014-02-15 09:55 - 00003694 _____ () C:\Windows\PFRO.log 2014-02-15 09:55 - 2014-02-15 09:55 - 00000000 _____ () C:\Windows\setuperr.log 2014-02-15 09:55 - 2011-10-31 23:57 - 00000000 ____D () C:\Program Files\Google 2014-02-15 09:55 - 2011-10-31 23:57 - 00000000 ____D () C:\Program Files (x86)\Google 2014-02-15 09:51 - 2013-05-27 05:46 - 00000000 ____D () C:\Users\Henrik.CEMENT\AppData\Local\CrashDumps 2014-02-15 09:51 - 2012-04-23 07:51 - 00000000 ____D () C:\Users\Henrik.CEMENT\AppData\Roaming\Winamp 2014-02-15 09:22 - 2012-04-19 10:33 - 00000000 ____D () C:\Users\Henrik.CEMENT\AppData\Local\Google 2014-02-15 09:20 - 2013-01-05 08:36 - 00000000 ____D () C:\ProgramData\Origin 2014-02-15 09:19 - 2013-12-21 22:35 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-02-15 02:02 - 2012-04-22 18:13 - 00000000 ____D () C:\Users\Henrik.CEMENT\AppData\Local\Adobe 2014-02-14 19:26 - 2012-04-18 16:15 - 00003448 _____ () C:\Windows\System32\Tasks\PCDEventLauncher 2014-02-14 19:25 - 2011-10-31 23:57 - 00000000 ____D () C:\ProgramData\PCDr 2014-02-14 19:18 - 2013-01-22 15:52 - 00000000 ____D () C:\Users\Henrik.CEMENT\Desktop\Att läsa 2014-02-14 18:32 - 2014-02-14 10:28 - 00000000 ____D () C:\Users\Henrik.CEMENT\Desktop\FRST 2014-02-14 18:26 - 2014-02-14 10:34 - 02152960 _____ (Farbar) C:\Users\Henrik.CEMENT\Desktop\FRST64.exe 2014-02-14 15:49 - 2014-02-14 09:03 - 00000000 ____D () C:\Users\Henrik.CEMENT\Desktop\Eset scan 2014-02-14 14:28 - 2014-02-14 14:28 - 00013048 _____ () C:\Users\Henrik.CEMENT\Desktop\Attach_2.txt 2014-02-14 14:28 - 2014-02-13 12:56 - 00033406 _____ () C:\Users\Henrik.CEMENT\Desktop\dds.txt 2014-02-14 14:28 - 2014-02-13 12:56 - 00013048 _____ () C:\Users\Henrik.CEMENT\Desktop\attach.txt 2014-02-14 14:26 - 2014-02-14 09:01 - 00001844 _____ () C:\sc-cleaner.txt 2014-02-14 14:25 - 2014-02-14 14:26 - 00406264 _____ (Bleeping Computer, LLC) C:\Users\Henrik.CEMENT\Desktop\sc-cleaner.exe 2014-02-14 14:25 - 2014-02-14 14:25 - 00000154 _____ () C:\Users\Henrik.CEMENT\Desktop\Shortcutcleaner.url 2014-02-14 14:19 - 2012-10-05 16:26 - 00000970 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1930276774-2984886965-450592802-1155Core.job 2014-02-14 13:47 - 2014-02-14 13:47 - 00090112 _____ () C:\Users\Henrik.CEMENT\Downloads\Export_1392382060.xls 2014-02-14 13:33 - 2013-08-03 21:26 - 00000000 ____D () C:\Users\Henrik.CEMENT\AppData\Roaming\Spotify 2014-02-14 12:19 - 2012-04-19 09:21 - 00000120 _____ () C:\Windows\system32\config\netlogon.ftl 2014-02-14 11:39 - 2013-08-03 21:28 - 00000000 ____D () C:\Users\Henrik.CEMENT\AppData\Local\Spotify 2014-02-14 10:02 - 2013-09-06 09:35 - 00003920 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{912A2F75-59F9-40DE-8D54-318D02E92FB1} 2014-02-14 09:04 - 2014-02-14 09:04 - 00000000 ____D () C:\Program Files (x86)\ESET 2014-02-14 08:57 - 2014-02-14 08:57 - 00000143 _____ () C:\Users\Henrik.CEMENT\Desktop\Eset scan.url 2014-02-14 08:52 - 2012-04-19 09:29 - 00000980 _____ () C:\Users\Henrik.CEMENT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk 2014-02-14 08:52 - 2012-04-19 09:28 - 00001123 _____ () C:\Users\Henrik.CEMENT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2014-02-14 08:50 - 2014-02-13 18:32 - 00000000 ____D () C:\Users\Henrik.CEMENT\Desktop\Adware Cleaner 2014-02-13 18:54 - 2013-09-08 11:24 - 00000000 ____D () C:\ProgramData\Wincert 2014-02-13 18:27 - 2014-02-13 18:27 - 00000000 ____D () C:\Users\Henrik.CEMENT\AppData\Roaming\Malwarebytes 2014-02-13 18:26 - 2014-02-13 18:26 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Henrik.CEMENT\Desktop\mbam-setup-1.75.0.1300.exe 2014-02-13 18:26 - 2014-02-13 18:26 - 00001080 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2014-02-13 18:26 - 2014-02-13 18:26 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-02-13 18:26 - 2014-02-13 18:26 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware 2014-02-13 13:08 - 2014-02-13 13:07 - 00000160 _____ () C:\Users\Henrik.CEMENT\Desktop\Sweet page - PC för alla.url 2014-02-13 11:00 - 2014-02-13 11:00 - 00000000 ____D () C:\Windows\ERDNT 2014-02-13 10:59 - 2014-02-13 10:59 - 00000895 _____ () C:\Users\UpdatusUser\Desktop\NTREGOPT.lnk 2014-02-13 10:59 - 2014-02-13 10:59 - 00000895 _____ () C:\Users\petermickelsson\Desktop\NTREGOPT.lnk 2014-02-13 10:59 - 2014-02-13 10:59 - 00000895 _____ () C:\Users\Henrik\Desktop\NTREGOPT.lnk 2014-02-13 10:59 - 2014-02-13 10:59 - 00000895 _____ () C:\Users\Henrik.CEMENT\Desktop\NTREGOPT.lnk 2014-02-13 10:59 - 2014-02-13 10:59 - 00000876 _____ () C:\Users\UpdatusUser\Desktop\ERUNT.lnk 2014-02-13 10:59 - 2014-02-13 10:59 - 00000876 _____ () C:\Users\petermickelsson\Desktop\ERUNT.lnk 2014-02-13 10:59 - 2014-02-13 10:59 - 00000876 _____ () C:\Users\Henrik\Desktop\ERUNT.lnk 2014-02-13 10:59 - 2014-02-13 10:59 - 00000876 _____ () C:\Users\Henrik.CEMENT\Desktop\ERUNT.lnk 2014-02-13 10:59 - 2014-02-13 10:59 - 00000000 ____D () C:\Program Files (x86)\ERUNT 2014-02-13 10:58 - 2014-02-13 10:58 - 00791393 _____ (Lars Hederer ) C:\Users\Henrik.CEMENT\Desktop\erunt-setup.exe 2014-02-13 10:54 - 2009-07-14 06:32 - 00000000 ____D () C:\Windows\system32\restore 2014-02-13 10:52 - 2014-02-13 10:52 - 00688992 ____R (Swearware) C:\Users\Henrik.CEMENT\Desktop\dds.scr 2014-02-13 10:19 - 2014-02-13 10:19 - 01166132 _____ () C:\Users\Henrik.CEMENT\Downloads\adwcleaner (1).exe 2014-02-13 10:13 - 2014-02-13 10:13 - 02152448 _____ (Farbar) C:\Users\Henrik.CEMENT\Downloads\FRST64.exe 2014-02-13 10:13 - 2014-02-13 10:13 - 01166132 _____ () C:\Users\Henrik.CEMENT\Downloads\adwcleaner.exe 2014-02-13 05:14 - 2011-10-31 23:57 - 00004004 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2014-02-13 05:14 - 2011-10-31 23:57 - 00003752 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2014-02-12 14:14 - 2012-11-09 17:59 - 00000000 ____D () C:\Users\Henrik.CEMENT\AppData\Roaming\.minecraft 2014-02-12 14:06 - 2014-02-12 14:06 - 00000000 ____D () C:\Users\Henrik.CEMENT\AppData\Roaming\NVIDIA 2014-02-12 13:21 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF 2014-02-12 09:06 - 2012-04-19 10:05 - 01561158 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI 2014-02-12 09:06 - 2012-04-19 07:13 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-02-12 08:59 - 2009-07-14 03:34 - 00000478 _____ () C:\Windows\win.ini 2014-02-12 07:37 - 2011-10-31 23:52 - 00000000 ____D () C:\Windows\SysWOW64\NV 2014-02-12 07:37 - 2011-10-31 23:52 - 00000000 ____D () C:\Windows\system32\NV 2014-02-11 15:48 - 2011-10-31 23:49 - 00000000 ____D () C:\Program Files\NVIDIA Corporation 2014-02-11 15:48 - 2011-10-31 23:49 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation 2014-02-09 18:32 - 2014-02-09 18:27 - 00000000 ____D () C:\Users\Henrik.CEMENT\Desktop\Minecraft server 2014-02-09 18:30 - 2014-02-09 18:27 - 00000000 ____D () C:\Users\Henrik.CEMENT\Desktop\world 2014-02-09 17:52 - 2014-01-02 18:12 - 00000000 ____D () C:\Users\Henrik.CEMENT\Desktop\minecraft 2014-02-09 17:27 - 2014-02-09 17:27 - 00000000 ____D () C:\Users\Henrik.CEMENT\AppData\Local\LogMeIn 2014-02-09 17:27 - 2014-02-09 17:27 - 00000000 ____D () C:\ProgramData\LogMeIn 2014-02-09 17:26 - 2014-02-09 17:26 - 00000897 _____ () C:\Users\Public\Desktop\LogMeIn Hamachi.lnk 2014-02-09 17:26 - 2014-02-09 17:26 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi 2014-02-09 17:25 - 2014-02-09 17:25 - 00000000 ____D () C:\Users\Henrik.CEMENT\Desktop\Hamachi 2014-02-08 16:57 - 2013-07-26 20:50 - 00000000 ____D () C:\Program Files (x86)\SwordsSandals2 2014-02-08 12:17 - 2014-02-08 12:17 - 00000000 ____D () C:\Users\Henrik.CEMENT\AppData\Roaming\LavasoftStatistics 2014-02-08 12:17 - 2014-02-08 10:34 - 00000000 ____D () C:\Program Files (x86)\Lavasoft 2014-02-08 10:34 - 2014-02-08 10:34 - 00000000 ____D () C:\Users\Henrik.CEMENT\AppData\Roaming\SecureSearch 2014-02-08 10:31 - 2014-02-08 10:31 - 00000000 ____D () C:\ProgramData\Lavasoft 2014-02-08 10:30 - 2014-02-08 10:30 - 01727624 _____ () C:\Users\Henrik.CEMENT\Downloads\Adaware_Installer.exe 2014-02-08 10:30 - 2014-02-08 10:30 - 01727624 _____ () C:\Users\Henrik.CEMENT\Downloads\Adaware_Installer (1).exe 2014-02-06 07:11 - 2012-10-31 14:51 - 00003806 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-02-06 07:11 - 2012-04-23 11:05 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-02-06 07:11 - 2012-04-23 11:05 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-02-05 11:19 - 2014-02-13 13:08 - 17849344 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-02-05 11:02 - 2014-02-13 13:08 - 10926080 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-02-05 11:00 - 2014-02-13 13:08 - 02334720 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-02-05 10:54 - 2014-02-13 13:08 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-02-05 10:54 - 2014-02-13 13:08 - 01347072 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-02-05 10:52 - 2014-02-13 13:08 - 01494528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-02-05 10:52 - 2014-02-13 13:08 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll 2014-02-05 10:52 - 2014-02-13 13:08 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-02-05 10:51 - 2014-02-13 13:08 - 02147840 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-02-05 10:51 - 2014-02-13 13:08 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2014-02-05 10:51 - 2014-02-13 13:08 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-02-05 10:51 - 2014-02-13 13:08 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-02-05 10:51 - 2014-02-13 13:08 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-02-05 10:50 - 2014-02-13 13:08 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-02-05 10:50 - 2014-02-13 13:08 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-02-05 10:50 - 2014-02-13 13:08 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-02-05 09:58 - 2014-02-13 13:08 - 12345344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-02-05 09:56 - 2014-02-13 13:08 - 01806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-02-05 09:53 - 2014-02-13 13:08 - 09739264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-02-05 09:51 - 2014-02-13 13:08 - 01105408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-02-05 09:50 - 2014-02-13 13:08 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-02-05 09:49 - 2014-02-13 13:08 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-02-05 09:49 - 2014-02-13 13:08 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll 2014-02-05 09:48 - 2014-02-13 13:08 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-02-05 09:48 - 2014-02-13 13:08 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2014-02-05 09:48 - 2014-02-13 13:08 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-02-05 09:48 - 2014-02-13 13:08 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-02-05 09:48 - 2014-02-13 13:08 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-02-05 09:47 - 2014-02-13 13:08 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-02-05 09:47 - 2014-02-13 13:08 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-02-05 09:47 - 2014-02-13 13:08 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-02-05 09:46 - 2014-02-13 13:08 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-02-04 09:08 - 2013-06-21 14:51 - 00000000 ____D () C:\Users\Henrik.CEMENT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth-enheter 2014-02-03 20:22 - 2012-04-19 10:33 - 00000000 ____D () C:\Users\Henrik.CEMENT\AppData\Roaming\Adobe 2014-02-01 10:39 - 2014-02-01 10:39 - 00000000 ____D () C:\Users\Henrik.CEMENT\AppData\Local\Unity 2014-02-01 10:37 - 2014-02-01 10:37 - 00000000 ____D () C:\Program Files (x86)\OverTheEdge 2014-01-31 09:19 - 2012-09-20 10:49 - 00000000 ____D () C:\Users\Henrik.CEMENT\AppData\Roaming\FileZilla 2014-01-30 12:00 - 2012-04-19 09:28 - 00000000 ___RD () C:\Users\Henrik.CEMENT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-01-23 15:18 - 2013-11-20 15:10 - 00000000 ____D () C:\Users\Henrik.CEMENT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2014-01-23 12:45 - 2013-09-26 07:34 - 00000000 ____D () C:\Program Files (x86)\Securepoint SSL VPN 2014-01-22 16:47 - 2012-04-26 07:36 - 00000000 ____D () C:\Users\Henrik.CEMENT\AppData\Local\Downloaded Installations 2014-01-22 16:47 - 2012-04-26 07:36 - 00000000 ____D () C:\Program Files (x86)\Samsung 2014-01-22 16:47 - 2011-10-31 23:42 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information 2014-01-22 08:52 - 2014-01-22 08:52 - 00206080 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\system32\Drivers\ssudmdm.sys 2014-01-22 08:52 - 2014-01-22 08:52 - 00108800 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\system32\Drivers\ssudbus.sys 2014-01-20 06:44 - 2014-01-20 06:44 - 00005305 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log 2014-01-20 06:44 - 2013-10-21 07:19 - 00000000 ____D () C:\ProgramData\Oracle 2014-01-20 06:44 - 2012-11-09 17:58 - 00000000 ____D () C:\Program Files (x86)\Java 2014-01-17 08:22 - 2012-04-26 07:38 - 00000000 ____D () C:\Users\Henrik.CEMENT\AppData\Local\Samsung 2014-01-17 08:18 - 2012-04-26 07:36 - 00000000 ____D () C:\ProgramData\Samsung 2014-01-16 09:23 - 2013-04-19 06:54 - 00000000 ____D () C:\Program Files (x86)\Series2 ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-02-08 14:51 ==================== End Of Log ============================ Länk till kommentar Dela på andra webbplatser More sharing options...
Cecilia Postad 15 februari, 2014 Share Postad 15 februari, 2014 1. Nej, men vet ju inte vad som händer i framtiden. Att använda den är ju en sak men måste den ligga i tillförlitliga zonen? Men har du inget val så har du inget val. Hur fungerar datorn och webbläsarna nu? Har du några andra frågor innan du får instruktionen för avinstallationen av specialprogrammen? Länk till kommentar Dela på andra webbplatser More sharing options...
hejeh Postad 15 februari, 2014 Trådskapare Share Postad 15 februari, 2014 Det försvann ett verktyg för uppdatering av bland annat drivrutiner mm från Lenovo ihop med FRST Fixit som jag hade velat ha kvar - Det kommer upp ett felmeddelande som jag misstänker har med detta att göra vid uppstart - se bifogad printscreen. Bortsett från det så verkar allt funka kanon. Länk till kommentar Dela på andra webbplatser More sharing options...
Cecilia Postad 16 februari, 2014 Share Postad 16 februari, 2014 Enligt senaste FRST-loggen ligger PWMTR64V.DLL på skrivbordet. 2014-02-15 10:32 - 2014-02-15 10:32 - 00037881 _____ () C:\Users\Henrik.CEMENT\Desktop\PWMTR64V.dll Har du råkat flytta filen dit? Kan du flytta tillbaks den? Länk till kommentar Dela på andra webbplatser More sharing options...
hejeh Postad 16 februari, 2014 Trådskapare Share Postad 16 februari, 2014 Enligt senaste FRST-loggen ligger PWMTR64V.DLL på skrivbordet. 2014-02-15 10:32 - 2014-02-15 10:32 - 00037881 _____ () C:\Users\Henrik.CEMENT\Desktop\PWMTR64V.dll Har du råkat flytta filen dit? Kan du flytta tillbaks den? Nej, den ligger inte där - jag råkade döpa printscreenen till .dll av misstag. Det är den filen som visas ovan (bytte tillbaka till korrekt filändelse innan jag lade till den i posten). Löste problemet genom att ominstallera programmet som var kopplat till filen (Power manager) + det andra verktyget jag saknade så nu ser allt bra ut. Länk till kommentar Dela på andra webbplatser More sharing options...
Cecilia Postad 16 februari, 2014 Share Postad 16 februari, 2014 Det var ju bra att du löste det Då var det dags att avinstallera specialprogrammen:1. Stäng alla program, inklusive webbläsare.Dubbelklicka på AdwCleaner för att starta programmet.Klicka på Uninstall-knappen.2. Ladda ner avinstallationsprogrammet OTC till Skrivbordet: http://oldtimer.geekstogo.com/OTC.exeDubbelklicka på filen för att starta programmet.Tryck på knappen CleanUp! och DDS m.fl. rensningsprogram kommer att avinstalleras efter en omstart av datorn. Om något sådant program är kvar efter det så fråga hur du ska ta bort det. Ta bort eventuella loggar.3. Förbättra skyddet i datorn, se mina Råd för en säkrare dator: http://ceciliasec.wordpress.com/rad/Det är mycket viktigt att hålla alla småprogram i datorn uppdaterade, gamla versioner av t ex Flash, Java och Adobe Reader innehåller kända säkerhetshål, vilka kan användas av en webbsida för att infektera datorn. Jag tycker att Secunias program (länk på min webbsida) är en bra hjälp för att kontrollera hur det står till med säkerhetshål i datorn och ange vad som behöver åtgärdas. Länk till kommentar Dela på andra webbplatser More sharing options...
hejeh Postad 16 februari, 2014 Trådskapare Share Postad 16 februari, 2014 Shortcutcleaner ligger kvar, likaså ESET scan, Erunt och ngt som heter NTREGOPT samt Malwarebytes anti-malware. Alla dessa kanske inte är nödvändiga att plocka bort men jag nämner alla så... Länk till kommentar Dela på andra webbplatser More sharing options...
Cecilia Postad 16 februari, 2014 Share Postad 16 februari, 2014 ShortcutCleaner kan du ta bort genom att slänga den i papperskorgen. Erunt (och Ntregopt hör ihop med det) kan du avinstallera i Kontrollpanelen. Esets skanner och MBAM föreslår jag att du behåller och låter dem skanna igenom datorn då och då för att få en extra kontroll. Som du har märkt hittar inte Norton allt (gäller alla antivirusprogram). Länk till kommentar Dela på andra webbplatser More sharing options...
hejeh Postad 17 februari, 2014 Trådskapare Share Postad 17 februari, 2014 Tack så mycket för hjälpen - ytterst uppskattat! Länk till kommentar Dela på andra webbplatser More sharing options...
Cecilia Postad 17 februari, 2014 Share Postad 17 februari, 2014 Bara trevligt att kunna hjälpa till Länk till kommentar Dela på andra webbplatser More sharing options...
Rekommendera Poster
Arkiverat
Det här ämnet är nu arkiverat och är stängt för ytterligare svar.