linakerstin - Delad tråd - mysearchdaily

[linakerstin]

Hej Cecilia! 

 

Har fått ett misstänkt virus igår, när jag öppnar 
chrome kommer mysearchdaily upp istället för google. 

 

Jag har utfört all scanning du visat i ett tidigare inlägg 
så jag skickar med dom här. 

Tacksam för hjälp! 
/Lina 

 

Malwarebytes Anti-Malware 1.75.0.1300

www.malwarebytes.org

 

Databasversion: v2014.02.28.09

 

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 11.0.9600.16518

Erik Staaf :: ERIKSTAAF-DATOR [administratör]

 

2014-02-28 21:00:41

mbam-log-2014-02-28 (21-00-41).txt

 

Skanningstyp: Fullständig skanning (C:\|)

Aktiverade skanningsalternativ: Minne | Start | Register | Filsystem | Heuristik/Extra | Heuristik/Shuriken | PUP | PUM

Inaktiverade skanningsalternativ: P2P

Antal skannade objekt: 387705

Förfluten tid: 3 timme(ar), 2 minut(er), 11 sekund(er)

 

Upptäckta minnesprocesser: 0

(Inga skadliga poster hittades)

 

Upptäckta minnesmoduler: 0

(Inga skadliga poster hittades)

 

Upptäckta registernycklar: 4

HKCR\Typelib\{83C02F52-352E-4D97-BCED-E6B61C924811} (Adware.QWO) -> Sattes i karantän och togs bort.

HKCR\Interface\{5C399D68-4C65-41C0-95DD-34C0E711E49F} (Adware.QWO) -> Sattes i karantän och togs bort.

HKCR\QWS.QWBand (Adware.QWO) -> Sattes i karantän och togs bort.

HKCR\QWS.QWBand.1 (Adware.QWO) -> Sattes i karantän och togs bort.

 

Upptäckta registervärden: 0

(Inga skadliga poster hittades)

 

Upptäckta registerdataposter: 0

(Inga skadliga poster hittades)

 

Upptäckta mappar: 4

C:\Users\Erik Staaf\AppData\Local\Temp\CT3220468 (PUP.Optional.Conduit.A) -> Sattes i karantän och togs bort.

C:\Users\Erik Staaf\AppData\Local\Temp\CT3220468\xpi (PUP.Optional.Conduit.A) -> Sattes i karantän och togs bort.

C:\Users\Erik Staaf\AppData\Local\Temp\CT3220468\xpi\defaults (PUP.Optional.Conduit.A) -> Sattes i karantän och togs bort.

C:\Users\Erik Staaf\AppData\Local\Temp\CT3220468\xpi\defaults\preferences (PUP.Optional.Conduit.A) -> Sattes i karantän och togs bort.

 

Upptäckta filer: 24

C:\Program Files (x86)\D070A56863A044CA93F80E08CF9A714C\QWS.dll (Adware.QWO) -> Sattes i karantän och togs bort.

C:\Program Files (x86)\E-Zsoft\YouTubeDownloader\QWS-t.dll (Adware.QWO) -> Sattes i karantän och togs bort.

C:\Users\Erik Staaf\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CGP91Q3A\spstub[1].exe (PUP.Optional.Conduit.A) -> Sattes i karantän och togs bort.

C:\Users\Erik Staaf\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EUF44BXK\SPSetup[1].exe (PUP.Optional.Conduit.A) -> Sattes i karantän och togs bort.

C:\Users\Erik Staaf\AppData\Local\Temp\nsbD629.exe (PUP.Optional.SearchProtect.A) -> Sattes i karantän och togs bort.

C:\Users\Erik Staaf\AppData\Local\Temp\nsg65CB.exe (PUP.Optional.SearchProtect.A) -> Sattes i karantän och togs bort.

C:\Users\Erik Staaf\AppData\Local\Temp\nsq6F2F.exe (PUP.Optional.SearchProtect.A) -> Sattes i karantän och togs bort.

C:\Users\Erik Staaf\AppData\Local\Temp\nsvC719.exe (PUP.Optional.SearchProtect.A) -> Sattes i karantän och togs bort.

C:\Users\Erik Staaf\AppData\Local\Temp\nsvD08C.exe (PUP.Optional.SearchProtect.A) -> Sattes i karantän och togs bort.

C:\Users\Erik Staaf\AppData\Local\Temp\nsw6B0A.exe (PUP.Optional.SearchProtect.A) -> Sattes i karantän och togs bort.

C:\Users\Erik Staaf\AppData\Local\Temp\nsy7BF6.exe (PUP.Optional.SearchProtect.A) -> Sattes i karantän och togs bort.

C:\Users\Erik Staaf\AppData\Local\Temp\SPSetup.exe (PUP.Optional.Conduit.A) -> Sattes i karantän och togs bort.

C:\Users\Erik Staaf\AppData\Local\Temp\uttB38.tmp.exe (PUP.Optional.Conduit.A) -> Sattes i karantän och togs bort.

C:\Users\Erik Staaf\AppData\Local\Temp\is2095933935\534000_stp\Mysearchdial.exe (PUP.Optional.MySpeedDial.A) -> Sattes i karantän och togs bort.

C:\Users\Erik Staaf\AppData\Local\Temp\nsn985.tmp\SPtool.dll (PUP.Optional.SearchProtect.A) -> Sattes i karantän och togs bort.

C:\Users\Erik Staaf\Downloads\42 (1).exe (PUP.Optional.Installrex) -> Sattes i karantän och togs bort.

C:\Windows\Temp\nsm6155.exe (PUP.Optional.SearchProtect.A) -> Sattes i karantän och togs bort.

C:\Windows\Temp\nswA73B.exe (PUP.Optional.SearchProtect.A) -> Sattes i karantän och togs bort.

C:\Users\Erik Staaf\Favorites\Qword Search Engine.url (Adware.QWO) -> Sattes i karantän och togs bort.

C:\Users\Erik Staaf\AppData\Local\Temp\CT3220468\conduit.xml (PUP.Optional.Conduit.A) -> Sattes i karantän och togs bort.

C:\Users\Erik Staaf\AppData\Local\Temp\CT3220468\CT3220468.xpi (PUP.Optional.Conduit.A) -> Sattes i karantän och togs bort.

C:\Users\Erik Staaf\AppData\Local\Temp\CT3220468\version.txt (PUP.Optional.Conduit.A) -> Sattes i karantän och togs bort.

C:\Users\Erik Staaf\AppData\Local\Temp\CT3220468\xpi\install.rdf (PUP.Optional.Conduit.A) -> Sattes i karantän och togs bort.

C:\Users\Erik Staaf\AppData\Local\Temp\CT3220468\xpi\defaults\preferences\defaults.js (PUP.Optional.Conduit.A) -> Sattes i karantän och togs bort.

 

(klar)

 

 

 

 

Shortcut Cleaner 1.2.9 by Lawrence Abrams (Grinler)

http://www.bleepingcomputer.com/

Copyright 2008-2014 BleepingComputer.com

More Information about Shortcut Cleaner can be found at this link:

 http://www.bleepingcomputer.com/download/shortcut-cleaner/

 

Windows Version: Windows 7 Professional N Service Pack 1

Program started at: 03/01/2014 08:49:39 AM.

 

Scanning for registry hijacks:

 

 * No issues found in the Registry.

 

Searching for Hijacked Shortcuts:

 

Searching C:\Users\Erik Staaf\AppData\Roaming\Microsoft\Windows\Start Menu\

 

Searching C:\ProgramData\Microsoft\Windows\Start Menu\

 

Searching C:\Users\Erik Staaf\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\

 

Searching C:\Users\Public\Desktop\

 

Searching C:\Users\Erik Staaf\Desktop

 

 

0 bad shortcuts found.

 

Program finished at: 03/01/2014 08:49:48 AM

Execution time: 0 hours(s), 0 minute(s), and 9 seconds(s)

 

 

 

 

# AdwCleaner v3.020 - Report created 01/03/2014 at 08:51:41

# Updated 27/02/2014 by Xplode

# Operating System : Windows 7 Professional N Service Pack 1 (64 bits)

# Username : Erik Staaf - ERIKSTAAF-DATOR

# Running from : C:\Users\Erik Staaf\Downloads\adwcleaner (2).exe

# Option : Scan

 

***** [ Services ] *****

 

 

***** [ Files / Folders ] *****

 

 

***** [ Shortcuts ] *****

 

 

***** [ Registry ] *****

 

 

***** [ Browsers ] *****

 

-\\ Internet Explorer v11.0.9600.16518

 

 

-\\ Mozilla Firefox v

 

[ File : C:\Users\Erik Staaf\AppData\Roaming\Mozilla\Firefox\Profiles\hkx7u9m2.default\prefs.js ]

 

 

-\\ Google Chrome v33.0.1750.117

 

[ File : C:\Users\Erik Staaf\AppData\Local\Google\Chrome\User Data\Default\preferences ]

 

 

*************************

 

AdwCleaner[R0].txt - [8496 octets] - [26/01/2014 13:20:04]

AdwCleaner[R1].txt - [3950 octets] - [28/02/2014 18:59:23]

AdwCleaner[R2].txt - [1160 octets] - [28/02/2014 19:12:50]

AdwCleaner[R3].txt - [1276 octets] - [28/02/2014 20:01:33]

AdwCleaner[R4].txt - [1021 octets] - [01/03/2014 08:51:41]

AdwCleaner[s0].txt - [8118 octets] - [26/01/2014 13:24:26]

AdwCleaner[s1].txt - [3163 octets] - [28/02/2014 19:02:51]

AdwCleaner[s2].txt - [1222 octets] - [28/02/2014 19:14:44]

AdwCleaner[s3].txt - [1338 octets] - [28/02/2014 20:05:25]

 

########## EOF - C:\AdwCleaner\AdwCleaner[R4].txt - [1321 octets] ##########

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-02-2014 02

Ran by Erik Staaf at 2014-03-01 08:59:35

Running from C:\Users\Erik Staaf\Downloads

Boot Mode: Normal

==========================================================

 

 

==================== Security Center ========================

 

AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

 

==================== Installed Programs ======================

 

 Update for Microsoft Office 2007 (KB2508958) (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version:  - Microsoft)

µTorrent (HKCU\...\uTorrent) (Version: 3.3.2.30303 - BitTorrent Inc.)

ActiveX-kontroll för fjärranslutningar för Windows Live Mesh (HKLM-x32\...\{376D59B1-42D9-4FA2-B6CC-E346B6BE14F5}) (Version: 15.4.5722.2 - Microsoft Corporation)

Adobe Flash Player 10 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 10.0.42.34 - Adobe Systems Incorporated)

Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.70 - Adobe Systems Incorporated)

Adobe Reader XI (11.0.03) - Svenska (HKLM-x32\...\{AC76BA86-7AD7-1053-7B44-AB0000000001}) (Version: 11.0.03 - Adobe Systems Incorporated)

Apple Mobile Device Support (HKLM\...\{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}) (Version: 6.0.1.3 - Apple Inc.)

Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)

Apple-programstöd (HKLM-x32\...\{CCE825DB-347A-4004-A186-5F4A6FDD8547}) (Version: 2.3.2 - Apple Inc.)

Autodesk Asset Locator (HKLM-x32\...\{F4CFD2EA-F432-4EC0-9538-661CD1C173D2}) (Version: 17.0.65 - Autodesk)

Autodesk CAD Manager Tools (HKLM\...\{5783F2D7-0111-0409-0110-0060B0CE6BBA}) (Version: 16.0.0.65 - Autodesk)

Autodesk Design Review 2011 (HKLM-x32\...\Autodesk Design Review 2011) (Version: 11.0.0.86 - Autodesk, Inc.)

Autodesk Design Review 2011 (x32 Version: 11.0.0.86 - Autodesk, Inc.) Hidden

Autodesk Material Library 2011 (HKLM-x32\...\{9DEABCB6-B759-4D52-92F8-51B34A2B4D40}) (Version: 2.0.0.100 - Autodesk)

Autodesk Material Library 2011 Base Image library (HKLM-x32\...\{CD1E078C-A6B9-47DA-B035-6365C85C7832}) (Version: 2.0.0.49 - Autodesk)

Autodesk Material Library 2011 Medium Image library (HKLM-x32\...\{975951E7-14D0-49AF-A630-89680D12D7F6}) (Version: 2.0.0.49 - Autodesk)

Autodesk Network License Manager (HKLM\...\{4BE91685-1632-47FC-B563-A8A542C6664C}) (Version: 1.0.0 - Autodesk)

Autodesk Revit Architecture 2011 x64 (HKLM\...\Autodesk Revit Architecture 2011 x64) (Version: 10.03.26170 - Autodesk)

Autodesk Revit Architecture 2011 x64 (Version: 10.03.26170 - Autodesk) Hidden

BankID säkerhetsprogram (HKLM-x32\...\{FA7F689F-88EB-4946-B105-4C434CF5B07A}) (Version: 4.19.1 - Technology Nexus)

Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)

D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden

Dietist XP (HKLM-x32\...\Dietist XP) (Version:  - )

e-kort (HKLM-x32\...\{BA9632CB-2B93-4FD6-905C-BB325CE1C4DD}) (Version: 3.16.8.0 - FöreningsSparbanken)

e-kort (x32 Version: 1.1.0.0 - FöreningsSparbanken) Hidden

Garmin USB Drivers (HKLM-x32\...\{510D2239-6C2E-457B-9590-485EC552D94D}) (Version: 2.3.0.0 - Garmin Ltd or its subsidiaries)

Garmin WebUpdater (HKLM-x32\...\{CCB71FF8-DE82-469C-8641-44378F4443EB}) (Version: 2.5.4 - Garmin Ltd or its subsidiaries)

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 33.0.1750.117 - Google Inc.)

Google Update Helper (x32 Version: 1.3.22.5 - Google Inc.) Hidden

HDAUDIO Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFAOR2C06_118) (Version:  - )

iTunes (HKLM\...\{0E5D76AD-A3FB-48D5-8400-8903B10317D3}) (Version: 11.0.1.12 - Apple Inc.)

Java 2 Runtime Environment, SE v1.4.2_04 (HKLM-x32\...\{7148F0A8-6813-11D6-A77B-00B0D0142040}) (Version: 1.4.2_04 - Sun Microsystems, Inc.)

Java Auto Updater (x32 Version: 2.0.2.4 - Sun Microsystems, Inc.) Hidden

Java 6 Update 22 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216022FF}) (Version: 6.0.220 - Oracle)

Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)

Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)

Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden

Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden

Microsoft IntelliPoint 7.0 (HKLM\...\{C74A84EC-7C5F-4C36-A4A6-381E516D643B}) (Version: 7.0.260.0 - Microsoft)

Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)

Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden

Microsoft Office Access MUI (Swedish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Excel 2007 Help Uppdatering (KB963678) (HKLM-x32\...\{90120000-0016-041D-0000-0000000FF1CE}_PROPLUS_{6696EB50-EC8B-4D01-8061-04A6DE3D590C}) (Version:  - Microsoft)

Microsoft Office Excel MUI (Swedish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)

Microsoft Office InfoPath MUI (Swedish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-041D-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)

Microsoft Office Outlook MUI (Swedish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Powerpoint 2007 Help Uppdatering (KB963669) (HKLM-x32\...\{90120000-0018-041D-0000-0000000FF1CE}_PROPLUS_{18E9F644-2552-4544-AABB-C1838964DDEE}) (Version:  - Microsoft)

Microsoft Office PowerPoint MUI (Swedish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Professional Plus 2007 (HKLM-x32\...\PROPLUS) (Version: 12.0.6612.1000 - Microsoft Corporation)

Microsoft Office Professional Plus 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Proof (Finnish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Proof (Swedish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Proofing (Swedish) 2007 (x32 Version: 12.0.4518.1018 - Microsoft Corporation) Hidden

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden

Microsoft Office Publisher MUI (Swedish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Shared 64-bit MUI (Swedish) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Shared MUI (Swedish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Word 2007 Help Uppdatering (KB963665) (HKLM-x32\...\{90120000-001B-041D-0000-0000000FF1CE}_PROPLUS_{5DF6817C-E3C0-4226-9565-5C10A0AF4BF5}) (Version:  - Microsoft)

Microsoft Office Word MUI (Swedish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Security Client (Version: 4.4.0304.0 - Microsoft Corporation) Hidden

Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.4.304.0 - Microsoft Corporation)

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20913.0 - Microsoft Corporation)

Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 x86 ATL Runtime 9.0.30729 (x32 Version: 9.0.30729 - Microsoft Corporation) Hidden

Microsoft Visual C++ 2008 x86 CRT Runtime 9.0.30729 (x32 Version: 9.0.30729 - Microsoft Corporation) Hidden

Microsoft Visual C++ 2008 x86 MFC Runtime 9.0.30729 (x32 Version: 9.0.30729 - Microsoft Corporation) Hidden

Microsoft Visual C++ 2008 x86 OpenMP Runtime 9.0.30729 (x32 Version: 9.0.30729 - Microsoft Corporation) Hidden

Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU (HKLM\...\Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU) (Version:  - Microsoft Corporation)

Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU (Version: 9.0.30729 - Microsoft Corporation) Hidden

Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU Service Pack 1 (KB945140) (HKLM-x32\...\{90A80D89-A0E4-33C1-B13D-B93CB3496867}.KB945140) (Version: 1 - Microsoft Corporation)

Microsoft Visual Studio Tools for Applications 2.0 - ENU (HKLM-x32\...\{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual Studio Tools for Applications 2.0 Runtime (HKLM-x32\...\{299C0434-4F4E-341F-A916-4E07AEB35E79}) (Version: 9.0.30729 - Microsoft Corporation)

MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden

Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.5.3 - Notepad++ Team)

Skype™ 6.3 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.3.105 - Skype Technologies S.A.)

SopCast 3.2.9 (HKLM-x32\...\SopCast) (Version: 3.2.9 - www.sopcast.com)

Spotify (HKLM-x32\...\Spotify) (Version: 0.4.10 - )

Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)

Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)

Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6FAA03BD-2B51-4029-9AD9-64A3B8E3C84C}) (Version:  - Microsoft)

Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)

Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_PROPLUS_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)

Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)

Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM-x32\...\{90120000-001A-041D-0000-0000000FF1CE}_PROPLUS_{C41E95C7-9CD7-40E6-94E3-8FF347FD01F7}) (Version:  - Microsoft)

Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2825642) 32-Bit Edition (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{9492511E-2CE0-4904-9400-203F44E1DC0D}) (Version:  - Microsoft)

Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (06/03/2009 2.3.0.0) (HKLM\...\49CF605F02C7954F4E139D18828DE298CD59217C) (Version: 06/03/2009 2.3.0.0 - Garmin)

Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)

Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden

Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Language Selector (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden

Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden

Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden

Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)

WinRAR archiver (HKLM-x32\...\WinRAR archiver) (Version:  - )

WinSCP 5.5.1 (HKLM-x32\...\winscp3_is1) (Version: 5.5.1 - Martin Prikryl)

Visual C++ 2008 - x86 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{04B34E21-5BEE-3D2B-8D3D-E3E80D253F64}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)

Visual C++ 2008 - x86 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{14866AAD-1F23-39AC-A62B-7091ED1ADE64}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)

Visual C++ 2008 - x86 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{4B90093A-5D9C-3956-8ABB-95848BE6EFAD}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)

Visual C++ 2008 - x86 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{B42E259C-E4D4-37F1-A1B2-EB9C4FC5A04D}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)

VLC media player 2.0.8 (HKLM-x32\...\VLC media player) (Version: 2.0.8 - VideoLAN)

 

==================== Restore Points  =========================

 

14-02-2014 14:36:21 Windows Update

14-02-2014 19:43:21 Windows Update

15-02-2014 08:53:15 Windows Update

17-02-2014 14:40:00 Windows Update

21-02-2014 08:12:45 Windows Update

24-02-2014 13:05:52 Windows Update

27-02-2014 16:27:59 Windows Update

28-02-2014 14:37:31 Windows Update

28-02-2014 17:32:27 Windows Update

28-02-2014 23:31:23 Windows Update

 

==================== Hosts content: ==========================

 

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

 

==================== Scheduled Tasks (whitelisted) =============

 

Task: {7011B1A8-04F0-4825-AD95-09E4806E4155} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => C:\Program Files\Microsoft IntelliPoint\IPoint.exe [2009-06-01] (Microsoft Corporation)

Task: {71971138-E664-4B61-BC91-C8AA8AEE8E06} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-03-02] (Google Inc.)

Task: {7EAC7EA9-8638-4FE2-8306-B16E0576108E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-21] (Adobe Systems Incorporated)

Task: {80E62B31-3883-4AE1-A961-F3CF3D4423BB} - \Scheduled Update for Ask Toolbar No Task File

Task: {92091B24-664F-4424-87D5-3AD19C0E18E7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-03-02] (Google Inc.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

 

==================== Loaded Modules (whitelisted) =============

 

2010-03-07 16:48 - 2008-12-11 13:11 - 00145920 _____ () C:\Windows\SysWOW64\OBroker.exe

2014-03-01 08:50 - 2014-03-01 08:50 - 01244192 _____ () C:\Users\Erik Staaf\Downloads\adwcleaner (2).exe

2011-11-01 23:26 - 2011-11-01 23:26 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll

2011-11-01 23:26 - 2011-11-01 23:26 - 01242472 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

2010-03-07 16:48 - 2008-12-11 13:08 - 00078336 _____ () C:\Program Files (x86)\ekort\EkortRes.dll

2014-02-22 15:00 - 2014-02-20 02:02 - 00051016 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\chrome_elf.dll

2014-02-22 15:01 - 2014-02-20 02:02 - 00716616 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\libglesv2.dll

2014-02-22 15:01 - 2014-02-20 02:02 - 00100168 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\libegl.dll

2014-02-22 15:00 - 2014-02-20 02:02 - 01647432 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\ffmpegsumo.dll

2014-02-22 15:01 - 2014-02-20 02:03 - 13632840 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\PepperFlash\pepflashplayer.dll

2014-02-22 15:01 - 2014-02-20 02:03 - 04060488 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\pdf.dll

2014-02-22 15:01 - 2014-02-20 02:03 - 00394568 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\ppGoogleNaClPluginChrome.dll

2013-07-10 17:07 - 2013-07-10 17:07 - 00756888 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL

2006-06-29 01:24 - 2006-06-29 01:24 - 00681496 _____ () C:\Program Files (x86)\Common Files\microsoft shared\PROOF\1053\MSGRSW32.DLL

2010-05-20 15:44 - 2010-05-20 15:44 - 00059904 _____ () C:\Program Files (x86)\E-Zsoft\YouTubeDownloader\IDTB.dll

 

==================== Alternate Data Streams (whitelisted) =========

 

 

==================== Safe Mode (whitelisted) ===================

 

 

==================== Disabled items from MSCONFIG ==============

 

 

==================== Faulty Device Manager Devices =============

 

 

==================== Event log errors: =========================

 

Application errors:

==================

Error: (03/01/2014 00:36:22 AM) (Source: Microsoft-Windows-LoadPerf) (User: NT instans)

Description: Det gick inte att avinstallera prestandaräknarsträngarna för tjänsten ASP.NET (ASP.NET). Felkoden finns i datasektionens första DWORD.

 

Error: (03/01/2014 00:36:22 AM) (Source: Microsoft-Windows-LoadPerf) (User: NT instans)

Description: Prestandasträngarna i registervärdet för prestanda är skadade. Detta upptäcktes när tilläggsräknarprovidern Performance behandlades. Värdet för BaseIndex i registret för prestanda anges som första DWORD i datasektionen och värdet för LastHelp anges som tredje DWORD i datasektionen.

 

Error: (03/01/2014 00:36:22 AM) (Source: Microsoft-Windows-LoadPerf) (User: NT instans)

Description: Prestandasträngarna i registervärdet för prestanda är skadade. Detta upptäcktes när tilläggsräknarprovidern Performance behandlades. Värdet för BaseIndex i registret för prestanda anges som första DWORD i datasektionen och värdet för LastHelp anges som tredje DWORD i datasektionen.

 

Error: (02/28/2014 09:16:09 PM) (Source: .NET Runtime Optimization Service) (User: )

Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_64) - Failed to compile: WindowsFormsIntegration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35 . Error code = 0x80070002

 

Error: (02/28/2014 09:16:08 PM) (Source: .NET Runtime Optimization Service) (User: )

Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_64) - Failed to compile: UIAutomationTypes, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35 . Error code = 0x80070002

 

Error: (02/28/2014 09:16:08 PM) (Source: .NET Runtime Optimization Service) (User: )

Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_64) - Failed to compile: UIAutomationProvider, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35 . Error code = 0x80070002

 

Error: (02/28/2014 09:16:07 PM) (Source: .NET Runtime Optimization Service) (User: )

Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_64) - Failed to compile: UIAutomationClientsideProviders, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35 . Error code = 0x80070002

 

Error: (02/28/2014 09:16:06 PM) (Source: .NET Runtime Optimization Service) (User: )

Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_64) - Failed to compile: UIAutomationClient, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35 . Error code = 0x80070002

 

Error: (02/28/2014 09:16:05 PM) (Source: .NET Runtime Optimization Service) (User: )

Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_64) - Failed to compile: System.Xml.Linq, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 . Error code = 0x80070002

 

Error: (02/28/2014 09:16:02 PM) (Source: .NET Runtime Optimization Service) (User: )

Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_64) - Failed to compile: System.Windows.Forms.DataVisualization, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35 . Error code = 0x80070002

 

 

System errors:

=============

Error: (03/01/2014 08:45:02 AM) (Source: atikmdag) (User: )

Description: Display is not active

 

Error: (03/01/2014 08:45:02 AM) (Source: atikmdag) (User: )

Description: CPLIB :: General - Invalid Parameter

 

Error: (03/01/2014 00:46:01 AM) (Source: atikmdag) (User: )

Description: Display is not active

 

Error: (03/01/2014 00:46:01 AM) (Source: atikmdag) (User: )

Description: CPLIB :: General - Invalid Parameter

 

Error: (03/01/2014 00:23:53 AM) (Source: atikmdag) (User: )

Description: Display is not active

 

Error: (03/01/2014 00:23:53 AM) (Source: atikmdag) (User: )

Description: CPLIB :: General - Invalid Parameter

 

Error: (02/28/2014 08:24:26 PM) (Source: Service Control Manager) (User: )

Description: Tjänsten Windows Media Player Network Sharing Service kunde inte startas på grund av följande fel:

%%1053

 

Error: (02/28/2014 08:24:26 PM) (Source: Service Control Manager) (User: )

Description: En timeout (30000 ms) inträffade vid väntan på att tjänsten Windows Media Player Network Sharing Service skulle ansluta.

 

Error: (02/28/2014 08:22:33 PM) (Source: atikmdag) (User: )

Description: Display is not active

 

Error: (02/28/2014 08:22:33 PM) (Source: atikmdag) (User: )

Description: CPLIB :: General - Invalid Parameter

 

 

Microsoft Office Sessions:

=========================

Error: (06/13/2010 01:17:51 PM) (Source: Microsoft Office 12 Sessions)(User: )

Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6535.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 11 seconds with 0 seconds of active time.  This session ended with a crash.

 

 

==================== Memory info ===========================

 

Percentage of memory in use: 47%

Total physical RAM: 4094.36 MB

Available physical RAM: 2155.51 MB

Total Pagefile: 8186.9 MB

Available Pagefile: 5756.63 MB

Total Virtual: 8192 MB

Available Virtual: 8191.82 MB

 

==================== Drives ================================

 

Drive c: () (Fixed) (Total:288.32 GB) (Free:169.74 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: 453B6222)

Partition 1: (Not Active) - (Size=10 GB) - (Type=27)

Partition 2: (Active) - (Size=288 GB) - (Type=07 NTFS)

 

==================== End Of Log ============================

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-02-2014 02

Ran by Erik Staaf (administrator) on ERIKSTAAF-DATOR on 01-03-2014 08:56:29

Running from C:\Users\Erik Staaf\Downloads

Windows 7 Professional N Service Pack 1 (X64) OS Language: Swedish

Internet Explorer Version 11

Boot Mode: Normal

 

The only official download link for FRST:

Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/

Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/

Download link from any site other than Bleeping Computer is unpermitted or outdated.

See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

 

==================== Processes (Whitelisted) =================

 

(Microsoft Corporation) c:\Program Files\Microsoft Security Client\MsMpEng.exe

(AMD) C:\Windows\system32\atiesrxx.exe

(AMD) C:\Windows\system32\atieclxx.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

(Conexant Systems, Inc.) C:\Windows\system32\DRIVERS\xaudio64.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe

(Microsoft Corporation) C:\Windows\System32\StikyNot.exe

(Spotify Ltd) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe

(Microsoft Corporation) c:\Program Files\Microsoft Security Client\NisSrv.exe

(Orbiscom Ltd. All rights reserved.) C:\Program Files (x86)\ekort\ekort.exe

(Technology Nexus AB) C:\Program Files (x86)\Personal\bin\Personal.exe

(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe

(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

() C:\Windows\SysWOW64\OBroker.exe

(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe

(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

() C:\Users\Erik Staaf\Downloads\adwcleaner (2).exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE

(Microsoft Corporation) C:\Windows\splwow64.exe

(Microsoft Corporation) C:\Windows\SysWOW64\Notepad.exe

(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

(Microsoft Corporation) c:\Program Files\Microsoft Security Client\MpCmdRun.exe

(Microsoft Corporation) c:\Program Files\Microsoft Security Client\MpCmdRun.exe

(Microsoft Corporation) c:\Program Files\Microsoft Security Client\MpCmdRun.exe

(Microsoft Corporation) C:\Windows\SoftwareDistribution\Download\Install\AM_Delta_Patch_1.167.855.0.exe

(Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

(Farbar) C:\Users\Erik Staaf\Downloads\FRST64 (1).exe

 

 

==================== Registry (Whitelisted) ==================

 

HKLM\...\Run: [intelliPoint] - C:\Program Files\Microsoft IntelliPoint\ipoint.exe [2314120 2009-06-01] (Microsoft Corporation)

HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [1266912 2013-10-23] (Microsoft Corporation)

HKLM-x32\...\Run: [e-kort] - C:\Program Files (x86)\ekort\ekort.exe [377856 2008-12-11] (Orbiscom Ltd. All rights reserved.)

HKLM-x32\...\Run: [YouTubeDownloader_upgrade] - C:\Program Files (x86)\E-Zsoft\YouTubeDownloader\YouTubeDownloader.exe [394240 2010-05-20] (Internet Downloader)

HKLM-x32\...\Run: [sunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [248552 2010-05-14] (Sun Microsystems, Inc.)

HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-11-28] (Apple Inc.)

HKLM-x32\...\Run: [] - [X]

HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152544 2012-12-12] (Apple Inc.)

HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)

HKU\S-1-5-21-2839641247-334172993-1145429668-1001\...\Run: [msnmsgr] - "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background

HKU\S-1-5-21-2839641247-334172993-1145429668-1001\...\Run: [RESTART_STICKY_NOTES] - C:\Windows\System32\StikyNot.exe [427520 2009-07-14] (Microsoft Corporation)

HKU\S-1-5-21-2839641247-334172993-1145429668-1001\...\Run: [spotify Web Helper] - C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe [1171968 2014-01-09] (Spotify Ltd)

HKU\S-1-5-21-2839641247-334172993-1145429668-1001\...\MountPoints2: E - E:\LaunchU3.exe -a

HKU\S-1-5-21-2839641247-334172993-1145429668-1001\...\MountPoints2: {217c3f87-08d4-11df-a837-001f16a93666} - E:\SETUP.EXE

HKU\S-1-5-21-2839641247-334172993-1145429668-1001\...\MountPoints2: {4f134714-260a-11df-9430-001f16a93666} - E:\LaunchU3.exe -a

HKU\S-1-5-21-2839641247-334172993-1145429668-1001\...\MountPoints2: {e7da09e6-7171-11e0-8441-001f16a93666} - E:\LaunchU3.exe -a

 

==================== Internet (Whitelisted) ====================

 

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://se.msn.com/?ocid=iehp

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x8AF043519A33CD01

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = sv-SE

SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=irmsd0202ch&cd=2XzuyEtN2Y1L1QzutDtDtByDyDyCzyyDyE0ByDtDyCzz0E0DtN0D0Tzu0SyBzytDtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R&cr=840117509&ir=

SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=irmsd0202ch&cd=2XzuyEtN2Y1L1QzutDtDtByDyDyCzyyDyE0ByDtDyCzz0E0DtN0D0Tzu0SyBzytDtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R&cr=840117509&ir=

SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=irmsd0202ch&cd=2XzuyEtN2Y1L1QzutDtDtByDyDyCzyyDyE0ByDtDyCzz0E0DtN0D0Tzu0SyBzytDtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R&cr=840117509&ir=

SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=irmsd0202ch&cd=2XzuyEtN2Y1L1QzutDtDtByDyDyCzyyDyE0ByDtDyCzz0E0DtN0D0Tzu0SyBzytDtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R&cr=840117509&ir=

BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO-x32: InternetDownloadToolBar - {376CA00C-3F95-46F7-8F04-E69906E52A1F} - C:\Program Files (x86)\E-Zsoft\YouTubeDownloader\IDTB.dll ()

BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO-x32: e-kort Helper Class - {9065E913-4F23-4B47-9B5D-B055D32DB1F3} - C:\Program Files (x86)\ekort\EKortHelper.dll ()

BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

Toolbar: HKLM-x32 - e-kort Toolbar - {8DB2B2E8-579F-48A8-A496-18FEFCF8F4DF} - C:\Program Files (x86)\ekort\EKortToolbar.dll ()

Toolbar: HKLM-x32 - InternetDownloadToolBar - {376CA00C-3F95-46F7-8F04-E69906E52A1F} - C:\Program Files (x86)\E-Zsoft\YouTubeDownloader\IDTB.dll ()

DPF: HKLM-x32 {82774781-8F4E-11D1-AB1C-0000F8773BF0} https://transfers.ds.microsoft.com/FTM/TransferSource/grTransferCtrl.cab

DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

Tcpip\Parameters: [DhcpNameServer] 10.0.1.1

 

FireFox:

========

FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_70.dll ()

FF Plugin: @microsoft.com/GENUINE - disabled No File

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll ()

FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF Plugin-x32: @microsoft.com/GENUINE - disabled No File

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @se.nexus/Personal - C:\Program Files (x86)\Personal\bin\np_prsnl.dll (Technology Nexus AB)

FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll (Sun Microsystems, Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npLegitCheckPlugin.dll (Microsoft Corporation)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\allaannonser-sv-SE.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\prisjakt-sv-SE.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\tyda-sv-SE.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\wikipedia-sv-SE.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-sv-SE.xml

FF HKLM-x32\...\Firefox\Extensions: [ekort@orbiscom] - C:\Program Files (x86)\ekort

FF Extension: e-kort for Firefox - C:\Program Files (x86)\ekort [2010-03-07]

 

Chrome:

=======

CHR HomePage: hxxp://google.se/

CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\PepperFlash\pepflashplayer.dll ()

CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer

CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\ppGoogleNaClPluginChrome.dll ()

CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\pdf.dll ()

CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File

CHR Plugin: (Java Deployment Toolkit 6.0.220.4) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.)

CHR Plugin: (Java Platform SE 6 U22) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

CHR Plugin: (Microsoft00AE Windows Media Player Firefox Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation)

CHR Plugin: (Windows Genuine Advantage) - C:\Program Files (x86)\Mozilla Firefox\plugins\npLegitCheckPlugin.dll (Microsoft Corporation)

CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File

CHR Plugin: (Nexus Personal) - C:\Program Files (x86)\Personal\bin\np_prsnl.dll (Technology Nexus AB)

CHR Plugin: (Windows Live0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_171.dll No File

CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File

CHR Extension: (Google Drive) - C:\Users\Erik Staaf\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-03-02]

CHR Extension: (YouTube) - C:\Users\Erik Staaf\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-03-02]

CHR Extension: (S00F6k p00E5 Google) - C:\Users\Erik Staaf\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-03-02]

CHR Extension: (Google Wallet) - C:\Users\Erik Staaf\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]

CHR Extension: (Gmail) - C:\Users\Erik Staaf\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-03-02]

 

==================== Services (Whitelisted) =================

 

S3 Autodesk Network Licensing Service; C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskNetSrv.exe [1539224 2008-06-13] (Autodesk, Inc.)

R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-10-23] (Microsoft Corporation)

S4 msvsmon90; c:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe [4737024 2008-07-29] (Microsoft Corporation)

R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [348376 2013-10-23] (Microsoft Corporation)

R2 WMPNetworkSvc; C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe [895488 2006-11-02] (Microsoft Corporation)

 

==================== Drivers (Whitelisted) ====================

 

R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [248240 2013-09-27] (Microsoft Corporation)

R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [134944 2013-09-27] (Microsoft Corporation)

S3 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)

R0 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2010-01-24] ()

S3 Tdsshbecr; C:\Windows\System32\DRIVERS\shbecr.sys [50176 2008-09-22] (Todos Data System AB)

 

==================== NetSvcs (Whitelisted) ===================

 

 

==================== One Month Created Files and Folders ========

 

2014-03-01 08:56 - 2014-03-01 08:57 - 00015371 _____ () C:\Users\Erik Staaf\Downloads\FRST.txt

2014-03-01 08:56 - 2014-03-01 08:56 - 00000000 ____D () C:\FRST

2014-03-01 08:55 - 2014-03-01 08:55 - 02155520 _____ (Farbar) C:\Users\Erik Staaf\Downloads\FRST64 (1).exe

2014-03-01 08:54 - 2014-03-01 08:54 - 02155520 _____ (Farbar) C:\Users\Erik Staaf\Downloads\FRST64.exe

2014-03-01 08:50 - 2014-03-01 08:50 - 01244192 _____ () C:\Users\Erik Staaf\Downloads\adwcleaner (2).exe

2014-03-01 08:49 - 2014-03-01 08:49 - 00406264 _____ (Bleeping Computer, LLC) C:\Users\Erik Staaf\Downloads\sc-cleaner.exe

2014-03-01 08:49 - 2014-03-01 08:49 - 00001830 _____ () C:\sc-cleaner.txt

2014-02-28 20:59 - 2014-02-28 20:59 - 00001109 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-02-28 20:59 - 2014-02-28 20:59 - 00000000 ____D () C:\Users\Erik Staaf\AppData\Roaming\Malwarebytes

2014-02-28 20:58 - 2014-02-28 20:59 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware

2014-02-28 20:58 - 2014-02-28 20:58 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-02-28 20:58 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2014-02-28 20:30 - 2014-02-28 20:30 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Erik Staaf\Downloads\SpyHunter-Installer.exe

2014-02-28 20:22 - 2014-02-28 20:22 - 401660210 _____ () C:\Windows\MEMORY.DMP

2014-02-28 20:22 - 2014-02-28 20:22 - 00274504 _____ () C:\Windows\Minidump\022814-19500-01.dmp

2014-02-28 20:22 - 2014-02-28 20:22 - 00000000 ____D () C:\Windows\Minidump

2014-02-28 20:21 - 2014-02-28 20:21 - 04892480 _____ (WinZip International LLC ) C:\Users\Erik Staaf\Downloads\wzmp_8.exe

2014-02-28 20:00 - 2014-02-28 20:00 - 01244192 _____ () C:\Users\Erik Staaf\Downloads\AdwCleaner.exe

2014-02-28 19:31 - 2014-02-28 19:31 - 00000900 _____ () C:\Users\Public\Desktop\Resume Reimage Repair Installation.lnk

2014-02-28 19:31 - 2014-02-28 19:31 - 00000099 _____ () C:\Windows\Reimage.ini

2014-02-28 19:30 - 2014-02-28 19:30 - 00730008 _____ (Reimage®) C:\Users\Erik Staaf\Downloads\ReimageRepair.exe

2014-02-28 18:57 - 2014-02-28 18:58 - 01244192 _____ () C:\Users\Erik Staaf\Downloads\AdwCleaner (1).exe

2014-02-28 18:33 - 2014-02-28 18:33 - 00000000 ____D () C:\869c77184337de8ed82ddced2198de

2014-02-28 18:16 - 2014-02-28 18:16 - 00000044 _____ () C:\Users\Erik Staaf\AppData\Roaming\WB.CFG

2014-02-28 15:38 - 2014-02-28 15:38 - 00000000 ____D () C:\0b03c700f7bd7e709892afd4

2014-02-20 10:25 - 2014-02-20 11:14 - 00014632 _____ () C:\Users\Erik Staaf\Downloads\Gantt-schema (1).xlsx

2014-02-17 12:33 - 2014-02-17 12:33 - 00020461 _____ () C:\Users\Erik Staaf\Downloads\Godkända009.xlsx

2014-02-17 12:31 - 2014-02-17 12:31 - 00020480 _____ () C:\Users\Erik Staaf\Downloads\Godkända001.xls

2014-02-16 19:58 - 2014-02-16 19:58 - 00046476 _____ () C:\Users\Erik Staaf\Downloads\her_english-848234.zip

2014-02-15 09:53 - 2013-12-21 10:53 - 00548864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2014-02-15 09:53 - 2013-12-21 09:56 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2014-02-14 19:12 - 2014-02-14 19:12 - 00040520 _____ () C:\Users\Erik Staaf\Downloads\dallas.buyers.club.(2013).eng.1cd.(5477081).zip

2014-02-14 15:37 - 2014-02-06 12:30 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2014-02-14 15:37 - 2014-02-06 11:52 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2014-02-14 15:37 - 2014-02-06 11:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2014-02-14 15:37 - 2014-02-06 11:17 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll

2014-02-14 15:37 - 2014-02-06 10:49 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2014-02-14 15:37 - 2014-02-06 10:25 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll

2014-02-14 15:36 - 2014-02-06 13:16 - 23170048 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2014-02-14 15:36 - 2014-02-06 12:30 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll

2014-02-14 15:36 - 2014-02-06 12:12 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2014-02-14 15:36 - 2014-02-06 12:07 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2014-02-14 15:36 - 2014-02-06 12:06 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll

2014-02-14 15:36 - 2014-02-06 11:57 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2014-02-14 15:36 - 2014-02-06 11:56 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2014-02-14 15:36 - 2014-02-06 11:49 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2014-02-14 15:36 - 2014-02-06 11:48 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll

2014-02-14 15:36 - 2014-02-06 11:48 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe

2014-02-14 15:36 - 2014-02-06 11:38 - 17103872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2014-02-14 15:36 - 2014-02-06 11:32 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2014-02-14 15:36 - 2014-02-06 11:11 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2014-02-14 15:36 - 2014-02-06 11:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2014-02-14 15:36 - 2014-02-06 11:00 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll

2014-02-14 15:36 - 2014-02-06 10:57 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2014-02-14 15:36 - 2014-02-06 10:57 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2014-02-14 15:36 - 2014-02-06 10:52 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2014-02-14 15:36 - 2014-02-06 10:52 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2014-02-14 15:36 - 2014-02-06 10:50 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2014-02-14 15:36 - 2014-02-06 10:47 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2014-02-14 15:36 - 2014-02-06 10:46 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll

2014-02-14 15:36 - 2014-02-06 10:25 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2014-02-14 15:36 - 2014-02-06 10:24 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2014-02-14 15:36 - 2014-02-06 10:22 - 13051392 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2014-02-14 15:36 - 2014-02-06 10:13 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2014-02-14 15:36 - 2014-02-06 10:09 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2014-02-14 15:36 - 2014-02-06 10:03 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2014-02-14 15:36 - 2014-02-06 09:55 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2014-02-14 15:36 - 2014-02-06 09:41 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2014-02-14 15:36 - 2014-02-06 09:40 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

2014-02-14 15:36 - 2014-02-06 09:36 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2014-02-14 15:36 - 2014-02-06 09:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

2014-02-14 13:43 - 2014-02-21 15:39 - 00000000 ____D () C:\Users\Erik Staaf\Downloads\Dallas.Buyers.Club.2013.DVDScr.XVID.AC3.HQ.Hive-CM8

2014-02-14 12:39 - 2014-02-21 15:39 - 00000000 ____D () C:\Users\Erik Staaf\Downloads\Her.2013.DVDSCR.XviD.MP3-RARBG

2014-02-14 11:03 - 2014-01-01 00:05 - 00420008 _____ () C:\Windows\SysWOW64\locale.nls

2014-02-14 11:03 - 2014-01-01 00:04 - 00420008 _____ () C:\Windows\system32\locale.nls

2014-02-14 11:03 - 2013-12-25 00:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll

2014-02-14 11:03 - 2013-12-24 23:48 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll

2014-02-14 11:03 - 2013-12-06 03:30 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll

2014-02-14 11:03 - 2013-12-06 03:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll

2014-02-14 11:03 - 2013-12-06 03:02 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll

2014-02-14 11:03 - 2013-12-06 03:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll

2014-02-14 11:03 - 2013-12-04 03:27 - 00488448 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll

2014-02-14 11:03 - 2013-12-04 03:27 - 00485888 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll

2014-02-14 11:03 - 2013-12-04 03:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll

2014-02-14 11:03 - 2013-12-04 03:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll

2014-02-14 11:03 - 2013-12-04 03:26 - 00528384 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll

2014-02-14 11:03 - 2013-12-04 03:16 - 00658432 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe

2014-02-14 11:03 - 2013-12-04 03:16 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe

2014-02-14 11:03 - 2013-12-04 03:16 - 00553984 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe

2014-02-14 11:03 - 2013-12-04 03:16 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe

2014-02-14 11:03 - 2013-12-04 03:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc.dll

2014-02-14 11:03 - 2013-12-04 03:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_isv.dll

2014-02-14 11:03 - 2013-12-04 03:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp_isv.dll

2014-02-14 11:03 - 2013-12-04 03:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp.dll

2014-02-14 11:03 - 2013-12-04 03:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll

2014-02-14 11:03 - 2013-12-04 02:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_isv.exe

2014-02-14 11:03 - 2013-12-04 02:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate.exe

2014-02-14 11:03 - 2013-12-04 02:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp.exe

2014-02-14 11:03 - 2013-12-04 02:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp_isv.exe

2014-02-14 11:03 - 2013-11-26 09:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll

2014-02-14 11:03 - 2013-11-22 23:48 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll

2014-02-14 08:47 - 2014-02-14 08:47 - 00000000 ____D () C:\d88449ce1f43d517cb

2014-02-13 11:10 - 2014-02-13 11:12 - 20107359 _____ (Mobogenie ) C:\Users\Erik Staaf\Downloads\MobogenieSetup (1).exe

2014-02-13 10:55 - 2014-02-13 10:56 - 20107359 _____ (Mobogenie ) C:\Users\Erik Staaf\Downloads\MobogenieSetup.exe

2014-02-10 11:03 - 2014-02-10 11:07 - 203138842 _____ () C:\Users\Erik Staaf\Downloads\css.mov

2014-02-09 21:01 - 2014-02-09 21:01 - 00009983 _____ () C:\Users\Erik Staaf\Documents\scotland.xlsx

2014-02-08 19:57 - 2014-02-08 19:57 - 00035994 _____ () C:\Users\Erik Staaf\Downloads\the-secret-life-of-walter-mitty-2013_english-845948.zip

2014-02-08 19:08 - 2014-02-14 12:38 - 00000000 ____D () C:\Users\Erik Staaf\Downloads\The Secret Life of Walter Mitty[2013]DVDScr XviD-SaM[ETRG]

2014-02-04 09:12 - 2014-02-04 09:12 - 00004063 _____ () C:\Users\Erik Staaf\Downloads\Part.002

 

==================== One Month Modified Files and Folders =======

 

2014-03-01 08:57 - 2014-03-01 08:56 - 00015371 _____ () C:\Users\Erik Staaf\Downloads\FRST.txt

2014-03-01 08:57 - 2010-01-24 10:47 - 01938416 _____ () C:\Windows\WindowsUpdate.log

2014-03-01 08:56 - 2014-03-01 08:56 - 00000000 ____D () C:\FRST

2014-03-01 08:55 - 2014-03-01 08:55 - 02155520 _____ (Farbar) C:\Users\Erik Staaf\Downloads\FRST64 (1).exe

2014-03-01 08:55 - 2013-03-02 15:41 - 00001002 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2014-03-01 08:54 - 2014-03-01 08:54 - 02155520 _____ (Farbar) C:\Users\Erik Staaf\Downloads\FRST64.exe

2014-03-01 08:52 - 2014-01-26 13:20 - 00000000 ____D () C:\AdwCleaner

2014-03-01 08:52 - 2009-07-14 05:50 - 00014688 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-03-01 08:52 - 2009-07-14 05:50 - 00014688 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-03-01 08:50 - 2014-03-01 08:50 - 01244192 _____ () C:\Users\Erik Staaf\Downloads\adwcleaner (2).exe

2014-03-01 08:49 - 2014-03-01 08:49 - 00406264 _____ (Bleeping Computer, LLC) C:\Users\Erik Staaf\Downloads\sc-cleaner.exe

2014-03-01 08:49 - 2014-03-01 08:49 - 00001830 _____ () C:\sc-cleaner.txt

2014-03-01 08:45 - 2013-03-02 15:41 - 00000998 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2014-03-01 08:45 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-03-01 08:45 - 2009-07-14 05:56 - 00146947 _____ () C:\Windows\setupact.log

2014-03-01 00:37 - 2009-09-01 01:57 - 00690428 _____ () C:\Windows\system32\perfh01D.dat

2014-03-01 00:37 - 2009-09-01 01:57 - 00156162 _____ () C:\Windows\system32\perfc01D.dat

2014-03-01 00:37 - 2009-07-14 06:12 - 00006390 _____ () C:\Windows\system32\PerfStringBackup.INI

2014-03-01 00:29 - 2012-10-29 17:43 - 00000868 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2014-03-01 00:23 - 2010-03-11 17:13 - 00129074 _____ () C:\Windows\PFRO.log

2014-03-01 00:19 - 2010-06-28 14:41 - 00000000 ____D () C:\Program Files (x86)\D070A56863A044CA93F80E08CF9A714C

2014-02-28 20:59 - 2014-02-28 20:59 - 00001109 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-02-28 20:59 - 2014-02-28 20:59 - 00000000 ____D () C:\Users\Erik Staaf\AppData\Roaming\Malwarebytes

2014-02-28 20:59 - 2014-02-28 20:58 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware

2014-02-28 20:58 - 2014-02-28 20:58 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-02-28 20:30 - 2014-02-28 20:30 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Erik Staaf\Downloads\SpyHunter-Installer.exe

2014-02-28 20:22 - 2014-02-28 20:22 - 401660210 _____ () C:\Windows\MEMORY.DMP

2014-02-28 20:22 - 2014-02-28 20:22 - 00274504 _____ () C:\Windows\Minidump\022814-19500-01.dmp

2014-02-28 20:22 - 2014-02-28 20:22 - 00000000 ____D () C:\Windows\Minidump

2014-02-28 20:21 - 2014-02-28 20:21 - 04892480 _____ (WinZip International LLC ) C:\Users\Erik Staaf\Downloads\wzmp_8.exe

2014-02-28 20:00 - 2014-02-28 20:00 - 01244192 _____ () C:\Users\Erik Staaf\Downloads\AdwCleaner.exe

2014-02-28 19:31 - 2014-02-28 19:31 - 00000900 _____ () C:\Users\Public\Desktop\Resume Reimage Repair Installation.lnk

2014-02-28 19:31 - 2014-02-28 19:31 - 00000099 _____ () C:\Windows\Reimage.ini

2014-02-28 19:30 - 2014-02-28 19:30 - 00730008 _____ (Reimage®) C:\Users\Erik Staaf\Downloads\ReimageRepair.exe

2014-02-28 18:58 - 2014-02-28 18:57 - 01244192 _____ () C:\Users\Erik Staaf\Downloads\AdwCleaner (1).exe

2014-02-28 18:37 - 2014-01-27 18:28 - 00000600 _____ () C:\Users\Erik Staaf\AppData\Roaming\winscp.rnd

2014-02-28 18:35 - 2009-07-14 06:08 - 00032514 _____ () C:\Windows\Tasks\SCHEDLGU.TXT

2014-02-28 18:33 - 2014-02-28 18:33 - 00000000 ____D () C:\869c77184337de8ed82ddced2198de

2014-02-28 18:32 - 2013-09-21 14:24 - 00000000 ____D () C:\Users\Erik Staaf\AppData\Roaming\vlc

2014-02-28 18:24 - 2013-02-24 17:54 - 00000000 ____D () C:\Users\Erik Staaf\AppData\Roaming\uTorrent

2014-02-28 18:16 - 2014-02-28 18:16 - 00000044 _____ () C:\Users\Erik Staaf\AppData\Roaming\WB.CFG

2014-02-28 15:38 - 2014-02-28 15:38 - 00000000 ____D () C:\0b03c700f7bd7e709892afd4

2014-02-28 15:33 - 2013-03-01 12:42 - 00000000 ____D () C:\Users\Erik Staaf\Desktop\Lina

2014-02-27 17:35 - 2010-02-22 21:06 - 01557148 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI

2014-02-24 15:48 - 2010-01-26 20:15 - 00000000 ____D () C:\Users\Erik Staaf\AppData\Roaming\Spotify

2014-02-24 13:54 - 2010-01-26 20:15 - 00000000 ____D () C:\Users\Erik Staaf\AppData\Local\Spotify

2014-02-22 15:01 - 2013-03-02 15:43 - 00002179 _____ () C:\Users\Public\Desktop\Google Chrome.lnk

2014-02-21 15:39 - 2014-02-14 13:43 - 00000000 ____D () C:\Users\Erik Staaf\Downloads\Dallas.Buyers.Club.2013.DVDScr.XVID.AC3.HQ.Hive-CM8

2014-02-21 15:39 - 2014-02-14 12:39 - 00000000 ____D () C:\Users\Erik Staaf\Downloads\Her.2013.DVDSCR.XviD.MP3-RARBG

2014-02-21 09:30 - 2012-10-29 17:43 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2014-02-21 09:30 - 2012-10-29 17:43 - 00003806 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater

2014-02-21 09:30 - 2011-05-27 06:39 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2014-02-20 11:14 - 2014-02-20 10:25 - 00014632 _____ () C:\Users\Erik Staaf\Downloads\Gantt-schema (1).xlsx

2014-02-20 08:09 - 2010-12-14 11:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD

2014-02-18 17:06 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache

2014-02-17 21:02 - 2013-08-14 15:44 - 00000000 ____D () C:\Windows\system32\MRT

2014-02-17 15:40 - 2010-05-18 18:35 - 88567024 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2014-02-17 12:33 - 2014-02-17 12:33 - 00020461 _____ () C:\Users\Erik Staaf\Downloads\Godkända009.xlsx

2014-02-17 12:31 - 2014-02-17 12:31 - 00020480 _____ () C:\Users\Erik Staaf\Downloads\Godkända001.xls

2014-02-16 19:58 - 2014-02-16 19:58 - 00046476 _____ () C:\Users\Erik Staaf\Downloads\her_english-848234.zip

2014-02-16 13:50 - 2013-03-02 15:41 - 00003998 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA

2014-02-16 13:50 - 2013-03-02 15:41 - 00003746 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

2014-02-14 19:12 - 2014-02-14 19:12 - 00040520 _____ () C:\Users\Erik Staaf\Downloads\dallas.buyers.club.(2013).eng.1cd.(5477081).zip

2014-02-14 12:38 - 2014-02-08 19:08 - 00000000 ____D () C:\Users\Erik Staaf\Downloads\The Secret Life of Walter Mitty[2013]DVDScr XviD-SaM[ETRG]

2014-02-14 08:47 - 2014-02-14 08:47 - 00000000 ____D () C:\d88449ce1f43d517cb

2014-02-13 11:12 - 2014-02-13 11:10 - 20107359 _____ (Mobogenie ) C:\Users\Erik Staaf\Downloads\MobogenieSetup (1).exe

2014-02-13 10:56 - 2014-02-13 10:55 - 20107359 _____ (Mobogenie ) C:\Users\Erik Staaf\Downloads\MobogenieSetup.exe

2014-02-10 11:47 - 2013-02-28 17:39 - 00000000 ____D () C:\Users\Erik Staaf\Documents\JTH Lina

2014-02-10 11:07 - 2014-02-10 11:03 - 203138842 _____ () C:\Users\Erik Staaf\Downloads\css.mov

2014-02-09 21:01 - 2014-02-09 21:01 - 00009983 _____ () C:\Users\Erik Staaf\Documents\scotland.xlsx

2014-02-08 19:57 - 2014-02-08 19:57 - 00035994 _____ () C:\Users\Erik Staaf\Downloads\the-secret-life-of-walter-mitty-2013_english-845948.zip

2014-02-06 13:16 - 2014-02-14 15:36 - 23170048 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2014-02-06 12:30 - 2014-02-14 15:37 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2014-02-06 12:30 - 2014-02-14 15:36 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll

2014-02-06 12:12 - 2014-02-14 15:36 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2014-02-06 12:07 - 2014-02-14 15:36 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2014-02-06 12:06 - 2014-02-14 15:36 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll

2014-02-06 11:57 - 2014-02-14 15:36 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2014-02-06 11:56 - 2014-02-14 15:36 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2014-02-06 11:52 - 2014-02-14 15:37 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2014-02-06 11:49 - 2014-02-14 15:36 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2014-02-06 11:48 - 2014-02-14 15:36 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll

2014-02-06 11:48 - 2014-02-14 15:36 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe

2014-02-06 11:38 - 2014-02-14 15:36 - 17103872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2014-02-06 11:32 - 2014-02-14 15:36 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2014-02-06 11:20 - 2014-02-14 15:37 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2014-02-06 11:17 - 2014-02-14 15:37 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll

2014-02-06 11:11 - 2014-02-14 15:36 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2014-02-06 11:01 - 2014-02-14 15:36 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2014-02-06 11:00 - 2014-02-14 15:36 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll

2014-02-06 10:57 - 2014-02-14 15:36 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2014-02-06 10:57 - 2014-02-14 15:36 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2014-02-06 10:52 - 2014-02-14 15:36 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2014-02-06 10:52 - 2014-02-14 15:36 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2014-02-06 10:50 - 2014-02-14 15:36 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2014-02-06 10:49 - 2014-02-14 15:37 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2014-02-06 10:47 - 2014-02-14 15:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2014-02-06 10:46 - 2014-02-14 15:36 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll

2014-02-06 10:25 - 2014-02-14 15:37 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll

2014-02-06 10:25 - 2014-02-14 15:36 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2014-02-06 10:24 - 2014-02-14 15:36 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2014-02-06 10:22 - 2014-02-14 15:36 - 13051392 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2014-02-06 10:13 - 2014-02-14 15:36 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2014-02-06 10:09 - 2014-02-14 15:36 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2014-02-06 10:03 - 2014-02-14 15:36 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2014-02-06 09:55 - 2014-02-14 15:36 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2014-02-06 09:41 - 2014-02-14 15:36 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2014-02-06 09:40 - 2014-02-14 15:36 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

2014-02-06 09:36 - 2014-02-14 15:36 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2014-02-06 09:34 - 2014-02-14 15:36 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

2014-02-04 09:12 - 2014-02-04 09:12 - 00004063 _____ () C:\Users\Erik Staaf\Downloads\Part.002

 

Some content of TEMP:

====================

C:\Users\Erik Staaf\AppData\Local\Temp\65585uninstall.exe

C:\Users\Erik Staaf\AppData\Local\Temp\AcDeltree.exe

C:\Users\Erik Staaf\AppData\Local\Temp\ICReinstall_robocop-eng-5562572 (1).exe

C:\Users\Erik Staaf\AppData\Local\Temp\ICReinstall_robocop-eng-5562572.exe

C:\Users\Erik Staaf\AppData\Local\Temp\ose00000.exe

C:\Users\Erik Staaf\AppData\Local\Temp\Quarantine.exe

C:\Users\Erik Staaf\AppData\Local\Temp\setup.exe

C:\Users\Erik Staaf\AppData\Local\Temp\Sqlite3.dll

C:\Users\Erik Staaf\AppData\Local\Temp\sqlite3.exe

C:\Users\Erik Staaf\AppData\Local\Temp\utt147B.tmp.exe

C:\Users\Erik Staaf\AppData\Local\Temp\utt8C6B.tmp.exe

C:\Users\Erik Staaf\AppData\Local\Temp\vlc-2.0.7-win32.exe

C:\Users\Erik Staaf\AppData\Local\Temp\vlc-2.0.8-win32.exe

C:\Users\Erik Staaf\AppData\Local\Temp\xmlUpdater.exe

C:\Users\Erik Staaf\AppData\Local\Temp\yontoo-c2_20130103.exe

 

 

==================== Bamital & volsnap Check =================

 

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\rpcss.dll => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

 

 

LastRegBack: 2014-02-28 15:00

 

==================== End Of Log ============================

[Cecilia]

Hej!

 

Jag flyttar ditt inlägg till en egen tråd för det blir väldigt rörigt med loggar från olika datorer i samma tråd.

 

1. Java 2 Runtime Environment, SE v1.4.2_04 (HKLM-x32\...\{7148F0A8-6813-11D6-A77B-00B0D0142040}) (Version: 1.4.2_04 - Sun Microsystems, Inc.)

Java™ 6 Update 22 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216022FF}) (Version: 6.0.220 - Oracle)

Ovanstående är två urgamla versioner av Java med många säkerhetshål som gör det lätt att infektera datorn från en webbsida. Avinstallera dem. De flesta klarar sig bra utan att ha Java installerat men om man måste är det mycket viktigt att alltid ha den senaste versionen.

 

2. Starta Anteckningar.
Kopiera alla rader i rutan:

SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://start.mysearc...r=840117509&ir=
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://start.mysearc...r=840117509&ir=
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://start.mysearc...r=840117509&ir=
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://start.mysearc...r=840117509&ir=
BHO-x32: InternetDownloadToolBar - {376CA00C-3F95-46F7-8F04-E69906E52A1F} - C:\Program Files (x86)\E-Zsoft\YouTubeDownloader\IDTB.dll ()
2014-02-13 11:10 - 2014-02-13 11:12 - 20107359 _____ (Mobogenie ) C:\Users\Erik Staaf\Downloads\MobogenieSetup (1).exe
2014-02-13 10:55 - 2014-02-13 10:56 - 20107359 _____ (Mobogenie ) C:\Users\Erik Staaf\Downloads\MobogenieSetup.exe

och klistra in i Anteckningar. Kontrollera att inga filer har delats upp på två rader.
Spara filen på skrivbordet med namnet fixlist.txt.

Starta FRST som finns på skrivbordet.
Klicka på knappen Fix.
Vänta tills programmet är klart.

Programmet skapar en logg Fixlog.txt på skrivbordet.
Klistra in innehållet i den i ditt svar.

 

3. Skanna datorn online på http://www.eset.com/onlinescan/
För att inte skannern ska ta för lång tid på sig stäng av ditt antivirusprogram under tiden.

Avbocka alternativet Remove found threats
Bocka för Scan Archives

Klicka på Advanced Settings
Bocka för:
Scan for potentially unwanted applications
Scan for potentially unsafe applications
Enable Anti-Stealth Technology

Klicka på Scan

När skanningen är klar klicka på List of threats found, följt av Export to a text file. Spara till en fil på skrivbordet, öppna filen, kopiera resultatet och klistra sedan in det i ditt svar.

[linakerstin]

Hej!

 

Jag flyttar ditt inlägg till en egen tråd för det blir väldigt rörigt med loggar från olika datorer i samma tråd.

 

1. Java 2 Runtime Environment, SE v1.4.2_04 (HKLM-x32\...\{7148F0A8-6813-11D6-A77B-00B0D0142040}) (Version: 1.4.2_04 - Sun Microsystems, Inc.)

Java™ 6 Update 22 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216022FF}) (Version: 6.0.220 - Oracle)

Ovanstående är två urgamla versioner av Java med många säkerhetshål som gör det lätt att infektera datorn från en webbsida. Avinstallera dem. De flesta klarar sig bra utan att ha Java installerat men om man måste är det mycket viktigt att alltid ha den senaste versionen.

 

2. Starta Anteckningar.

Kopiera alla rader i rutan:

SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://start.mysearc...r=840117509&ir=
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://start.mysearc...r=840117509&ir=
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://start.mysearc...r=840117509&ir=
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://start.mysearc...r=840117509&ir=
BHO-x32: InternetDownloadToolBar - {376CA00C-3F95-46F7-8F04-E69906E52A1F} - C:\Program Files (x86)\E-Zsoft\YouTubeDownloader\IDTB.dll ()
2014-02-13 11:10 - 2014-02-13 11:12 - 20107359 _____ (Mobogenie ) C:\Users\Erik Staaf\Downloads\MobogenieSetup (1).exe
2014-02-13 10:55 - 2014-02-13 10:56 - 20107359 _____ (Mobogenie ) C:\Users\Erik Staaf\Downloads\MobogenieSetup.exe

och klistra in i Anteckningar. Kontrollera att inga filer har delats upp på två rader.

Spara filen på skrivbordet med namnet fixlist.txt.

 

Starta FRST som finns på skrivbordet.

Klicka på knappen Fix.

Vänta tills programmet är klart.

 

Programmet skapar en logg Fixlog.txt på skrivbordet.

Klistra in innehållet i den i ditt svar.

 

3. Skanna datorn online på http://www.eset.com/onlinescan/

För att inte skannern ska ta för lång tid på sig stäng av ditt antivirusprogram under tiden.

 

Avbocka alternativet Remove found threats

Bocka för Scan Archives

 

Klicka på Advanced Settings

Bocka för:

Scan for potentially unwanted applications

Scan for potentially unsafe applications

Enable Anti-Stealth Technology

 

Klicka på Scan

 

När skanningen är klar klicka på List of threats found, följt av Export to a text file. Spara till en fil på skrivbordet, öppna filen, kopiera resultatet och klistra sedan in det i ditt svar.

 

Tack så mycket för hjälpen Cecilia! 

Jag har avinstallerat Java och gjort scanningen i FRST.

Har sedan börjat scanningen online men det har hållit på

i 7 timmar nu och det känns lite väl länge kanske?

Den har "stannat" på C:/windows/checksur/v1.0/windows6.1-servicing-x64-sep25.cab

Vad tror du? Skickar med första delen iallafall!

 

 

 

SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://start.mysearc...r=840117509&ir=

SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://start.mysearc...r=840117509&ir=

SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://start.mysearc...r=840117509&ir=

SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://start.mysearc...r=840117509&ir=

BHO-x32: InternetDownloadToolBar - {376CA00C-3F95-46F7-8F04-E69906E52A1F} - C:\Program Files (x86)\E-Zsoft\YouTubeDownloader\IDTB.dll ()

2014-02-13 11:10 - 2014-02-13 11:12 - 20107359 _____ (Mobogenie ) C:\Users\Erik Staaf\Downloads\MobogenieSetup (1).exe

2014-02-13 10:55 - 2014-02-13 10:56 - 20107359 _____ (Mobogenie ) C:\Users\Erik Staaf\Downloads\MobogenieSetup.exe

[Cecilia]

Jag tror att du har klistrat in fixlist.txt och inte Fixlog.txt.

 

Esets skanner kan ta tid om man har mycket filer och inte så snabb processor eller hårddisk. Men om det tar allt för lång tid avbryt och kör en gång till men ta bort bocken framför Scan Archives först.

[linakerstin]

Klart! 

C:\AdwCleaner\Quarantine\C\Program Files (x86)\Yontoo\Y2Desktop.Updater.exe.vir	Win32/AdWare.Yontoo.F applicationC:\AdwCleaner\Quarantine\C\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setupx.dll.vir	a variant of Win32/Adware.Yontoo.B applicationC:\AdwCleaner\Quarantine\C\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll.vir	a variant of Win32/Adware.Yontoo.B applicationC:\AdwCleaner\Quarantine\C\Users\Erik Staaf\AppData\LocalLow\AskToolbar\setup.exe.vir	a variant of Win32/Bundled.Toolbar.Ask potentially unsafe applicationC:\AdwCleaner\Quarantine\C\Users\Erik Staaf\AppData\Roaming\Yontoo\YontooDesktop.exe.vir	a variant of MSIL/WebCake.B potentially unwanted applicationC:\FRST\Quarantine\MobogenieSetup (1).exe01-03-2014_16-07-47	Win32/Mobogenie.B potentially unwanted applicationC:\FRST\Quarantine\MobogenieSetup.exe01-03-2014_16-07-48	Win32/Mobogenie.B potentially unwanted applicationC:\Users\Erik Staaf\AppData\Local\Temp\ICReinstall_robocop-eng-5562572 (1).exe	Win32/InstallCore.EE potentially unwanted applicationC:\Users\Erik Staaf\AppData\Local\Temp\ICReinstall_robocop-eng-5562572.exe	Win32/InstallCore.EE potentially unwanted applicationC:\Users\Erik Staaf\AppData\Local\Temp\setup.exe	a variant of Win32/Bundled.Toolbar.Ask potentially unsafe applicationC:\Users\Erik Staaf\AppData\Local\Temp\utt8C6B.tmp.exe	a variant of Win32/Toolbar.Conduit potentially unwanted applicationC:\Users\Erik Staaf\AppData\Local\Temp\yontoo-c2_20130103.exe	multiple threatsC:\Users\Erik Staaf\AppData\Local\Temp\Bunndle\BunndleOfferManager.dll	a variant of Win32/Bunndle potentially unsafe applicationC:\Users\Erik Staaf\AppData\Local\Temp\is2095933935\533752_stp\wajam_validate.exe	Win32/Wajam.F potentially unwanted applicationC:\Users\Erik Staaf\AppData\Local\Temp\is2095933935\667066_stp\wajam_validate.exe	Win32/Wajam.F potentially unwanted applicationC:\Users\Erik Staaf\AppData\Local\Temp\{37247BC1-70CE-4745-99FE-8C2965E92FA7}\setup.exe	multiple threatsC:\Users\Erik Staaf\Downloads\pacific-rim-eng-5202711.exe	Win32/InstallCore.DR potentially unwanted applicationC:\Users\Erik Staaf\Downloads\ReimageRepair.exe	Win32/Toolbar.Babylon.T potentially unwanted applicationC:\Users\Erik Staaf\Downloads\wzmp_8.exe	a variant of MSIL/AdvancedSystemProtector.A potentially unwanted application

[linakerstin]

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 27-02-2014 02

Ran by Erik Staaf at 2014-03-01 16:07:47 Run:1

Running from C:\Users\Erik Staaf\Desktop

Boot Mode: Normal

==============================================

 

Content of fixlist:

*****************

SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://start.mysearc...r=840117509&ir='>http://start.mysearc...r=840117509&ir='>http://start.mysearc...r=840117509&ir='>http://start.mysearc...r=840117509&ir=

SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://start.mysearc...r=840117509&ir=

SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://start.mysearc...r=840117509&ir=

SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://start.mysearc...r=840117509&ir=

BHO-x32: InternetDownloadToolBar - {376CA00C-3F95-46F7-8F04-E69906E52A1F} - C:\Program Files (x86)\E-Zsoft\YouTubeDownloader\IDTB.dll ()

2014-02-13 11:10 - 2014-02-13 11:12 - 20107359 _____ (Mobogenie ) C:\Users\Erik Staaf\Downloads\MobogenieSetup (1).exe

2014-02-13 10:55 - 2014-02-13 10:56 - 20107359 _____ (Mobogenie ) C:\Users\Erik Staaf\Downloads\MobogenieSetup.exe

*****************

 

HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.

HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key deleted successfully.

HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.

HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value deleted successfully.

HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key deleted successfully.

HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.

HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{376CA00C-3F95-46F7-8F04-E69906E52A1F} => Key deleted successfully.

HKCR\Wow6432Node\CLSID\{376CA00C-3F95-46F7-8F04-E69906E52A1F} => Key deleted successfully.

C:\Users\Erik Staaf\Downloads\MobogenieSetup (1).exe => Moved successfully.

C:\Users\Erik Staaf\Downloads\MobogenieSetup.exe => Moved successfully.

 

==== End of Fixlog ====

[Cecilia]

1. Det här är tre nedladdade program som kommer att försöka installera onödiga program/tillägg etc under installationen:

C:\Users\Erik Staaf\Downloads\pacific-rim-eng-5202711.exe Win32/InstallCore.DR potentially unwanted application

C:\Users\Erik Staaf\Downloads\ReimageRepair.exe Win32/Toolbar.Babylon.T potentially unwanted application

C:\Users\Erik Staaf\Downloads\wzmp_8.exe a variant of MSIL/AdvancedSystemProtector.A potentially unwanted application

 

De ligger i mappen "Hämtade filer" och du kan ta bort dem därifrån om du vill.

 

2. Starta Anteckningar.

Kopiera alla rader i rutan:

C:\Users\Erik Staaf\AppData\Local\Temp\ICReinstall_robocop-eng-5562572 (1).exe
C:\Users\Erik Staaf\AppData\Local\Temp\ICReinstall_robocop-eng-5562572.exe
C:\Users\Erik Staaf\AppData\Local\Temp\setup.exe
C:\Users\Erik Staaf\AppData\Local\Temp\utt8C6B.tmp.exe
C:\Users\Erik Staaf\AppData\Local\Temp\yontoo-c2_20130103.exe
C:\Users\Erik Staaf\AppData\Local\Temp\Bunndle\BunndleOfferManager.dll
C:\Users\Erik Staaf\AppData\Local\Temp\is2095933935\533752_stp\wajam_validate.exe
C:\Users\Erik Staaf\AppData\Local\Temp\is2095933935\667066_stp\wajam_validate.exe
C:\Users\Erik Staaf\AppData\Local\Temp\{37247BC1-70CE-4745-99FE-8C2965E92FA7}\setup.exe

och klistra in i Anteckningar. Kontrollera att inga filer har delats upp på två rader.

Spara filen på skrivbordet med namnet fixlist.txt.

 

Starta FRST som finns på skrivbordet.

Klicka på knappen Fix.

Vänta tills programmet är klart.

 

Programmet skapar en logg Fixlog.txt på skrivbordet.

Klistra in innehållet i den i ditt svar.

 

3. Är allt bra med datorn nu?

Några fler frågor innan du får instruktionen för att avinstallera specialprogrammen?

[linakerstin]

 

 

 

 

Tror jag har fått med allt nu.
Dock så kommer fortfarande mysarchdaily upp när jag startar chrome?
Men inte när jag öppnar explorer. Jag har kollat inställningarna och google är 
vald som startsida på chrome. 

 

[Cecilia]

Det där är fixlist och inte fixlog.

Högerklicka på den ikon eller menyval som du använder för att starta Chrome och välj Egenskaper. Kolla i rutan som heter Mål om där finns något på slutet efter chrome.exe. Om det gör det ta bort det. Hjälpte det?

[linakerstin]

Ursäkta, var visst svårt för mig att förstå

Finns inget efter chrome.exe. 

[Cecilia]

Kolla upp de olika alternativen här: https://support.google.com/chrome/answer/95421?hl=sv

[linakerstin]

Jag ändrade från "Öppna en särskild sida eller grupp med sidor" till "Öppna sidan Ny flik"
och då var det borta! Så fint!

Jag får verkligen tacka så jättemycket för hjälpen Cecilia!
Hade aldrig klarat detta själv. 

Lina  
 

[Cecilia]

Vad bra att du hittade en lämplig inställning!

 

Bara trevligt att kunna hjälpa till

 

Nu återstår bara att avinstallera specialprogrammen:

1. Stäng alla program, inklusive webbläsare.
Dubbelklicka på AdwCleaner för att starta programmet.
Klicka på Uninstall-knappen.

2. Ladda ner avinstallationsprogrammet OTC till Skrivbordet: http://oldtimer.geekstogo.com/OTC.exe
Dubbelklicka på filen för att starta programmet.
Tryck på knappen CleanUp! och FRST kommer att avinstalleras efter en omstart av datorn. Ta bort (släng i papperskorgen) ShortcutCleaner och eventuella loggar.

3. Förbättra skyddet i datorn, se mina Råd för en säkrare dator: http://ceciliasec.wordpress.com/rad/
Det är mycket viktigt att hålla alla småprogram i datorn uppdaterade, gamla versioner av t ex Flash, Java och Adobe Reader innehåller kända säkerhetshål, vilka kan användas av en webbsida för att infektera datorn. Jag tycker att Secunias program (länk på min webbsida) är en bra hjälp för att kontrollera hur det står till med säkerhetshål i datorn och ange vad som behöver åtgärdas.