Just nu i M3-nätverket
Gå till innehåll

Hjälp med log-koll efter rensning


millpark10

Rekommendera Poster

Hej Cecilia

Kamratens dotters dator med windows 8.1 kastade upp massor med reklamrutor och gick hur långsamt som helst i IE och Chrome.

Avinstallerade en massa toolbars, konstiga program, speeduppc m.m. m.m.

Har kört

Anti Malwarebytes

Skickade resultatet i karantän

Malwarebytes anti rootkit

Hittade ingenting

ADWCleaner

rensade allt efter scanningen

Eset online

Fann 11 filer som hot, rensade o tömde hela C:\Users\Anna\AppData\Local\Temp\

 

Kört en FRST o logg nedan (bif. de andra loggarna också)

Ber nu allra ödmjukast om tips på vad som eventuellt finns kvar, dvs vad har jag missat?

//millpark10

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-09-2014
Ran by Anna (administrator) on ANNASDATOR on 19-09-2014 18:57:24
Running from C:\Users\Anna\Downloads
Platform: Windows 8 (X64) OS Language: Svenska (Sverige)
Internet Explorer Version 10
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7156296 2013-03-08] (Realtek Semiconductor)
HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3015920 2013-02-06] (Synaptics Incorporated)
HKLM-x32\...\Run: [btTray] => C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe [379904 2013-01-10] (IVT Corporation)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [93296 2012-07-13] (CyberLink Corp.)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [1045304 2013-02-25] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HP CoolSense] => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [1343904 2012-11-05] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [bCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-05-13] (Hewlett-Packard)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3411387476-3199513894-1412178671-1001\...\Run: [EA Core] => "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent
HKU\S-1-5-21-3411387476-3199513894-1412178671-1001\...\MountPoints2: {06ebd3fe-f4f1-11e2-be72-806e6f6e6963} - "E:\Autorun.exe"
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.se/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPCON13/11
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPCON13/11
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.uk.msn.com/HPCON13/11
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPCON13/11
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://g.uk.msn.com/HPCON13/11
SearchScopes: HKLM - {AD14074A-8136-4DAF-8D4D-AEC60575BEFC} URL = http://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 - {AD14074A-8136-4DAF-8D4D-AEC60575BEFC} URL = http://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKCU - DefaultScope {AA5A6306-1D41-4C5F-BC6F-C8B256BC5765} URL = http://www.google.com/search?hl=sv&q={searchTerms}
SearchScopes: HKCU - {AA5A6306-1D41-4C5F-BC6F-C8B256BC5765} URL = http://www.google.com/search?hl=sv&q={searchTerms}
SearchScopes: HKCU - {AD14074A-8136-4DAF-8D4D-AEC60575BEFC} URL =
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Windows\SysWow64\skype4com.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 8.8.8.8 79.138.0.180

FireFox:
========
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.66 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Extension: No Name - C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha4220\ff [Not Found]
FF Extension: No Name - C:\Program Files (x86)\MediaWatchV1\MediaWatchV1home6958\ff [Not Found]
FF Extension: No Name - C:\Program Files (x86)\MediaBuzzV1\MediaBuzzV1mode8832\ff [Not Found]
FF Extension: No Name - C:\Program Files (x86)\RichMediaViewV1\RichMediaViewV1release5935\ff [Not Found]

Chrome:
=======
CHR HomePage: Default -> E5352338A2909951CC1F92CF894BB7834B78FA53862E6615FEEE23643272466C
CHR DefaultSearchKeyword: Default -> 7E2F3013294277CF80CD2BB41DA0ED0B392C0DFCFABC9BC3CF28B1478F655D96
CHR DefaultSearchURL: Default -> E73DC060724611AC524467AE98A49014C872AB6C68F0EE4A0987B6669C29A7BC
CHR Profile: C:\Users\Anna\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Anna\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-02-27]
CHR Extension: (Google Drive) - C:\Users\Anna\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-02-27]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Anna\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-18]
CHR Extension: (YouTube) - C:\Users\Anna\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-02-27]
CHR Extension: (Google Search) - C:\Users\Anna\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-02-27]
CHR Extension: (Google Wallet) - C:\Users\Anna\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-27]
CHR Extension: (Gmail) - C:\Users\Anna\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-02-27]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 BlueSoleilCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe [1626872 2013-01-31] (IVT Corporation)
R3 BsHelpCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe [138752 2013-01-10] (IVT Corporation) [File not signed]
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
R2 HPWMISVC; C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [1039160 2013-02-01] (Hewlett-Packard Development Company, L.P.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-03-01] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [732160 2012-12-10] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel® Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131032 2013-01-14] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165336 2013-01-14] (Intel Corporation)
S3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [43520 2012-07-26] (Microsoft Corporation)
S3 Netlogon; C:\Windows\SysWOW64\netlogon.dll [634368 2012-07-26] (Microsoft Corporation)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [239176 2013-02-20] (Realtek Semiconductor)
S3 StorSvc; C:\Windows\SysWOW64\storsvc.dll [18432 2012-07-26] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2014-03-29] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 BlueletAudio; C:\Windows\System32\Drivers\BlueletAudio.sys [33968 2012-12-19] (IVT Corporation)
R3 BtAudioBusSrv; C:\Windows\System32\Drivers\BtAudioBus.sys [23136 2012-06-15] (IVT Corporation)
U4 BthAvrcpTg; No ImagePath
U4 BthHFEnum; No ImagePath
U4 bthhfhid; No ImagePath
R3 BthL2caScoIfSrv; C:\Windows\System32\Drivers\BtL2caScoIf.sys [56904 2012-07-19] (Ralink Corporation)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation)
R3 btUrbFilterDrv; C:\Windows\System32\Drivers\IvtUrbBtFlt.sys [49200 2013-02-26] (Ralink Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
S3 InputFilter_Hid_FlexDef2b; C:\Windows\System32\drivers\InputFilter_FlexDef2b.sys [17920 2010-06-19] (Siliten)
S3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [288328 2013-01-24] (Realtek Semiconductor Corp.)
R3 rtbth; C:\Windows\System32\drivers\rtbth.sys [1204424 2013-12-02] (Ralink Technology, Corp.)
S3 RTSPER; C:\Windows\System32\DRIVERS\RtsPer.sys [448072 2013-02-02] (RTS Corporation)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [28400 2013-02-06] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [31984 2013-02-06] (Synaptics Incorporated)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2012-08-31] (Hewlett-Packard Development Company, L.P.)
U5 BlueletAudio; C:\Windows\SysWOW64\Drivers\BlueletAudio.sys [33968 2012-12-19] (IVT Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-19 18:57 - 2014-09-19 18:57 - 00015339 _____ () C:\Users\Anna\Downloads\FRST.txt
2014-09-19 18:56 - 2014-09-19 18:57 - 00000000 ____D () C:\FRST
2014-09-19 18:54 - 2014-09-19 18:54 - 02105856 _____ (Farbar) C:\Users\Anna\Downloads\FRST64.exe
2014-09-19 18:28 - 2014-09-19 18:28 - 00001691 _____ () C:\Users\Anna\Desktop\EsetOnline_1.txt
2014-09-19 10:00 - 2014-09-19 10:00 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-09-19 09:50 - 2014-09-19 09:50 - 00432128 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-09-19 09:46 - 2014-09-19 09:46 - 00005312 _____ () C:\Users\Anna\Desktop\AdwCleaner[s0].txt
2014-09-19 09:43 - 2014-09-19 09:43 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-09-19 09:39 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-09-19 03:13 - 2014-07-16 00:51 - 00071168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hdaudbus.sys
2014-09-19 03:11 - 2014-08-16 11:34 - 01407488 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-19 03:11 - 2014-08-16 11:34 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-19 03:11 - 2014-08-16 11:33 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-19 03:11 - 2014-08-16 11:33 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-19 03:11 - 2014-08-16 11:32 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-09-19 03:11 - 2014-08-16 11:32 - 00451584 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-19 03:11 - 2014-08-16 11:32 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-19 03:11 - 2014-08-16 09:37 - 01180672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-09-19 03:11 - 2014-08-16 09:36 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-09-19 03:11 - 2014-08-16 09:36 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-09-19 03:11 - 2014-08-16 09:36 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-09-19 03:11 - 2014-08-16 09:36 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-09-19 03:11 - 2014-08-16 09:36 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-09-19 03:11 - 2013-05-14 15:14 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-19 03:10 - 2014-08-16 11:34 - 02239488 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-19 03:10 - 2014-08-16 11:34 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll
2014-09-19 03:10 - 2014-08-16 11:33 - 19280384 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-19 03:10 - 2014-08-16 11:32 - 15399424 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-19 03:10 - 2014-08-16 11:32 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-19 03:10 - 2014-08-16 11:32 - 02655232 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-19 03:10 - 2014-08-16 11:32 - 01508864 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-19 03:10 - 2014-08-16 11:32 - 00255488 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-19 03:10 - 2014-08-16 09:37 - 01766400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-09-19 03:10 - 2014-08-16 09:36 - 14369280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-09-19 03:10 - 2014-08-16 09:36 - 13757440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-09-19 03:10 - 2014-08-16 09:36 - 02861568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-09-19 03:10 - 2014-08-16 09:36 - 02055168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-09-19 03:10 - 2014-08-16 09:36 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-09-19 03:10 - 2014-08-16 09:35 - 01440768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-09-19 03:03 - 2014-06-11 00:44 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-09-19 03:03 - 2014-06-11 00:43 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-09-19 00:30 - 2014-09-19 09:15 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-09-19 00:27 - 2014-09-19 09:15 - 00000000 ____D () C:\Users\Anna\Desktop\mbar
2014-09-19 00:27 - 2014-09-19 00:27 - 14349744 _____ (Malwarebytes Corp.) C:\Users\Anna\Downloads\mbar-1.07.0.1012.exe
2014-09-19 00:04 - 2014-08-28 13:34 - 00059400 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-09-19 00:04 - 2014-08-28 08:05 - 00630272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-09-19 00:04 - 2014-08-28 08:05 - 00086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-09-19 00:04 - 2014-08-28 08:01 - 03285504 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-09-19 00:04 - 2014-08-28 08:01 - 01623552 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-09-19 00:04 - 2014-08-28 08:01 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-09-19 00:04 - 2014-08-28 08:01 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-09-19 00:04 - 2014-08-01 01:40 - 01287680 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2014-09-19 00:04 - 2014-06-18 01:27 - 01440256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-09-19 00:04 - 2014-06-18 01:24 - 01557504 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-09-19 00:04 - 2014-06-13 03:57 - 01453400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-09-19 00:04 - 2014-06-13 03:55 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2014-09-19 00:04 - 2014-06-05 03:12 - 00678600 _____ (Microsoft Corporation) C:\Windows\system32\msvcp120_clr0400.dll
2014-09-19 00:04 - 2014-06-04 01:12 - 00536776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp120_clr0400.dll
2014-09-19 00:04 - 2014-05-30 01:31 - 00452608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SHCore.dll
2014-09-19 00:04 - 2014-05-30 01:03 - 00588288 _____ (Microsoft Corporation) C:\Windows\system32\SHCore.dll
2014-09-19 00:04 - 2014-05-30 01:02 - 01281536 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-09-19 00:04 - 2014-05-30 01:02 - 00439808 _____ (Microsoft Corporation) C:\Windows\system32\lsm.dll
2014-09-19 00:04 - 2014-05-03 07:47 - 03246592 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-09-19 00:04 - 2014-05-03 05:34 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2014-09-19 00:04 - 2014-04-03 05:44 - 00619008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2014-09-19 00:04 - 2014-04-01 00:08 - 00387268 _____ () C:\Windows\system32\ApnDatabase.xml
2014-09-19 00:04 - 2014-03-25 01:42 - 00305152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wusa.exe
2014-09-19 00:04 - 2014-03-25 00:56 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\wusa.exe
2014-09-19 00:03 - 2014-09-05 00:36 - 00755712 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-19 00:03 - 2014-09-03 03:49 - 00556544 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-09-19 00:03 - 2014-08-28 08:05 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-09-19 00:03 - 2014-08-28 08:05 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-09-19 00:03 - 2014-08-28 08:02 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-09-19 00:03 - 2014-08-28 08:01 - 00253440 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2014-09-19 00:03 - 2014-08-28 08:01 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\storewuauth.dll
2014-09-19 00:03 - 2014-08-28 08:01 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-09-19 00:03 - 2014-08-28 08:01 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\wuaext.dll
2014-09-19 00:03 - 2014-07-24 05:33 - 00875688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr120_clr0400.dll
2014-09-19 00:03 - 2014-07-24 05:33 - 00869544 _____ (Microsoft Corporation) C:\Windows\system32\msvcr120_clr0400.dll
2014-09-19 00:03 - 2014-07-01 00:42 - 00394240 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2014-09-19 00:03 - 2014-07-01 00:42 - 00087552 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2014-09-19 00:03 - 2014-06-03 00:33 - 00265216 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2014-09-19 00:03 - 2014-05-03 08:34 - 06974808 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-09-19 00:03 - 2014-05-03 08:33 - 01824808 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2014-09-19 00:03 - 2014-05-03 06:51 - 01408976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2014-09-19 00:03 - 2014-05-02 00:37 - 01023488 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2014-09-19 00:03 - 2014-04-30 00:32 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\Robocopy.exe
2014-09-19 00:03 - 2014-04-30 00:32 - 00106496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Robocopy.exe
2014-09-19 00:03 - 2014-04-24 01:51 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2014-09-19 00:03 - 2014-04-24 01:51 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-09-19 00:03 - 2014-04-24 01:38 - 00693760 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2014-09-19 00:03 - 2014-04-24 01:38 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-09-19 00:02 - 2014-06-20 01:35 - 01312768 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-09-19 00:02 - 2014-06-20 00:24 - 00694272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-09-19 00:02 - 2014-03-07 02:47 - 01419264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-09-19 00:02 - 2014-03-07 02:08 - 01845760 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-09-19 00:01 - 2014-06-06 16:06 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-09-19 00:01 - 2014-06-06 12:17 - 00497152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-09-19 00:01 - 2014-05-30 00:24 - 00576512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-09-19 00:01 - 2014-05-29 06:04 - 00094552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2014-09-19 00:01 - 2014-05-08 03:34 - 00328024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Classpnp.sys
2014-09-19 00:01 - 2014-04-03 13:22 - 02233176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-09-18 23:58 - 2014-08-23 08:47 - 04036096 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-09-18 23:58 - 2014-07-16 01:03 - 01300992 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-09-18 23:58 - 2014-07-12 04:36 - 01023488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-09-18 23:54 - 2014-09-19 00:30 - 00128728 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-18 23:54 - 2014-09-19 00:29 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-09-18 23:54 - 2014-09-18 23:54 - 00001113 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-09-18 23:54 - 2014-09-18 23:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-18 23:54 - 2014-09-18 23:54 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-18 23:54 - 2014-09-18 23:54 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-18 23:54 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-09-18 23:54 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-09-18 23:51 - 2014-09-18 23:52 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Anna\Downloads\mbam-setup-2.0.2.1012.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-19 18:57 - 2014-09-19 18:57 - 00015339 _____ () C:\Users\Anna\Downloads\FRST.txt
2014-09-19 18:57 - 2014-09-19 18:56 - 00000000 ____D () C:\FRST
2014-09-19 18:54 - 2014-09-19 18:54 - 02105856 _____ (Farbar) C:\Users\Anna\Downloads\FRST64.exe
2014-09-19 18:52 - 2013-11-07 17:21 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3411387476-3199513894-1412178671-1001
2014-09-19 18:51 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\system32\NDF
2014-09-19 18:47 - 2014-02-27 21:41 - 00001008 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-19 18:47 - 2013-07-25 06:24 - 00003620 _____ () C:\Windows\SysWOW64\LOCALSERVICE.INI
2014-09-19 18:39 - 2013-03-04 17:30 - 00000983 _____ () C:\Windows\SysWOW64\bscs.ini
2014-09-19 18:36 - 2013-07-25 06:24 - 00000043 _____ () C:\Windows\SysWOW64\LOCALDEVICE.INI
2014-09-19 18:36 - 2012-07-26 09:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-19 18:35 - 2012-08-04 00:23 - 00636890 _____ () C:\Windows\PFRO.log
2014-09-19 18:34 - 2013-12-07 20:00 - 00000000 ____D () C:\ProgramData\Origin
2014-09-19 18:28 - 2014-09-19 18:28 - 00001691 _____ () C:\Users\Anna\Desktop\EsetOnline_1.txt
2014-09-19 18:23 - 2014-02-27 21:41 - 00001012 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-19 18:00 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\system32\sru
2014-09-19 17:09 - 2013-10-12 14:24 - 01820040 _____ () C:\Windows\WindowsUpdate.log
2014-09-19 12:07 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\rescache
2014-09-19 10:26 - 2012-07-26 09:59 - 00000000 ____D () C:\Windows\CbsTemp
2014-09-19 10:00 - 2014-09-19 10:00 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-09-19 09:55 - 2013-03-25 20:53 - 00013438 _____ () C:\Windows\system32\perfh01D.dat
2014-09-19 09:55 - 2013-03-25 20:53 - 00004226 _____ () C:\Windows\system32\perfc01D.dat
2014-09-19 09:55 - 2013-03-25 20:47 - 00470680 _____ () C:\Windows\system32\perfh014.dat
2014-09-19 09:55 - 2013-03-25 20:47 - 00090790 _____ () C:\Windows\system32\perfc014.dat
2014-09-19 09:55 - 2013-03-25 20:42 - 00458608 _____ () C:\Windows\system32\perfh00B.dat
2014-09-19 09:55 - 2013-03-25 20:42 - 00096714 _____ () C:\Windows\system32\perfc00B.dat
2014-09-19 09:55 - 2013-03-25 20:37 - 00487026 _____ () C:\Windows\system32\perfh006.dat
2014-09-19 09:55 - 2013-03-25 20:37 - 00094182 _____ () C:\Windows\system32\perfc006.dat
2014-09-19 09:55 - 2012-07-26 09:28 - 02633278 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-19 09:50 - 2014-09-19 09:50 - 00432128 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-09-19 09:49 - 2012-07-26 07:26 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-09-19 09:46 - 2014-09-19 09:46 - 00005312 _____ () C:\Users\Anna\Desktop\AdwCleaner[s0].txt
2014-09-19 09:44 - 2013-07-25 06:45 - 00000000 ____D () C:\ProgramData\Norton
2014-09-19 09:43 - 2014-09-19 09:43 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-09-19 09:43 - 2012-07-26 10:12 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-09-19 09:43 - 2012-07-26 10:12 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-09-19 09:43 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\SysWOW64\en-GB
2014-09-19 09:43 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\system32\en-GB
2014-09-19 09:42 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\WinStore
2014-09-19 09:42 - 2012-07-26 09:52 - 00000000 ____D () C:\Program Files\Windows Journal
2014-09-19 09:41 - 2013-10-12 14:24 - 00000000 ____D () C:\Users\Anna
2014-09-19 09:15 - 2014-09-19 00:30 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-09-19 09:15 - 2014-09-19 00:27 - 00000000 ____D () C:\Users\Anna\Desktop\mbar
2014-09-19 03:42 - 2013-10-21 21:06 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-09-19 03:10 - 2013-12-06 18:44 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-19 00:30 - 2014-09-18 23:54 - 00128728 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-19 00:29 - 2014-09-18 23:54 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-09-19 00:27 - 2014-09-19 00:27 - 14349744 _____ (Malwarebytes Corp.) C:\Users\Anna\Downloads\mbar-1.07.0.1012.exe
2014-09-19 00:05 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\AUInstallAgent
2014-09-18 23:56 - 2012-07-26 07:26 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2014-09-18 23:54 - 2014-09-18 23:54 - 00001113 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-09-18 23:54 - 2014-09-18 23:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-18 23:54 - 2014-09-18 23:54 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-18 23:54 - 2014-09-18 23:54 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-18 23:52 - 2014-09-18 23:51 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Anna\Downloads\mbam-setup-2.0.2.1012.exe
2014-09-18 21:15 - 2014-02-27 21:45 - 00000000 ____D () C:\Users\Anna\AppData\Roaming\Spotify
2014-09-18 18:26 - 2012-07-26 10:12 - 00000000 ___HD () C:\Windows\ELAMBKUP
2014-09-18 14:40 - 2012-07-26 07:26 - 00000269 _____ () C:\Windows\win.ini
2014-09-18 11:58 - 2014-02-27 21:46 - 00000000 ____D () C:\Users\Anna\AppData\Local\Spotify
2014-09-18 09:44 - 2014-02-27 21:42 - 00002186 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-09-18 09:18 - 2014-02-27 21:41 - 00003984 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-09-18 09:18 - 2014-02-27 21:41 - 00003748 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-09-18 09:18 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
2014-09-05 00:36 - 2014-09-19 00:03 - 00755712 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-03 03:49 - 2014-09-19 00:03 - 00556544 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-09-02 21:32 - 2014-05-16 21:18 - 00705480 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-02 21:32 - 2014-05-16 21:18 - 00104904 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-08-29 13:01 - 2013-12-06 18:44 - 101694776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-08-28 13:34 - 2014-09-19 00:04 - 00059400 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-08-28 08:05 - 2014-09-19 00:04 - 00630272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-08-28 08:05 - 2014-09-19 00:04 - 00086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-08-28 08:05 - 2014-09-19 00:03 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-08-28 08:05 - 2014-09-19 00:03 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-08-28 08:02 - 2014-09-19 00:03 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-08-28 08:01 - 2014-09-19 00:04 - 03285504 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-08-28 08:01 - 2014-09-19 00:04 - 01623552 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-08-28 08:01 - 2014-09-19 00:04 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-08-28 08:01 - 2014-09-19 00:04 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-08-28 08:01 - 2014-09-19 00:03 - 00253440 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2014-08-28 08:01 - 2014-09-19 00:03 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\storewuauth.dll
2014-08-28 08:01 - 2014-09-19 00:03 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-08-28 08:01 - 2014-09-19 00:03 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\wuaext.dll
2014-08-23 08:47 - 2014-09-18 23:58 - 04036096 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-09-18 15:21

==================== End Of Log ============================

 

Addition.txt

malwarebytes logg_1.txt

AdwCleanerS0.txt

EsetOnline_1.txt

Länk till kommentar
Dela på andra webbplatser

Hej!

 

Det finns lite kvar i Chrome samt lite rester av sånt som tagits bort.

 

Starta Anteckningar.

Kopiera alla rader i rutan:

Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
SearchScopes: HKCU - {AD14074A-8136-4DAF-8D4D-AEC60575BEFC} URL =
FF Extension: No Name - C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha4220\ff [Not Found]
FF Extension: No Name - C:\Program Files (x86)\MediaWatchV1\MediaWatchV1home6958\ff [Not Found]
FF Extension: No Name - C:\Program Files (x86)\MediaBuzzV1\MediaBuzzV1mode8832\ff [Not Found]
FF Extension: No Name - C:\Program Files (x86)\RichMediaViewV1\RichMediaViewV1release5935\ff [Not Found]
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HomePage: Default -> E5352338A2909951CC1F92CF894BB7834B78FA53862E6615FEEE23643272466C
CHR DefaultSearchKeyword: Default -> 7E2F3013294277CF80CD2BB41DA0ED0B392C0DFCFABC9BC3CF28B1478F655D96
CHR DefaultSearchURL: Default -> E73DC060724611AC524467AE98A49014C872AB6C68F0EE4A0987B6669C29A7BC
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
och klistra in i Anteckningar. Kontrollera att inga filer har delats upp på två rader.

Spara filen på skrivbordet med namnet fixlist.txt.

 

Starta FRST som finns på skrivbordet.

Klicka på knappen Fix.

Vänta tills programmet är klart.

 

Programmet skapar en logg Fixlog.txt på skrivbordet.

Klistra in innehållet i den i ditt svar.

 

Installera något bättre antivirusprogram än Defender.

Länk till kommentar
Dela på andra webbplatser

Hej Cecilia,

Tack för dina ovärderliga instruktioner när det gäller skräp i datorn!

Fixlog nedanför.

 

Defender är inte good-enough? Det var illa, MS som i förtäckta ordalag sagt att windows 8 inte behöver annat virusskydd.

Vad föreslår du istället? Freewarealternativ? Har tidigare använd MSIS men den funkar väl inte på windows 8 har jag för mig?

//millpark10

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 12-09-2014
Ran by Anna at 2014-09-20 00:51:12 Run:1
Running from C:\Users\Anna\Downloads
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
SearchScopes: HKCU - {AD14074A-8136-4DAF-8D4D-AEC60575BEFC} URL =
FF Extension: No Name - C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha4220\ff [Not Found]
FF Extension: No Name - C:\Program Files (x86)\MediaWatchV1\MediaWatchV1home6958\ff [Not Found]
FF Extension: No Name - C:\Program Files (x86)\MediaBuzzV1\MediaBuzzV1mode8832\ff [Not Found]
FF Extension: No Name - C:\Program Files (x86)\RichMediaViewV1\RichMediaViewV1release5935\ff [Not Found]
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HomePage: Default -> E5352338A2909951CC1F92CF894BB7834B78FA53862E6615FEEE23643272466C
CHR DefaultSearchKeyword: Default -> 7E2F3013294277CF80CD2BB41DA0ED0B392C0DFCFABC9BC3CF28B1478F655D96
CHR DefaultSearchURL: Default -> E73DC060724611AC524467AE98A49014C872AB6C68F0EE4A0987B6669C29A7BC
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
*****************

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => value deleted successfully.
"HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AD14074A-8136-4DAF-8D4D-AEC60575BEFC}" => Key deleted successfully.
"HKCR\CLSID\{AD14074A-8136-4DAF-8D4D-AEC60575BEFC}" => Key not found.
C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha4220\ff not found.
C:\Program Files (x86)\MediaWatchV1\MediaWatchV1home6958\ff not found.
C:\Program Files (x86)\MediaBuzzV1\MediaBuzzV1mode8832\ff not found.
C:\Program Files (x86)\RichMediaViewV1\RichMediaViewV1release5935\ff not found.
C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
Chrome HomePage deleted successfully.
Chrome DefaultSearchKeyword deleted successfully.
Chrome DefaultSearchURL deleted successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.

The system needed a reboot.

==== End of Fixlog ====

Länk till kommentar
Dela på andra webbplatser

Hej!

 

Defender i Windows 8, liksom Microsoft Security Essentials i tidagare Windows-versioner ger ett grundläggande skydd men om man håller på och installerar en massa program som innehåller annonsprogram behöver man nog något bättre. Jag vet att Avast går att konfigurera för att upptäcka PUP (Potentially Unwanted Progras, oftast annonsprogram), men jag vet inte hur det är med de andra gratisprogrammen Avira, AVG, Ad-Aware, som brukar få bättre resultat än Avast i år.

 

Verkar allt bra med datorn nu?

Länk till kommentar
Dela på andra webbplatser

Hej Cecilia

STORT tack för hjälpen.

Jag kan inte se några tecken på att det finns något kvar i datorn som stör, inga popups eller förslag på att förbättra datorns prestanda osv som den visade när jag fick den.

Jag kikar på Avast, har ju varit lite favorit en tid har jag sett i forumen. Och vilka som hittar vad är ju lite fram o tillbaka över tid.

Än en gång tack, och "jag hoppas att vi inte hörs igen"

;)

@--}---

/millpark10

Länk till kommentar
Dela på andra webbplatser

Hej!

 

Bara trevligt att kunna hjälpa till :)

 

Du behöver avinstallera AdwCleaner och FRST också så att deras karantäner tas bort.

 

1. Stäng alla program, inklusive webbläsare.

Dubbelklicka på AdwCleaner för att starta programmet.

Klicka på Uninstall-knappen.

 

2. Ladda ner avinstallationsprogrammet OTC till Skrivbordet: http://oldtimer.geekstogo.com/OTC.exe

Dubbelklicka på filen för att starta programmet.

Tryck på knappen CleanUp! och FRST kommer att avinstalleras efter en omstart av datorn. Om något sådant program är kvar efter det så fråga hur du ska ta bort det. Ta bort eventuella loggar.

 

3. Förbättra skyddet i datorn, se mina Råd för en säkrare dator: http://ceciliasec.wordpress.com/rad/

Det är mycket viktigt att hålla alla småprogram i datorn uppdaterade, gamla versioner av t ex Flash, Java och Adobe Reader innehåller kända säkerhetshål, vilka kan användas av en webbsida för att infektera datorn. Jag tycker att Secunias program (länk på min webbsida) är en bra hjälp för att kontrollera hur det står till med säkerhetshål i datorn och ange vad som behöver åtgärdas.

Länk till kommentar
Dela på andra webbplatser

Hej Cecilia

Jo jag avinstallerade o rensade med OTC och försökte köra windows update innan jag la på antivirus o övriga "braatthaprogram" typ acrobat reader mfl.

Det gick inte, körde i väggen fullständigt.

Farit runt på MS forum o försökt lösa ett windowsupdate problem och slutade i att jag var tvungen att göra en systemåterställning, suck.

Avinstallerar manuellt igen allt som ska bort och återkommer med ny FRSTlog.

Ser mitt nuvarande problem mest som windowsupdate, kanske orsakat av något av virusarna i ett tidigare skede

//millpark10

Länk till kommentar
Dela på andra webbplatser

Hej millpark10!

 

Ok, om du tror att problemen med Windows Update beror på skadliga program så finns det en del andra program att köra. Men det finns många orsaker till problem med Windows Update.

 

Är det Windows 8 eller 8.1 i datorn?

Länk till kommentar
Dela på andra webbplatser

Hej Cecilia

Kanske att windows update var trasigt innan jag rensade, men min "princip" är att ta bort det som ska bort så maskinen är så ren som möjligt innan jag börjar uppdatera och installera saker.

Alla instruktioner för att reparera win-update kom till slut fram till antingen ominstallation eller systemåterställning. När allt annat var testat utan annat resultat än att update fortfarande inte funkade så blev det systemåterställning till någon dag innan jag började rensa.

Det är en windows 8.0, min tanke var ju att installera 8.1 innan jag lämnade igen den.

Jag gör ett nytt försök med din fantastiska hjälp.

 

//millpark10

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-09-2014 01
Ran by Anna (administrator) on ANNASDATOR on 22-09-2014 18:54:06
Running from C:\Users\Anna\Downloads\Virusrensning20140919
Platform: Windows 8 (X64) OS Language: Svenska (Sverige)
Internet Explorer Version 10
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\ccsvchst.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Activeris) C:\Program Files (x86)\Activeris AntiMalware\ActiverisAntiMalware.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7156296 2013-03-08] (Realtek Semiconductor)
HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3015920 2013-02-06] (Synaptics Incorporated)
HKLM-x32\...\Run: [btTray] => C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe [379904 2013-01-10] (IVT Corporation)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [93296 2012-07-13] (CyberLink Corp.)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [1045304 2013-02-25] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HP CoolSense] => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [1343904 2012-11-05] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [bCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [mobilegeni daemon] => C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-05-13] (Hewlett-Packard)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3411387476-3199513894-1412178671-1001\...\Run: [EA Core] => "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent
HKU\S-1-5-21-3411387476-3199513894-1412178671-1001\...\Run: [Driver Pro] => C:\Program Files (x86)\Driver Pro\DPLauncher.exe [340512 2012-10-30] (PC Utilities Pro)
HKU\S-1-5-21-3411387476-3199513894-1412178671-1001\...\Run: [NextLive] => C:\Windows\SysWOW64\rundll32.exe "C:\Users\Anna\AppData\Roaming\newnext.me\nengine.dll",EntryPoint -m l
HKU\S-1-5-21-3411387476-3199513894-1412178671-1001\...\MountPoints2: {06ebd3fe-f4f1-11e2-be72-806e6f6e6963} - "E:\Autorun.exe"
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com/?ctid=CT3324331&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SPAA530ACC-0526-4F7C-8C50-1ECB8B8794DB&SSPV=
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPCON13/11
HKCU\Software\Microsoft\Internet Explorer\Main,bProtector Start Page = http://www.delta-search.com/?babsrc=HP_ss&mntrId=B6920C84DC8C2797&affID=120522&tsp=5038
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPCON13/11
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.uk.msn.com/HPCON13/11
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPCON13/11
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://g.uk.msn.com/HPCON13/11
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS
SearchScopes: HKLM - {AD14074A-8136-4DAF-8D4D-AEC60575BEFC} URL = http://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS
SearchScopes: HKLM-x32 - {AD14074A-8136-4DAF-8D4D-AEC60575BEFC} URL = http://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.conduit.com/Results.aspx?ctid=CT3324331&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SPAA530ACC-0526-4F7C-8C50-1ECB8B8794DB&q={searchTerms}&SSPV=
SearchScopes: HKCU - bProtectorDefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.conduit.com/Results.aspx?ctid=CT3324331&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SPAA530ACC-0526-4F7C-8C50-1ECB8B8794DB&q={searchTerms}&SSPV=
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www.opti-page.com/?q={searchTerms}&babsrc=SP_ss&mntrId=B6920C84DC8C2797&affID=126473&tsp=5038
SearchScopes: HKCU - {AD14074A-8136-4DAF-8D4D-AEC60575BEFC} URL = http://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: SaveSense -> {71e129ff-6c2a-4984-818c-7e2c998b8d99} -> C:\Users\Anna\AppData\Local\SaveSense\SaveSenseIE.dll No File
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\coIEPlg.dll (Symantec Corporation)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Windows\SysWow64\skype4com.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 8.8.8.8 79.138.0.180

FireFox:
========
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.66 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.updaterss.com/SaveSenseLive Update;version=3 -> C:\Program Files (x86)\SaveSenseLive\Update\1.3.23.0\npGoogleUpdate3.dll ()
FF Plugin-x32: @tools.updaterss.com/SaveSenseLive Update;version=9 -> C:\Program Files (x86)\SaveSenseLive\Update\1.3.23.0\npGoogleUpdate3.dll ()
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\IPSFF
FF Extension: No Name - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\IPSFF [2013-10-13]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\coFFPlgn
FF Extension: No Name - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\coFFPlgn [2014-05-16]
FF Extension: No Name - C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha4220\ff [Not Found]
FF Extension: No Name - C:\Program Files (x86)\MediaWatchV1\MediaWatchV1home6958\ff [Not Found]
FF Extension: No Name - C:\Program Files (x86)\MediaBuzzV1\MediaBuzzV1mode8832\ff [Not Found]
FF Extension: No Name - C:\Program Files (x86)\RichMediaViewV1\RichMediaViewV1release5935\ff [Not Found]

Chrome:
=======
CHR Profile: C:\Users\Anna\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Wallet) - C:\Users\Anna\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-27]
CHR HKLM-x32\...\Chrome\Extension: [bejnhdlplbjhffionohbdnpcbobfejcc] - C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\Exts\Chrome.crx []
CHR HKLM-x32\...\Chrome\Extension: [chdboodilddefglllfoimeceomkpmkbi] - C:\Program Files (x86)\SaltarSmart\chdboodilddefglllfoimeceomkpmkbi.crx []
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 BlueSoleilCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe [1626872 2013-01-31] (IVT Corporation)
R3 BsHelpCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe [138752 2013-01-10] (IVT Corporation) [File not signed]
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
R2 HPWMISVC; C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [1039160 2013-02-01] (Hewlett-Packard Development Company, L.P.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-03-01] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [732160 2012-12-10] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel® Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131032 2013-01-14] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165336 2013-01-14] (Intel Corporation)
S3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [43520 2012-07-26] (Microsoft Corporation)
S3 Netlogon; C:\Windows\SysWOW64\netlogon.dll [634368 2012-07-26] (Microsoft Corporation)
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\ccSvcHst.exe [144368 2013-05-21] (Symantec Corporation)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [239176 2013-02-20] (Realtek Semiconductor)
S2 savesenselive; C:\Program Files (x86)\SaveSenseLive\Update\SaveSenseLive.exe [146920 2014-02-27] (SaveSense)
S3 savesenselivem; C:\Program Files (x86)\SaveSenseLive\Update\SaveSenseLive.exe [146920 2014-02-27] (SaveSense)
S3 StorSvc; C:\Windows\SysWOW64\storsvc.dll [18432 2012-07-26] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2014-03-29] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\BASHDefs\20131203.001\BHDrvx64.sys [1526488 2013-12-03] (Symantec Corporation)
U5 BlueletAudio; C:\Windows\System32\Drivers\BlueletAudio.sys [33968 2012-12-19] (IVT Corporation)
R3 BtAudioBusSrv; C:\Windows\System32\Drivers\BtAudioBus.sys [23136 2012-06-15] (IVT Corporation)
U4 BthAvrcpTg; No ImagePath
U4 BthHFEnum; No ImagePath
U4 bthhfhid; No ImagePath
R3 BthL2caScoIfSrv; C:\Windows\System32\Drivers\BtL2caScoIf.sys [56904 2012-07-19] (Ralink Corporation)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation)
R3 btUrbFilterDrv; C:\Windows\System32\Drivers\IvtUrbBtFlt.sys [49200 2013-02-26] (Ralink Corporation)
S3 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1405000.01C\ccSetx64.sys [169048 2013-04-16] (Symantec Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
S3 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-11-23] (Symantec Corporation)
S3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [137648 2013-11-23] (Symantec Corporation) [File not signed]
S3 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\IPSDefs\20131207.001\IDSvia64.sys [521816 2013-11-06] (Symantec Corporation)
S3 InputFilter_Hid_FlexDef2b; C:\Windows\System32\drivers\InputFilter_FlexDef2b.sys [17920 2010-06-19] (Siliten)
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\VirusDefs\20131209.016\ENG64.SYS [126040 2013-11-07] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\VirusDefs\20131209.016\EX64.SYS [2099288 2013-11-07] (Symantec Corporation)
S3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [288328 2013-01-24] (Realtek Semiconductor Corp.)
R3 rtbth; C:\Windows\System32\drivers\rtbth.sys [1204424 2013-12-02] (Ralink Technology, Corp.)
S3 RTSPER; C:\Windows\System32\DRIVERS\RtsPer.sys [448072 2013-02-02] (RTS Corporation)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [28400 2013-02-06] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [31984 2013-02-06] (Synaptics Incorporated)
S3 SRTSP; C:\Windows\System32\Drivers\NISx64\1405000.01C\SRTSP64.SYS [796760 2013-05-16] (Symantec Corporation)
S3 SRTSPX; C:\Windows\system32\drivers\NISx64\1405000.01C\SRTSPX64.SYS [36952 2013-03-05] (Symantec Corporation)
S3 SymDS; C:\Windows\system32\drivers\NISx64\1405000.01C\SYMDS64.SYS [493656 2013-05-21] (Symantec Corporation)
S3 SymEFA; C:\Windows\system32\drivers\NISx64\1405000.01C\SYMEFA64.SYS [1139800 2013-05-23] (Symantec Corporation)
S4 SymELAM; C:\Windows\system32\drivers\NISx64\1405000.01C\SymELAM.sys [23448 2012-06-20] (Symantec Corporation)
S3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2013-10-15] (Symantec Corporation)
S3 SymIRON; C:\Windows\system32\drivers\NISx64\1405000.01C\Ironx64.SYS [224416 2013-03-05] (Symantec Corporation)
S3 SymNetS; C:\Windows\System32\Drivers\NISx64\1405000.01C\SYMNETS.SYS [433752 2013-04-25] (Symantec Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2012-08-31] (Hewlett-Packard Development Company, L.P.)
R1 wStLibG64; C:\Windows\System32\drivers\wStLibG64.sys [61120 2014-04-17] (StdLib)
S1 {f5547162-5df2-4216-9d7d-87cc3068bb50}w64; C:\Windows\System32\drivers\{f5547162-5df2-4216-9d7d-87cc3068bb50}w64.sys [61120 2014-08-30] () [File not signed]
U5 BlueletAudio; C:\Windows\SysWOW64\Drivers\BlueletAudio.sys [33968 2012-12-19] (IVT Corporation)
S3 SPPD; \??\C:\Windows\system32\drivers\SPPD.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-22 18:54 - 2014-09-22 18:54 - 00000000 ____D () C:\FRST
2014-09-22 18:16 - 2014-09-22 18:16 - 00432128 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-09-22 13:11 - 2014-09-22 13:11 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-09-22 11:19 - 2014-07-16 00:51 - 00071168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hdaudbus.sys
2014-09-22 11:17 - 2014-08-16 11:34 - 02239488 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-22 11:17 - 2014-08-16 11:34 - 01407488 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-22 11:17 - 2014-08-16 11:34 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll
2014-09-22 11:17 - 2014-08-16 11:34 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-22 11:17 - 2014-08-16 11:33 - 19280384 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-22 11:17 - 2014-08-16 11:33 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-22 11:17 - 2014-08-16 11:33 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-22 11:17 - 2014-08-16 11:32 - 15399424 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-22 11:17 - 2014-08-16 11:32 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-22 11:17 - 2014-08-16 11:32 - 02655232 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-22 11:17 - 2014-08-16 11:32 - 01508864 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-22 11:17 - 2014-08-16 11:32 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-09-22 11:17 - 2014-08-16 11:32 - 00451584 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-22 11:17 - 2014-08-16 11:32 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-22 11:17 - 2014-08-16 11:32 - 00255488 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-22 11:17 - 2014-08-16 09:37 - 01766400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-09-22 11:17 - 2014-08-16 09:37 - 01180672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-09-22 11:17 - 2014-08-16 09:36 - 13757440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-09-22 11:17 - 2014-08-16 09:36 - 02861568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-09-22 11:17 - 2014-08-16 09:36 - 02055168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-09-22 11:17 - 2014-08-16 09:36 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-09-22 11:17 - 2014-08-16 09:36 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-09-22 11:17 - 2014-08-16 09:36 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-09-22 11:17 - 2014-08-16 09:36 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-09-22 11:17 - 2014-08-16 09:36 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-09-22 11:17 - 2014-08-16 09:36 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-09-22 11:17 - 2014-08-16 09:35 - 01440768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-09-22 11:16 - 2014-08-16 09:36 - 14369280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-09-22 11:11 - 2014-06-11 00:44 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-09-22 11:11 - 2014-06-11 00:43 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-09-22 11:05 - 2014-08-01 01:40 - 01287680 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2014-09-22 11:05 - 2014-06-18 01:27 - 01440256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-09-22 11:05 - 2014-06-18 01:24 - 01557504 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-09-22 11:05 - 2014-06-13 03:57 - 01453400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-09-22 11:05 - 2014-06-13 03:55 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2014-09-22 11:05 - 2014-06-05 03:12 - 00678600 _____ (Microsoft Corporation) C:\Windows\system32\msvcp120_clr0400.dll
2014-09-22 11:05 - 2014-06-04 01:12 - 00536776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp120_clr0400.dll
2014-09-22 11:05 - 2014-05-03 07:47 - 03246592 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-09-22 11:05 - 2014-05-03 05:34 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2014-09-22 11:05 - 2014-04-03 05:44 - 00619008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2014-09-22 11:05 - 2014-04-01 00:08 - 00387268 _____ () C:\Windows\system32\ApnDatabase.xml
2014-09-22 11:05 - 2014-03-25 01:42 - 00305152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wusa.exe
2014-09-22 11:05 - 2014-03-25 00:56 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\wusa.exe
2014-09-22 11:04 - 2014-09-05 00:36 - 00755712 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-22 11:04 - 2014-09-03 03:49 - 00556544 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-09-22 11:04 - 2014-08-28 13:34 - 00059400 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-09-22 11:04 - 2014-08-28 08:05 - 00630272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-09-22 11:04 - 2014-08-28 08:05 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-09-22 11:04 - 2014-08-28 08:05 - 00086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-09-22 11:04 - 2014-08-28 08:05 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-09-22 11:04 - 2014-08-28 08:02 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-09-22 11:04 - 2014-08-28 08:01 - 03285504 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-09-22 11:04 - 2014-08-28 08:01 - 01623552 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-09-22 11:04 - 2014-08-28 08:01 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-09-22 11:04 - 2014-08-28 08:01 - 00253440 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2014-09-22 11:04 - 2014-08-28 08:01 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\storewuauth.dll
2014-09-22 11:04 - 2014-08-28 08:01 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-09-22 11:04 - 2014-08-28 08:01 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-09-22 11:04 - 2014-08-28 08:01 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\wuaext.dll
2014-09-22 11:04 - 2014-07-24 05:33 - 00875688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr120_clr0400.dll
2014-09-22 11:04 - 2014-07-24 05:33 - 00869544 _____ (Microsoft Corporation) C:\Windows\system32\msvcr120_clr0400.dll
2014-09-22 11:04 - 2014-07-01 00:42 - 00394240 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2014-09-22 11:04 - 2014-07-01 00:42 - 00087552 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2014-09-22 11:04 - 2014-05-30 01:31 - 00452608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SHCore.dll
2014-09-22 11:04 - 2014-05-30 01:03 - 00588288 _____ (Microsoft Corporation) C:\Windows\system32\SHCore.dll
2014-09-22 11:04 - 2014-05-30 01:02 - 01281536 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-09-22 11:04 - 2014-05-30 01:02 - 00439808 _____ (Microsoft Corporation) C:\Windows\system32\lsm.dll
2014-09-22 11:03 - 2014-06-03 00:33 - 00265216 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2014-09-22 11:03 - 2014-05-03 08:34 - 06974808 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-09-22 11:03 - 2014-05-03 08:33 - 01824808 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2014-09-22 11:03 - 2014-05-03 06:51 - 01408976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2014-09-22 11:03 - 2014-05-02 00:37 - 01023488 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2014-09-22 11:03 - 2014-04-30 00:32 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\Robocopy.exe
2014-09-22 11:03 - 2014-04-30 00:32 - 00106496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Robocopy.exe
2014-09-22 11:03 - 2014-04-24 01:51 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2014-09-22 11:03 - 2014-04-24 01:51 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-09-22 11:03 - 2014-04-24 01:38 - 00693760 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2014-09-22 11:03 - 2014-04-24 01:38 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-09-22 11:02 - 2014-08-23 08:47 - 04036096 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-09-22 11:02 - 2014-07-16 01:03 - 01300992 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-09-22 11:02 - 2014-07-12 04:36 - 01023488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-09-22 11:02 - 2014-06-20 01:35 - 01312768 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-09-22 11:02 - 2014-06-20 00:24 - 00694272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-09-22 11:02 - 2014-06-06 16:06 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-09-22 11:02 - 2014-06-06 12:17 - 00497152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-09-22 11:02 - 2014-05-30 00:24 - 00576512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-09-22 11:02 - 2014-05-29 06:04 - 00094552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2014-09-22 11:02 - 2014-05-08 03:34 - 00328024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Classpnp.sys
2014-09-22 11:02 - 2014-04-03 13:22 - 02233176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-09-22 11:02 - 2014-03-07 02:47 - 01419264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-09-22 11:02 - 2014-03-07 02:08 - 01845760 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-09-22 10:27 - 2014-09-22 11:09 - 00000000 ____D () C:\Windows\softwaredistribution.bak1
2014-09-22 08:05 - 2014-09-22 08:05 - 00000000 ____D () C:\ProgramData\Activeris
2014-09-22 08:05 - 2014-09-22 08:05 - 00000000 _____ () C:\Users\Anna\daemonprocess.txt
2014-09-21 19:12 - 2014-09-21 19:12 - 00000000 ____D () C:\Windows\softwaredistribution.bak
2014-09-20 13:00 - 2014-09-20 13:00 - 00000000 ____D () C:\Users\Anna\AppData\Roaming\HewlettPackard
2014-09-20 11:55 - 2014-09-20 11:55 - 00000000 ____D () C:\Users\Anna\AppData\Roaming\InstallShield
2014-09-20 10:58 - 2014-09-20 10:58 - 00000000 ____D () C:\Users\Anna\Intel
2014-09-20 10:48 - 2014-09-22 18:54 - 00000000 ____D () C:\Users\Anna\Downloads\Virusrensning20140919
2014-09-19 10:00 - 2014-09-19 10:00 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-09-19 00:30 - 2014-09-19 09:15 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-09-18 23:54 - 2014-09-22 02:54 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-18 23:54 - 2014-09-22 02:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-18 23:54 - 2014-09-18 23:54 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-02 20:08 - 2014-08-30 14:02 - 00061120 _____ () C:\Windows\system32\Drivers\{f5547162-5df2-4216-9d7d-87cc3068bb50}w64.sys

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-22 18:54 - 2014-09-22 18:54 - 00000000 ____D () C:\FRST
2014-09-22 18:54 - 2014-09-20 10:48 - 00000000 ____D () C:\Users\Anna\Downloads\Virusrensning20140919
2014-09-22 18:51 - 2013-10-12 14:24 - 01678509 _____ () C:\Windows\WindowsUpdate.log
2014-09-22 18:45 - 2014-02-27 21:40 - 00000950 _____ () C:\Windows\Tasks\SaveSenseLiveUpdateTaskMachineUA.job
2014-09-22 18:40 - 2014-02-27 21:40 - 00000310 _____ () C:\Windows\Tasks\SaveSense.job
2014-09-22 18:36 - 2013-11-07 17:21 - 00003600 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3411387476-3199513894-1412178671-1001
2014-09-22 18:32 - 2014-02-27 21:56 - 00003102 _____ () C:\Windows\System32\Tasks\Activeris AntiMalware_startup
2014-09-22 18:32 - 2014-02-27 21:41 - 00000000 ____D () C:\Users\Anna\AppData\Roaming\newnext.me
2014-09-22 18:32 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\system32\NDF
2014-09-22 18:31 - 2014-02-27 21:41 - 00001008 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-22 18:31 - 2014-02-27 21:41 - 00000352 _____ () C:\Windows\Tasks\AmiUpdXp.job
2014-09-22 18:31 - 2014-02-27 21:40 - 00000946 _____ () C:\Windows\Tasks\SaveSenseLiveUpdateTaskMachineCore.job
2014-09-22 18:31 - 2013-10-17 18:48 - 00000356 _____ () C:\Windows\Tasks\spmonitor.job
2014-09-22 18:31 - 2013-10-17 18:48 - 00000278 _____ () C:\Windows\Tasks\SpeedUpMyPC.job
2014-09-22 18:31 - 2013-07-25 06:24 - 00003620 _____ () C:\Windows\SysWOW64\LOCALSERVICE.INI
2014-09-22 18:23 - 2014-02-27 21:41 - 00001012 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-22 18:21 - 2013-03-25 20:53 - 00013438 _____ () C:\Windows\system32\perfh01D.dat
2014-09-22 18:21 - 2013-03-25 20:53 - 00004226 _____ () C:\Windows\system32\perfc01D.dat
2014-09-22 18:21 - 2013-03-25 20:47 - 00470680 _____ () C:\Windows\system32\perfh014.dat
2014-09-22 18:21 - 2013-03-25 20:47 - 00090790 _____ () C:\Windows\system32\perfc014.dat
2014-09-22 18:21 - 2013-03-25 20:42 - 00458608 _____ () C:\Windows\system32\perfh00B.dat
2014-09-22 18:21 - 2013-03-25 20:42 - 00096714 _____ () C:\Windows\system32\perfc00B.dat
2014-09-22 18:21 - 2013-03-25 20:37 - 00487026 _____ () C:\Windows\system32\perfh006.dat
2014-09-22 18:21 - 2013-03-25 20:37 - 00094182 _____ () C:\Windows\system32\perfc006.dat
2014-09-22 18:21 - 2012-07-26 09:28 - 02633278 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-22 18:19 - 2013-03-04 17:30 - 00000983 _____ () C:\Windows\SysWOW64\bscs.ini
2014-09-22 18:19 - 2012-07-26 09:59 - 00000000 ____D () C:\Windows\CbsTemp
2014-09-22 18:16 - 2014-09-22 18:16 - 00432128 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-09-22 18:16 - 2013-07-25 06:24 - 00000043 _____ () C:\Windows\SysWOW64\LOCALDEVICE.INI
2014-09-22 18:16 - 2012-07-26 09:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-22 18:00 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\system32\sru
2014-09-22 14:30 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\rescache
2014-09-22 13:11 - 2014-09-22 13:11 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-09-22 13:11 - 2012-07-26 10:12 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-09-22 13:11 - 2012-07-26 10:12 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-09-22 13:11 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\SysWOW64\en-GB
2014-09-22 13:11 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\system32\en-GB
2014-09-22 13:11 - 2012-07-26 09:52 - 00000000 ____D () C:\Program Files\Windows Journal
2014-09-22 13:10 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\WinStore
2014-09-22 11:31 - 2013-10-21 21:06 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-09-22 11:16 - 2013-12-06 18:44 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-22 11:09 - 2014-09-22 10:27 - 00000000 ____D () C:\Windows\softwaredistribution.bak1
2014-09-22 11:09 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\AUInstallAgent
2014-09-22 10:34 - 2012-07-26 07:26 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-09-22 10:28 - 2014-02-27 21:42 - 00002186 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-09-22 09:57 - 2014-02-27 21:45 - 00000000 ____D () C:\Users\Anna\AppData\Roaming\Spotify
2014-09-22 09:55 - 2014-02-27 21:46 - 00000000 ____D () C:\Users\Anna\AppData\Local\Spotify
2014-09-22 09:49 - 2012-08-04 00:23 - 00643788 _____ () C:\Windows\PFRO.log
2014-09-22 09:32 - 2014-05-16 17:27 - 00000000 ____D () C:\Program Files (x86)\RichMediaViewV1
2014-09-22 09:31 - 2013-12-07 20:00 - 00000000 ____D () C:\ProgramData\Origin
2014-09-22 09:29 - 2013-10-17 18:50 - 00000000 ____D () C:\Program Files (x86)\MyPC Backup
2014-09-22 09:28 - 2014-03-15 18:40 - 00000000 ____D () C:\Program Files (x86)\MediaViewV1
2014-09-22 09:28 - 2014-02-27 21:41 - 00000000 ____D () C:\Users\Anna\AppData\Local\Mobogenie
2014-09-22 09:27 - 2014-04-27 16:39 - 00000000 ____D () C:\Program Files (x86)\MediaBuzzV1
2014-09-22 09:27 - 2014-03-24 20:31 - 00000000 ____D () C:\Program Files (x86)\MediaWatchV1
2014-09-22 08:05 - 2014-09-22 08:05 - 00000000 ____D () C:\ProgramData\Activeris
2014-09-22 08:05 - 2014-09-22 08:05 - 00000000 _____ () C:\Users\Anna\daemonprocess.txt
2014-09-22 08:05 - 2013-10-12 14:24 - 00000000 ____D () C:\Users\Anna
2014-09-22 03:28 - 2012-07-26 07:37 - 00000000 ____D () C:\Windows\servicing
2014-09-22 03:25 - 2012-07-26 10:12 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-09-22 03:25 - 2012-07-26 10:12 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-09-22 03:25 - 2012-07-26 09:52 - 00000000 ____D () C:\Windows\ShellNew
2014-09-22 03:10 - 2014-05-16 20:41 - 00000000 ____D () C:\Windows\System32\Tasks\Norton Internet Security
2014-09-22 03:10 - 2013-07-25 06:13 - 00000000 ____D () C:\Windows\SysWOW64\RTCOM
2014-09-22 03:10 - 2013-03-25 20:37 - 00000000 ____D () C:\Windows\SysWOW64\XPSViewer
2014-09-22 03:10 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\SysWOW64\MUI
2014-09-22 03:10 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\system32\MUI
2014-09-22 03:10 - 2012-07-26 07:38 - 00000000 ____D () C:\Windows\system32\Sysprep
2014-09-22 03:09 - 2013-07-25 06:45 - 00000000 ____D () C:\Windows\system32\Drivers\NISx64
2014-09-22 03:09 - 2013-07-25 06:22 - 00000000 ____D () C:\Windows\Hewlett-Packard
2014-09-22 03:09 - 2012-07-26 10:12 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-09-22 03:09 - 2012-07-26 10:12 - 00000000 ___HD () C:\Windows\ELAMBKUP
2014-09-22 03:09 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\system32\Macromed
2014-09-22 03:07 - 2014-02-27 21:41 - 00000000 ____D () C:\Users\Anna\AppData\Roaming\Activeris
2014-09-22 03:07 - 2014-02-27 21:40 - 00000000 ____D () C:\Users\Anna\AppData\Roaming\SaveSense
2014-09-22 03:07 - 2013-10-17 18:54 - 00000000 ____D () C:\Users\Anna\AppData\Roaming\Driver Pro
2014-09-22 03:04 - 2014-02-27 21:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-09-22 03:04 - 2014-02-27 21:41 - 00000000 ____D () C:\Users\Anna\AppData\Local\genienext
2014-09-22 03:04 - 2014-02-27 21:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Activeris AntiMalware
2014-09-22 03:04 - 2013-10-17 18:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Pro
2014-09-22 03:04 - 2013-10-17 18:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uniblue
2014-09-22 03:04 - 2013-10-17 18:48 - 00000000 ____D () C:\ProgramData\DSearchLink
2014-09-22 03:04 - 2013-10-12 14:28 - 00000000 ____D () C:\Users\Anna\AppData\Local\bluesoleil
2014-09-22 03:04 - 2013-07-25 06:45 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security
2014-09-22 03:04 - 2013-07-25 06:45 - 00000000 ____D () C:\ProgramData\Norton
2014-09-22 03:04 - 2013-07-25 06:28 - 00000000 ____D () C:\ProgramData\Temp
2014-09-22 03:04 - 2013-07-25 06:20 - 00000000 ____D () C:\ProgramData\Ralink Bluetooth Stack
2014-09-22 03:04 - 2013-07-25 06:11 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2014-09-22 03:04 - 2013-03-25 14:26 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Productivity and Tools
2014-09-22 02:59 - 2013-07-25 06:10 - 00000000 ____D () C:\Program Files\Synaptics
2014-09-22 02:58 - 2014-02-27 21:40 - 00000000 ____D () C:\Program Files (x86)\SaveSenseLive
2014-09-22 02:58 - 2013-10-17 18:48 - 00000000 ____D () C:\Program Files (x86)\Uniblue
2014-09-22 02:58 - 2013-07-25 06:46 - 00000000 ____D () C:\Program Files\Common Files\Symantec Shared
2014-09-22 02:58 - 2013-07-25 06:45 - 00000000 ____D () C:\Program Files (x86)\Norton Internet Security
2014-09-22 02:58 - 2013-07-25 06:13 - 00000000 ____D () C:\Program Files (x86)\Realtek
2014-09-22 02:58 - 2012-07-26 10:12 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2014-09-22 02:56 - 2013-10-17 18:54 - 00000000 ____D () C:\Program Files (x86)\Driver Pro
2014-09-22 02:55 - 2014-02-27 21:40 - 00000000 ____D () C:\Program Files (x86)\Activeris AntiMalware
2014-09-22 02:54 - 2014-09-18 23:54 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-22 02:45 - 2014-09-18 23:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-22 02:19 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\registration
2014-09-22 02:04 - 2013-03-25 14:40 - 00000000 ____D () C:\Windows\System32\Tasks\Hewlett-Packard
2014-09-22 01:56 - 2014-02-27 21:40 - 00000000 ____D () C:\Users\Anna\AppData\Local\Google
2014-09-22 01:56 - 2013-07-25 06:28 - 00000000 ____D () C:\ProgramData\install_clap
2014-09-22 01:51 - 2013-07-25 06:20 - 00000000 ____D () C:\Program Files (x86)\Ralink Corporation
2014-09-22 01:51 - 2013-07-25 06:11 - 00000000 ____D () C:\Program Files\Intel
2014-09-22 01:49 - 2013-07-25 06:29 - 00000000 ____D () C:\Program Files (x86)\CyberLink
2014-09-22 01:49 - 2013-03-25 14:24 - 00000000 ____D () C:\Program Files (x86)\Hewlett-Packard
2014-09-21 19:12 - 2014-09-21 19:12 - 00000000 ____D () C:\Windows\softwaredistribution.bak
2014-09-21 08:15 - 2013-10-13 08:25 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2014-09-20 13:10 - 2013-07-25 06:10 - 00021316 _____ () C:\Windows\DPINST.LOG
2014-09-20 13:10 - 2013-07-25 06:10 - 00001332 _____ () C:\Windows\Synaptics.log
2014-09-20 13:10 - 2012-07-26 09:21 - 00034377 _____ () C:\Windows\setupact.log
2014-09-20 13:00 - 2014-09-20 13:00 - 00000000 ____D () C:\Users\Anna\AppData\Roaming\HewlettPackard
2014-09-20 12:13 - 2013-11-09 20:34 - 00000000 ____D () C:\Users\Anna\AppData\Roaming\CyberLink
2014-09-20 11:56 - 2013-07-25 06:18 - 00005406 _____ () C:\Windows\system32\RaCoInst.log
2014-09-20 11:55 - 2014-09-20 11:55 - 00000000 ____D () C:\Users\Anna\AppData\Roaming\InstallShield
2014-09-20 11:54 - 2013-10-12 18:54 - 00000000 ____D () C:\Users\Anna\AppData\Roaming\hpqlog
2014-09-20 11:20 - 2013-07-25 06:13 - 00000000 ___HD () C:\Program Files (x86)\Temp
2014-09-20 10:58 - 2014-09-20 10:58 - 00000000 ____D () C:\Users\Anna\Intel
2014-09-19 10:00 - 2014-09-19 10:00 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-09-19 09:15 - 2014-09-19 00:30 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-09-18 23:56 - 2012-07-26 07:26 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2014-09-18 23:54 - 2014-09-18 23:54 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-18 09:24 - 2012-07-26 07:26 - 00000269 _____ () C:\Windows\win.ini
2014-09-18 09:18 - 2014-02-27 21:41 - 00003984 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-09-18 09:18 - 2014-02-27 21:41 - 00003748 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-09-18 09:18 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
2014-09-05 00:36 - 2014-09-22 11:04 - 00755712 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-03 03:49 - 2014-09-22 11:04 - 00556544 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-09-02 21:32 - 2014-05-16 21:18 - 00705480 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-02 21:32 - 2014-05-16 21:18 - 00104904 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-08-30 14:02 - 2014-09-02 20:08 - 00061120 _____ () C:\Windows\system32\Drivers\{f5547162-5df2-4216-9d7d-87cc3068bb50}w64.sys
2014-08-29 13:01 - 2013-12-06 18:44 - 101694776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-08-28 13:34 - 2014-09-22 11:04 - 00059400 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-08-28 08:05 - 2014-09-22 11:04 - 00630272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-08-28 08:05 - 2014-09-22 11:04 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-08-28 08:05 - 2014-09-22 11:04 - 00086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-08-28 08:05 - 2014-09-22 11:04 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-08-28 08:02 - 2014-09-22 11:04 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-08-28 08:01 - 2014-09-22 11:04 - 03285504 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-08-28 08:01 - 2014-09-22 11:04 - 01623552 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-08-28 08:01 - 2014-09-22 11:04 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-08-28 08:01 - 2014-09-22 11:04 - 00253440 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2014-08-28 08:01 - 2014-09-22 11:04 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\storewuauth.dll
2014-08-28 08:01 - 2014-09-22 11:04 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-08-28 08:01 - 2014-09-22 11:04 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-08-28 08:01 - 2014-09-22 11:04 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\wuaext.dll
2014-08-23 08:47 - 2014-09-22 11:02 - 04036096 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

Some content of TEMP:
====================
C:\Users\Anna\AppData\Local\Temp\appinstal1.exe
C:\Users\Anna\AppData\Local\Temp\appinstall.exe
C:\Users\Anna\AppData\Local\Temp\applinstall.exe
C:\Users\Anna\AppData\Local\Temp\BackupSetup.exe
C:\Users\Anna\AppData\Local\Temp\COMAP.EXE
C:\Users\Anna\AppData\Local\Temp\EAD2110.exe
C:\Users\Anna\AppData\Local\Temp\EAD26BD.exe
C:\Users\Anna\AppData\Local\Temp\EAD2967.exe
C:\Users\Anna\AppData\Local\Temp\EAD2F4.exe
C:\Users\Anna\AppData\Local\Temp\EAD4001.exe
C:\Users\Anna\AppData\Local\Temp\EAD4162.exe
C:\Users\Anna\AppData\Local\Temp\EAD4215.exe
C:\Users\Anna\AppData\Local\Temp\EAD46F.exe
C:\Users\Anna\AppData\Local\Temp\EAD4915.exe
C:\Users\Anna\AppData\Local\Temp\EAD4C65.exe
C:\Users\Anna\AppData\Local\Temp\EAD50DD.exe
C:\Users\Anna\AppData\Local\Temp\EAD7313.exe
C:\Users\Anna\AppData\Local\Temp\EAD7838.exe
C:\Users\Anna\AppData\Local\Temp\EAD85B1.exe
C:\Users\Anna\AppData\Local\Temp\EAD8920.exe
C:\Users\Anna\AppData\Local\Temp\EAD8979.exe
C:\Users\Anna\AppData\Local\Temp\EAD8DD3.exe
C:\Users\Anna\AppData\Local\Temp\EAD9219.exe
C:\Users\Anna\AppData\Local\Temp\EAD93A6.exe
C:\Users\Anna\AppData\Local\Temp\EADA66C.exe
C:\Users\Anna\AppData\Local\Temp\EADBA4F.exe
C:\Users\Anna\AppData\Local\Temp\EADBBD9.exe
C:\Users\Anna\AppData\Local\Temp\EADBC9F.exe
C:\Users\Anna\AppData\Local\Temp\EADBF0A.exe
C:\Users\Anna\AppData\Local\Temp\EADC01.exe
C:\Users\Anna\AppData\Local\Temp\EADC265.exe
C:\Users\Anna\AppData\Local\Temp\EADC6F9.exe
C:\Users\Anna\AppData\Local\Temp\EADD25.exe
C:\Users\Anna\AppData\Local\Temp\EADD263.exe
C:\Users\Anna\AppData\Local\Temp\EADD982.exe
C:\Users\Anna\AppData\Local\Temp\EADE4DD.exe
C:\Users\Anna\AppData\Local\Temp\EADF6CE.exe
C:\Users\Anna\AppData\Local\Temp\EADFE07.exe
C:\Users\Anna\AppData\Local\Temp\nsu7122.exe
C:\Users\Anna\AppData\Local\Temp\nsw263C.exe
C:\Users\Anna\AppData\Local\Temp\ose00000.exe
C:\Users\Anna\AppData\Local\Temp\setapp.exe
C:\Users\Anna\AppData\Local\Temp\sp64126.exe
C:\Users\Anna\AppData\Local\Temp\spotify (1).exe
C:\Users\Anna\AppData\Local\Temp\spotify.exe
C:\Users\Anna\AppData\Local\Temp\SPSetup.exe
C:\Users\Anna\AppData\Local\Temp\uninst1.exe
C:\Users\Anna\AppData\Local\Temp\UninstallEADM.dll
C:\Users\Anna\AppData\Local\Temp\UninstallHPSA.exe
C:\Users\Anna\AppData\Local\Temp\vcredist_x64.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-09-18 15:21

==================== End Of Log ============================

Addition.txt

 

 

Länk till kommentar
Dela på andra webbplatser

Hej igen
Kompletterande info, några program går inte att avinstallera via kontrollpanelen,
det gick ju bra i förra rensningen, nu har ju en del filer och reg nycklar tagits
bort och allt som återställdes med systemåterställningen blev väl inte komplett
gissar jag. Följande är "oönskade" (förstås :) )
Activeris AntiMalware
Driver Pro v3.0
Norton Internet Security
SpeedUpMyPC
Felmeddelanden liknande detta eller inget alls dyker upp vid avinstallationsförsök:
Filen "C:\Program Files (x86)\Activeris AntiMalware\unins000.dat" finns inte. Kan inte avinstallera.

General chang kanske tar resterna ?

//millpark10

Länk till kommentar
Dela på andra webbplatser

Hej!

 

Rensa med AdwCleaner så får vi se hur mycket som är kvar sen.

Om avinstallationsraderna skulle vara kvar i Kontrollpanelen efteråt kan man ta bort dem med CCleaner.

Länk till kommentar
Dela på andra webbplatser

Hej Cecilia

Tack för din alltid välvilliga hjälp.

Activeris antimalware var kvar i kontrollpanelen men endast "titeln" så den åkte bort, kvarstår endast Norton Internet Security som inte reagerar när jag försöker avinstallera.

Klistrar in FRSTlog och bifogar ADWCleanerlog före o efter rensning.

Har inte testat windows update än, sparar det tills du tycker datorn är ren igen.

//millpark10

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-09-2014 01
Ran by Anna (administrator) on ANNASDATOR on 23-09-2014 01:44:47
Running from C:\Users\Anna\Downloads\Virusrensning20140919\2nd try
Platform: Windows 8 (X64) OS Language: Svenska (Sverige)
Internet Explorer Version 10
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\ccsvchst.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7156296 2013-03-08] (Realtek Semiconductor)
HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3015920 2013-02-06] (Synaptics Incorporated)
HKLM-x32\...\Run: [btTray] => C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe [379904 2013-01-10] (IVT Corporation)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [93296 2012-07-13] (CyberLink Corp.)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [1045304 2013-02-25] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HP CoolSense] => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [1343904 2012-11-05] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [bCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-05-13] (Hewlett-Packard)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3411387476-3199513894-1412178671-1001\...\Run: [EA Core] => "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent
HKU\S-1-5-21-3411387476-3199513894-1412178671-1001\...\MountPoints2: {06ebd3fe-f4f1-11e2-be72-806e6f6e6963} - "E:\Autorun.exe"
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPCON13/11
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPCON13/11
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.uk.msn.com/HPCON13/11
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPCON13/11
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://g.uk.msn.com/HPCON13/11
SearchScopes: HKLM - {AD14074A-8136-4DAF-8D4D-AEC60575BEFC} URL = http://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 - {AD14074A-8136-4DAF-8D4D-AEC60575BEFC} URL = http://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKCU - {AD14074A-8136-4DAF-8D4D-AEC60575BEFC} URL = http://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\coIEPlg.dll (Symantec Corporation)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Windows\SysWow64\skype4com.dll (Skype Technologies)

FireFox:
========
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.66 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\IPSFF
FF Extension: No Name - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\IPSFF [2013-10-13]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\coFFPlgn
FF Extension: No Name - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\coFFPlgn [2014-05-16]
FF Extension: No Name - C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha4220\ff [Not Found]
FF Extension: No Name - C:\Program Files (x86)\MediaWatchV1\MediaWatchV1home6958\ff [Not Found]
FF Extension: No Name - C:\Program Files (x86)\MediaBuzzV1\MediaBuzzV1mode8832\ff [Not Found]
FF Extension: No Name - C:\Program Files (x86)\RichMediaViewV1\RichMediaViewV1release5935\ff [Not Found]

Chrome:
=======
CHR HomePage: Default ->
CHR Profile: C:\Users\Anna\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Wallet) - C:\Users\Anna\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-27]
CHR HKLM-x32\...\Chrome\Extension: [bejnhdlplbjhffionohbdnpcbobfejcc] - C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\Exts\Chrome.crx []
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 BlueSoleilCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe [1626872 2013-01-31] (IVT Corporation)
R3 BsHelpCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe [138752 2013-01-10] (IVT Corporation) [File not signed]
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
R2 HPWMISVC; C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [1039160 2013-02-01] (Hewlett-Packard Development Company, L.P.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-03-01] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [732160 2012-12-10] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel® Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131032 2013-01-14] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165336 2013-01-14] (Intel Corporation)
S3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [43520 2012-07-26] (Microsoft Corporation)
S3 Netlogon; C:\Windows\SysWOW64\netlogon.dll [634368 2012-07-26] (Microsoft Corporation)
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\ccSvcHst.exe [144368 2013-05-21] (Symantec Corporation)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [239176 2013-02-20] (Realtek Semiconductor)
S3 StorSvc; C:\Windows\SysWOW64\storsvc.dll [18432 2012-07-26] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2014-03-29] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\BASHDefs\20131203.001\BHDrvx64.sys [1526488 2013-12-03] (Symantec Corporation)
U5 BlueletAudio; C:\Windows\System32\Drivers\BlueletAudio.sys [33968 2012-12-19] (IVT Corporation)
R3 BtAudioBusSrv; C:\Windows\System32\Drivers\BtAudioBus.sys [23136 2012-06-15] (IVT Corporation)
U4 BthAvrcpTg; No ImagePath
U4 BthHFEnum; No ImagePath
U4 bthhfhid; No ImagePath
R3 BthL2caScoIfSrv; C:\Windows\System32\Drivers\BtL2caScoIf.sys [56904 2012-07-19] (Ralink Corporation)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation)
R3 btUrbFilterDrv; C:\Windows\System32\Drivers\IvtUrbBtFlt.sys [49200 2013-02-26] (Ralink Corporation)
S3 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1405000.01C\ccSetx64.sys [169048 2013-04-16] (Symantec Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
S3 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-11-23] (Symantec Corporation)
S3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [137648 2013-11-23] (Symantec Corporation) [File not signed]
S3 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\IPSDefs\20131207.001\IDSvia64.sys [521816 2013-11-06] (Symantec Corporation)
S3 InputFilter_Hid_FlexDef2b; C:\Windows\System32\drivers\InputFilter_FlexDef2b.sys [17920 2010-06-19] (Siliten)
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\VirusDefs\20131209.016\ENG64.SYS [126040 2013-11-07] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\VirusDefs\20131209.016\EX64.SYS [2099288 2013-11-07] (Symantec Corporation)
S3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [288328 2013-01-24] (Realtek Semiconductor Corp.)
R3 rtbth; C:\Windows\System32\drivers\rtbth.sys [1204424 2013-12-02] (Ralink Technology, Corp.)
S3 RTSPER; C:\Windows\System32\DRIVERS\RtsPer.sys [448072 2013-02-02] (RTS Corporation)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [28400 2013-02-06] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [31984 2013-02-06] (Synaptics Incorporated)
S3 SRTSP; C:\Windows\System32\Drivers\NISx64\1405000.01C\SRTSP64.SYS [796760 2013-05-16] (Symantec Corporation)
S3 SRTSPX; C:\Windows\system32\drivers\NISx64\1405000.01C\SRTSPX64.SYS [36952 2013-03-05] (Symantec Corporation)
S3 SymDS; C:\Windows\system32\drivers\NISx64\1405000.01C\SYMDS64.SYS [493656 2013-05-21] (Symantec Corporation)
S3 SymEFA; C:\Windows\system32\drivers\NISx64\1405000.01C\SYMEFA64.SYS [1139800 2013-05-23] (Symantec Corporation)
S4 SymELAM; C:\Windows\system32\drivers\NISx64\1405000.01C\SymELAM.sys [23448 2012-06-20] (Symantec Corporation)
S3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2013-10-15] (Symantec Corporation)
S3 SymIRON; C:\Windows\system32\drivers\NISx64\1405000.01C\Ironx64.SYS [224416 2013-03-05] (Symantec Corporation)
S3 SymNetS; C:\Windows\System32\Drivers\NISx64\1405000.01C\SYMNETS.SYS [433752 2013-04-25] (Symantec Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2012-08-31] (Hewlett-Packard Development Company, L.P.)
U5 BlueletAudio; C:\Windows\SysWOW64\Drivers\BlueletAudio.sys [33968 2012-12-19] (IVT Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-23 01:30 - 2014-09-23 01:36 - 00000000 ____D () C:\AdwCleaner
2014-09-23 01:30 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-09-22 18:54 - 2014-09-23 01:44 - 00000000 ____D () C:\FRST
2014-09-22 18:16 - 2014-09-22 18:16 - 00432128 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-09-22 13:11 - 2014-09-22 13:11 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-09-22 11:19 - 2014-07-16 00:51 - 00071168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hdaudbus.sys
2014-09-22 11:17 - 2014-08-16 11:34 - 02239488 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-22 11:17 - 2014-08-16 11:34 - 01407488 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-22 11:17 - 2014-08-16 11:34 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll
2014-09-22 11:17 - 2014-08-16 11:34 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-22 11:17 - 2014-08-16 11:33 - 19280384 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-22 11:17 - 2014-08-16 11:33 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-22 11:17 - 2014-08-16 11:33 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-22 11:17 - 2014-08-16 11:32 - 15399424 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-22 11:17 - 2014-08-16 11:32 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-22 11:17 - 2014-08-16 11:32 - 02655232 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-22 11:17 - 2014-08-16 11:32 - 01508864 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-22 11:17 - 2014-08-16 11:32 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-09-22 11:17 - 2014-08-16 11:32 - 00451584 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-22 11:17 - 2014-08-16 11:32 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-22 11:17 - 2014-08-16 11:32 - 00255488 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-22 11:17 - 2014-08-16 09:37 - 01766400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-09-22 11:17 - 2014-08-16 09:37 - 01180672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-09-22 11:17 - 2014-08-16 09:36 - 13757440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-09-22 11:17 - 2014-08-16 09:36 - 02861568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-09-22 11:17 - 2014-08-16 09:36 - 02055168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-09-22 11:17 - 2014-08-16 09:36 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-09-22 11:17 - 2014-08-16 09:36 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-09-22 11:17 - 2014-08-16 09:36 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-09-22 11:17 - 2014-08-16 09:36 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-09-22 11:17 - 2014-08-16 09:36 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-09-22 11:17 - 2014-08-16 09:36 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-09-22 11:17 - 2014-08-16 09:35 - 01440768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-09-22 11:16 - 2014-08-16 09:36 - 14369280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-09-22 11:11 - 2014-06-11 00:44 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-09-22 11:11 - 2014-06-11 00:43 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-09-22 11:05 - 2014-08-01 01:40 - 01287680 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2014-09-22 11:05 - 2014-06-18 01:27 - 01440256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-09-22 11:05 - 2014-06-18 01:24 - 01557504 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-09-22 11:05 - 2014-06-13 03:57 - 01453400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-09-22 11:05 - 2014-06-13 03:55 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2014-09-22 11:05 - 2014-06-05 03:12 - 00678600 _____ (Microsoft Corporation) C:\Windows\system32\msvcp120_clr0400.dll
2014-09-22 11:05 - 2014-06-04 01:12 - 00536776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp120_clr0400.dll
2014-09-22 11:05 - 2014-05-03 07:47 - 03246592 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-09-22 11:05 - 2014-05-03 05:34 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2014-09-22 11:05 - 2014-04-03 05:44 - 00619008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2014-09-22 11:05 - 2014-04-01 00:08 - 00387268 _____ () C:\Windows\system32\ApnDatabase.xml
2014-09-22 11:05 - 2014-03-25 01:42 - 00305152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wusa.exe
2014-09-22 11:05 - 2014-03-25 00:56 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\wusa.exe
2014-09-22 11:04 - 2014-09-05 00:36 - 00755712 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-22 11:04 - 2014-09-03 03:49 - 00556544 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-09-22 11:04 - 2014-08-28 13:34 - 00059400 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-09-22 11:04 - 2014-08-28 08:05 - 00630272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-09-22 11:04 - 2014-08-28 08:05 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-09-22 11:04 - 2014-08-28 08:05 - 00086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-09-22 11:04 - 2014-08-28 08:05 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-09-22 11:04 - 2014-08-28 08:02 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-09-22 11:04 - 2014-08-28 08:01 - 03285504 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-09-22 11:04 - 2014-08-28 08:01 - 01623552 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-09-22 11:04 - 2014-08-28 08:01 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-09-22 11:04 - 2014-08-28 08:01 - 00253440 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2014-09-22 11:04 - 2014-08-28 08:01 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\storewuauth.dll
2014-09-22 11:04 - 2014-08-28 08:01 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-09-22 11:04 - 2014-08-28 08:01 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-09-22 11:04 - 2014-08-28 08:01 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\wuaext.dll
2014-09-22 11:04 - 2014-07-24 05:33 - 00875688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr120_clr0400.dll
2014-09-22 11:04 - 2014-07-24 05:33 - 00869544 _____ (Microsoft Corporation) C:\Windows\system32\msvcr120_clr0400.dll
2014-09-22 11:04 - 2014-07-01 00:42 - 00394240 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2014-09-22 11:04 - 2014-07-01 00:42 - 00087552 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2014-09-22 11:04 - 2014-05-30 01:31 - 00452608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SHCore.dll
2014-09-22 11:04 - 2014-05-30 01:03 - 00588288 _____ (Microsoft Corporation) C:\Windows\system32\SHCore.dll
2014-09-22 11:04 - 2014-05-30 01:02 - 01281536 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-09-22 11:04 - 2014-05-30 01:02 - 00439808 _____ (Microsoft Corporation) C:\Windows\system32\lsm.dll
2014-09-22 11:03 - 2014-06-03 00:33 - 00265216 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2014-09-22 11:03 - 2014-05-03 08:34 - 06974808 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-09-22 11:03 - 2014-05-03 08:33 - 01824808 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2014-09-22 11:03 - 2014-05-03 06:51 - 01408976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2014-09-22 11:03 - 2014-05-02 00:37 - 01023488 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2014-09-22 11:03 - 2014-04-30 00:32 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\Robocopy.exe
2014-09-22 11:03 - 2014-04-30 00:32 - 00106496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Robocopy.exe
2014-09-22 11:03 - 2014-04-24 01:51 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2014-09-22 11:03 - 2014-04-24 01:51 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-09-22 11:03 - 2014-04-24 01:38 - 00693760 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2014-09-22 11:03 - 2014-04-24 01:38 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-09-22 11:02 - 2014-08-23 08:47 - 04036096 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-09-22 11:02 - 2014-07-16 01:03 - 01300992 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-09-22 11:02 - 2014-07-12 04:36 - 01023488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-09-22 11:02 - 2014-06-20 01:35 - 01312768 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-09-22 11:02 - 2014-06-20 00:24 - 00694272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-09-22 11:02 - 2014-06-06 16:06 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-09-22 11:02 - 2014-06-06 12:17 - 00497152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-09-22 11:02 - 2014-05-30 00:24 - 00576512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-09-22 11:02 - 2014-05-29 06:04 - 00094552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2014-09-22 11:02 - 2014-05-08 03:34 - 00328024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Classpnp.sys
2014-09-22 11:02 - 2014-04-03 13:22 - 02233176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-09-22 11:02 - 2014-03-07 02:47 - 01419264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-09-22 11:02 - 2014-03-07 02:08 - 01845760 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-09-22 10:27 - 2014-09-22 11:09 - 00000000 ____D () C:\Windows\softwaredistribution.bak1
2014-09-21 19:12 - 2014-09-21 19:12 - 00000000 ____D () C:\Windows\softwaredistribution.bak
2014-09-20 13:00 - 2014-09-20 13:00 - 00000000 ____D () C:\Users\Anna\AppData\Roaming\HewlettPackard
2014-09-20 11:55 - 2014-09-20 11:55 - 00000000 ____D () C:\Users\Anna\AppData\Roaming\InstallShield
2014-09-20 10:58 - 2014-09-20 10:58 - 00000000 ____D () C:\Users\Anna\Intel
2014-09-20 10:48 - 2014-09-22 20:34 - 00000000 ____D () C:\Users\Anna\Downloads\Virusrensning20140919
2014-09-19 10:00 - 2014-09-19 10:00 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-09-19 00:30 - 2014-09-19 09:15 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-09-18 23:54 - 2014-09-22 02:54 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-18 23:54 - 2014-09-22 02:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-18 23:54 - 2014-09-18 23:54 - 00000000 ____D () C:\ProgramData\Malwarebytes

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-23 01:44 - 2014-09-22 18:54 - 00000000 ____D () C:\FRST
2014-09-23 01:42 - 2013-11-07 17:21 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3411387476-3199513894-1412178671-1001
2014-09-23 01:41 - 2013-03-25 20:53 - 00013438 _____ () C:\Windows\system32\perfh01D.dat
2014-09-23 01:41 - 2013-03-25 20:53 - 00004226 _____ () C:\Windows\system32\perfc01D.dat
2014-09-23 01:41 - 2013-03-25 20:47 - 00470680 _____ () C:\Windows\system32\perfh014.dat
2014-09-23 01:41 - 2013-03-25 20:47 - 00090790 _____ () C:\Windows\system32\perfc014.dat
2014-09-23 01:41 - 2013-03-25 20:42 - 00458608 _____ () C:\Windows\system32\perfh00B.dat
2014-09-23 01:41 - 2013-03-25 20:42 - 00096714 _____ () C:\Windows\system32\perfc00B.dat
2014-09-23 01:41 - 2013-03-25 20:37 - 00487026 _____ () C:\Windows\system32\perfh006.dat
2014-09-23 01:41 - 2013-03-25 20:37 - 00094182 _____ () C:\Windows\system32\perfc006.dat
2014-09-23 01:41 - 2012-07-26 09:28 - 02633278 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-23 01:39 - 2013-03-04 17:30 - 00000983 _____ () C:\Windows\SysWOW64\bscs.ini
2014-09-23 01:37 - 2014-02-27 21:41 - 00001008 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-23 01:37 - 2013-10-12 14:24 - 01707864 _____ () C:\Windows\WindowsUpdate.log
2014-09-23 01:36 - 2014-09-23 01:30 - 00000000 ____D () C:\AdwCleaner
2014-09-23 01:36 - 2013-07-25 06:24 - 00003620 _____ () C:\Windows\SysWOW64\LOCALSERVICE.INI
2014-09-23 01:36 - 2013-07-25 06:24 - 00000043 _____ () C:\Windows\SysWOW64\LOCALDEVICE.INI
2014-09-23 01:36 - 2012-08-04 00:23 - 00644098 _____ () C:\Windows\PFRO.log
2014-09-23 01:36 - 2012-07-26 09:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-23 01:36 - 2012-07-26 07:26 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-09-23 01:35 - 2013-10-12 14:24 - 00000000 ____D () C:\Users\Anna
2014-09-23 01:23 - 2014-02-27 21:41 - 00001012 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-23 01:00 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\system32\sru
2014-09-23 00:41 - 2014-02-27 21:40 - 00000080 _____ () C:\Users\Anna\AppData\Roaming\WB.CFG
2014-09-22 20:34 - 2014-09-20 10:48 - 00000000 ____D () C:\Users\Anna\Downloads\Virusrensning20140919
2014-09-22 18:32 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\system32\NDF
2014-09-22 18:19 - 2012-07-26 09:59 - 00000000 ____D () C:\Windows\CbsTemp
2014-09-22 18:16 - 2014-09-22 18:16 - 00432128 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-09-22 14:30 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\rescache
2014-09-22 13:11 - 2014-09-22 13:11 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-09-22 13:11 - 2012-07-26 10:12 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-09-22 13:11 - 2012-07-26 10:12 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-09-22 13:11 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\SysWOW64\en-GB
2014-09-22 13:11 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\system32\en-GB
2014-09-22 13:11 - 2012-07-26 09:52 - 00000000 ____D () C:\Program Files\Windows Journal
2014-09-22 13:10 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\WinStore
2014-09-22 11:31 - 2013-10-21 21:06 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-09-22 11:16 - 2013-12-06 18:44 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-22 11:09 - 2014-09-22 10:27 - 00000000 ____D () C:\Windows\softwaredistribution.bak1
2014-09-22 11:09 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\AUInstallAgent
2014-09-22 10:28 - 2014-02-27 21:42 - 00002186 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-09-22 09:57 - 2014-02-27 21:45 - 00000000 ____D () C:\Users\Anna\AppData\Roaming\Spotify
2014-09-22 09:55 - 2014-02-27 21:46 - 00000000 ____D () C:\Users\Anna\AppData\Local\Spotify
2014-09-22 09:31 - 2013-12-07 20:00 - 00000000 ____D () C:\ProgramData\Origin
2014-09-22 03:28 - 2012-07-26 07:37 - 00000000 ____D () C:\Windows\servicing
2014-09-22 03:25 - 2012-07-26 10:12 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-09-22 03:25 - 2012-07-26 10:12 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-09-22 03:25 - 2012-07-26 09:52 - 00000000 ____D () C:\Windows\ShellNew
2014-09-22 03:10 - 2014-05-16 20:41 - 00000000 ____D () C:\Windows\System32\Tasks\Norton Internet Security
2014-09-22 03:10 - 2013-07-25 06:13 - 00000000 ____D () C:\Windows\SysWOW64\RTCOM
2014-09-22 03:10 - 2013-03-25 20:37 - 00000000 ____D () C:\Windows\SysWOW64\XPSViewer
2014-09-22 03:10 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\SysWOW64\MUI
2014-09-22 03:10 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\system32\MUI
2014-09-22 03:10 - 2012-07-26 07:38 - 00000000 ____D () C:\Windows\system32\Sysprep
2014-09-22 03:09 - 2013-07-25 06:45 - 00000000 ____D () C:\Windows\system32\Drivers\NISx64
2014-09-22 03:09 - 2013-07-25 06:22 - 00000000 ____D () C:\Windows\Hewlett-Packard
2014-09-22 03:09 - 2012-07-26 10:12 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-09-22 03:09 - 2012-07-26 10:12 - 00000000 ___HD () C:\Windows\ELAMBKUP
2014-09-22 03:09 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\system32\Macromed
2014-09-22 03:04 - 2014-02-27 21:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-09-22 03:04 - 2013-10-12 14:28 - 00000000 ____D () C:\Users\Anna\AppData\Local\bluesoleil
2014-09-22 03:04 - 2013-07-25 06:45 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security
2014-09-22 03:04 - 2013-07-25 06:45 - 00000000 ____D () C:\ProgramData\Norton
2014-09-22 03:04 - 2013-07-25 06:28 - 00000000 ____D () C:\ProgramData\Temp
2014-09-22 03:04 - 2013-07-25 06:20 - 00000000 ____D () C:\ProgramData\Ralink Bluetooth Stack
2014-09-22 03:04 - 2013-07-25 06:11 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2014-09-22 03:04 - 2013-03-25 14:26 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Productivity and Tools
2014-09-22 02:59 - 2013-07-25 06:10 - 00000000 ____D () C:\Program Files\Synaptics
2014-09-22 02:58 - 2013-07-25 06:46 - 00000000 ____D () C:\Program Files\Common Files\Symantec Shared
2014-09-22 02:58 - 2013-07-25 06:45 - 00000000 ____D () C:\Program Files (x86)\Norton Internet Security
2014-09-22 02:58 - 2013-07-25 06:13 - 00000000 ____D () C:\Program Files (x86)\Realtek
2014-09-22 02:58 - 2012-07-26 10:12 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2014-09-22 02:54 - 2014-09-18 23:54 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-22 02:45 - 2014-09-18 23:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-22 02:19 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\registration
2014-09-22 02:04 - 2013-03-25 14:40 - 00000000 ____D () C:\Windows\System32\Tasks\Hewlett-Packard
2014-09-22 01:56 - 2014-02-27 21:40 - 00000000 ____D () C:\Users\Anna\AppData\Local\Google
2014-09-22 01:56 - 2013-07-25 06:28 - 00000000 ____D () C:\ProgramData\install_clap
2014-09-22 01:51 - 2013-07-25 06:20 - 00000000 ____D () C:\Program Files (x86)\Ralink Corporation
2014-09-22 01:51 - 2013-07-25 06:11 - 00000000 ____D () C:\Program Files\Intel
2014-09-22 01:49 - 2013-07-25 06:29 - 00000000 ____D () C:\Program Files (x86)\CyberLink
2014-09-22 01:49 - 2013-03-25 14:24 - 00000000 ____D () C:\Program Files (x86)\Hewlett-Packard
2014-09-21 19:12 - 2014-09-21 19:12 - 00000000 ____D () C:\Windows\softwaredistribution.bak
2014-09-21 08:15 - 2013-10-13 08:25 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2014-09-20 13:10 - 2013-07-25 06:10 - 00021316 _____ () C:\Windows\DPINST.LOG
2014-09-20 13:10 - 2013-07-25 06:10 - 00001332 _____ () C:\Windows\Synaptics.log
2014-09-20 13:10 - 2012-07-26 09:21 - 00034377 _____ () C:\Windows\setupact.log
2014-09-20 13:00 - 2014-09-20 13:00 - 00000000 ____D () C:\Users\Anna\AppData\Roaming\HewlettPackard
2014-09-20 12:13 - 2013-11-09 20:34 - 00000000 ____D () C:\Users\Anna\AppData\Roaming\CyberLink
2014-09-20 11:56 - 2013-07-25 06:18 - 00005406 _____ () C:\Windows\system32\RaCoInst.log
2014-09-20 11:55 - 2014-09-20 11:55 - 00000000 ____D () C:\Users\Anna\AppData\Roaming\InstallShield
2014-09-20 11:54 - 2013-10-12 18:54 - 00000000 ____D () C:\Users\Anna\AppData\Roaming\hpqlog
2014-09-20 11:20 - 2013-07-25 06:13 - 00000000 ___HD () C:\Program Files (x86)\Temp
2014-09-20 10:58 - 2014-09-20 10:58 - 00000000 ____D () C:\Users\Anna\Intel
2014-09-19 10:00 - 2014-09-19 10:00 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-09-19 09:15 - 2014-09-19 00:30 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-09-18 23:56 - 2012-07-26 07:26 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2014-09-18 23:54 - 2014-09-18 23:54 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-18 09:24 - 2012-07-26 07:26 - 00000269 _____ () C:\Windows\win.ini
2014-09-18 09:18 - 2014-02-27 21:41 - 00003984 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-09-18 09:18 - 2014-02-27 21:41 - 00003748 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-09-18 09:18 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
2014-09-05 00:36 - 2014-09-22 11:04 - 00755712 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-03 03:49 - 2014-09-22 11:04 - 00556544 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-09-02 21:32 - 2014-05-16 21:18 - 00705480 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-02 21:32 - 2014-05-16 21:18 - 00104904 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-08-29 13:01 - 2013-12-06 18:44 - 101694776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-08-28 13:34 - 2014-09-22 11:04 - 00059400 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-08-28 08:05 - 2014-09-22 11:04 - 00630272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-08-28 08:05 - 2014-09-22 11:04 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-08-28 08:05 - 2014-09-22 11:04 - 00086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-08-28 08:05 - 2014-09-22 11:04 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-08-28 08:02 - 2014-09-22 11:04 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-08-28 08:01 - 2014-09-22 11:04 - 03285504 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-08-28 08:01 - 2014-09-22 11:04 - 01623552 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-08-28 08:01 - 2014-09-22 11:04 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-08-28 08:01 - 2014-09-22 11:04 - 00253440 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2014-08-28 08:01 - 2014-09-22 11:04 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\storewuauth.dll
2014-08-28 08:01 - 2014-09-22 11:04 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-08-28 08:01 - 2014-09-22 11:04 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-08-28 08:01 - 2014-09-22 11:04 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\wuaext.dll

Some content of TEMP:
====================
C:\Users\Anna\AppData\Local\Temp\appinstal1.exe
C:\Users\Anna\AppData\Local\Temp\appinstall.exe
C:\Users\Anna\AppData\Local\Temp\applinstall.exe
C:\Users\Anna\AppData\Local\Temp\BackupSetup.exe
C:\Users\Anna\AppData\Local\Temp\COMAP.EXE
C:\Users\Anna\AppData\Local\Temp\EAD2110.exe
C:\Users\Anna\AppData\Local\Temp\EAD26BD.exe
C:\Users\Anna\AppData\Local\Temp\EAD2967.exe
C:\Users\Anna\AppData\Local\Temp\EAD2F4.exe
C:\Users\Anna\AppData\Local\Temp\EAD4001.exe
C:\Users\Anna\AppData\Local\Temp\EAD4162.exe
C:\Users\Anna\AppData\Local\Temp\EAD4215.exe
C:\Users\Anna\AppData\Local\Temp\EAD46F.exe
C:\Users\Anna\AppData\Local\Temp\EAD4915.exe
C:\Users\Anna\AppData\Local\Temp\EAD4C65.exe
C:\Users\Anna\AppData\Local\Temp\EAD50DD.exe
C:\Users\Anna\AppData\Local\Temp\EAD7313.exe
C:\Users\Anna\AppData\Local\Temp\EAD7838.exe
C:\Users\Anna\AppData\Local\Temp\EAD85B1.exe
C:\Users\Anna\AppData\Local\Temp\EAD8920.exe
C:\Users\Anna\AppData\Local\Temp\EAD8979.exe
C:\Users\Anna\AppData\Local\Temp\EAD8DD3.exe
C:\Users\Anna\AppData\Local\Temp\EAD9219.exe
C:\Users\Anna\AppData\Local\Temp\EAD93A6.exe
C:\Users\Anna\AppData\Local\Temp\EADA66C.exe
C:\Users\Anna\AppData\Local\Temp\EADBA4F.exe
C:\Users\Anna\AppData\Local\Temp\EADBBD9.exe
C:\Users\Anna\AppData\Local\Temp\EADBC9F.exe
C:\Users\Anna\AppData\Local\Temp\EADBF0A.exe
C:\Users\Anna\AppData\Local\Temp\EADC01.exe
C:\Users\Anna\AppData\Local\Temp\EADC265.exe
C:\Users\Anna\AppData\Local\Temp\EADC6F9.exe
C:\Users\Anna\AppData\Local\Temp\EADD25.exe
C:\Users\Anna\AppData\Local\Temp\EADD263.exe
C:\Users\Anna\AppData\Local\Temp\EADD982.exe
C:\Users\Anna\AppData\Local\Temp\EADE4DD.exe
C:\Users\Anna\AppData\Local\Temp\EADF6CE.exe
C:\Users\Anna\AppData\Local\Temp\EADFE07.exe
C:\Users\Anna\AppData\Local\Temp\nsu7122.exe
C:\Users\Anna\AppData\Local\Temp\nsw263C.exe
C:\Users\Anna\AppData\Local\Temp\ose00000.exe
C:\Users\Anna\AppData\Local\Temp\Quarantine.exe
C:\Users\Anna\AppData\Local\Temp\setapp.exe
C:\Users\Anna\AppData\Local\Temp\sp64126.exe
C:\Users\Anna\AppData\Local\Temp\spotify (1).exe
C:\Users\Anna\AppData\Local\Temp\spotify.exe
C:\Users\Anna\AppData\Local\Temp\SPSetup.exe
C:\Users\Anna\AppData\Local\Temp\uninst1.exe
C:\Users\Anna\AppData\Local\Temp\UninstallEADM.dll
C:\Users\Anna\AppData\Local\Temp\UninstallHPSA.exe
C:\Users\Anna\AppData\Local\Temp\vcredist_x64.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-09-18 15:21

==================== End Of Log ============================

 

AdwCleanerR1.txt

AdwCleanerS0.txt

Länk till kommentar
Dela på andra webbplatser

1. Starta Anteckningar.

Kopiera alla rader i rutan:

HKU\S-1-5-21-3411387476-3199513894-1412178671-1001\...\MountPoints2: {06ebd3fe-f4f1-11e2-be72-806e6f6e6963} - "E:\Autorun.exe"
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
FF Extension: No Name - C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha4220\ff [Not Found]
FF Extension: No Name - C:\Program Files (x86)\MediaWatchV1\MediaWatchV1home6958\ff [Not Found]
FF Extension: No Name - C:\Program Files (x86)\MediaBuzzV1\MediaBuzzV1mode8832\ff [Not Found]
FF Extension: No Name - C:\Program Files (x86)\RichMediaViewV1\RichMediaViewV1release5935\ff [Not Found]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
och klistra in i Anteckningar. Kontrollera att inga filer har delats upp på två rader.

Spara filen på skrivbordet med namnet fixlist.txt.

 

Starta FRST som finns på skrivbordet.

Klicka på knappen Fix.

Vänta tills programmet är klart.

 

Programmet skapar en logg Fixlog.txt på skrivbordet.

Klistra in innehållet i den i ditt svar.

 

2. Om inte funkar ordentligt använd Norton Removal Tool för att få bort det.

 

3. Kör en kontroll med Esets skanner och MBAM.

Länk till kommentar
Dela på andra webbplatser

Hej Cecilia

Loggen kommer här.

Nortonremoval tool nedladdat från

ftp://ftp.symantec.com/public/english_us_canada/removal_tools/Norton_Removal_Tool.exe

Ska köra den och ESETonline samt mbam. Återkommer med dessa loggar.

//millpark10

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 21-09-2014 01
Ran by Anna at 2014-09-23 16:49:30 Run:1
Running from C:\Users\Anna\Downloads\Virusrensning20140919\2nd try
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKU\S-1-5-21-3411387476-3199513894-1412178671-1001\...\MountPoints2: {06ebd3fe-f4f1-11e2-be72-806e6f6e6963} - "E:\Autorun.exe"
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
FF Extension: No Name - C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha4220\ff [Not Found]
FF Extension: No Name - C:\Program Files (x86)\MediaWatchV1\MediaWatchV1home6958\ff [Not Found]
FF Extension: No Name - C:\Program Files (x86)\MediaBuzzV1\MediaBuzzV1mode8832\ff [Not Found]
FF Extension: No Name - C:\Program Files (x86)\RichMediaViewV1\RichMediaViewV1release5935\ff [Not Found]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
*****************

"HKU\S-1-5-21-3411387476-3199513894-1412178671-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{06ebd3fe-f4f1-11e2-be72-806e6f6e6963}" => Key deleted successfully.
"HKCR\CLSID\{06ebd3fe-f4f1-11e2-be72-806e6f6e6963}" => Key not found.
C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => value deleted successfully.
"HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}" => Key not found.
C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha4220\ff not found.
C:\Program Files (x86)\MediaWatchV1\MediaWatchV1home6958\ff not found.
C:\Program Files (x86)\MediaBuzzV1\MediaBuzzV1mode8832\ff not found.
C:\Program Files (x86)\RichMediaViewV1\RichMediaViewV1release5935\ff not found.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.

The system needed a reboot.

==== End of Fixlog ====

 

Länk till kommentar
Dela på andra webbplatser

Här är loggen från MBAM och Eset online.

Malwarebytes fick sätta allt den hittade i karantän medan ESET fick producera en log.

(Självklart fick båda programmen starta efter en omstart utan andra program igång)

Pls do your magic thing ;)

//millpark10

 

mbam_log.txt

ESETonline.txt

(Är det så här loggarna skall bifogas eller vill du ha allt inklistrat i själva inlägget?)

Länk till kommentar
Dela på andra webbplatser

Hej Cecilia

Det korta svaret är att den funkar bra.

Det lite längre svaret är att samma windowsupdate-fel som tidigare "är tillbaka" eller försvann aldrig. Ska följa guiderna igen o se om jag lyckas bättre denna gång. Misstänker att någon komponent till windowsupdate har försvunnit antingen med virus/malware eller i samband med att jag rensat. Återkommer när jag gjort det som föreslås från MS-sajterna om det s.k. " Windows Update-felet 0x80073712 eller 80073712"

//millpark10

Länk till kommentar
Dela på andra webbplatser

Hej Cecilia
Har nu följt de steg som windows update anger.
-Kör felsökaren och öppna sedan Windows Update och försök installera uppdateringen igen.
Den körde och reparerade något alldeles automagiskt, som vi tidigare försök.
-Metod 2: Kör DISM-verktyget
Kommandona med resultat i bif fil.
Kommando 1
DISM.exe /Online /Cleanup-image /Scanhealth
tog ca 3-4 timmar att köra och
Kommando 2
DISM.exe /Online /Cleanup-image /Restorehealth
Tog mer än 8 timmar och slutade med
Error: 0x8024001f
DISM failed. No operation was performed.
For more information, review the log file.
The DISM log file can be found at C:\Windows\Logs\DISM\dism.log
Loggen omdöpt till dism-kopia.log.txt och bifogad.
Har nu stoppat in felkoden i google och fått en del svar att läsa,
måste dock iväg och jobba så det blir läsning senare.

OM du har något klokt att föreslå är jag otroligt tacksam. Ägaren till datorn har inte
skapat något återställningsmedia i samband med att den togs i bruk och det känns en
aning märkligt att göra det på en burk som inte funkar till 100%. Jo jag vet att det
är HPprogramvara som skapar skivorna och från en separat partition, men är det smart
att göra det när datorn varit nersmetad med en massa oönskat?
BTW, ESETkörningen loggade endast, var det något där jag behöver åtgärda, det såg bara
ut som rester av tidigare rensning.
Tacktacktack för att du finns.
//millpark 10

 

Edit: uppdatering, felmeddelandet verkar ha med internetuppkoppling mot windowsupdateservern. Har anslutit med kabel och försöker köra update igen och därefter försöka med DISMverktyget igen. Troligen pga saknat nät som den tog så lång tid att köra, många lika rader i loggen.

 

DISM_log1.txt

dism - kopia.log.txt

ESETonline.txt

Länk till kommentar
Dela på andra webbplatser

Det som Eset hittade var antingen sånt som ligger i AdwCleaners karantän eller i olika mappar för tillfälliga filer (temp) och de kan vi tömma när du tycker att det är läge för att ta bort AdwCleaner och FRST.

 

Möjligen att ComboFix kan greja någon inställning om problemet med Windows Update har orsakats av skadliga program.

Spara ComboFix på Skrivbordet: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

 

Stäng av alla program du ser inklusive antivirusprogram och antispionprogram, men lämna brandväggen på.

Kör ComboFix och följ anvisningarna som visas.

Mer detaljerad vägledning finns på http://www.bleepingcomputer.com/combofix/se/hur-combofix-ska-anvandas

 

Om det kommer upp något meddelande, t ex att ett rootkit har hittats, från ComboFix skriv ner det och skriv det sedan i ditt svar.

 

VIKTIGT! Klicka inte på ComboFix-fönstret med musen när det körs eftersom så det kan hänga upp sig då.

 

När ComboFix är färdig ska en logg komma upp, klistra in den i ditt svar. Kontrollera att antivirusprogram mm är igång innan du ansluter till internet.

 

Om du får problem med att komma ut på internet:

Kontrollpanelen - Nätverksanslutningar

högerklicka på din internetanslutning och välj Reparera och/eller starta om datorn.

 

Om problemet är kvar efter ComboFix och en omstart av datorn:

Spara Farbar Service Scanner på skrivbordet: http://www.bleepingcomputer.com/download/farbar-service-scanner

Starta programmet.

 

Välj bara "Internet Services", "Windows Firewall" och "Windows Update".

Klicka på "Scan".

 

Programmet skapar loggen FSS.txt på Skrivbordet.

Klistra in den i ditt svar.

Länk till kommentar
Dela på andra webbplatser

Hej Cecilia

Här är combofixloggen.

Ska testa windowsupdate igen, om det inte funkar blir det en vända med FarbarServiceScanner.

Tack igen för ditt tålamod!

Inte trodde jag att denna burk skulle ge mig en sån här utmaning.

//millpark10

 

ComboFix 14-09-22.01 - Anna 2014-09-24  15:14:19.1.4 - x64
Microsoft Windows 8  6.2.9200.0.1252.46.1053.18.3988.2795 [GMT 2:00]
Körs från: c:\users\Anna\Downloads\Virusrensning20140919\2nd try\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Andra raderingar ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Anna\21A9EE0F.tmp
c:\users\Anna\AppData\Local\Microsoft\Windows\Temporary Internet Files\SaltarSmart_iels
c:\users\Anna\ppt10B4.tmp
c:\windows\wininit.ini
.
.
((((((((((((((((((((((((   Filer skapade från 2014-08-24 till 2014-09-24  ))))))))))))))))))))))))))))))
.
.
2014-09-23 16:56 . 2014-09-23 16:58 122584 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-09-23 16:56 . 2014-05-12 05:26 91352 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-09-23 16:56 . 2014-05-12 05:26 64216 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-09-23 16:56 . 2014-05-12 05:25 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-09-22 23:30 . 2010-08-30 06:34 536576 ----a-w- c:\windows\SysWow64\sqlite3.dll
2014-09-22 23:30 . 2014-09-22 23:36 -------- d-----w- C:\AdwCleaner
2014-09-22 16:54 . 2014-09-23 14:49 -------- d-----w- C:\FRST
2014-09-22 12:00 . 2014-08-09 08:30 148480 ----a-w- c:\windows\system32\poqexec.exe
2014-09-22 12:00 . 2014-08-09 08:29 144896 ----a-w- c:\windows\system32\tssdisai.dll
2014-09-22 11:11 . 2014-09-22 11:11 -------- d-s---w- c:\windows\system32\CompatTel
2014-09-22 09:19 . 2014-07-15 22:51 71168 ----a-w- c:\windows\system32\drivers\hdaudbus.sys
2014-09-22 09:11 . 2014-06-10 22:44 35480 ----a-w- c:\windows\system32\TsWpfWrp.exe
2014-09-22 09:11 . 2014-06-10 22:43 35480 ----a-w- c:\windows\SysWow64\TsWpfWrp.exe
2014-09-22 09:04 . 2014-05-29 23:02 1281536 ----a-w- c:\windows\system32\lsasrv.dll
2014-09-22 09:03 . 2014-06-02 22:42 1413632 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\Ink\InkObj.dll
2014-09-22 09:02 . 2014-05-29 22:24 576512 ----a-w- c:\windows\system32\drivers\afd.sys
2014-09-22 09:02 . 2014-06-06 14:06 596480 ----a-w- c:\windows\system32\qedit.dll
2014-09-22 09:02 . 2014-06-06 10:17 497152 ----a-w- c:\windows\SysWow64\qedit.dll
2014-09-22 09:02 . 2014-08-23 06:47 4036096 ----a-w- c:\windows\system32\win32k.sys
2014-09-22 09:02 . 2014-07-15 23:03 1300992 ----a-w- c:\windows\system32\gdi32.dll
2014-09-22 09:02 . 2014-07-12 02:36 1023488 ----a-w- c:\windows\SysWow64\gdi32.dll
2014-09-22 09:02 . 2014-03-07 00:08 1845760 ----a-w- c:\windows\system32\msxml3.dll
2014-09-22 09:02 . 2014-03-07 00:47 1419264 ----a-w- c:\windows\SysWow64\msxml3.dll
2014-09-22 09:02 . 2014-06-19 23:35 1312768 ----a-w- c:\windows\system32\rpcrt4.dll
2014-09-22 09:02 . 2014-06-19 22:24 694272 ----a-w- c:\windows\SysWow64\rpcrt4.dll
2014-09-22 09:02 . 2014-04-03 11:22 2233176 ----a-w- c:\windows\system32\drivers\tcpip.sys
2014-09-22 09:02 . 2014-05-29 04:04 94552 ----a-w- c:\windows\system32\drivers\mountmgr.sys
2014-09-22 09:02 . 2014-05-08 01:34 328024 ----a-w- c:\windows\system32\drivers\Classpnp.sys
2014-09-20 12:19 . 2014-09-20 12:19 -------- d-----w- c:\users\Anna\AppData\Local\ElevatedDiagnostics
2014-09-20 11:00 . 2014-09-20 11:00 -------- d-----w- c:\users\Anna\AppData\Roaming\HewlettPackard
2014-09-20 09:55 . 2014-09-20 09:55 -------- d-----w- c:\users\Anna\AppData\Roaming\InstallShield
2014-09-20 08:58 . 2014-09-20 08:58 -------- d-----w- c:\users\Anna\Intel
2014-09-19 08:00 . 2014-09-19 08:00 -------- d-----w- c:\program files (x86)\ESET
2014-09-19 03:07 . 2014-09-23 02:18 305832 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10246.bin
2014-09-19 00:47 . 2014-09-19 00:47 -------- d-----w- c:\windows\ServiceProfiles\LocalService\winhttp
2014-09-18 22:30 . 2014-09-19 07:15 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2014-09-18 21:54 . 2014-09-23 16:56 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2014-09-18 21:54 . 2014-09-18 21:54 -------- d-----w- c:\programdata\Malwarebytes
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-09-02 19:32 . 2014-05-16 19:18 705480 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-09-02 19:32 . 2014-05-16 19:18 104904 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-09-02 18:07 . 2012-07-26 08:13 23256 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2014-08-29 11:01 . 2013-12-06 16:44 101694776 ----a-w- c:\windows\system32\MRT.exe
2014-05-16 15:37 . 2014-05-16 15:37 6103040 ----a-w- c:\program files (x86)\GUT3E94.tmp
.
.
(((((((((((((((((((((((((((((((((( Startpunkter i registret )))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Not* tomma poster & legitima standardposter visas inte.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2014-03-03 18:59 220632 ----a-w- c:\users\Anna\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2014-03-03 18:59 220632 ----a-w- c:\users\Anna\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2014-03-03 18:59 220632 ----a-w- c:\users\Anna\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"BtTray"="c:\program files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe" [2013-01-10 379904]
"RemoteControl10"="c:\program files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" [2012-07-13 93296]
"HPMessageService"="c:\program files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe" [2013-02-25 1045304]
"HP CoolSense"="c:\program files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe" [2012-11-05 1343904]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 89184]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableCursorSuppression"= 1 (0x1)
"ConsentPromptBehaviorUser"= 3 (0x3)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
R3 InputFilter_Hid_FlexDef2b;Siliten HID Devices(FlexDef2b) Driver Service;c:\windows\System32\drivers\InputFilter_FlexDef2b.sys;c:\windows\SYSNATIVE\drivers\InputFilter_FlexDef2b.sys [x]
R3 Intel® Capability Licensing Service TCP IP Interface;Intel® Capability Licensing Service TCP IP Interface;c:\program files\Intel\iCLS Client\SocketHeciServer.exe;c:\program files\Intel\iCLS Client\SocketHeciServer.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RSP2STOR;Realtek PCIE CardReader Driver - P2;c:\windows\system32\DRIVERS\RtsP2Stor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsP2Stor.sys [x]
R3 RTSPER;Realtek PCIe CardReader Driver;c:\windows\system32\DRIVERS\RtsPer.sys;c:\windows\SYSNATIVE\DRIVERS\RtsPer.sys [x]
R3 SmbDrv;SmbDrv;c:\windows\System32\drivers\Smb_driver_AMDASF.sys;c:\windows\SYSNATIVE\drivers\Smb_driver_AMDASF.sys [x]
S0 iaStorA;iaStorA;c:\windows\System32\drivers\iaStorA.sys;c:\windows\SYSNATIVE\drivers\iaStorA.sys [x]
S1 CLVirtualDrive;CLVirtualDrive;c:\windows\system32\DRIVERS\CLVirtualDrive.sys;c:\windows\SYSNATIVE\DRIVERS\CLVirtualDrive.sys [x]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.EXE;c:\program files\Realtek\Audio\HDA\AERTSr64.EXE [x]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe;c:\windows\SYSNATIVE\Hpservice.exe [x]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe;c:\program files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [x]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 Intel® ME Service;Intel® ME Service;c:\program files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [x]
S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [x]
S2 RtkAudioService;Realtek Audio Service;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe [x]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S3 BtAudioBusSrv;Ralink Bluetooth Audio Bus Service;c:\windows\System32\Drivers\BtAudioBus.sys;c:\windows\SYSNATIVE\Drivers\BtAudioBus.sys [x]
S3 BthL2caScoIfSrv;Bluetooth Profile Interface Driver Service;c:\windows\System32\Drivers\BtL2caScoIf.sys;c:\windows\SYSNATIVE\Drivers\BtL2caScoIf.sys [x]
S3 BthLEEnum;Lågenergidrivrutin för Bluetooth;c:\windows\system32\DRIVERS\BthLEEnum.sys;c:\windows\SYSNATIVE\DRIVERS\BthLEEnum.sys [x]
S3 btUrbFilterDrv;IVT URB Bluetooth Filter Driver Service;c:\windows\System32\Drivers\IvtUrbBtFlt.sys;c:\windows\SYSNATIVE\Drivers\IvtUrbBtFlt.sys [x]
S3 ICCS;Intel® Integrated Clock Controller Service - Intel® ICCS;c:\program files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe;c:\program files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [x]
S3 IntcDAud;Intel® bildskärmsljud;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys;c:\windows\SYSNATIVE\DRIVERS\netr28x.sys [x]
S3 rtbth;RTBTH Bluetooth Device Driver;c:\windows\System32\drivers\rtbth.sys;c:\windows\SYSNATIVE\drivers\rtbth.sys [x]
S3 RTL8168;Realtek 8168 NT Driver;c:\windows\system32\DRIVERS\Rt630x64.sys;c:\windows\SYSNATIVE\DRIVERS\Rt630x64.sys [x]
S3 SmbDrvI;SmbDrvI;c:\windows\system32\DRIVERS\Smb_driver_Intel.sys;c:\windows\SYSNATIVE\DRIVERS\Smb_driver_Intel.sys [x]
S3 WirelessButtonDriver;HP Wireless Button Driver Service;c:\windows\System32\drivers\WirelessButtonDriver64.sys;c:\windows\SYSNATIVE\drivers\WirelessButtonDriver64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
apphost REG_MULTI_SZ    apphostsvc
iissvcs REG_MULTI_SZ    w3svc was
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-09-22 08:28 1096520 ----a-w- c:\program files (x86)\Google\Chrome\Application\37.0.2062.120\Installer\chrmstp.exe
.
Innehåll i mappen 'Schemalagda aktiviteter':
.
2014-09-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-02-27 19:40]
.
2014-09-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-02-27 19:40]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2014-03-03 18:59 244696 ----a-w- c:\users\Anna\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2014-03-03 18:59 244696 ----a-w- c:\users\Anna\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2014-03-03 18:59 244696 ----a-w- c:\users\Anna\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2013-03-12 165872]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2013-03-12 407536]
"Persistence"="c:\windows\system32\igfxpers.exe" [2013-03-12 441840]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2013-03-08 7156296]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"NCPluginUpdater"="c:\program files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" [2014-05-13 21720]
.
------- Extra genomsökning -------
.
uStart Page = hxxp://google.com/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xportera till Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Ski&cka till OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
Trusted Zone: starstable.com
TCP: DhcpNameServer = 8.8.8.8 195.54.122.204
.
- - - - FÖRÄLDRALÖSA POSTER SOM TAGITS BORT - - - -
.
Wow6432Node-HKCU-Run-EA Core - c:\program files (x86)\Electronic Arts\EADM\Core.exe
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Activeris AntiMalware_is1 - c:\program files (x86)\Activeris AntiMalware\unins000.exe
AddRemove-{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE} - c:\program files (x86)\InstallShield Installation Information\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}\setup.exe
.
.
.
--------------------- LÅSTA REGISTERNYCKLAR ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
@SACL=(02 0000)
.
Sluttid: 2014-09-24  15:23:37
ComboFix-quarantined-files.txt  2014-09-24 13:23
.
Före genomsökningen: 388 841 684 992 bytes free
Efter genomsökningen: 389 853 265 920 bytes free
.
- - End Of File - - 363819EADC26714CFD9ACCEDEEE885A5
5FB38429D5D77768867C76DCBDB35194

Länk till kommentar
Dela på andra webbplatser

Nix update funkade igen inte, här är FSS-loggen.

 

 

Farbar Service Scanner Version: 21-07-2014
Ran by Anna (administrator) on 24-09-2014 at 16:23:00
Running from "C:\Users\Anna\Downloads\Virusrensning20140919\2nd try"
Microsoft Windows 8  (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============

Firewall Disabled Policy:
==================

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================

Other Services:
==============

File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed

**** End of log ****

 

Länk till kommentar
Dela på andra webbplatser

2014-05-16 15:37 . 2014-05-16 15:37 6103040 ----a-w- c:\program files (x86)\GUT3E94.tmp

Konstigt ställe för en tmp-fil, och väldigt stor. Går den att ta bort?

 

Vad har du kört för att fixa Windows Update med felkoden 0x80073712, felsökaren, DISM, systemfilsgranskaren, Checksur?

Har du prövat med att bara försöka installera en av de äldsta uppdateringarna i selektivt läge (inaktivering av autostart-program och tjänster)

Länk till kommentar
Dela på andra webbplatser

Hej Cecilia

c:\program files (x86)\GUT3E94.tmp gick att radera och är nu borta lr iaf i papperskorgen f.n.

Har försökt med det som winupdate och några MS-forum tipsat om, dvs felsökaren i olika varianter, dels inifrån datorn och dels via "fix-it" länkar på MS, men med samma synliga resultat, dvs de har åtgärdat något och vid förnyat försök att köra update har det låst sig på ca 11% .

Sedan har jag kört DISM och den har på något sätt tagit lång tid och senast med felmeddelande om att den inte har internetkontakt. (Tror faktiskt att verktyget självt får nätet att stoppa.)

Systemfilgranskaren ännu ej testad likaså Checksur.

Det är f.n. 5 uppdateringar som "väntar" 2 viktiga o 3 rekommenderade.

Har försökt installera dom en i taget men samma resultat, det hänger sig på ett tidigt stadium. Datorn ansluten med kabel till ett "stabilt" nätverk.

Har försökt starta i selektivt läge men inte lyckats, använder troligen inte rätt metod.

Har du tips på länk till instruktion för de verktyg du nämnt senast?

Edit: körde msconfig o hittade selektiv start, men det blev ju svårt att göra något utan nätverk eller updatetjänster tillgängliga.

Fick dessvärre denna länk av en kompis: http://tech.slashdot.org/story/14/04/15/0053213/microsoft-confirms-it-is-dropping-windows-81-support försöker nu finna ut vad som hänt sedan dess avseende Windows 8.1 Update 1 Failing to Install with errors 0x80070020, 80073712

Vilket ju är precis vad jag har problem med.

Insåg inte att SFC o systemfilsgranskaren är samma sak, SFC har jag kört bifogar en del av filen, lite av början och mest av slutet.

 

//millpark10

Del av kompletta filenCBS-log.txt

Länk till kommentar
Dela på andra webbplatser

Hej Cecilia

Har kört sfc /scannow och det gav följande meddelande:

Windows Resource Protection found corrupt files but was unable to fix some
of them. Details are included in the CBS.Log windir\Logs\CBS\CBS.log. For
example C:\Windows\Logs\CBS\CBS.log. Note that logging is currently not
supported in offline servicing scenarios.

Hittade en instruktion http://support.microsoft.com/kb/929833/sv#CBS log

Körde kommandot och fick en fil på skrivbordet, bifogar den.

C:\>findstr /c:"[sR]" %windir%\Logs\CBS\CBS.log >"%userprofile%\Desktop\sfcdetails.txt"

Sista raden i logfilen säger att allt är okej, jag fattar nog inte skillnaden i meddelandena.

2014-09-24 23:54:34, Info                  CSI    00000c75 [sR] Verify and Repair Transaction completed. All files and registry keys listed in this transaction  have been successfully repaired

sfcdetails.txt

Har just läst igenom tråden http://answers.microsoft.com/sv-se/windows/forum/windows_8-windows_update/problem-med-windows-update/523b1b6b-e963-4ed3-889c-968ade908dc1?auth=1

och funderar på hur att ladda ner uppdateringarna manuellt och hur att starta i felsäkert läge för att försöka med manuell installation.

//millpark10

 

Länk till kommentar
Dela på andra webbplatser

Fungerar Store eller på vilket sätt fungerar den inte?

2014-09-24 22:29:46, Error CSI 00000037@2014/9/24:20:29:46.667 (F) base\wcp\componentstore\storelayout.cpp(1946): Store corruption detected in function ComponentStore::CRawStoreLayout::FetchManifestContent expression: 0

FileHashMismatch on resource [108]"\winsxs\manifests\amd64_microsoft-windows-pdc_31bf3856ad364e35_6.2.9200.16728_none_00417faae5c40e7a.manifest"[gle=0x80004005]

Systemfilsgranskaren kan ibland fixa mer om man kör den en gång till efter en omstart av datorn.

 

Det jag menade med selektiv start är det som beskrivs på http://support.microsoft.com/kb/929135/sv och då ska internet och Windows Update fungera.

 

Är det "Windows 8.1 Update 1" du försöker installera?

Jag trodde att det inte var 8.1 i datorn.

Länk till kommentar
Dela på andra webbplatser

Arkiverat

Det här ämnet är nu arkiverat och är stängt för ytterligare svar.

×
×
  • Skapa nytt...