Just nu i M3-nätverket
Gå till innehåll

Min väns dator fick blackscren vid omstart


sidartha

Rekommendera Poster

Min väns dator fick blackscreen vid omstart efter att ha kört Antimalware bytes och försökt lägga någon pup-fil i karantän.

 

Så här beskrev hon det "det som kom upp efter jag loggade in efter uppstartande var att jag fick en helt svart skärm, pekaren syntes och kunde röras men annars bara helt svart"

Addition.txt

FRST.txt

Länk till kommentar
Dela på andra webbplatser

1. Vad för sorts återställning?

 

2. Vad var det som MBAM (Malwarebytes Anti-Malware) hittade enligt dess loggar?

 

3. "Panda Antivirus Pro 2012"

Det är en gammal version som inte ger lika bra skydd som senaste versionen. Varje ny årsmodell/version innehåller nya och förbättrade funktioner för att bekämpa de senaste typerna av skadliga program. Det är därför viktigt att varje år uppdatera versionen.

 

4. Det finns ett flertal olämpliga start- och söksidor samt tillägg i Internet Explorer och Chrome.

Spara AdwCleaner av Xplode på Skrivbordet: https://toolslib.net/downloads/viewdownload/1-adwcleaner/

 

Stäng alla program, inklusive webbläsare.

Dubbelklicka på AdwCleaner för att starta programmet.

 

Klicka på Scan-knappen.

Vänta tills sökningen är klar.

Klicka på Report-knappen.

En rapport kommer upp, kopiera innehållet och klistra in i ditt svar.

Om rapporten inte kommer upp, så finns den även som C:\AdwCleaner[R0].txt

Länk till kommentar
Dela på andra webbplatser

1. Gör en ny systemåterställningspunkt utifall att det blir något problem även nu.

 

2. Stäng alla program, inklusive webbläsare.
Dubbelklicka på AdwCleaner för att starta programmet.

Klicka på Scan-knappen.
Vänta tills sökningen är klar.

Klicka på Clean-knappen.
Tryck på OK.
Tryck på OK fler gånger om det kommer upp meddelanden.

Datorn kommer att startas om.
En rapport kommer upp, kopiera innehållet och klistra in i ditt svar.
Om rapporten inte kommer upp, så finns den även som C:\AdwCleaner[s0].txt

 

3. Kör FRST igen och bifoga den nya FRST.txt så får vi se om det är något kvar att åtgärda.

 

4. Skanna datorn online på http://www.eset.com/onlinescan/ och använd helst Internet Explorer till det.
För att inte skannern ska ta för lång tid på sig stäng av ditt antivirusprogram under tiden.

Välj alternativet Enable detection of potentially unwanted applications.

Klicka på Advanced Settings.
Ta bort bocken framför Remove found threats.
Bocka för:
Scan Archives
Scan for potentially unsafe applications
Enable Anti-Stealth Technology

Klicka på Start

När skanningen är klar klicka på List of found threats, följt av Export to a text file. Spara till en fil på skrivbordet, öppna filen, kopiera resultatet och klistra sedan in det i ditt svar.

Länk till kommentar
Dela på andra webbplatser

1. Gör en ny systemåterställningspunkt utifall att det blir något problem även nu.

 

2. Stäng alla program, inklusive webbläsare.

Dubbelklicka på AdwCleaner för att starta programmet.

 

Klicka på Scan-knappen.

Vänta tills sökningen är klar.

 

Klicka på Clean-knappen.

Tryck på OK.

Tryck på OK fler gånger om det kommer upp meddelanden.

 

Datorn kommer att startas om.

En rapport kommer upp, kopiera innehållet och klistra in i ditt svar.

Om rapporten inte kommer upp, så finns den även som C:\AdwCleaner[s0].txt

 

3. Kör FRST igen och bifoga den nya FRST.txt så får vi se om det är något kvar att åtgärda.

 

4. Skanna datorn online på http://www.eset.com/onlinescan/ och använd helst Internet Explorer till det.

För att inte skannern ska ta för lång tid på sig stäng av ditt antivirusprogram under tiden.

 

Välj alternativet Enable detection of potentially unwanted applications.

 

Klicka på Advanced Settings.

Ta bort bocken framför Remove found threats.

Bocka för:

Scan Archives

Scan for potentially unsafe applications

Enable Anti-Stealth Technology

 

Klicka på Start

 

När skanningen är klar klicka på List of found threats, följt av Export to a text file. Spara till en fil på skrivbordet, öppna filen, kopiera resultatet och klistra sedan in det i ditt svar.

# AdwCleaner v4.001 - Report created 23/10/2014 at 00:06:33
# DB v2014-10-21.1
# Updated 20/10/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Dagrun - DAGRUN-DATOR
# Running from : C:\Users\Dagrun\Desktop\adwcleaner_4.001.exe
# Option : Clean
 
***** [ Services ] *****
 
[#] Service Deleted : IePluginService
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\Program Files (x86)\Bench
Folder Deleted : C:\ProgramData\IePluginService
Folder Deleted : C:\Users\Dagrun\AppData\Roaming\iWin
Folder Deleted : C:\Program Files (x86)\SupTab
Folder Deleted : C:\Users\Dagrun\AppData\Roaming\SupTab
Folder Deleted : C:\Users\Dagrun\AppData\Local\Tuguu_SL
Folder Deleted : C:\Program Files (x86)\Uninstaller
Folder Deleted : C:\ProgramData\WPM
File Deleted : C:\Windows\Downloaded Program Files\popcaploader.inf
File Deleted : C:\END
 
***** [ Scheduled Tasks ] *****
 
Task Deleted : bench-sys
Task Deleted : bench-Updater removing
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [quick_start@gmail.com]
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma
Key Deleted : HKLM\Software\Classes\popcaploader.popcaploaderctrl2
Key Deleted : HKLM\Software\Classes\popcaploader.popcaploaderctrl2.1
Key Deleted : HKLM\SOFTWARE\Classes\speedupmypc
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\NewPlayer_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\NewPlayer_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\speedupmypc_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\speedupmypc_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E4E3E0F8-CD30-4380-8CE9-B96904BDEFCA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FE8A736F-4124-4D9C-B4B1-3B12381EFABE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C9C5DEAF-0A1F-4660-8279-9EDFAD6FEFE1}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F791D8AE-47E8-40A5-A913-EB2D2AF29602}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E4E3E0F8-CD30-4380-8CE9-B96904BDEFCA}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FE8A736F-4124-4D9C-B4B1-3B12381EFABE}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Data Restored : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKLM\SOFTWARE\AdvertisingSupport
Key Deleted : HKLM\SOFTWARE\Bench
Key Deleted : HKLM\SOFTWARE\Coupon Server
Key Deleted : HKLM\SOFTWARE\IePlugin
Key Deleted : HKLM\SOFTWARE\SupTab
Key Deleted : HKLM\SOFTWARE\supWPM
Key Deleted : HKLM\SOFTWARE\Uniblue
Key Deleted : HKLM\SOFTWARE\webssearchesSoftware
Key Deleted : HKLM\SOFTWARE\Wpm
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17344
 
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [start Page]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [search Page]
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [start Page]
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [search Page]
 
-\\ Mozilla Firefox v29.0.1 (en-US)
 
 
-\\ Google Chrome v
 
 
*************************
 
AdwCleaner[R0].txt - [7874 octets] - [22/10/2014 16:09:59]
AdwCleaner[R1].txt - [7934 octets] - [23/10/2014 00:04:17]
AdwCleaner[s0].txt - [6513 octets] - [23/10/2014 00:06:33]
 
########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [6573 octets] ##########
 
Log från esets online scan:
 
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Uninstaller\Uninstall.exe.vir a variant of MSIL/DomaIQ.A potentially unwanted application
C:\Users\Dagrun\AppData\Local\Temp\jki1EF0.tmp a variant of MSIL/DomaIQ.X potentially unwanted application
C:\Users\Dagrun\AppData\Local\Temp\{C1E94155-E3D5-42EF-AA16-1103580C0B69}.exe a variant of Win32/Toolbar.Visicom.A potentially unwanted application
C:\Users\Dagrun\AppData\Local\Temp\97ee1b67-5d1d-44ee-b581-c68d1fda25da\software\Cloud_Backup_Setup.exe Win32/MyPCBackup.A potentially unwanted application
C:\Users\Dagrun\AppData\Local\Temp\97ee1b67-5d1d-44ee-b581-c68d1fda25da\software\speedupmypc.exe Win32/SpeedUpMyPC.A potentially unwanted application
C:\Users\Dagrun\AppData\Local\Temp\is-4KNEA.tmp\SpeedUpMyPC-standalone-setup.exe Win32/SpeedUpMyPC potentially unwanted application
 
Länk till kommentar
Dela på andra webbplatser

Fint, men du behöver skanna med FRST och klistra in den nya FRST.txt också.

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-10-2014
Ran by Dagrun (administrator) on DAGRUN-DATOR on 23-10-2014 00:15:57
Running from C:\Users\Dagrun\Desktop
Loaded Profiles: UpdatusUser & Dagrun (Available profiles: UpdatusUser & Dagrun)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Svenska (Sverige)
Internet Explorer Version 11
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Egis Technology Inc. ) C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Egis Technology Inc. ) C:\Program Files (x86)\Acer Bio Protection\EgisService.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
() C:\Program Files (x86)\Mobilt bredband Comviq 3G\AssistantServices.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
(CyberLink) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\DMREngine.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Spotify Ltd) C:\Users\Dagrun\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe
(Dropbox, Inc.) C:\Users\Dagrun\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
() C:\Program Files (x86)\Mobilt bredband Comviq 3G\UIExec.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12681320 2011-08-25] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2277480 2011-08-16] (Realtek Semiconductor)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [suiteTray] => C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [340848 2011-04-02] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisTecPMMUpdate] => C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe [408432 2011-03-29] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisUpdate] => C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe [202608 2011-03-29] (Egis Technology Inc.)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Nikon Message Center 2] => C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe [571392 2011-10-30] (Nikon Corporation)
HKLM-x32\...\Run: [uIExec] => C:\Program Files (x86)\Mobilt bredband Comviq 3G\UIExec.exe [153424 2011-11-08] ()
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [PSUAMain] => C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe [37624 2014-07-24] (Panda Security, S.L.)
Winlogon\Notify\igfxcui: C:\Windows\SYSTEM32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-19\...\RunOnce: [isMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-20\...\RunOnce: [isMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-21-1192211395-3887936178-1663048781-1000\...\RunOnce: [scrSav] => C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [154144 2010-07-29] ()
HKU\S-1-5-21-1192211395-3887936178-1663048781-1001\...\Run: [msnmsgr] => C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [4280184 2012-03-08] (Microsoft Corporation)
HKU\S-1-5-21-1192211395-3887936178-1663048781-1001\...\Run: [Google Update] => C:\Users\Dagrun\AppData\Local\Google\Update\GoogleUpdate.exe [107912 2014-10-22] (Google Inc.)
HKU\S-1-5-21-1192211395-3887936178-1663048781-1001\...\Run: [Facebook Update] => C:\Users\Dagrun\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-07-21] (Facebook Inc.)
HKU\S-1-5-21-1192211395-3887936178-1663048781-1001\...\Run: [spotify Web Helper] => C:\Users\Dagrun\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1514040 2014-10-21] (Spotify Ltd)
HKU\S-1-5-21-1192211395-3887936178-1663048781-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-1192211395-3887936178-1663048781-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-1192211395-3887936178-1663048781-1001\...\Run: [skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [22041192 2014-08-27] (Skype Technologies S.A.)
HKU\S-1-5-21-1192211395-3887936178-1663048781-1001\...\Run: [spotify] => C:\Users\Dagrun\AppData\Roaming\Spotify\spotify.exe [6553144 2014-10-21] (Spotify Ltd)
HKU\S-1-5-21-1192211395-3887936178-1663048781-1001\...\MountPoints2: {39d82b8d-4348-11e1-8056-e4d53d0847b6} - D:\AutoRun.exe
HKU\S-1-5-21-1192211395-3887936178-1663048781-1001\...\MountPoints2: {39d82b96-4348-11e1-8056-e4d53d0847b6} - D:\AutoRun.exe
HKU\S-1-5-21-1192211395-3887936178-1663048781-1001\...\MountPoints2: {955af97b-0bfb-11e2-a454-e89a8ff7d952} - D:\Install.exe
HKU\S-1-5-18\...\RunOnce: [isMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [226920 2011-04-22] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [193128 2011-04-22] (NVIDIA Corporation)
Lsa: [Notification Packages] scecli EgisPwdFilter EgisDSPwdFilter
Startup: C:\Users\Dagrun\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Dagrun\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://acer.us.msn.com/
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: EgisPBIE Sign-in Helper -> {7B51CCBE-4AF9-44A6-BDAB-D7F7E4C4E6F9} -> C:\Program Files (x86)\Acer Bio Protection\x64\EgisPBIE.dll (Egis Technology Inc.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: EgisPBIE Sign-in Helper -> {7B51CCBE-4AF9-44A6-BDAB-D7F7E4C4E6F9} -> C:\Program Files (x86)\Acer Bio Protection\EgisPBIE.dll (Egis Technology Inc.)
BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
DPF: HKLM-x32 {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: HKLM-x32 {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://www.shockwave.com/content/bookwormadventures/sis/popcaploader_v10_en.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
 
FireFox:
========
FF ProfilePath: C:\Users\Dagrun\AppData\Roaming\Mozilla\Firefox\Profiles\6yo8th2v.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_268.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Windows\SysWOW64\npdeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\7\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Dagrun\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\Dagrun\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\Dagrun\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Extension: Scriptish - C:\Users\Dagrun\AppData\Roaming\Mozilla\Firefox\Profiles\6yo8th2v.default\Extensions\scriptish@erikvold.com.xpi [2014-05-29]
FF Extension: NoScript - C:\Users\Dagrun\AppData\Roaming\Mozilla\Firefox\Profiles\6yo8th2v.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-10-21]
FF Extension: Adblock Plus - C:\Users\Dagrun\AppData\Roaming\Mozilla\Firefox\Profiles\6yo8th2v.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-10-21]
FF HKLM-x32\...\Firefox\Extensions: [{41ecbc0b-34d5-4cd4-935f-253a30e2cb7e}] - C:\Program Files (x86)\Acer Bio Protection\FFExt
FF Extension:  Password Bank Extension  - C:\Program Files (x86)\Acer Bio Protection\FFExt [2011-11-09]
FF HKLM-x32\...\Firefox\Extensions: [{d4da7309-b89a-45ec-8ebb-cfb2ae13618b}] - C:\Program Files (x86)\Acer Bio Protection\FFExt20
FF Extension:  Password Bank Extension  - C:\Program Files (x86)\Acer Bio Protection\FFExt20 [2011-11-09]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://istart.webssearches.com/?type=hp&ts=1396544459&from=tugs&uid=ST9750423AS_5WS2LQCTXXXX5WS2LQCT
CHR StartupUrls: Default -> "hxxp://istart.webssearches.com/?type=hp&ts=1396544459&from=tugs&uid=ST9750423AS_5WS2LQCTXXXX5WS2LQCT"
CHR Profile: C:\Users\Dagrun\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (YouTube) - C:\Users\Dagrun\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-29]
CHR Extension: (Sök på Google) - C:\Users\Dagrun\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-29]
CHR Extension: (AdBlock) - C:\Users\Dagrun\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-10-21]
CHR Extension: ((1) Mob Wars on Facebook) - C:\Users\Dagrun\AppData\Local\Google\Chrome\User Data\Default\Extensions\hljkafednlmkpkkolmblijfeoglapben [2013-08-07]
CHR Extension: (Ghostery) - C:\Users\Dagrun\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2014-10-21]
CHR Extension: (Google Wallet) - C:\Users\Dagrun\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-29]
CHR Extension: (Gmail) - C:\Users\Dagrun\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-29]
CHR StartMenuInternet: Google Chrome - C:\Users\Dagrun\AppData\Local\Google\Chrome\Application\chrome.exe
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [105120 2011-09-17] (Atheros Commnucations) [File not signed]
R2 EgisTec Service; C:\Program Files (x86)\Acer Bio Protection\EgisService.exe [307760 2011-07-14] (Egis Technology Inc. )
S3 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2013-12-20] (WildTangent)
R2 GREGService; C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [29696 2011-05-26] (Acer Incorporated) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 NanoServiceMain; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe [141560 2014-07-24] (Panda Security, S.L.)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-02] (Symantec Corporation)
R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [256832 2011-04-24] (NTI Corporation)
R2 PandaAgent; C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe [61688 2014-07-23] (Panda Security, S.L.)
R2 PSUAService; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe [38136 2014-07-24] (Panda Security, S.L.)
R2 RS_Service; C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe [260640 2010-01-30] (Acer Incorporated)
R2 UI Assistant Service; C:\Program Files (x86)\Mobilt bredband Comviq 3G\AssistantServices.exe [270672 2011-11-08] ()
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 Momip6t; No ImagePath
R1 NNSALPC; C:\Windows\System32\DRIVERS\NNSAlpc.sys [96800 2014-06-04] (Panda Security, S.L.)
R1 NNSHTTP; C:\Windows\System32\DRIVERS\NNSHttp.sys [162336 2014-06-18] (Panda Security, S.L.)
R1 NNSHTTPS; C:\Windows\System32\DRIVERS\NNSHttps.sys [112160 2014-06-04] (Panda Security, S.L.)
R1 NNSIDS; C:\Windows\System32\DRIVERS\NNSIds.sys [115232 2014-06-04] (Panda Security, S.L.)
R1 NNSNAHSL; C:\Windows\System32\DRIVERS\NNSNAHSL.sys [46336 2014-01-16] (Panda Security, S.L.)
R1 NNSPICC; C:\Windows\System32\DRIVERS\NNSPicc.sys [95776 2014-06-04] (Panda Security, S.L.)
R1 NNSPIHSW; C:\Windows\System32\DRIVERS\NNSPihsw.sys [70176 2014-06-04] (Panda Security, S.L.)
R1 NNSPOP3; C:\Windows\System32\DRIVERS\NNSPop3.sys [125984 2014-06-04] (Panda Security, S.L.)
R1 NNSPROT; C:\Windows\System32\DRIVERS\NNSProt.sys [306720 2014-06-04] (Panda Security, S.L.)
R1 NNSPRV; C:\Windows\System32\DRIVERS\NNSPrv.sys [169504 2014-06-04] (Panda Security, S.L.)
R1 NNSSMTP; C:\Windows\System32\DRIVERS\NNSSmtp.sys [115744 2014-06-04] (Panda Security, S.L.)
R1 NNSSTRM; C:\Windows\System32\DRIVERS\NNSStrm.sys [261152 2014-06-04] (Panda Security, S.L.)
R1 NNSTLSC; C:\Windows\System32\DRIVERS\NNSTlsc.sys [109088 2014-06-04] (Panda Security, S.L.)
R2 PSINAflt; C:\Windows\System32\DRIVERS\PSINAflt.sys [160800 2014-07-24] (Panda Security, S.L.)
R2 PSINFile; C:\Windows\System32\DRIVERS\PSINFile.sys [120352 2014-07-24] (Panda Security, S.L.)
R1 PSINKNC; C:\Windows\System32\DRIVERS\psinknc.sys [195616 2014-07-24] (Panda Security, S.L.)
R2 PSINProc; C:\Windows\System32\DRIVERS\PSINProc.sys [122400 2014-07-24] (Panda Security, S.L.)
R2 PSINProt; C:\Windows\System32\DRIVERS\PSINProt.sys [132128 2014-07-24] (Panda Security, S.L.)
R2 PSINReg; C:\Windows\System32\DRIVERS\PSINReg.sys [106016 2014-07-24] (Panda Security, S.L.)
R3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [60400 2014-03-25] (Panda Security, S.L.)
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S3 Prot6Flt; system32\DRIVERS\Prot6Flt.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-10-23 00:15 - 2014-10-23 00:15 - 00000000 ____D () C:\Users\Dagrun\Desktop\FRST-OlderVersion
2014-10-23 00:14 - 2014-10-23 00:14 - 00006685 _____ () C:\Users\Dagrun\Desktop\AdwCleaner[s0].txt
2014-10-23 00:08 - 2014-03-25 15:15 - 00060400 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\PSKMAD.sys
2014-10-22 16:09 - 2014-10-23 00:06 - 00000000 ____D () C:\AdwCleaner
2014-10-22 16:05 - 2014-10-22 16:05 - 00000000 ____D () C:\Users\Dagrun\AppData\Local\{0119CCD0-00ED-4DF8-95B4-8B6FE17CDDB6}
2014-10-22 15:59 - 2014-10-22 15:59 - 01036008 _____ () C:\Users\Dagrun\Desktop\PANDAGP15 (1).exe
2014-10-22 15:47 - 2014-10-22 15:47 - 00000000 ____D () C:\Users\Dagrun\AppData\Roaming\Panda Security
2014-10-22 15:47 - 2014-10-22 15:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Global Protection 2015
2014-10-22 15:47 - 2014-10-22 15:47 - 00000000 ____D () C:\Program Files (x86)\Panda Security
2014-10-22 15:42 - 2014-10-22 15:42 - 00000000 ____D () C:\Users\Dagrun\AppData\Local\{AE2B663C-72F6-474B-81E0-B63202127693}
2014-10-22 15:34 - 2014-10-22 15:34 - 01962496 _____ () C:\Users\Dagrun\Desktop\adwcleaner_4.001.exe
2014-10-22 15:16 - 2014-10-22 15:16 - 01035864 _____ () C:\Users\Dagrun\Downloads\PANDAGP15 (1).exe
2014-10-21 22:04 - 2014-10-21 22:05 - 00050337 _____ () C:\Users\Dagrun\Desktop\Addition.txt
2014-10-21 22:03 - 2014-10-23 00:15 - 00022359 _____ () C:\Users\Dagrun\Desktop\FRST.txt
2014-10-21 22:02 - 2014-10-23 00:16 - 00000000 ____D () C:\FRST
2014-10-21 19:44 - 2014-10-23 00:15 - 02112000 _____ (Farbar) C:\Users\Dagrun\Desktop\FRST64.exe
2014-10-21 19:34 - 2014-09-29 02:58 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-21 19:34 - 2014-06-19 00:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-21 19:34 - 2014-06-19 00:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2014-10-21 19:34 - 2014-06-19 00:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2014-10-21 19:34 - 2014-06-19 00:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-21 19:34 - 2014-06-19 00:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2014-10-21 19:34 - 2014-06-19 00:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-21 19:33 - 2014-10-07 04:54 - 00378552 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-10-21 19:33 - 2014-10-07 04:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-10-21 19:33 - 2014-09-26 00:50 - 13619200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-21 19:33 - 2014-09-26 00:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-10-21 19:33 - 2014-09-26 00:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-10-21 19:33 - 2014-09-26 00:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-10-21 19:33 - 2014-09-26 00:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-10-21 19:33 - 2014-09-26 00:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-10-21 19:33 - 2014-09-26 00:31 - 02108416 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-21 19:33 - 2014-09-19 04:25 - 23631360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-21 19:33 - 2014-09-19 03:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-21 19:33 - 2014-09-19 03:55 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-10-21 19:33 - 2014-09-19 03:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-10-21 19:33 - 2014-09-19 03:41 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-21 19:33 - 2014-09-19 03:40 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-21 19:33 - 2014-09-19 03:40 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-10-21 19:33 - 2014-09-19 03:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-10-21 19:33 - 2014-09-19 03:38 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-10-21 19:33 - 2014-09-19 03:36 - 05829632 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-21 19:33 - 2014-09-19 03:31 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-21 19:33 - 2014-09-19 03:30 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-10-21 19:33 - 2014-09-19 03:27 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-21 19:33 - 2014-09-19 03:26 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-10-21 19:33 - 2014-09-19 03:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-10-21 19:33 - 2014-09-19 03:25 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-10-21 19:33 - 2014-09-19 03:25 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-10-21 19:33 - 2014-09-19 03:18 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-10-21 19:33 - 2014-09-19 03:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-10-21 19:33 - 2014-09-19 03:14 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-21 19:33 - 2014-09-19 03:06 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-10-21 19:33 - 2014-09-19 03:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-10-21 19:33 - 2014-09-19 03:01 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-10-21 19:33 - 2014-09-19 03:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-10-21 19:33 - 2014-09-19 03:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-10-21 19:33 - 2014-09-19 03:00 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-21 19:33 - 2014-09-19 02:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-10-21 19:33 - 2014-09-19 02:58 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-21 19:33 - 2014-09-19 02:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-10-21 19:33 - 2014-09-19 02:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-10-21 19:33 - 2014-09-19 02:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-10-21 19:33 - 2014-09-19 02:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-10-21 19:33 - 2014-09-19 02:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-10-21 19:33 - 2014-09-19 02:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-10-21 19:33 - 2014-09-19 02:42 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-21 19:33 - 2014-09-19 02:42 - 00710656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-10-21 19:33 - 2014-09-19 02:40 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-10-21 19:33 - 2014-09-19 02:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-10-21 19:33 - 2014-09-19 02:33 - 02309632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-21 19:33 - 2014-09-19 02:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-10-21 19:33 - 2014-09-19 02:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-10-21 19:33 - 2014-09-19 02:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-10-21 19:33 - 2014-09-19 02:14 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-21 19:33 - 2014-09-19 01:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-10-21 19:33 - 2014-09-19 01:59 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-10-21 19:33 - 2014-09-19 01:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-10-21 19:33 - 2014-09-19 01:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-10-21 19:33 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2014-10-21 19:33 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2014-10-21 19:33 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2014-10-21 19:33 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2014-10-21 19:33 - 2014-07-09 04:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2014-10-21 19:33 - 2014-07-09 03:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2014-10-21 19:33 - 2014-07-09 03:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2014-10-21 19:33 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2014-10-21 19:33 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2014-10-21 19:33 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2014-10-21 19:33 - 2014-07-09 00:38 - 00419992 _____ () C:\Windows\system32\locale.nls
2014-10-21 19:33 - 2014-07-09 00:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls
2014-10-21 19:32 - 2014-10-21 19:25 - 00883624 _____ (Oracle Corporation) C:\Windows\SysWOW64\npdeployJava1.dll
2014-10-21 19:32 - 2014-10-21 19:25 - 00806824 _____ (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2014-10-21 19:31 - 2014-09-18 04:00 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-10-21 19:31 - 2014-09-18 03:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-10-21 19:30 - 2014-09-04 07:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-21 19:30 - 2014-09-04 07:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2014-10-21 19:30 - 2014-07-17 04:07 - 03722240 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-10-21 19:30 - 2014-07-17 04:07 - 01118720 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-10-21 19:30 - 2014-07-17 04:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-10-21 19:30 - 2014-07-17 04:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-10-21 19:30 - 2014-07-17 04:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-10-21 19:30 - 2014-07-17 04:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-10-21 19:30 - 2014-07-17 04:07 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-10-21 19:30 - 2014-07-17 04:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-10-21 19:30 - 2014-07-17 03:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2014-10-21 19:30 - 2014-07-17 03:39 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-10-21 19:30 - 2014-07-17 03:39 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-10-21 19:30 - 2014-07-17 03:39 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2014-10-21 19:30 - 2014-07-17 03:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-10-21 19:30 - 2014-07-17 03:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-10-21 19:30 - 2014-07-17 03:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-10-21 19:30 - 2014-07-17 03:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-10-21 19:29 - 2014-09-13 03:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-21 19:29 - 2014-09-13 03:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-10-21 19:27 - 2014-10-21 19:27 - 00000000 ____D () C:\Users\Dagrun\AppData\Roaming\Oracle
2014-10-21 19:25 - 2014-10-21 19:25 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-10-21 19:25 - 2014-10-21 19:25 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-10-21 19:25 - 2014-10-21 19:25 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-10-21 19:25 - 2014-10-21 19:25 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-10-21 19:16 - 2014-10-21 19:16 - 00000000 ____D () C:\Users\Dagrun\AppData\Local\{8FA7C80E-EC41-46B9-9968-F43689C2781C}
2014-10-20 22:37 - 2014-10-20 22:37 - 02122240 _____ () C:\Users\Dagrun\Desktop\Dataspelsberoende förändrad version.ppt
2014-10-20 21:21 - 2014-10-20 21:21 - 00000995 _____ () C:\Users\Dagrun\AppData\Local\recently-used.xbel
2014-10-20 18:37 - 2014-10-20 18:37 - 00000000 ____D () C:\Users\Dagrun\AppData\Local\{58D972C8-FD2C-48EC-B5BC-B77A4ACA0D98}
2014-10-19 20:50 - 2014-10-21 19:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-10-19 20:50 - 2014-10-21 19:12 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-10-19 20:50 - 2014-10-19 20:50 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-10-19 16:34 - 2014-10-19 16:35 - 00000000 ____D () C:\Users\Dagrun\AppData\Local\{8B28EB2B-B0AE-4398-8AD0-CB6A08CDDADF}
2014-10-18 20:40 - 2014-10-18 20:40 - 00000000 ____D () C:\Users\Dagrun\AppData\Local\{F0EA90FD-4C63-457C-A3A0-43F19E71BC36}
2014-10-14 16:39 - 2014-10-14 16:39 - 00000000 ____D () C:\Users\Dagrun\AppData\Local\{C429E016-6DDC-42AD-9190-915873955746}
2014-10-14 16:38 - 2014-10-14 16:38 - 00000000 ____D () C:\Users\Dagrun\AppData\Local\{99E3F8FC-2C01-4870-A62A-5FE2EBB76784}
2014-10-12 22:18 - 2014-10-12 22:18 - 00732041 _____ () C:\Users\Dagrun\Downloads\Outlook.com.zip
2014-10-12 15:33 - 2014-10-12 15:33 - 00000000 ____D () C:\Users\Dagrun\AppData\Local\{9F83F2D4-96A0-45B2-BD97-BFA02AFA232F}
2014-10-07 22:34 - 2014-10-07 22:34 - 00000000 ____D () C:\Users\Dagrun\AppData\Local\{EF2EF526-FC3F-48AF-82E6-10665EBBAA9C}
2014-10-03 16:42 - 2014-10-03 16:42 - 00000000 ____D () C:\Users\Dagrun\AppData\Local\Adobe
2014-10-02 21:19 - 2014-10-02 21:19 - 00000000 ____D () C:\Users\Dagrun\AppData\Local\{6BEAF6B4-53BE-4A9B-925A-324FF52C9C14}
2014-10-01 08:55 - 2014-09-25 04:08 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-10-01 08:55 - 2014-09-25 03:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2014-09-28 19:07 - 2014-09-28 19:07 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-09-28 19:07 - 2014-09-28 19:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-09-27 15:07 - 2014-09-27 15:07 - 00000000 ____D () C:\Users\Dagrun\AppData\Local\{6CD835AF-A394-405B-8BB2-CFFE70AB3F10}
2014-09-24 18:24 - 2014-09-10 00:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-09-24 18:24 - 2014-09-09 23:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-10-23 00:15 - 2011-12-29 22:43 - 00000000 ____D () C:\Users\Dagrun\AppData\Roaming\Skype
2014-10-23 00:12 - 2011-12-29 22:07 - 00000000 ____D () C:\ProgramData\clear.fi
2014-10-23 00:11 - 2014-05-10 17:42 - 00000000 ___RD () C:\Users\Dagrun\Dropbox
2014-10-23 00:11 - 2014-05-10 17:40 - 00000000 ____D () C:\Users\Dagrun\AppData\Roaming\Dropbox
2014-10-23 00:11 - 2012-08-25 10:57 - 00000000 ____D () C:\Users\Dagrun\AppData\Roaming\Spotify
2014-10-23 00:09 - 2012-09-23 00:43 - 00000990 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-23 00:08 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-23 00:08 - 2009-07-14 06:51 - 00067559 _____ () C:\Windows\setupact.log
2014-10-23 00:08 - 2009-07-14 06:45 - 00392240 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-23 00:07 - 2010-11-21 05:47 - 00183640 _____ () C:\Windows\PFRO.log
2014-10-23 00:06 - 2011-11-09 02:07 - 01355773 _____ () C:\Windows\WindowsUpdate.log
2014-10-23 00:02 - 2012-09-23 00:43 - 00000994 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-22 23:28 - 2011-12-29 22:15 - 00001008 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1192211395-3887936178-1663048781-1001UA.job
2014-10-22 21:35 - 2012-07-21 21:30 - 00000932 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1192211395-3887936178-1663048781-1001UA.job
2014-10-22 21:35 - 2012-07-21 21:30 - 00000910 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1192211395-3887936178-1663048781-1001Core.job
2014-10-22 21:01 - 2012-05-07 12:21 - 03252224 ___SH () C:\Users\Dagrun\Desktop\Thumbs.db
2014-10-22 20:57 - 2012-09-23 00:43 - 00003990 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-10-22 20:57 - 2012-09-23 00:43 - 00003738 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-10-22 16:07 - 2012-08-25 10:58 - 00000000 ____D () C:\Users\Dagrun\AppData\Local\Spotify
2014-10-22 15:47 - 2012-01-20 12:39 - 00000000 ____D () C:\ProgramData\Panda Security
2014-10-22 15:47 - 2011-12-29 18:37 - 00090208 _____ () C:\Users\Dagrun\AppData\Local\GDIPFONTCACHEV1.DAT
2014-10-22 15:43 - 2009-07-14 06:45 - 00016976 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-22 15:43 - 2009-07-14 06:45 - 00016976 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-22 15:21 - 2011-12-31 20:10 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-10-22 00:28 - 2011-12-29 22:15 - 00000956 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1192211395-3887936178-1663048781-1001Core.job
2014-10-22 00:23 - 2011-12-29 22:15 - 00003980 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1192211395-3887936178-1663048781-1001UA
2014-10-22 00:23 - 2011-12-29 22:15 - 00003584 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1192211395-3887936178-1663048781-1001Core
2014-10-21 21:25 - 2011-09-20 10:16 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-10-21 21:23 - 2012-02-12 11:33 - 01760256 ___SH () C:\Users\Dagrun\Downloads\Thumbs.db
2014-10-21 21:13 - 2013-12-16 21:55 - 00000000 ____D () C:\Users\Dagrun\Documents\Loves Dokument
2014-10-21 20:55 - 2014-03-11 23:26 - 00000000 ____D () C:\Users\Dagrun\AppData\Local\gtk-2.0
2014-10-21 20:55 - 2014-03-11 22:30 - 00000000 ____D () C:\Users\Dagrun\.gimp-2.8
2014-10-21 19:36 - 2014-06-01 10:03 - 00000000 ____D () C:\Users\Dagrun\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox
2014-10-21 19:32 - 2014-06-10 19:02 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-10-21 19:32 - 2012-05-06 22:56 - 00000000 ____D () C:\Program Files (x86)\Java
2014-10-21 19:27 - 2013-11-24 16:41 - 00000000 ____D () C:\ProgramData\Oracle
2014-10-21 19:14 - 2011-12-29 18:36 - 00000000 ____D () C:\Users\Dagrun
2014-10-21 19:12 - 2012-10-05 15:20 - 00000000 ____D () C:\Program Files (x86)\Mobilt bredband Comviq 3G
2014-10-21 19:12 - 2011-12-29 18:37 - 00000000 ____D () C:\Users\Dagrun\AppData\Local\PowerCinema
2014-10-21 19:12 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\registration
2014-10-21 19:12 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\AppCompat
2014-10-21 19:12 - 2009-07-14 05:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-10-21 19:09 - 2011-12-31 20:09 - 00000000 __RHD () C:\MSOCache
2014-10-21 18:26 - 2012-01-21 14:57 - 00000000 ____D () C:\Users\Dagrun\AppData\Local\CrashDumps
2014-10-03 18:55 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-10-02 23:08 - 2011-11-09 02:58 - 00664068 _____ () C:\Windows\system32\perfh01D.dat
2014-10-02 23:08 - 2011-11-09 02:58 - 00142836 _____ () C:\Windows\system32\perfc01D.dat
2014-10-02 23:08 - 2009-07-14 07:13 - 01580554 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-02 15:53 - 2010-11-21 05:27 - 00278152 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-10-01 20:20 - 2012-04-30 16:10 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-10-01 20:20 - 2011-09-20 10:17 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-28 19:07 - 2011-09-20 09:57 - 00000000 ____D () C:\ProgramData\Skype
2014-09-27 15:29 - 2011-12-29 18:41 - 00000000 ____D () C:\Users\Dagrun\AppData\Local\Windows Live
2014-09-24 18:10 - 2014-05-10 17:41 - 00000000 ____D () C:\Users\Dagrun\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
 
Some content of TEMP:
====================
C:\Users\Dagrun\AppData\Local\Temp\9290.exe
C:\Users\Dagrun\AppData\Local\Temp\BackupSetup.exe
C:\Users\Dagrun\AppData\Local\Temp\DataCard_Setup64.exe
C:\Users\Dagrun\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpkdmmnz.dll
C:\Users\Dagrun\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Dagrun\AppData\Local\Temp\jre-7u60-windows-i586-iftw.exe
C:\Users\Dagrun\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\Dagrun\AppData\Local\Temp\jre-7u7-windows-i586-iftw.exe
C:\Users\Dagrun\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
C:\Users\Dagrun\AppData\Local\Temp\ose00000.exe
C:\Users\Dagrun\AppData\Local\Temp\Quarantine.exe
C:\Users\Dagrun\AppData\Local\Temp\ResetDevice.exe
C:\Users\Dagrun\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Dagrun\AppData\Local\Temp\sqlite3.dll
C:\Users\Dagrun\AppData\Local\Temp\vcredist_x64.exe
C:\Users\Dagrun\AppData\Local\Temp\{C1E94155-E3D5-42EF-AA16-1103580C0B69}.exe
C:\Users\Dagrun\AppData\Local\Temp\~SpUnin~.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-10-17 18:08
 
==================== End Of Log ============================
Länk till kommentar
Dela på andra webbplatser

Starta Anteckningar.

Kopiera alla rader i rutan:

GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HomePage: Default -> hxxp://istart.webssearches.com/?type=hp&ts=1396544459&from=tugs&uid=ST9750423AS_5WS2LQCTXXXX5WS2LQCT
CHR StartupUrls: Default -> "hxxp://istart.webssearches.com/?type=hp&ts=1396544459&from=tugs&uid=ST9750423AS_5WS2LQCTXXXX5WS2LQCT"
S3 Momip6t; No ImagePath
Task: {560F2E90-1661-4D65-A2C2-E0D844BAC59D} - System32\Tasks\bench-sys => C:\Program Files (x86)\Bench\Updater\updater.exe [2014-03-27] () <==== ATTENTION
Task: C:\Windows\Tasks\bench-sys.job => C:\Program Files (x86)\Bench\Updater\updater.exe <==== ATTENTION
Task: C:\Windows\Tasks\bench-Updater removing.job => ? <==== ATTENTION
C:\Program Files (x86)\Bench
EmptyTemp:
och klistra in i Anteckningar. Kontrollera att inga filer har delats upp på två rader.

Spara filen på skrivbordet med namnet fixlist.txt.

 

Starta FRST som finns på skrivbordet.

Klicka på knappen Fix.

Vänta tills programmet är klart och datorn startats om.

 

Programmet skapar en logg Fixlog.txt på skrivbordet.

Klistra in innehållet i den i ditt svar.

 

Hur fungerar datorn nu?

Några fler frågor innan jag skriver hur FRST och AdwCleaner ska avinstalleras?

Länk till kommentar
Dela på andra webbplatser

 

Följde instruktionerna till punkt och pricka. Blev fundersam så det verkade ta lång tid på sig, fick köras under natten och fortsätta idag. När jag sedan tittar till datorn står att FRST har slutat fungera så jag stänger ner och provar igen. Samma sak händer fast endast på några minuter.  Startade om datorn för att se om det skulle hjälpa innan jag provade starta FRST för 3:e gången men fick se en fixlog på skrivbordet som jag bifogar här

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 22-10-2014

Ran by Dagrun at 2014-10-24 18:00:03 Run:2

Running from C:\Users\Dagrun\Desktop

Loaded Profiles: UpdatusUser & Dagrun (Available profiles: UpdatusUser & Dagrun)

Boot Mode: Normal

==============================================

 

Content of fixlist:

*****************

GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

CHR HomePage: Default -> hxxp://istart.webssearches.com/?type=hp&ts=1396544459&from=tugs&uid=ST9750423AS_5WS2LQCTXXXX5WS2LQCT

CHR StartupUrls: Default -> "hxxp://istart.webssearches.com/?type=hp&ts=1396544459&from=tugs&uid=ST9750423AS_5WS2LQCTXXXX5WS2LQCT"

S3 Momip6t; No ImagePath

Task: {560F2E90-1661-4D65-A2C2-E0D844BAC59D} - System32\Tasks\bench-sys => C:\Program Files (x86)\Bench\Updater\updater.exe [2014-03-27] () <==== ATTENTION

Task: C:\Windows\Tasks\bench-sys.job => C:\Program Files (x86)\Bench\Updater\updater.exe <==== ATTENTION

Task: C:\Windows\Tasks\bench-Updater removing.job => ? <==== ATTENTION

C:\Program Files (x86)\Bench

EmptyTemp:

*****************

 

"C:\Windows\system32\GroupPolicy\Machine" => File/Directory not found.

Chrome HomePage not detected.

Chrome StartupUrls not detected.

Momip6t => Service not found.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{560F2E90-1661-4D65-A2C2-E0D844BAC59D}" => Key not found.

C:\Windows\System32\Tasks\bench-sys not found.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\bench-sys" => Key not found.

C:\Windows\Tasks\bench-sys.job not found.

C:\Windows\Tasks\bench-Updater removing.job not found.

"C:\Program Files (x86)\Bench" => File/Directory not found.

Länk till kommentar
Dela på andra webbplatser

FRST ser ut som det i alla fall gjort vad det skulle vid något av de tidigare tillfällena eftersom inget av det som den skulle ta bort fanns i datorn.

 

Hur fungerar datorn nu?
Några fler frågor innan jag skriver hur FRST och AdwCleaner ska avinstalleras?

Länk till kommentar
Dela på andra webbplatser

Hittade instruktioner till avinstallering vid en annan tråd så nu är båda FRST och AdwCleaner avinstallerade.
Återigen tack så mycket för hjälpen! 

Länk till kommentar
Dela på andra webbplatser

Arkiverat

Det här ämnet är nu arkiverat och är stängt för ytterligare svar.

×
×
  • Skapa nytt...