Fulprogram i popupfönster

[McAren]

Jag har en stationär dator Dell Optiplex 7010 med Windows 7. Gjorde en gratis nedladdning av Microsoft Picture Manager och fick tydligen med något skräpprogram för det dök upp reklamfönster från både höger, vänster och nedifrån. Läste i PcförAlla nr 6-7 att en rensning med adwcleaner borde hjälpa.

Gjorde som det stod i artikeln och reklamen försvann i Internet Explorer 11 och Google men inte i Firefox. Tog även bort programmet Microsoft Picture Manager.

Har kört adwcleaner 2 ggr till för att försöka rensa även Firefox, men inte lyckats få bort reklamen.

 

Någon som har ett tips?

[Cecilia]

Vi får se på vilket sätt reklamen har bitit sig fast i Firefox med hjälp av ett program som heter FRST. Följ anvisningarna i tråden Till dig med virus eller andra skadliga program i datorn så gott det går.

[McAren]

Jag har en stationär dator Dell Optiplex 7010 med Windows 7. Gjorde en gratis nedladdning av Microsoft Picture Manager och fick tydligen med något skräpprogram för det dök upp reklamfönster från både höger, vänster och nedifrån. Läste i PcförAlla nr 6-7 att en rensning med adwcleaner borde hjälpa.

Gjorde som det stod i artikeln och reklamen försvann i Internet Explorer 11 och Google men inte i Firefox. Tog även bort programmet Microsoft Picture Manager.

Har kört adwcleaner 2 ggr till för att försöka rensa även Firefox, men inte lyckats få bort reklamen.

 

Någon som har ett tips?

Gick in på hänvisningen enligt "För 64-bitars Windows:" http://download.blee...rbar/FRST64.exe

men mitt virusprogram, Norton Internet Security  erhållet genom PcFörAlla, säger att adressen "inte är säker och togs bort"

Gick inte vidare efter detta.

[Cecilia]

Det är falsklarm av Norton. Inaktivera Norton innan du försöker igen.

[McAren]

OK, stängde av Norton ett tag och ladda ner FRST. Resultat enligt nedan:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 30-10-2014

Ran by ARNE (administrator) on ARNE-DATOR_2 on 30-10-2014 15:35:55

Running from C:\Users\ARNE\Desktop

Loaded Profile: ARNE (Available profiles: ARNE & Barbro)

Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Svenska (Sverige)

Internet Explorer Version 11

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

 

==================== Processes (Whitelisted) =================

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe

(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe

(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\nis.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE

(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\nis.exe

(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe

(Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe

(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe

(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE

(MyHeritage) C:\Program Files (x86)\MyHeritage\Bin\FTBCheckUpdates.exe

(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe

(Intel Corporation) C:\Windows\System32\igfxEM.exe

(Intel Corporation) C:\Windows\System32\igfxHK.exe

(Intel Corporation) C:\Windows\System32\igfxTray.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Farbar) C:\Users\ARNE\Desktop\FRST64 (1).exe

 

 

==================== Registry (Whitelisted) ==================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [Family Tree Builder Update] => C:\Program Files (x86)\MyHeritage\Bin\FTBCheckUpdates.exe [2534400 2014-05-14] (MyHeritage)

HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [310064 2014-05-28] (Samsung Electronics Co., Ltd.)

Winlogon\Notify\igfxcui: igfxdev.dll [X]

HKU\S-1-5-21-2560359605-1411122365-2187067780-1000\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe [1563440 2014-05-28] (Samsung)

HKU\S-1-5-21-2560359605-1411122365-2187067780-1000\...\Run: [msnmsgr] => C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [4272840 2014-03-31] (Microsoft Corporation)

Startup: C:\Users\ARNE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Skicka till OneNote.lnk

ShortcutTarget: Skicka till OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)

GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

 

==================== Internet (Whitelisted) ====================

 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

 

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.huvudstadensgolf.se/

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com

HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie

StartMenuInternet: IEXPLORE.EXE - iexplore.exe

SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={sear

BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)

BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)

BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)

BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)

BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)

BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\IPS\IPSBHO.DLL (Symantec Corporation)

BHO-x32: Inloggningshjälp för Microsoft-konto -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)

Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)

Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)

Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

Toolbar: HKCU - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)

Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

 

FireFox:

========

FF ProfilePath: C:\Users\ARNE\AppData\Roaming\Mozilla\Firefox\Profiles\uupm1cne.default

FF DefaultSearchEngine: Norton Safe Search

FF SelectedSearchEngine: Norton Safe Search

FF Homepage: about:home

FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_189.dll ()

FF Plugin: @microsoft.com/GENUINE -> disabled No File

FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_189.dll ()

FF Plugin-x32: @bankid.com/BankID säkerhetsprogram,version=6.0.1.5 -> C:\Program Files (x86)\BankID\npBispBrowser.dll (Finansiell ID-Teknik BID AB)

FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)

FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF Plugin-x32: PDF Architect 2 -> C:\Program Files (x86)\PDF Architect 2\np-previewer.dll (pdfforge GmbH)

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\allaannonser-sv-SE.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\prisjakt-sv-SE.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\tyda-sv-SE.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\wikipedia-sv-SE.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-sv-SE.xml

FF Extension: Framed Display - C:\Users\ARNE\AppData\Roaming\Mozilla\Firefox\Profiles\uupm1cne.default\Extensions\{7012eec1-4f37-42d4-a2cd-26727494d248}.xpi [2014-10-22]

FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.2.0.38\coFFPlgn

FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.2.0.38\coFFPlgn [2014-10-30]

FF StartMenuInternet: FIREFOX.EXE - firefox.exe

 

Chrome: 

=======

CHR HomePage: Default -> hxxp://astromenda.com/?f=1&a=ast_ir_14_43_ch&cd=2XzuyEtN2Y1L1QzuzytD0BtCtC0CzyyBtAyDtCyD0EtBtAyCtN0D0Tzu0StCtDtByCtN1L2XzutAtFyDtFtCtFyEtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StDyD0Ezy0CtDtA0FtGyE0DyCtAtG0E0EyEtAtGyByEtDzztGtAyCtCtDzzzzzz0DtCtDzyyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0A0EtCtD0E0B0BtCtG0FyBzzyDtGyE0AyD0AtGzz0C0BtCtGtByE0A0E0CyByEtCtCtDzyyB2Q&cr=727656275&ir=

CHR StartupUrls: Default -> "hxxp://astromenda.com/?f=7&a=ast_ir_14_43_ch&cd=2XzuyEtN2Y1L1QzuzytD0BtCtC0CzyyBtAyDtCyD0EtBtAyCtN0D0Tzu0StCtDtByCtN1L2XzutAtFyDtFtCtFyEtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StDyD0Ezy0CtDtA0FtGyE0DyCtAtG0E0EyEtAtGyByEtDzztGtAyCtCtDzzzzzz0DtCtDzyyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0A0EtCtD0E0B0BtCtG0FyBzzyDtGyE0AyD0AtGzz0C0BtCtGtByE0A0E0CyByEtCtCtDzyyB2Q&cr=727656275&ir=", "hxxp://rocket-find.com/?f=7&a=rckt_ir_14_28_ie&cd=2XzuyEtN2Y1L1QzuzytD0BtCtC0CzyyBtAyDtCyD0EtBtAyCtN0D0Tzu0SzytByDtN1L2XzutBtFtBtCtFtCyEtFyEtN1L1CzutCyEtBzytDyD1V1RtN1L1G1B1V1N2Y1L1Qzu2SyE0D0CtD0FtB0AtBtGyD0D0FtCtG0FtDtByBtGyD0E0FzytGtC0B0CyD0F0CyEtDtCyD0E0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAzy0CyB0CyE0CyCtGtDtCtB0AtGzy0BzytDtGtCyC0FtAtGtA0DyE0EyEyCtByE0C0F0ByE2Q&cr=1292441813&ir=", "hxxp://www.google.com/"

CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}

CHR Profile: C:\Users\ARNE\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Google Dokument) - C:\Users\ARNE\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-05-13]

CHR Extension: (Google Drive) - C:\Users\ARNE\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-05-13]

CHR Extension: (YouTube) - C:\Users\ARNE\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-05-13]

CHR Extension: (Sök på Google) - C:\Users\ARNE\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-05-13]

CHR Extension: (Norton Identity Safe) - C:\Users\ARNE\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2014-08-27]

CHR Extension: (Framed Display) - C:\Users\ARNE\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhdblnopdjppgkagigdclfmkfhkedpen [2014-10-24]

CHR Extension: (Google Wallet) - C:\Users\ARNE\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-13]

CHR Extension: (Gmail) - C:\Users\ARNE\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-05-13]

 

==================== Services (Whitelisted) =================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2436280 2014-09-25] (Microsoft Corporation)

R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [314696 2014-05-20] (Intel Corporation)

R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\NIS.exe [276376 2014-09-21] (Symantec Corporation)

S3 PDF Architect 2; C:\Program Files (x86)\PDF Architect 2\ws.exe [1716264 2014-04-30] (pdfforge GmbH)

S3 pdfforge CrashHandler; C:\Program Files (x86)\PDF Architect 2\crash-handler-ws.exe [861736 2014-04-30] (pdfforge GmbH)

 

==================== Drivers (Whitelisted) ====================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

R1 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.2.0.38\Definitions\BASHDefs\20141024.001\BHDrvx64.sys [1587416 2014-10-03] (Symantec Corporation)

R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1506000.020\ccSetx64.sys [162392 2014-02-25] (Symantec Corporation)

R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-09-09] (Symantec Corporation)

R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2014-09-09] (Symantec Corporation)

R1 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.2.0.38\Definitions\IPSDefs\20141029.001\IDSvia64.sys [633560 2014-08-30] (Symantec Corporation)

R3 NAVENG; C:\Program Files (x86)\Norton Internet Security\NortonData\21.2.0.38\Definitions\VirusDefs\20141029.021\ENG64.SYS [129752 2014-08-21] (Symantec Corporation)

R3 NAVEX15; C:\Program Files (x86)\Norton Internet Security\NortonData\21.2.0.38\Definitions\VirusDefs\20141029.021\EX64.SYS [2137304 2014-08-21] (Symantec Corporation)

R1 SRTSP; C:\Windows\System32\Drivers\NISx64\1506000.020\SRTSP64.SYS [876248 2014-08-26] (Symantec Corporation)

R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1506000.020\SRTSPX64.SYS [37592 2014-08-26] (Symantec Corporation)

R0 SymDS; C:\Windows\System32\drivers\NISx64\1506000.020\SYMDS64.SYS [493656 2013-10-30] (Symantec Corporation)

R0 SymEFA; C:\Windows\System32\drivers\NISx64\1506000.020\SYMEFA64.SYS [1148120 2014-03-04] (Symantec Corporation)

R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-05-13] (Symantec Corporation)

R1 SymIRON; C:\Windows\system32\drivers\NISx64\1506000.020\Ironx64.SYS [266968 2014-08-06] (Symantec Corporation)

R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1506000.020\SYMNETS.SYS [593112 2014-02-18] (Symantec Corporation)

S3 Tdsshbecr; C:\Windows\System32\DRIVERS\shbecr.sys [50176 2008-09-28] (Todos Data System AB)

 

==================== NetSvcs (Whitelisted) ===================

 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

 

 

==================== One Month Created Files and Folders ========

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2014-10-30 15:35 - 2014-10-30 15:36 - 00016270 _____ () C:\Users\ARNE\Desktop\FRST.txt

2014-10-30 15:35 - 2014-10-30 15:35 - 02113536 _____ (Farbar) C:\Users\ARNE\Downloads\FRST64 (1).exe

2014-10-30 15:35 - 2014-10-30 15:35 - 02113536 _____ (Farbar) C:\Users\ARNE\Desktop\FRST64 (1).exe

2014-10-30 15:35 - 2014-10-30 15:35 - 00000000 ____D () C:\FRST

2014-10-30 15:34 - 2014-10-30 15:34 - 02113536 _____ (Farbar) C:\Users\ARNE\Downloads\FRST64.exe

2014-10-29 17:15 - 2014-10-29 17:15 - 00000000 _____ () C:\Users\ARNE\Downloads\FRST.exe.yjig2ca.partial

2014-10-28 16:11 - 2014-10-28 16:11 - 00000000 ____D () C:\Users\ARNE\Documents\Norton Identity Safe-säkerhetskopior

2014-10-28 15:28 - 2014-10-28 15:28 - 01998336 _____ () C:\Users\ARNE\Downloads\adwcleaner_4.002.exe

2014-10-28 15:28 - 2014-10-28 15:28 - 01998336 _____ () C:\Users\ARNE\Desktop\adwcleaner_4.002.exe

2014-10-24 11:57 - 2014-10-24 11:55 - 00126054 ____T () C:\Users\ARNE\Documents\Bandyfinalen_2015

2014-10-24 09:32 - 2014-10-28 16:20 - 00000000 ____D () C:\AdwCleaner

2014-10-24 09:32 - 2014-10-24 09:32 - 01962496 _____ () C:\Users\ARNE\Downloads\adwcleaner_4.001.exe

2014-10-24 09:12 - 2014-10-24 09:12 - 00000460 __RSH () C:\ProgramData\ntuser.pol

2014-10-23 09:54 - 2014-10-23 09:54 - 00000000 ____D () C:\Windows\system32\appmgmt

2014-10-19 09:12 - 2014-10-19 09:12 - 06958304 _____ (Microsoft Corporation) C:\Users\ARNE\Downloads\Silverlight.exe

2014-10-19 08:51 - 2014-10-19 08:51 - 00000000 ____D () C:\Users\ARNE\AppData\Roaming\0S1P1R2Y1C1P1Q0D1F2W1G1I1F1T1Q

2014-10-19 08:51 - 2014-10-19 08:50 - 06284664 _____ (Microsoft Corporation) C:\Users\ARNE\Downloads\microsoft-silverlight.exe

2014-10-16 08:51 - 2014-10-10 03:05 - 00507392 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll

2014-10-16 08:51 - 2014-10-10 03:05 - 00276480 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll

2014-10-16 08:51 - 2014-10-10 03:00 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll

2014-10-16 08:51 - 2014-09-29 01:58 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2014-10-16 08:51 - 2014-06-18 23:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll

2014-10-16 08:51 - 2014-06-18 23:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll

2014-10-16 08:51 - 2014-06-18 23:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll

2014-10-16 08:51 - 2014-06-18 23:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll

2014-10-16 08:51 - 2014-06-18 23:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll

2014-10-16 08:51 - 2014-06-18 23:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll

2014-10-16 08:50 - 2014-10-07 03:54 - 00378552 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll

2014-10-16 08:50 - 2014-10-07 03:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll

2014-10-16 08:50 - 2014-09-25 23:50 - 13619200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2014-10-16 08:50 - 2014-09-25 23:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll

2014-10-16 08:50 - 2014-09-25 23:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll

2014-10-16 08:50 - 2014-09-25 23:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2014-10-16 08:50 - 2014-09-25 23:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2014-10-16 08:50 - 2014-09-25 23:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2014-10-16 08:50 - 2014-09-25 23:31 - 02108416 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2014-10-16 08:50 - 2014-09-19 03:25 - 23631360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2014-10-16 08:50 - 2014-09-19 02:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2014-10-16 08:50 - 2014-09-19 02:55 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll

2014-10-16 08:50 - 2014-09-19 02:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2014-10-16 08:50 - 2014-09-19 02:41 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2014-10-16 08:50 - 2014-09-19 02:40 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2014-10-16 08:50 - 2014-09-19 02:40 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2014-10-16 08:50 - 2014-09-19 02:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll

2014-10-16 08:50 - 2014-09-19 02:38 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll

2014-10-16 08:50 - 2014-09-19 02:36 - 05829632 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2014-10-16 08:50 - 2014-09-19 02:31 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2014-10-16 08:50 - 2014-09-19 02:30 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2014-10-16 08:50 - 2014-09-19 02:27 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2014-10-16 08:50 - 2014-09-19 02:26 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2014-10-16 08:50 - 2014-09-19 02:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2014-10-16 08:50 - 2014-09-19 02:25 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll

2014-10-16 08:50 - 2014-09-19 02:25 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe

2014-10-16 08:50 - 2014-09-19 02:18 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe

2014-10-16 08:50 - 2014-09-19 02:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2014-10-16 08:50 - 2014-09-19 02:14 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll

2014-10-16 08:50 - 2014-09-19 02:06 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll

2014-10-16 08:50 - 2014-09-19 02:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2014-10-16 08:50 - 2014-09-19 02:01 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll

2014-10-16 08:50 - 2014-09-19 02:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2014-10-16 08:50 - 2014-09-19 02:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll

2014-10-16 08:50 - 2014-09-19 02:00 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2014-10-16 08:50 - 2014-09-19 01:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll

2014-10-16 08:50 - 2014-09-19 01:58 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll

2014-10-16 08:50 - 2014-09-19 01:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2014-10-16 08:50 - 2014-09-19 01:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2014-10-16 08:50 - 2014-09-19 01:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2014-10-16 08:50 - 2014-09-19 01:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2014-10-16 08:50 - 2014-09-19 01:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2014-10-16 08:50 - 2014-09-19 01:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll

2014-10-16 08:50 - 2014-09-19 01:42 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2014-10-16 08:50 - 2014-09-19 01:42 - 00710656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2014-10-16 08:50 - 2014-09-19 01:40 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll

2014-10-16 08:50 - 2014-09-19 01:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll

2014-10-16 08:50 - 2014-09-19 01:33 - 02309632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2014-10-16 08:50 - 2014-09-19 01:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll

2014-10-16 08:50 - 2014-09-19 01:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2014-10-16 08:50 - 2014-09-19 01:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll

2014-10-16 08:50 - 2014-09-19 01:14 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2014-10-16 08:50 - 2014-09-19 00:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2014-10-16 08:50 - 2014-09-19 00:59 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

2014-10-16 08:50 - 2014-09-19 00:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2014-10-16 08:50 - 2014-09-19 00:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

2014-10-16 08:50 - 2014-09-18 03:00 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll

2014-10-16 08:50 - 2014-09-18 02:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll

2014-10-16 08:50 - 2014-09-13 02:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll

2014-10-16 08:50 - 2014-09-13 02:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll

2014-10-16 08:50 - 2014-09-05 03:11 - 06584320 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll

2014-10-16 08:50 - 2014-09-05 02:52 - 05703168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll

2014-10-16 08:50 - 2014-09-04 06:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll

2014-10-16 08:50 - 2014-09-04 06:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll

2014-10-16 08:50 - 2014-08-29 03:07 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll

2014-10-16 08:50 - 2014-07-17 03:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll

2014-10-16 08:50 - 2014-07-17 03:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe

2014-10-16 08:50 - 2014-07-17 03:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll

2014-10-16 08:50 - 2014-07-17 03:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll

2014-10-16 08:50 - 2014-07-17 03:07 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll

2014-10-16 08:50 - 2014-07-17 03:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll

2014-10-16 08:50 - 2014-07-17 02:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll

2014-10-16 08:50 - 2014-07-17 02:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll

2014-10-16 08:50 - 2014-07-17 02:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll

2014-10-16 08:50 - 2014-07-17 02:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys

2014-10-16 08:50 - 2014-07-17 02:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys

2014-10-12 10:02 - 2014-10-12 10:02 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

2014-10-03 08:53 - 2014-10-03 08:53 - 00000000 ____D () C:\Windows\System32\Tasks\Norton Internet Security

2014-10-02 07:02 - 2014-09-25 03:08 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll

2014-10-02 07:02 - 2014-09-25 02:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll

 

==================== One Month Modified Files and Folders =======

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2014-10-30 15:27 - 2014-06-02 16:33 - 00000000 ____D () C:\Users\ARNE\Documents\Outlook-filer

2014-10-30 15:22 - 2014-05-17 15:14 - 00000000 ____D () C:\Users\ARNE\Documents\Eget

2014-10-30 15:19 - 2014-05-13 16:55 - 00000994 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2014-10-30 15:01 - 2014-05-16 20:20 - 00000868 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2014-10-30 14:43 - 2014-05-12 16:18 - 01086018 _____ () C:\Windows\WindowsUpdate.log

2014-10-30 14:43 - 2009-07-14 05:51 - 00069928 _____ () C:\Windows\setupact.log

2014-10-30 10:19 - 2014-05-13 16:55 - 00000990 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2014-10-30 09:10 - 2014-06-06 07:56 - 00005034 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for ARNE-Dator_2-ARNE ARNE-Dator_2

2014-10-30 08:56 - 2009-07-14 05:45 - 00031312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-10-30 08:56 - 2009-07-14 05:45 - 00031312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-10-30 08:53 - 2014-05-13 02:12 - 00663210 _____ () C:\Windows\system32\perfh01D.dat

2014-10-30 08:53 - 2014-05-13 02:12 - 00142010 _____ () C:\Windows\system32\perfc01D.dat

2014-10-30 08:53 - 2009-07-14 06:13 - 01578190 _____ () C:\Windows\system32\PerfStringBackup.INI

2014-10-30 08:49 - 2014-07-13 16:01 - 00000000 ____D () C:\Users\ARNE\Tracing

2014-10-30 08:49 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-10-29 16:52 - 2014-05-13 16:55 - 00002179 _____ () C:\Users\Public\Desktop\Google Chrome.lnk

2014-10-29 10:01 - 2014-05-16 10:19 - 00000665 _____ () C:\Users\ARNE\Desktop\Mässen - Sjödalsgymnasiet Huddinge.website

2014-10-28 16:21 - 2010-11-21 04:47 - 00075412 _____ () C:\Windows\PFRO.log

2014-10-28 09:10 - 2014-05-17 15:14 - 00000000 ____D () C:\Users\ARNE\Documents\Golf

2014-10-27 18:27 - 2014-06-08 21:32 - 00000000 ____D () C:\Users\ARNE\AppData\Local\Microsoft Help

2014-10-24 09:34 - 2014-05-13 14:13 - 00000000 ____D () C:\Program Files\Microsoft Office 15

2014-10-24 07:36 - 2009-07-14 03:34 - 00000505 _____ () C:\Windows\win.ini

2014-10-24 07:33 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\GroupPolicy

2014-10-23 13:25 - 2014-07-05 13:20 - 00000000 ____D () C:\Program Files (x86)\BankID

2014-10-23 09:14 - 2014-05-13 16:55 - 00003990 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA

2014-10-23 09:14 - 2014-05-13 16:55 - 00003738 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

2014-10-22 17:47 - 2014-05-16 13:22 - 00000000 ____D () C:\Users\ARNE\Documents\John

2014-10-22 07:57 - 2014-09-03 09:17 - 00000000 ____D () C:\Users\ARNE\AppData\Local\Adobe

2014-10-22 07:57 - 2014-05-16 20:20 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2014-10-22 07:57 - 2014-05-16 20:20 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2014-10-22 07:57 - 2014-05-16 20:20 - 00003806 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater

2014-10-21 15:06 - 2014-06-29 19:57 - 00000000 ____D () C:\Users\ARNE\AppData\Local\CrashDumps

2014-10-19 08:51 - 2014-05-13 10:17 - 00001139 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk

2014-10-17 12:31 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache

2014-10-17 10:54 - 2009-07-14 05:45 - 00326744 _____ () C:\Windows\system32\FNTCACHE.DAT

2014-10-17 10:53 - 2014-05-13 09:38 - 00000000 ___SD () C:\Windows\system32\CompatTel

2014-10-16 21:02 - 2014-05-13 08:54 - 00000000 ____D () C:\Windows\system32\MRT

2014-10-16 20:59 - 2014-05-13 08:54 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2014-10-15 14:35 - 2014-07-14 19:20 - 00000000 ____D () C:\Users\ARNE\Brf_Västerbacken

2014-10-13 10:20 - 2014-05-13 10:17 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service

2014-10-09 16:18 - 2014-05-28 07:00 - 00000000 ____D () C:\Users\ARNE\Documents\Barbro

2014-10-03 08:48 - 2014-05-13 08:46 - 00003234 _____ () C:\Windows\System32\Tasks\Norton WSC Integration

2014-10-03 08:48 - 2014-05-13 08:46 - 00002501 _____ () C:\Users\Public\Desktop\Norton Internet Security.lnk

2014-10-03 08:48 - 2014-05-13 08:45 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security

2014-10-03 08:48 - 2014-05-13 08:45 - 00000000 ____D () C:\Windows\system32\Drivers\NISx64

 

Some content of TEMP:

====================

C:\Users\ARNE\AppData\Local\Temp\ICReinstall_Microsoft_Office_Picture_Manager_2003_Downloader.exe

C:\Users\ARNE\AppData\Local\Temp\Quarantine.exe

C:\Users\ARNE\AppData\Local\Temp\sqlite3.dll

 

 

==================== Bamital & volsnap Check =================

 

(There is no automatic fix for files that do not pass verification.)

 

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

 

 

LastRegBack: 2014-10-27 11:24

 

==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 30-10-2014

Ran by ARNE at 2014-10-30 15:36:25

Running from C:\Users\ARNE\Desktop

Boot Mode: Normal

==========================================================

 

 

==================== Security Center ========================

 

(If an entry is included in the fixlist, it will be removed.)

 

AV: Norton Internet Security (Enabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}

AS: Norton Internet Security (Enabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FW: Norton Internet Security (Enabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}

 

==================== Installed Programs ======================

 

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 

Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)

Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.189 - Adobe Systems Incorporated)

Adobe Reader XI (11.0.09) - Svenska (HKLM-x32\...\{AC76BA86-7AD7-1053-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)

ArkivDigital online (HKLM-x32\...\ADOnline2) (Version:  - )

BankID säkerhetsprogram (HKLM-x32\...\{4B2557F9-8C03-4BE7-9984-4DE525076580}) (Version: 6.0.1.5 - Finansiell ID-Teknik BID AB)

D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden

Download & Install Packages (HKCU\...\Download & Install Packages) (Version:  - ) <==== ATTENTION

Fotogalleriet (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 38.0.2125.111 - Google Inc.)

Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)

Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden

Google Update Helper (x32 Version: 1.3.25.5 - Google Inc.) Hidden

Handelsbanken kortläsare (HKLM-x32\...\{D4C30AE2-EAFE-4E28-A3BA-7CF7485E23C4}) (Version: 1.00.0000 - Todos Data System AB)

Intel® Network Connections Drivers (HKLM\...\PROSet) (Version: 16.8 - Intel)

Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3621 - Intel Corporation)

iWisoft Free Video Converter 1.2 (HKLM-x32\...\iWisoft Free Video Converter_is1) (Version: 1.2 - www.easy-video-converter.com)

Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden

Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)

Microsoft .NET Framework 4.5.1 (svenska) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1053) (Version: 4.5.50938 - Microsoft Corporation)

Microsoft Office Home and Business 2013 - sv-se (HKLM\...\HomeBusinessRetail - sv-se) (Version: 15.0.4659.1001 - Microsoft Corporation)

Microsoft OneDrive (HKCU\...\OneDriveSetup.exe) (Version: 17.0.4035.0328 - Microsoft Corporation)

Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden

Mozilla Firefox 32.0.3 (x86 sv-SE) (HKLM-x32\...\Mozilla Firefox 32.0.3 (x86 sv-SE)) (Version: 32.0.3 - Mozilla)

Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)

MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden

MyFreeCodec (HKCU\...\MyFreeCodec) (Version:  - )

MyHeritage Family Tree Builder (HKLM-x32\...\Family Tree Builder) (Version: 7.0.0.7138 - MyHeritage.com)

MyPhoneExplorer (HKLM-x32\...\MPE) (Version: 1.8.5 - F.J. Wechselberger)

Norton Internet Security (HKLM-x32\...\NIS) (Version: 21.6.0.32 - Symantec Corporation)

Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4659.1001 - Microsoft Corporation) Hidden

Office 15 Click-to-Run Licensing Component (Version: 15.0.4659.1001 - Microsoft Corporation) Hidden

Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4659.1001 - Microsoft Corporation) Hidden

PDF Architect 2 (HKLM-x32\...\PDF Architect 2) (Version: 2.0.24.16092 - pdfforge GmbH)

PDF Architect 2 View Module (HKLM-x32\...\{46889070-D447-4936-A5D3-246DB972FA2E}) (Version: 2.0.6.16537 - pdfforge GmbH)

PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.3 - pdfforge)

Photo Common (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden

Photo Gallery (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden

Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)

Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.3.14044_16 - Samsung Electronics Co., Ltd.)

Samsung Kies (x32 Version: 2.6.3.14044_16 - Samsung Electronics Co., Ltd.) Hidden

SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.43.0 - SAMSUNG Electronics Co., Ltd.)

Sektionsdata 4.15 (HKLM-x32\...\{2889552C-FAB8-4EC7-B0B9-7B27D4C10D21}) (Version: 4.15.5203.12240 - Wikells Byggberäkningar)

Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)

 

==================== Custom CLSID (selected items): ==========================

 

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

 

CustomCLSID: HKU\S-1-5-21-2560359605-1411122365-2187067780-1000_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)

CustomCLSID: HKU\S-1-5-21-2560359605-1411122365-2187067780-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\ARNE\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-2560359605-1411122365-2187067780-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\ARNE\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-2560359605-1411122365-2187067780-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\ARNE\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-2560359605-1411122365-2187067780-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\ARNE\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-2560359605-1411122365-2187067780-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\ARNE\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\FileSyncApi64.dll (Microsoft Corporation)

 

==================== Restore Points  =========================

 

11-10-2014 15:05:21 Schemalagd kontrollpunkt

16-10-2014 19:59:05 Windows Update

23-10-2014 08:54:28 Removed Microsoft Silverlight

30-10-2014 09:28:02 Schemalagd kontrollpunkt

 

==================== Hosts content: ==========================

 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

 

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

 

==================== Scheduled Tasks (whitelisted) =============

 

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

 

Task: {010922D1-0B77-4E78-9A25-3C29CB9E25B0} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\WSCStub.exe [2014-09-21] (Symantec Corporation)

Task: {058F84BD-ACAA-44B2-AD72-2B4211C4B6E9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-05-13] (Google Inc.)

Task: {3B8D36BE-04FF-4F5C-BA13-0C23EC400D24} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation)

Task: {3BE1ADA4-A87E-4142-904B-4EA879D04226} - System32\Tasks\{AF1096DA-B5AB-4BAC-BF99-8582BE8E70BA} => C:\Program Files (x86)\Samsung\Kies\KiesSilentUpdateAgent.exe [2014-04-30] ()

Task: {67999EC1-AD06-4A59-B07C-98F22BEAB451} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation)

Task: {73C94022-D4B2-4505-A7C5-DC7F800C6FC4} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-10-22] (Adobe Systems Incorporated)

Task: {82612229-2A84-4C29-A83A-BF68FEBA61F7} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-09-25] (Microsoft Corporation)

Task: {933DC5B3-E6D5-44B3-9FD2-E88B33C26B55} - System32\Tasks\Microsoft Office 15 Sync Maintenance for ARNE-Dator_2-ARNE ARNE-Dator_2 => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2014-09-16] (Microsoft Corporation)

Task: {9DF79881-99D8-4FCC-8BF0-10A35D8E599E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-05-13] (Google Inc.)

Task: {AD9BAD33-1E51-4F73-B864-8B96DED15DA3} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

 

==================== Loaded Modules (whitelisted) =============

 

2014-05-13 14:13 - 2014-05-20 08:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll

2014-09-23 16:38 - 2014-09-23 16:38 - 00316576 _____ () C:\Program Files\Microsoft Office 15\root\office15\AppVIsvStream32.dll

2014-10-29 16:51 - 2014-10-22 05:04 - 01042760 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\libglesv2.dll

2014-10-29 16:51 - 2014-10-22 05:04 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\libegl.dll

2014-10-29 16:51 - 2014-10-22 05:04 - 08910664 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\pdf.dll

2014-10-29 16:51 - 2014-10-22 05:04 - 01681224 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\ffmpegsumo.dll

2014-10-29 16:51 - 2014-10-22 05:05 - 14902600 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\PepperFlash\pepflashplayer.dll

 

==================== Alternate Data Streams (whitelisted) =========

 

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

 

 

==================== Safe Mode (whitelisted) ===================

 

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

 

 

==================== EXE Association (whitelisted) =============

 

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

 

 

==================== MSCONFIG/TASK MANAGER disabled items =========

 

(Currently there is no automatic fix for this section.)

 

 

========================= Accounts: ==========================

 

Administratör (S-1-5-21-2560359605-1411122365-2187067780-500 - Administrator - Disabled)

ARNE (S-1-5-21-2560359605-1411122365-2187067780-1000 - Administrator - Enabled) => C:\Users\ARNE

Barbro (S-1-5-21-2560359605-1411122365-2187067780-1001 - Limited - Enabled) => C:\Users\Barbro

Gäst (S-1-5-21-2560359605-1411122365-2187067780-501 - Limited - Disabled)

 

==================== Faulty Device Manager Devices =============

 

Name: USB-styrenhet (Universal Serial Bus)

Description: USB-styrenhet (Universal Serial Bus)

Class Guid: 

Manufacturer: 

Service: 

Problem: : The drivers for this device are not installed. (Code 28)

Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

 

Name: Teredo Tunneling Pseudo-Interface

Description: Microsoft Teredo Tunneling Adapter

Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}

Manufacturer: Microsoft

Service: tunnel

Problem: : This device cannot start. (Code10)

Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.

On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

 

 

==================== Event log errors: =========================

 

Application errors:

==================

Error: (10/30/2014 08:51:16 AM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (10/28/2014 04:22:57 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (10/28/2014 03:32:25 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (10/28/2014 08:31:36 AM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (10/27/2014 09:06:08 AM) (Source: Windows Backup) (EventID: 4103) (User: )

Description: Säkerhetskopieringen misslyckades eftersom det uppstod ett fel vid skrivning till säkerhetskopieringsplatsen F:\. Felet är: Den senaste säkerhetskopian misslyckades eftersom platsen för säkerhetskopian har ett skadat filsystem. (0x81000008).

 

Error: (10/27/2014 08:57:52 AM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (10/25/2014 02:48:00 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (10/24/2014 09:37:26 AM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (10/24/2014 09:34:52 AM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (10/24/2014 07:33:30 AM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

 

System errors:

=============

Error: (10/30/2014 02:43:19 PM) (Source: Disk) (EventID: 11) (User: )

Description: Drivrutinen hittade ett styrenhetsfel på \Device\Harddisk2\DR2.

 

Error: (10/30/2014 01:45:50 PM) (Source: Disk) (EventID: 11) (User: )

Description: Drivrutinen hittade ett styrenhetsfel på \Device\Harddisk2\DR2.

 

Error: (10/29/2014 08:59:36 PM) (Source: Disk) (EventID: 11) (User: )

Description: Drivrutinen hittade ett styrenhetsfel på \Device\Harddisk2\DR2.

 

Error: (10/29/2014 04:50:26 PM) (Source: Disk) (EventID: 11) (User: )

Description: Drivrutinen hittade ett styrenhetsfel på \Device\Harddisk2\DR2.

 

Error: (10/28/2014 06:20:02 PM) (Source: Disk) (EventID: 11) (User: )

Description: Drivrutinen hittade ett styrenhetsfel på \Device\Harddisk2\DR2.

 

Error: (10/28/2014 03:29:41 PM) (Source: Service Control Manager) (EventID: 7031) (User: )

Description: Tjänsten Windows Media Player Network Sharing Service avslutades oväntat. Den har gjort detta 1 gång(er). Följande åtgärd kommer att utföras om 30000 millisekunder: Starta om tjänsten.

 

Error: (10/28/2014 03:29:41 PM) (Source: Service Control Manager) (EventID: 7031) (User: )

Description: Tjänsten Windows Presentation Foundation Font Cache 3.0.0.0 avslutades oväntat. Den har gjort detta 1 gång(er). Följande åtgärd kommer att utföras om 0 millisekunder: Starta om tjänsten.

 

Error: (10/28/2014 03:29:41 PM) (Source: Service Control Manager) (EventID: 7031) (User: )

Description: Tjänsten Windows Search avslutades oväntat. Den har gjort detta 1 gång(er). Följande åtgärd kommer att utföras om 30000 millisekunder: Starta om tjänsten.

 

Error: (10/28/2014 03:29:41 PM) (Source: Service Control Manager) (EventID: 7031) (User: )

Description: Tjänsten Windows Live ID Sign-in Assistant avslutades oväntat. Den har gjort detta 1 gång(er). Följande åtgärd kommer att utföras om 10000 millisekunder: Starta om tjänsten.

 

Error: (10/28/2014 03:29:41 PM) (Source: Service Control Manager) (EventID: 7031) (User: )

Description: Tjänsten Microsoft Office-tjänsten Klicka-och-Kör avslutades oväntat. Den har gjort detta 1 gång(er). Följande åtgärd kommer att utföras om 0 millisekunder: Starta om tjänsten.

 

 

Microsoft Office Sessions:

=========================

Error: (10/30/2014 08:51:16 AM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (10/28/2014 04:22:57 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (10/28/2014 03:32:25 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (10/28/2014 08:31:36 AM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (10/27/2014 09:06:08 AM) (Source: Windows Backup) (EventID: 4103) (User: )

Description: F:\Den senaste säkerhetskopian misslyckades eftersom platsen för säkerhetskopian har ett skadat filsystem. (0x81000008)

 

Error: (10/27/2014 08:57:52 AM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (10/25/2014 02:48:00 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (10/24/2014 09:37:26 AM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (10/24/2014 09:34:52 AM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (10/24/2014 07:33:30 AM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

 

==================== Memory info =========================== 

 

Processor: Intel® Core i7-3770S CPU @ 3.10GHz

Percentage of memory in use: 18%

Total physical RAM: 16270.55 MB

Available physical RAM: 13260.72 MB

Total Pagefile: 32539.27 MB

Available Pagefile: 28987.66 MB

Total Virtual: 8192 MB

Available Virtual: 8191.82 MB

 

==================== Drives ================================

 

Drive c: () (Fixed) (Total:465.66 GB) (Free:392.74 GB) NTFS

Drive e: (FreeAgent Drive) (Fixed) (Total:232.88 GB) (Free:166.15 GB) NTFS

Drive f: (Iomega HDD) (Fixed) (Total:1397.26 GB) (Free:1139.78 GB) NTFS

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 77DE159A)

Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)

 

========================================================

Disk: 1 (Size: 232.9 GB) (Disk ID: A4B57300)

Partition 1: (Not Active) - (Size=232.9 GB) - (Type=07 NTFS)

 

==================== End Of Log ============================

 

Själv förstår jag ingenting av detta förstås!

 

Tacksam för ytterligare hjälp.

[Cecilia]

Chrome verkar inte riktigt normal heller.

 

1. Starta programmet Anteckningar.

Kopiera alla rader i rutan:

GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
FF Extension: Framed Display - C:\Users\ARNE\AppData\Roaming\Mozilla\Firefox\Profiles\uupm1cne.default\Extensions\{7012eec1-4f37-42d4-a2cd-26727494d248}.xpi [2014-10-22]
CHR HomePage: Default -> hxxp://astromenda.com/?f=1&a=ast_ir_14_43_ch&cd=2XzuyEtN2Y1L1QzuzytD0BtCtC0CzyyBtAyDtCyD0EtBtAyCtN0D0Tzu0StCtDtByCtN1L2XzutAtFyDtFtCtFyEtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StDyD0Ezy0CtDtA0FtGyE0DyCtAtG0E0EyEtAtGyByEtDzztGtAyCtCtDzzzzzz0DtCtDzyyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0A0EtCtD0E0B0BtCtG0FyBzzyDtGyE0AyD0AtGzz0C0BtCtGtByE0A0E0CyByEtCtCtDzyyB2Q&cr=727656275&ir=
CHR StartupUrls: Default -> "hxxp://astromenda.com/?f=7&a=ast_ir_14_43_ch&cd=2XzuyEtN2Y1L1QzuzytD0BtCtC0CzyyBtAyDtCyD0EtBtAyCtN0D0Tzu0StCtDtByCtN1L2XzutAtFyDtFtCtFyEtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StDyD0Ezy0CtDtA0FtGyE0DyCtAtG0E0EyEtAtGyByEtDzztGtAyCtCtDzzzzzz0DtCtDzyyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0A0EtCtD0E0B0BtCtG0FyBzzyDtGyE0AyD0AtGzz0C0BtCtGtByE0A0E0CyByEtCtCtDzyyB2Q&cr=727656275&ir=", "hxxp://rocket-find.com/?f=7&a=rckt_ir_14_28_ie&cd=2XzuyEtN2Y1L1QzuzytD0BtCtC0CzyyBtAyDtCyD0EtBtAyCtN0D0Tzu0SzytByDtN1L2XzutBtFtBtCtFtCyEtFyEtN1L1CzutCyEtBzytDyD1V1RtN1L1G1B1V1N2Y1L1Qzu2SyE0D0CtD0FtB0AtBtGyD0D0FtCtG0FtDtByBtGyD0E0FzytGtC0B0CyD0F0CyEtDtCyD0E0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAzy0CyB0CyE0CyCtGtDtCtB0AtGzy0BzytDtGtCyC0FtAtGtA0DyE0EyEyCtByE0C0F0ByE2Q&cr=1292441813&ir=", "hxxp://www.google.com/"
CHR Extension: (Framed Display) - C:\Users\ARNE\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhdblnopdjppgkagigdclfmkfhkedpen [2014-10-24]

och klistra in i Anteckningar. Kontrollera att inga filer har delats upp på två rader.

Spara filen på skrivbordet med namnet fixlist.txt.

 

Starta FRST som finns på skrivbordet.

Klicka på knappen Fix.

Vänta tills programmet är klart.

 

Programmet skapar en logg Fixlog.txt på skrivbordet.

Klistra in innehållet i den i ditt svar.

 

2. Skanna datorn online på http://www.eset.com/onlinescan/ och använd helst Internet Explorer till det.

För att inte skannern ska ta för lång tid på sig stäng av ditt antivirusprogram under tiden.

 

Välj alternativet Enable detection of potentially unwanted applications.

 

Klicka på Advanced Settings.

Ta bort bocken framför Remove found threats.

Bocka för:

Scan Archives

Scan for potentially unsafe applications

Enable Anti-Stealth Technology

 

Klicka på Start

 

När skanningen är klar klicka på List of found threats, följt av Export to a text file. Spara till en fil på skrivbordet, öppna filen, kopiera resultatet och klistra sedan in det i ditt svar.

[McAren]

Det här fungerar inte. Kopierade all text i rutan till Anteckningar och sparade på skrivbordet. Sen fanns inte FRST kvar på skrivbordet sedan tidigare eller ens i datorn verkar det som.

Har avaktiverat Norton Internet Security igen och försökt spara FRST på skrivbordet igen, med varningar om att använda programmet. När jag sen startar FRST och klickar på Fix får jag beskedet att: "No fixlist.txt found. The fixlist.txt should be in the same folder/directory the tool is located"

Jaha, men båda ligger ju på skrivbordet??? Väldigt konstigt. Kom inte lägre.

[Cecilia]

Ja, det var underligt för det ska gå bra när båda är på skrivbordet.

 

Kolla att filen du sparade verkligen heter fixlist.txt och inte fixlist.txt.txt.

Om du inte brukar se filändelser på dina filer ska du inte se det på fixlist.txt heller.

 

Om det inte hjälper kan vi ta ett annat program.

Spara OTL på Skrivbordet: http://oldtimer.geekstogo.com/OTL.exe
Stäng alla program.
Kör OTL.

Under Output högt upp så välj Minimal Output.
Tryck på Run Scan och låt programmet köra ostört.

När det är klart så skapas två loggfiler på Skrivbordet, OTL.txt och Extras.txt. I ditt svar klistrar du in loggen OTL.txt. Medan du bifogar Extras.txt som en fil och då får du klicka på knappen "Använd fullständig editor" för att se hur du bifogar filer.

[McAren]

Ja, det var underligt för det ska gå bra när båda är på skrivbordet.

 

Kolla att filen du sparade verkligen heter fixlist.txt och inte fixlist.txt.txt.

Om du inte brukar se filändelser på dina filer ska du inte se det på fixlist.txt heller.

 

Om det inte hjälper kan vi ta ett annat program.

Spara OTL på Skrivbordet: http://oldtimer.geekstogo.com/OTL.exe

Stäng alla program.

Kör OTL.

 

Under Output högt upp så välj Minimal Output.

Tryck på Run Scan och låt programmet köra ostört.

 

När det är klart så skapas två loggfiler på Skrivbordet, OTL.txt och Extras.txt. I ditt svar klistrar du in loggen OTL.txt. Medan du bifogar Extras.txt som en fil och då får du klicka på knappen "Använd fullständig editor" för att se hur du bifogar filer.

Tack! Det gick mycket lättare med oldtimer. Jag verkar ha någon annan inställning som inte med automatik skapar *.txt-filerna på skrivbordet, men jag sparade dem på skrivbordet. OTL.txt är väldigt lång.

OTL logfile created on: 2014-11-05 13:35:53 - Run 1

OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\ARNE\Downloads

64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.11.9600.17358)

Locale: 0000041d | Country: Sverige | Language: SVE | Date Format: yyyy-MM-dd

 

15,89 Gb Total Physical Memory | 14,08 Gb Available Physical Memory | 88,63% Memory free

31,78 Gb Paging File | 29,56 Gb Available in Paging File | 93,02% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 465,66 Gb Total Space | 391,55 Gb Free Space | 84,09% Space Free | Partition Type: NTFS

Drive E: | 232,88 Gb Total Space | 166,15 Gb Free Space | 71,34% Space Free | Partition Type: NTFS

Drive F: | 1397,26 Gb Total Space | 1139,78 Gb Free Space | 81,57% Space Free | Partition Type: NTFS

 

Computer Name: ARNE-DATOR_2 | User Name: ARNE | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Processes (SafeList) ==========

 

PRC - C:\Users\ARNE\Downloads\OTL.exe (OldTimer Tools)

PRC - C:\Program\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)

PRC - C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\NIS.exe (Symantec Corporation)

PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)

PRC - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)

PRC - C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung)

PRC - C:\Program Files (x86)\MyHeritage\Bin\FTBCheckUpdates.exe (MyHeritage)

 

 

========== Modules (No Company Name) ==========

 

MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\3646375313dd2b8e3afecbf945960336\PresentationFramework.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\006d28e7c86f3e70db90ce06ea2f33fb\PresentationCore.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\db563d596d76daed04e9b5d25b2f4cb9\System.Windows.Forms.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\7147fa233a070283dba824da40089bf1\System.Xml.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\691c1ad89d16f49d80e84fa06a79089a\System.Core.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\8b133e0d94535a7534719f70873ca7fe\System.Xaml.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\94bbd298ec8575f3c6151a59538a109c\WindowsBase.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\b4c08872c259018b17b2801da33ac80f\System.Drawing.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runt73a1fc9d#\54565a827b0e5a6f78e93e2ae06dd0e4\System.Runtime.Remoting.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\17a393b77ae757f0768501fb95ff5af6\System.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\0648dbecb7e3fb9523565107e04a5caf\System.Configuration.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Serv759bfb78#\902843918d037f5f3511d679bf1e2216\System.ServiceProcess.ni.dll ()

MOD - C:\Program\Microsoft Office 15\root\office15\appvisvstream32.dll ()

MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\ce5f61c5754789df97be8dc991c47d07\mscorlib.ni.dll ()

 

 

========== Services (SafeList) ==========

 

SRV:64bit: - (ClickToRunSvc) -- C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe (Microsoft Corporation)

SRV:64bit: - (IEEtwCollectorService) -- C:\Windows\SysNative\IEEtwCollector.exe (Microsoft Corporation)

SRV:64bit: - (igfxCUIService1.0.0.0) -- C:\Windows\SysNative\igfxCUIService.exe (Intel Corporation)

SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)

SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)

SRV - (NIS) -- C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\NIS.exe (Symantec Corporation)

SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)

SRV - (osppsvc) -- C:\Program\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)

SRV - (cphs) -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe (Intel Corporation)

SRV - (PDF Architect 2) -- C:\Program Files (x86)\PDF Architect 2\ws.exe (pdfforge GmbH)

SRV - (pdfforge CrashHandler) -- C:\Program Files (x86)\PDF Architect 2\crash-handler-ws.exe (pdfforge GmbH)

SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)

SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)

SRV - (wlidsvc) -- C:\Program\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)

 

 

========== Driver Services (SafeList) ==========

 

DRV:64bit: - (SRTSP) -- C:\Windows\SysNative\drivers\NISx64\1506000.020\srtsp64.sys (Symantec Corporation)

DRV:64bit: - (SRTSPX) -- C:\Windows\SysNative\drivers\NISx64\1506000.020\srtspx64.sys (Symantec Corporation)

DRV:64bit: - (SymIRON) -- C:\Windows\SysNative\drivers\NISx64\1506000.020\ironx64.sys (Symantec Corporation)

DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)

DRV:64bit: - (SymEvent) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS (Symantec Corporation)

DRV:64bit: - (ssudmdm) -- C:\Windows\SysNative\drivers\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr))

DRV:64bit: - (dg_ssudbus) -- C:\Windows\SysNative\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr))

DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)

DRV:64bit: - (SymEFA) -- C:\Windows\SysNative\drivers\NISx64\1506000.020\symefa64.sys (Symantec Corporation)

DRV:64bit: - (ccSet_NIS) -- C:\Windows\SysNative\drivers\NISx64\1506000.020\ccsetx64.sys (Symantec Corporation)

DRV:64bit: - (SymNetS) -- C:\Windows\SysNative\drivers\NISx64\1506000.020\symnets.sys (Symantec Corporation)

DRV:64bit: - (SymDS) -- C:\Windows\SysNative\drivers\NISx64\1506000.020\symds64.sys (Symantec Corporation)

DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)

DRV:64bit: - (BrUsbSIb) -- C:\Windows\SysNative\drivers\BrUsbSib.sys (Brother Industries Ltd.)

DRV:64bit: - (BrSerIb) -- C:\Windows\SysNative\drivers\BrSerIb.sys (Brother Industries Ltd.)

DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)

DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)

DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)

DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)

DRV:64bit: - (e1cexpress) -- C:\Windows\SysNative\drivers\e1c62x64.sys (Intel Corporation)

DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)

DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)

DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\drivers\dmvsc.sys (Microsoft Corporation)

DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)

DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation)

DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation)

DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)

DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)

DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)

DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)

DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)

DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)

DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)

DRV:64bit: - (Tdsshbecr) -- C:\Windows\SysNative\drivers\shbecr.sys (Todos Data System AB)

DRV - (BHDrvx64) -- C:\Program Files (x86)\Norton Internet Security\NortonData\21.2.0.38\Definitions\BASHDefs\20141030.001\BHDrvx64.sys (Symantec Corporation)

DRV - (eeCtrl) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (Symantec Corporation)

DRV - (EraserUtilRebootDrv) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)

DRV - (IDSVia64) -- C:\Program Files (x86)\Norton Internet Security\NortonData\21.2.0.38\Definitions\IPSDefs\20141104.001\IDSvia64.sys (Symantec Corporation)

DRV - (NAVEX15) -- C:\Program Files (x86)\Norton Internet Security\NortonData\21.2.0.38\Definitions\VirusDefs\20141104.020\EX64.SYS (Symantec Corporation)

DRV - (NAVENG) -- C:\Program Files (x86)\Norton Internet Security\NortonData\21.2.0.38\Definitions\VirusDefs\20141104.020\ENG64.SYS (Symantec Corporation)

DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.huvudstadensgolf.se/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\..\SearchScopes,DefaultScope = 

IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searcymantec Shared\EENGINE\eeCtrl64.sys

IE - HKCU\..\SearchScopes\{FD43D288-A58A-429A-BC59-0FFE03042B09}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

========== FireFox ==========

 

FF - prefs.js..browser.search.defaultenginename: "Norton Safe Search"

FF - prefs.js..browser.search.selectedEngine: "Norton Safe Search"

FF - prefs.js..browser.startup.homepage: "about:home"

FF - prefs.js..extensions.enabledAddons: %7B2D3F3651-74B9-4795-BDEC-6DA2F431CB62%7D:2014.7.9.8

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:32.0.3

FF - user.js - File not found

 

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_189.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_189.dll ()

FF - HKLM\Software\MozillaPlugins\@bankid.com/BankID säkerhetsprogram,version=6.0.1.5: C:\Program Files (x86)\BankID\npBispBrowser.dll (Finansiell ID-Teknik BID AB)

FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3528.0331: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKLM\Software\MozillaPlugins\PDF Architect 2: C:\Program Files (x86)\PDF Architect 2\np-previewer.dll (pdfforge GmbH)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.2.0.38\coFFPlgn\ [2014-11-05 12:15:35 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 32.0.3\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 32.0.3\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 32.0.3\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 32.0.3\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

 

[2014-05-13 10:17:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ARNE\AppData\Roaming\mozilla\Extensions

[2014-11-04 19:08:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ARNE\AppData\Roaming\mozilla\Firefox\Profiles\uupm1cne.default\extensions

[2014-10-12 10:02:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions

[2014-10-12 10:02:53 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

[2014-11-05 12:15:35 | 000,000,000 | ---D | M] (Norton Toolbar) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.2.0.38\COFFPLGN

 

========== Chrome  ==========

 

CHR - default_search_provider:  (Enabled)

CHR - default_search_provider: search_url = 

CHR - default_search_provider: suggest_url = 

CHR - plugin: Error reading preferences file

CHR - Extension: No name found = C:\Users\ARNE\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\

CHR - Extension: No name found = C:\Users\ARNE\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\

CHR - Extension: No name found = C:\Users\ARNE\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\

CHR - Extension: No name found = C:\Users\ARNE\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\

CHR - Extension: No name found = C:\Users\ARNE\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif\1.0.5_0\

CHR - Extension: No name found = C:\Users\ARNE\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2014.7.9.14_0\

CHR - Extension: No name found = C:\Users\ARNE\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\

CHR - Extension: No name found = C:\Users\ARNE\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfhldcakmgpmglboaclpfdedehjblalp\5.0.94.1_0\

CHR - Extension: No name found = C:\Users\ARNE\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

 

O1 HOSTS File: ([2009-06-10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O2:64bit: - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ochelper.dll (Microsoft Corporation)

O2:64bit: - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)

O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\urlredir.dll (Microsoft Corporation)

O2:64bit: - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\grooveex.dll (Microsoft Corporation)

O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)

O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\IPS\IPSBHO.DLL (Symantec Corporation)

O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program\Microsoft Office 15\root\office15\urlredir.dll (Microsoft Corporation)

O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O3:64bit: - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)

O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)

O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)

O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)

O4 - HKLM..\Run: [Family Tree Builder Update] C:\Program Files (x86)\MyHeritage\Bin\FTBCheckUpdates.exe (MyHeritage)

O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)

O4 - HKCU..\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung)

O4 - Startup: C:\Users\ARNE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Skicka till OneNote.lnk = C:\Program\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found

O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation)

O8:64bit: - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation)

O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)

O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation)

O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation)

O9:64bit: - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\onbttnie.dll (Microsoft Corporation)

O9:64bit: - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\onbttnie.dll (Microsoft Corporation)

O9:64bit: - Extra Button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ochelper.dll (Microsoft Corporation)

O9:64bit: - Extra 'Tools' menuitem : Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ochelper.dll (Microsoft Corporation)

O9:64bit: - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\onbttnielinkednotes.dll (Microsoft Corporation)

O9:64bit: - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\onbttnielinkednotes.dll (Microsoft Corporation)

O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program\Microsoft Office 15\root\office15\onbttnie.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program\Microsoft Office 15\root\office15\onbttnie.dll (Microsoft Corporation)

O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program\Microsoft Office 15\root\office15\onbttnielinkednotes.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program\Microsoft Office 15\root\office15\onbttnielinkednotes.dll (Microsoft Corporation)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{050BF13B-8283-46D1-A1A3-76379293A353}: DhcpNameServer = 192.168.1.1

O18:64bit: - Protocol\Handler\livecall - No CLSID value found

O18:64bit: - Protocol\Handler\msnim - No CLSID value found

O18:64bit: - Protocol\Handler\osf - No CLSID value found

O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found

O18:64bit: - Protocol\Handler\wlpg - No CLSID value found

O18 - Protocol\Handler\osf {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program\Microsoft Office 15\root\office15\MSOSB.DLL (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)

O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) -  File not found

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

 

========== Files/Folders - Created Within 30 Days ==========

 

[2014-11-04 19:07:57 | 002,114,560 | ---- | C] (Farbar) -- C:\Users\ARNE\Desktop\FRST64 (1).exe

[2014-10-30 15:35:52 | 000,000,000 | ---D | C] -- C:\FRST

[2014-10-28 16:11:05 | 000,000,000 | ---D | C] -- C:\Users\ARNE\Documents\Norton Identity Safe-säkerhetskopior

[2014-10-24 09:32:33 | 000,000,000 | ---D | C] -- C:\AdwCleaner

[2014-10-23 09:54:45 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt

[2014-10-19 08:51:30 | 000,000,000 | ---D | C] -- C:\Users\ARNE\AppData\Roaming\0S1P1R2Y1C1P1Q0D1F2W1G1I1F1T1Q

[2014-10-16 08:51:04 | 001,943,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dfshim.dll

[2014-10-16 08:51:04 | 001,131,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dfshim.dll

[2014-10-16 08:51:04 | 000,156,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mscorier.dll

[2014-10-16 08:51:04 | 000,156,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mscorier.dll

[2014-10-16 08:51:04 | 000,081,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mscories.dll

[2014-10-16 08:51:04 | 000,073,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mscories.dll

[2014-10-16 08:51:00 | 000,507,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aepdu.dll

[2014-10-16 08:51:00 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aeinv.dll

[2014-10-16 08:51:00 | 000,276,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\generaltel.dll

[2014-10-16 08:50:59 | 000,597,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll

[2014-10-16 08:50:59 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll

[2014-10-16 08:50:59 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll

[2014-10-16 08:50:59 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll

[2014-10-16 08:50:58 | 002,017,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl

[2014-10-16 08:50:58 | 000,710,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe

[2014-10-16 08:50:58 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll

[2014-10-16 08:50:58 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll

[2014-10-16 08:50:58 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll

[2014-10-16 08:50:58 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll

[2014-10-16 08:50:58 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll

[2014-10-16 08:50:57 | 000,731,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll

[2014-10-16 08:50:57 | 000,446,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll

[2014-10-16 08:50:57 | 000,440,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll

[2014-10-16 08:50:57 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe

[2014-10-16 08:50:57 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll

[2014-10-16 08:50:56 | 002,108,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl

[2014-10-16 08:50:56 | 001,068,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll

[2014-10-16 08:50:56 | 000,678,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll

[2014-10-16 08:50:56 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll

[2014-10-16 08:50:56 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe

[2014-10-16 08:50:56 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll

[2014-10-16 08:50:56 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MshtmlDac.dll

[2014-10-16 08:50:55 | 005,829,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll

[2014-10-16 08:50:55 | 001,249,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll

[2014-10-16 08:50:55 | 000,758,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll

[2014-10-16 08:50:55 | 000,595,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll

[2014-10-16 08:50:55 | 000,547,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll

[2014-10-16 08:50:55 | 000,289,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll

[2014-10-16 08:50:55 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe

[2014-10-16 08:50:55 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll

[2014-10-16 08:50:54 | 000,940,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe

[2014-10-16 08:50:54 | 000,775,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll

[2014-10-16 08:50:54 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll

[2014-10-16 08:50:54 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MshtmlDac.dll

[2014-10-16 08:50:40 | 003,241,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msi.dll

[2014-10-16 08:50:36 | 003,179,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorets.dll

[2014-10-16 08:50:33 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rastls.dll

[2014-10-16 08:50:33 | 000,372,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rastls.dll

[2014-10-16 08:50:30 | 000,455,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winlogon.exe

[2014-10-16 08:50:30 | 000,235,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsta.dll

[2014-10-16 08:50:30 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll

[2014-10-16 08:50:26 | 006,584,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll

[2014-10-16 08:50:26 | 005,703,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll

[2014-10-16 08:50:25 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\packager.dll

[2014-10-16 08:50:25 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\packager.dll

[2014-10-12 10:02:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox

 

========== Files - Modified Within 30 Days ==========

 

[2014-11-05 13:35:23 | 000,001,058 | ---- | M] () -- C:\Users\ARNE\Desktop\OTL - genväg.lnk

[2014-11-05 13:19:00 | 000,000,994 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2014-11-05 13:10:47 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2014-11-05 13:10:47 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2014-11-05 12:22:41 | 000,031,312 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2014-11-05 12:22:41 | 000,031,312 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2014-11-05 12:22:38 | 000,000,665 | ---- | M] () -- C:\Users\ARNE\Desktop\Mässen - Sjödalsgymnasiet Huddinge.website

[2014-11-05 12:21:50 | 000,000,990 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2014-11-05 12:19:43 | 001,578,190 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2014-11-05 12:19:43 | 000,663,210 | ---- | M] () -- C:\Windows\SysNative\perfh01D.dat

[2014-11-05 12:19:43 | 000,653,662 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2014-11-05 12:19:43 | 000,142,010 | ---- | M] () -- C:\Windows\SysNative\perfc01D.dat

[2014-11-05 12:19:43 | 000,121,534 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2014-11-05 12:15:30 | 4205,744,126 | -HS- | M] () -- C:\hiberfil.sys

[2014-11-04 19:10:24 | 000,000,824 | ---- | M] () -- C:\Users\ARNE\Desktop\Fixlog - genväg.lnk

[2014-11-04 19:10:04 | 000,000,854 | ---- | M] () -- C:\Users\ARNE\Desktop\FRST64 (1) - genväg.lnk

[2014-11-04 19:09:14 | 000,000,008 | RHS- | M] () -- C:\ProgramData\ntuser.pol

[2014-11-04 19:07:10 | 002,114,560 | ---- | M] (Farbar) -- C:\Users\ARNE\Desktop\FRST64 (1).exe

[2014-11-03 22:25:41 | 000,001,103 | ---- | M] () -- C:\Users\ARNE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Skicka till OneNote.lnk

[2014-10-29 16:52:01 | 000,002,179 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk

[2014-10-28 15:28:05 | 001,998,336 | ---- | M] () -- C:\Users\ARNE\Desktop\adwcleaner_4.002.exe

[2014-10-24 11:55:47 | 000,126,054 | ---- | M] () -- C:\Users\ARNE\Documents\Bandyfinalen_2015

[2014-10-22 07:57:17 | 000,701,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe

[2014-10-22 07:57:17 | 000,071,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

[2014-10-19 08:51:36 | 000,001,139 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk

[2014-10-17 10:54:06 | 000,326,744 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2014-10-10 03:05:59 | 000,276,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\generaltel.dll

[2014-10-10 03:05:42 | 000,507,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\aepdu.dll

[2014-10-10 03:00:38 | 000,424,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\aeinv.dll

 

========== Files Created - No Company Name ==========

 

[2014-11-05 13:35:23 | 000,001,058 | ---- | C] () -- C:\Users\ARNE\Desktop\OTL - genväg.lnk

[2014-11-04 19:10:24 | 000,000,824 | ---- | C] () -- C:\Users\ARNE\Desktop\Fixlog - genväg.lnk

[2014-11-04 19:10:04 | 000,000,854 | ---- | C] () -- C:\Users\ARNE\Desktop\FRST64 (1) - genväg.lnk

[2014-10-28 15:28:29 | 001,998,336 | ---- | C] () -- C:\Users\ARNE\Desktop\adwcleaner_4.002.exe

[2014-10-24 11:57:46 | 000,126,054 | ---- | C] () -- C:\Users\ARNE\Documents\Bandyfinalen_2015

[2014-10-24 09:12:18 | 000,000,008 | RHS- | C] () -- C:\ProgramData\ntuser.pol

[2014-07-13 13:28:59 | 000,004,608 | ---- | C] () -- C:\Users\ARNE\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2014-07-06 13:17:51 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll

[2014-06-19 19:06:18 | 000,454,656 | ---- | C] () -- C:\Windows\SysWow64\PaintX.dll

[2014-05-20 23:33:38 | 000,348,088 | ---- | C] () -- C:\Windows\SysWow64\igdmd32.dll

[2014-05-20 23:33:32 | 000,183,808 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll

[2014-05-20 23:33:32 | 000,142,848 | ---- | C] () -- C:\Windows\SysWow64\igdail32.dll

[2014-05-13 09:36:21 | 000,002,944 | ---- | C] () -- C:\Windows\BRPARAM.INI

[2014-05-13 09:28:32 | 001,553,056 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2014-04-30 18:47:48 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll

[2014-04-30 18:47:48 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll

[2014-04-30 18:47:48 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll

[2014-04-30 18:47:48 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe

[2014-04-30 18:47:46 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll

[2012-11-15 01:03:16 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\BRTCPCON.DLL

[2012-11-15 01:03:16 | 000,000,114 | ---- | C] () -- C:\Windows\SysWow64\BRLMW03A.INI

 

========== ZeroAccess Check ==========

 

[2009-07-14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

 

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

 

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

"" = C:\Windows\SysNative\shell32.dll -- [2014-06-25 03:05:42 | 014,175,744 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2014-06-25 02:41:30 | 012,874,240 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009-07-14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2010-11-21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009-07-14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

 

< End of report >

[McAren]

Tror inte Extras.txt kom med ..? Klistrar in texten här och försöker bifoga fil igen.

 

OTL Extras logfile created on: 2014-11-05 13:35:53 - Run 1

OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\ARNE\Downloads

64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.11.9600.17358)

Locale: 0000041d | Country: Sverige | Language: SVE | Date Format: yyyy-MM-dd

 

15,89 Gb Total Physical Memory | 14,08 Gb Available Physical Memory | 88,63% Memory free

31,78 Gb Paging File | 29,56 Gb Available in Paging File | 93,02% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 465,66 Gb Total Space | 391,55 Gb Free Space | 84,09% Space Free | Partition Type: NTFS

Drive E: | 232,88 Gb Total Space | 166,15 Gb Free Space | 71,34% Space Free | Partition Type: NTFS

Drive F: | 1397,26 Gb Total Space | 1139,78 Gb Free Space | 81,57% Space Free | Partition Type: NTFS

 

Computer Name: ARNE-DATOR_2 | User Name: ARNE | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Extra Registry (SafeList) ==========

 

 

========== File Associations ==========

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

 

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

 

========== Shell Spawning ==========

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [edit] -- Reg Error: Key error.

htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"

http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)

https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [edit] -- Reg Error: Key error.

htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"

http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)

https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

 

========== Security Center Settings ==========

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

 

========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

 

========== Authorized Applications List ==========

 

 

========== Vista Active Open Ports Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{24B14542-DFA6-4D2C-A675-6DB5278B53F3}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office 15\root\office15\outlook.exe | 

"{3BC3AF6A-2E04-41A8-955C-18646544CD3A}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 

"{9E12446C-FC45-4C55-A3A7-DA1C41954489}" = lport=5353 | protocol=17 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe | 

"{F1412EED-7CDD-4674-B502-7012F444ABA2}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 

 

========== Vista Active Application Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{6BC91192-562F-4494-A7B2-D9AAF0723A10}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe | 

"{924570D3-34DA-4D0A-AE03-D2DA0654468F}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 

"{B98BDCB7-2ADC-47BF-8C97-6DE5813ABEA5}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe | 

"{BBB82F2E-42FB-4A54-A3BC-7CB4CBE158F9}" = dir=in | app=c:\users\arne\appdata\local\microsoft\skydrive\skydrive.exe | 

"{F7344182-146D-4694-8F76-5B539C09A889}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 

 

========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{25058321-C33E-496B-8915-6FD64D362CAF}" = Windows Live MIME IFilter

"{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1

"{90150000-008F-0000-1000-0000000FF1CE}" = Office 15 Click-to-Run Licensing Component

"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1

"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1053" = Microsoft .NET Framework 4.5.1 (svenska)

"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting

"{B45A0D14-2208-32C6-9DB6-4F413FC67B9D}" = Microsoft .NET Framework 4.5.1 (SVE)

"{CB3CA48C-95CB-412B-B7AE-6F2EA8F89907}" = Windows Live Family Safety

"{CE52672C-A0E9-4450-8875-88A221D5CD50}" = Windows Live ID Sign-in Assistant

"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones

"{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64

"HomeBusinessRetail - sv-se" = Microsoft Office Home and Business 2013 - sv-se

"PROSet" = Intel® Network Connections Drivers

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator

"{00F9DB8C-65D7-4D47-AB5F-F698EE38580D}" = Windows Live UX Platform

"{04BE4035-3C8E-4B48-BFB8-1655849C0C8B}" = Windows Live Writer

"{07AAB66E-4718-422D-9218-4AFB3C922A71}" = Photo Gallery

"{0BE9E708-5DC0-4963-9CFD-0AA519090E79}" = Junk Mail filter update

"{1735AA23-BF48-4F16-BDEF-5AD4D9C7F87B}" = Windows Live Mail

"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer

"{1D6432B4-E24D-405E-A4AB-D7E6D088CBC9}" = Windows Live Photo Common

"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer

"{2889552C-FAB8-4EC7-B0B9-7B27D4C10D21}" = Sektionsdata 4.15

"{41C61308-6CFD-4D54-AB6A-7136ED08A18E}" = Windows Live Communications Platform

"{46889070-D447-4936-A5D3-246DB972FA2E}" = PDF Architect 2 View Module

"{4B2557F9-8C03-4BE7-9984-4DE525076580}" = BankID säkerhetsprogram

"{546980F9-DD2A-45D4-92E2-AC2DAAA61512}" = Windows Live Essentials

"{569CD86F-5EC6-4686-A0AB-8A7BAD336C20}" = Windows Live Writer

"{5A333F8D-303D-40B7-92AB-B38141CFA54F}" = Windows Live Messenger

"{5D3B997B-DF28-4BC1-82E6-E6C29A53AF6E}" = Movie Maker

"{5FF3045E-4A36-4B98-9F7F-48B49F4469C7}" = Fotogalleriet

"{659CB81C-B54E-4DF1-B618-F35777393A54}" = Windows Live Installer

"{6C2475D4-C20C-4CA3-9352-C3E1BA967798}" = Photo Common

"{714E162E-CD4F-4F1B-8302-7F5179409C25}" = Windows Live Writer

"{72EDA0E5-417C-4BEA-B850-C12153272F60}" = Windows Live Writer Resources

"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies

"{7D4546B5-5F5B-4642-90B5-B95797D742C3}" = Windows Live Family Safety

"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT

"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110

"{90150000-008C-0000-0000-0000000FF1CE}" = Office 15 Click-to-Run Extensibility Component

"{90150000-008C-041D-0000-0000000FF1CE}" = Office 15 Click-to-Run Localization Component

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{9E3AA498-47E5-40C9-BA09-1CC2B6D2C22F}" = Windows Live UX Platform Language Pack

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{AC76BA86-7AD7-1053-7B44-AB0000000001}" = Adobe Reader XI (11.0.09) - Svenska

"{B2611F8A-EFE7-4E88-875D-19F0EFAE87E4}" = Windows Live PIMT Platform

"{B775C26B-EAA8-4A11-ACBF-76E52DF6B805}" = Windows Live Mail

"{CDC1AB00-01FF-4FC7-816A-16C67F0923C0}" = Windows Live SOXE

"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64

"{D1893000-EA77-493C-8DDD-E262436E959B}" = Windows Live SOXE Definitions

"{D4C30AE2-EAFE-4E28-A3BA-7CF7485E23C4}" = Handelsbanken kortläsare

"{DD67BE4B-7E62-4215-AFA3-F123A800A389}" = Movie Maker

"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10

"{E703613B-BDAB-433E-A66A-DE0263E3D35D}" = Windows Live Messenger

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics

"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

"Adobe Flash Player ActiveX" = Adobe Flash Player 15 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 15 Plugin

"ADOnline2" = ArkivDigital online

"Family Tree Builder" = MyHeritage Family Tree Builder

"Google Chrome" = Google Chrome

"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies

"iWisoft Free Video Converter_is1" = iWisoft Free Video Converter 1.2

"Mozilla Firefox 32.0.3 (x86 sv-SE)" = Mozilla Firefox 32.0.3 (x86 sv-SE)

"MozillaMaintenanceService" = Mozilla Maintenance Service

"MPE" = MyPhoneExplorer

"NIS" = Norton Internet Security

"PDF Architect 2" = PDF Architect 2

"Picasa 3" = Picasa 3

"WinLiveSuite" = Windows Live Essentials

 

========== HKEY_CURRENT_USER Uninstall List ==========

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Download & Install Packages" = Download & Install Packages

"MyFreeCodec" = MyFreeCodec

"OneDriveSetup.exe" = Microsoft OneDrive

 

========== Last 20 Event Log Errors ==========

 

[ Application Events ]

Error - 2014-10-28 11:22:57 | Computer Name = ARNE-Dator_2 | Source = WinMgmt | ID = 10

Description = 

 

Error - 2014-10-30 03:51:16 | Computer Name = ARNE-Dator_2 | Source = WinMgmt | ID = 10

Description = 

 

Error - 2014-10-31 07:06:01 | Computer Name = ARNE-Dator_2 | Source = WinMgmt | ID = 10

Description = 

 

Error - 2014-11-01 03:35:39 | Computer Name = ARNE-Dator_2 | Source = WinMgmt | ID = 10

Description = 

 

Error - 2014-11-02 04:03:14 | Computer Name = ARNE-Dator_2 | Source = WinMgmt | ID = 10

Description = 

 

Error - 2014-11-03 04:46:46 | Computer Name = ARNE-Dator_2 | Source = WinMgmt | ID = 10

Description = 

 

Error - 2014-11-03 04:54:55 | Computer Name = ARNE-Dator_2 | Source = Windows Backup | ID = 4103

Description = 

 

Error - 2014-11-04 06:26:01 | Computer Name = ARNE-Dator_2 | Source = WinMgmt | ID = 10

Description = 

 

Error - 2014-11-04 14:11:03 | Computer Name = ARNE-Dator_2 | Source = WinMgmt | ID = 10

Description = 

 

Error - 2014-11-05 07:17:22 | Computer Name = ARNE-Dator_2 | Source = WinMgmt | ID = 10

Description = 

 

[ System Events ]

Error - 2014-10-30 17:34:18 | Computer Name = ARNE-Dator_2 | Source = Disk | ID = 262155

Description = Drivrutinen hittade ett styrenhetsfel på \Device\Harddisk2\DR2.

 

Error - 2014-11-01 07:38:28 | Computer Name = ARNE-Dator_2 | Source = Disk | ID = 262155

Description = Drivrutinen hittade ett styrenhetsfel på \Device\Harddisk2\DR2.

 

Error - 2014-11-03 05:59:38 | Computer Name = ARNE-Dator_2 | Source = Disk | ID = 262155

Description = Drivrutinen hittade ett styrenhetsfel på \Device\Harddisk2\DR2.

 

Error - 2014-11-03 12:17:41 | Computer Name = ARNE-Dator_2 | Source = Disk | ID = 262155

Description = Drivrutinen hittade ett styrenhetsfel på \Device\Harddisk2\DR2.

 

Error - 2014-11-03 13:42:49 | Computer Name = ARNE-Dator_2 | Source = Disk | ID = 262155

Description = Drivrutinen hittade ett styrenhetsfel på \Device\Harddisk2\DR2.

 

Error - 2014-11-04 08:33:02 | Computer Name = ARNE-Dator_2 | Source = Disk | ID = 262155

Description = Drivrutinen hittade ett styrenhetsfel på \Device\Harddisk2\DR2.

 

Error - 2014-11-04 12:25:06 | Computer Name = ARNE-Dator_2 | Source = Disk | ID = 262155

Description = Drivrutinen hittade ett styrenhetsfel på \Device\Harddisk2\DR2.

 

Error - 2014-11-04 13:59:52 | Computer Name = ARNE-Dator_2 | Source = Disk | ID = 262155

Description = Drivrutinen hittade ett styrenhetsfel på \Device\Harddisk2\DR2.

 

Error - 2014-11-04 16:43:09 | Computer Name = ARNE-Dator_2 | Source = Disk | ID = 262155

Description = Drivrutinen hittade ett styrenhetsfel på \Device\Harddisk2\DR2.

 

Error - 2014-11-05 08:10:44 | Computer Name = ARNE-Dator_2 | Source = Disk | ID = 262155

Description = Drivrutinen hittade ett styrenhetsfel på \Device\Harddisk2\DR2.

 

 

< End of report >

 

Extras.Txt

[Cecilia]

Har du fortfarande problem med popupfönster?

För jag kan inte se till det olämpliga tillägget mm i OTL-loggarna.

 

Däremot finns det en mapp kvar efter något olämpligt som för övrigt är borta. Mappen kan tas bort så här:

 

Starta programmet OTL (i Vista/Windows7 högerklicka och välj Kör som administratör).

Kopiera alla raderna i rutan:

:OTL
[2014-10-19 08:51:30 | 000,000,000 | ---D | C] -- C:\Users\ARNE\AppData\Roaming\0S1P1R2Y1C1P1Q0D1F2W1G1I1F1T1Q
:Commands
[CREATERESTOREPOINT]

Klistra in dem i rutan Custom Scans/Fixes. Kontrollera att ingen fil har delats upp på två rader.

 

Stäng av alla program du ser utom OTL.

 

Tryck på Run Fix.

Om du blir tillfrågad om att starta om datorn så gör det.

Det kommer upp en logg i Anteckningar. Kopiera den och klistra in i ditt svar.

 

Om den inte kommer automatiskt så hittar du den i mappen c:\_OTL\Moved Files med ett namn som innehåller dagens datum och klockslaget för körningen.

[McAren]

Nej, idag när jag använde Firefox var det inga popupfönster. Kollade även IE och Chrome. Lika rent från skräpprogram där.

Körde Run Fix enligt ovan och svaret blev:

 

========== OTL ==========

C:\Users\ARNE\AppData\Roaming\0S1P1R2Y1C1P1Q0D1F2W1G1I1F1T1Q\Download & Install Packages folder moved successfully.

C:\Users\ARNE\AppData\Roaming\0S1P1R2Y1C1P1Q0D1F2W1G1I1F1T1Q folder moved successfully.

========== COMMANDS ==========

Restore point Set: OTL Restore Point

 

OTL by OldTimer - Version 3.2.69.0 log created on 11092014_180732

Så det verkar som om datorn är rensad från otillbörliga program nu.

Hjärtligt tack för hjälpen och tålamodet.

[Cecilia]

Utmärkt!

 

Nu återstår bara avinstallation av specialprogrammen:

 

1. Stäng alla program, inklusive webbläsare.

Dubbelklicka på AdwCleaner för att starta programmet.

Klicka på Uninstall-knappen.

 

2. Starta OTL.

Tryck på knappen CleanUp!.

OTL och FRST kommer att avinstalleras efter en omstart av datorn. Ta bort eventuella loggar.

 

3. Förbättra skyddet i datorn, se mina Råd för en säkrare dator: http://ceciliasec.wordpress.com/rad/

Det är mycket viktigt att hålla alla småprogram i datorn uppdaterade, gamla versioner av t ex Flash, Java och Adobe Reader innehåller kända säkerhetshål, vilka kan användas av en webbsida för att infektera datorn. Jag tycker att Secunias program (länk på min webbsida) är en bra hjälp för att kontrollera hur det står till med säkerhetshål i datorn och ange vad som behöver åtgärdas.

[McAren]

Stängde allt och startade AdwCleaner enl 1. Fick då frågan om jag ville avinstallera AdwCleaner?

Skulle jag det? Jag trodde OTL och FRST skulle avinstalleras.

Lät den vara kvar och gick på 2:an. CleanUp där tog bort OTL men inte FRST. Startade om datorn men FRST kvar.

 

Microsofts uppdateringar går med automatik och Adobe Flash och Reader brukar säga till att det finns nya uppdateringar att hämta. Java tror jag inte att jag har. Men jag ska läsa "Råd för en säkrare dator" och kolla på Secunia.

[Cecilia]

Det är meningen att du ska avinstallera AdwCleaner så att dess karantänmapp, där alla olämpliga filer nu ligger, tas bort. Eftersom programmet ofta uppdateras är det inte heller någon idé att ha själva programmet kvar heller.

 

Ta bort FRST-programmet själv.

[McAren]

OK! FRST och OTL med loggar och txt- filer borttagna.

Secunia Software Inspector verkar vara ett smart och bra program. Har till att börja med lagt in det.

Mina problem är ju borta för denna gång, så stort tack igen.

[Cecilia]

Bara trevligt att kunna hjälpa till