Just nu i M3-nätverket
Gå till innehåll

eirmark

Medlem
  • Antal inlägg

    200
  • Gick med

  • Senaste besök

Om eirmark

  • Medlemstitel
    Aktiv
  • Födelsedag 1946-01-11

Profil

  • Kön
    Vill inte avslöja
  • Ort
    Umeå
  1. Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-03-2014 Ran by Siba at 2014-04-09 20:25:58 Run:2 Running from C:\Users\Siba\Desktop\FRST Boot Mode: Normal ============================================== Content of fixlist: ***************** C:\Users\Siba\AppData\Local\TB C:\Users\Siba\AppData\Local\Temp\BandooV6.exe C:\Users\Siba\AppData\Local\Temp\DealsPluginROW.exe C:\Users\Siba\AppData\Local\Temp\tbuTor.dll C:\Users\Siba\AppData\Local\Temp\PromoEngineInstaller\chutil.dll C:\Users\Siba\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5\76e8cc05-45860c33 ***************** C:\Users\Siba\AppData\Local\TB => Moved successfully. C:\Users\Siba\AppData\Local\Temp\BandooV6.exe => Moved successfully. C:\Users\Siba\AppData\Local\Temp\DealsPluginROW.exe => Moved successfully. C:\Users\Siba\AppData\Local\Temp\tbuTor.dll => Moved successfully. C:\Users\Siba\AppData\Local\Temp\PromoEngineInstaller\chutil.dll => Moved successfully. C:\Users\Siba\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5\76e8cc05-45860c33 => Moved successfully. ==== End of Fixlog ==== Nu verkar datorn fungera som den skall! Tack för all din hjälp!
  2. Oj då! Många filer att hålla reda på. Här kommer Fixloggen: Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-03-2014 Ran by Siba at 2014-04-09 12:30:59 Run:1 Running from C:\Users\Siba\Desktop\FRST Boot Mode: Normal ============================================== Content of fixlist: ***************** GroupPolicy: Group Policy on Chrome detected <======= ATTENTION FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2010-12-06] FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2011-02-02] FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [2011-06-24] FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2012-08-13] FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2012-09-05] FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2012-10-29] CHR HKLM-x32\...\Chrome\Extension: [dijoojjdmkbmmmbobkingeecghfeciaj] - C:\Program Files (x86)\Spring Smart\dijoojjdmkbmmmbobkingeecghfeciaj.crx [2012-09-03] 2014-04-07 10:44 - 2014-04-07 16:40 - 00000286 _____ () C:\Windows\Tasks\bench-Updater removing.job 2014-04-07 10:44 - 2014-04-07 10:44 - 00003226 _____ () C:\Windows\System32\Tasks\bench-Updater removing ***************** C:\Windows\system32\GroupPolicy\Machine => Moved successfully. C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully. C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} => Moved successfully. C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} => Moved successfully. C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} => Moved successfully. C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} => Moved successfully. C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} => Moved successfully. C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} => Moved successfully. HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dijoojjdmkbmmmbobkingeecghfeciaj => Key deleted successfully. "C:\Program Files (x86)\Spring Smart\dijoojjdmkbmmmbobkingeecghfeciaj.crx" => File/Directory not found. C:\Windows\Tasks\bench-Updater removing.job => Moved successfully. C:\Windows\System32\Tasks\bench-Updater removing => Moved successfully. The system needed a reboot. ==== End of Fixlog ====
  3. 1. OK, det tog lite tid för brorsan var borta i går på eftermiddagen, och allt tar lite extra tid när det måste gå via ytterligare en person (mig) Här kommer fixlist.log: GroupPolicy: Group Policy on Chrome detected <======= ATTENTION FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2010-12-06] FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2011-02-02] FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [2011-06-24] FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2012-08-13] FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2012-09-05] FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2012-10-29] CHR HKLM-x32\...\Chrome\Extension: [dijoojjdmkbmmmbobkingeecghfeciaj] - C:\Program Files (x86)\Spring Smart\dijoojjdmkbmmmbobkingeecghfeciaj.crx [2012-09-03] 2014-04-07 10:44 - 2014-04-07 16:40 - 00000286 _____ () C:\Windows\Tasks\bench-Updater removing.job 2014-04-07 10:44 - 2014-04-07 10:44 - 00003226 _____ () C:\Windows\System32\Tasks\bench-Updater removing 2. Han brukar använda onlinescanning och saknar antivirusprogram 3. Vi hittade inte hur man tar bort plugins i chrome, så vi avinstallerade den sökmotorn och lade in den på nytt. 4. Utfört. 5. Diskrensning körd. 6....och här är resultatet av eset: C:\AdwCleaner\Quarantine\C\Program Files (x86)\Conduit\Community Alerts\Alert.dll.vir Win32/Toolbar.Conduit.Y potentially unwanted application C:\AdwCleaner\Quarantine\C\Users\Siba\AppData\Local\Conduit\APISupport\APISupport.dll.vir a variant of Win32/Toolbar.Conduit.Z potentially unwanted application C:\AdwCleaner\Quarantine\C\Users\Siba\AppData\Local\Conduit\APISupport\APISupport.old.vir a variant of Win32/Toolbar.Conduit.Z potentially unwanted application C:\AdwCleaner\Quarantine\C\Users\Siba\AppData\Local\Conduit\APISupport\APISupport_2.0.4.3\ApiSupport.dll.vir a variant of Win32/Toolbar.Conduit.Z potentially unwanted application C:\AdwCleaner\Quarantine\C\Users\Siba\AppData\Local\Conduit\APISupport\APISupport_2.0.5.9\ApiSupport.dll.vir a variant of Win32/Toolbar.Conduit.Z potentially unwanted application C:\AdwCleaner\Quarantine\C\Users\Siba\AppData\Local\Conduit\APISupport\MiniSP_1.0.2.76\MiniSP.dll.vir a variant of Win32/Conduit.SearchProtect.H potentially unwanted application C:\AdwCleaner\Quarantine\C\Users\Siba\AppData\Local\Temp\SetupDataMngr_Searchqu.exe.vir a variant of Win32/Toolbar.SearchSuite potentially unwanted application C:\Users\Siba\AppData\Local\TB\APISupport\MiniSP_1.0.2.93\MiniSP.dll a variant of Win32/Conduit.SearchProtect.H potentially unwanted application C:\Users\Siba\AppData\Local\Temp\BandooV6.exe multiple threats C:\Users\Siba\AppData\Local\Temp\DealsPluginROW.exe Win32/Packed.ScrambleWrapper.A potentially unwanted application C:\Users\Siba\AppData\Local\Temp\tbuTor.dll a variant of Win32/Toolbar.Conduit.B potentially unwanted application C:\Users\Siba\AppData\Local\Temp\PromoEngineInstaller\chutil.dll Win32/TopMedia.A potentially unwanted application C:\Users\Siba\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5\76e8cc05-45860c33 a variant of Java/Exploit.CVE-2013-2460.B trojan F:\Downloads\setup.exe Win32/AdWare.Linkular.AJ application F:\Downloads\unlocker1.9.0(2).exe Win32/Adware.ADON potentially unwanted application F:\Downloads\unlocker1.9.0.exe Win32/Adware.ADON potentially unwanted application
  4. Då kommer först AdwCleaner[s0].txt här : # AdwCleaner v3.023 - Report created 07/04/2014 at 16:37:56 # Updated 01/04/2014 by Xplode # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits) # Username : Siba - SIBA-DATOR # Running from : F:\AdwCleaner.exe # Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** Folder Deleted : C:\ProgramData\boost_interprocess Folder Deleted : C:\ProgramData\Partner Folder Deleted : C:\Program Files (x86)\1ClickDownload Folder Deleted : C:\Program Files (x86)\Bandoo Folder Deleted : C:\Program Files (x86)\Bench Folder Deleted : C:\Program Files (x86)\Conduit Folder Deleted : C:\Program Files (x86)\MyPC Backup Folder Deleted : C:\Users\Siba\AppData\Local\Conduit Folder Deleted : C:\Users\Siba\AppData\Local\Deals Plugin Extension Folder Deleted : C:\Users\Siba\AppData\Local\Ilivid Player Folder Deleted : C:\Users\Siba\AppData\Local\PackageAware Folder Deleted : C:\Users\Siba\AppData\Local\Temp\boost_interprocess Folder Deleted : C:\Users\Siba\AppData\LocalLow\Bandoo Folder Deleted : C:\Users\Siba\AppData\LocalLow\Conduit Folder Deleted : C:\Users\Siba\AppData\LocalLow\searchquband Folder Deleted : C:\Users\Siba\AppData\LocalLow\SiteRanker Folder Deleted : C:\Users\Siba\AppData\Roaming\Bandoo Folder Deleted : C:\Users\Siba\AppData\Roaming\Mozilla\Firefox\Profiles\avaji64z.default\Extensions\{99079A25-328F-4BD4-BE04-00955ACAA0A7} Folder Deleted : C:\Users\Siba\AppData\Local\Google\Chrome\User Data\Default\Extensions\hphibigbodkkohoglgfkddblldpfohjl Folder Deleted : C:\Users\Siba\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc File Deleted : C:\Program Files (x86)\Mozilla Firefox\Extensions\{1FD91A9C-410C-4090-BBCC-55D3450EF433} File Deleted : C:\Users\Siba\AppData\Local\Temp\Searchqu.ini File Deleted : C:\Users\Siba\AppData\Local\Temp\searchqutoolbar-manifest.xml File Deleted : C:\Users\Siba\AppData\Local\Temp\SetupDataMngr_Searchqu.exe File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\SearchResults.xml File Deleted : C:\Users\Siba\AppData\Roaming\Mozilla\Firefox\Profiles\.BackupManager\user.js File Deleted : C:\Users\Siba\AppData\Roaming\Mozilla\Firefox\Profiles\avaji64z.default\user.js File Deleted : C:\Users\Siba\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_app.mam.conduit.com_0.localstorage File Deleted : C:\Users\Siba\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_app.mam.conduit.com_0.localstorage-journal File Deleted : C:\Users\Siba\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_apps.conduit.com_0.localstorage File Deleted : C:\Users\Siba\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_apps.conduit.com_0.localstorage-journal File Deleted : C:\Users\Siba\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_facebook.conduitapps.com_0.localstorage File Deleted : C:\Users\Siba\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_facebook.conduitapps.com_0.localstorage-journal File Deleted : C:\Users\Siba\AppData\Local\Google\Chrome\user data\default\local storage\hxxp_pricegong.conduitapps.com_0.localstorage File Deleted : C:\Users\Siba\AppData\Local\Google\Chrome\user data\default\local storage\hxxp_pricegong.conduitapps.com_0.localstorage-journal File Deleted : C:\Users\Siba\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage File Deleted : C:\Users\Siba\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage-journal File Deleted : C:\Users\Siba\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_storage.conduit.com_0.localstorage File Deleted : C:\Users\Siba\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_storage.conduit.com_0.localstorage-journal File Deleted : C:\Windows\Tasks\bench-sys.job File Deleted : C:\Windows\System32\Tasks\bench-sys ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\hphibigbodkkohoglgfkddblldpfohjl Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pmlghpafmmnmmkjdhacccolfgnkiboco Key Deleted : HKCU\Software\Google\Chrome\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc Key Deleted : HKLM\SOFTWARE\Classes\1ClicktorrentFile Key Deleted : HKLM\SOFTWARE\Classes\1ClicktorrentFile1 Key Deleted : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe Key Deleted : HKLM\SOFTWARE\Classes\oneclick Key Deleted : HKLM\SOFTWARE\Classes\oneclickmg Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker-1_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker-1_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3072253 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_vlc-media-player[1]_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_vlc-media-player[1]_RASMANCS Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{99079A25-328F-4BD4-BE04-00955ACAA0A7} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{99079A25-328F-4BD4-BE04-00955ACAA0A7} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{99079A25-328F-4BD4-BE04-00955ACAA0A7} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D7E97865-918F-41E4-9CD0-25AB1C574CE8} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6087829B-114F-42A1-A72B-B4AEDCEA4E5B} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D7E97865-918F-41E4-9CD0-25AB1C574CE8} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{424624F4-C5DD-4E1D-BDD0-1E9C9B7799CC} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7F000001-DB8E-F89C-2FEC-49BF726F8C12} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9C8A3CA5-889E-4554-BEEC-EC0876E4E96A} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F9189560-573A-4FDE-B055-AE7B0F4CF080} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{687578B9-7132-4A7A-80E4-30EE31099E03}] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{06DE5702-44CF-4B79-B4EF-3DDF653358F5} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{28C3737A-32D1-492D-B76B-8D75EBBFB887} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{477F210A-2A86-4666-9C4B-1189634D2C84} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{6F43FA77-C18F-4D0C-9C7E-958876FE2061} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{CE057E0D-2D7E-4DFF-A890-07BA69B8C762} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{DF948646-8BF4-450E-A059-CF8A4E0FE2BE} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E96B49B0-E11F-48FC-984A-EEC29A4F57E1} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FF871E51-2655-4D06-AED5-745962A96B32} Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5} Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{424624F4-C5DD-4E1D-BDD0-1E9C9B7799CC} Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7F000001-DB8E-F89C-2FEC-49BF726F8C12} Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9C8A3CA5-889E-4554-BEEC-EC0876E4E96A} Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F9189560-573A-4FDE-B055-AE7B0F4CF080} Key Deleted : HKCU\Software\1ClickDownload Key Deleted : HKCU\Software\Conduit Key Deleted : HKCU\Software\Cr_Installer Key Deleted : HKCU\Software\DataMngr Key Deleted : HKCU\Software\powerpack Key Deleted : HKCU\Software\Softonic Key Deleted : HKCU\Software\StartSearch Key Deleted : HKCU\Software\AppDataLow\Software\Conduit Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider Key Deleted : HKCU\Software\AppDataLow\Software\searchqutoolbar Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar Key Deleted : HKLM\Software\Bench Key Deleted : HKLM\Software\Conduit Key Deleted : HKLM\Software\Iminent Key Deleted : HKLM\Software\SiteRanker Key Deleted : [x64] HKLM\SOFTWARE\DataMngr ***** [ Browsers ] ***** -\\ Internet Explorer v11.0.9600.16521 -\\ Mozilla Firefox v [ File : C:\Users\Siba\AppData\Roaming\Mozilla\Firefox\Profiles\.BackupManager\prefs.js ] [ File : C:\Users\Siba\AppData\Roaming\Mozilla\Firefox\Profiles\avaji64z.default\prefs.js ] -\\ Google Chrome v33.0.1750.154 [ File : C:\Users\Siba\AppData\Local\Google\Chrome\User Data\Default\preferences ] Deleted : search_url ************************* AdwCleaner[R0].txt - [12045 octets] - [07/04/2014 10:06:06] AdwCleaner[R1].txt - [12087 octets] - [07/04/2014 16:36:42] AdwCleaner[s0].txt - [11698 octets] - [07/04/2014 16:37:56] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [11759 octets] ########## och här kommer FRST.txt: Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014 Ran by Siba (administrator) on SIBA-DATOR on 07-04-2014 17:01:00 Running from C:\Users\Siba\Desktop Windows 7 Home Premium Service Pack 1 (X64) OS Language: Swedish Internet Explorer Version 11 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (AMD) C:\Windows\system32\atiesrxx.exe (AMD) C:\Windows\system32\atieclxx.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe () C:\Windows\PLFSetI.exe (Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Google Inc.) C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Technology Nexus AB) C:\Program Files (x86)\Personal\bin\Personal.exe (NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe (Acer Incorporated) C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe () C:\ProgramData\DatacardService\HWDeviceService64.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe (Suyin) C:\Program Files (x86)\VideoWebCamera\VideoWebCamera.exe () C:\ProgramData\MobileBrServ\mbbservice.exe (Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe (Symantec Corporation) C:\Program Files (x86)\Norton Ghost\Agent\VProTray.exe (Apple Computer, Inc.) C:\Program Files (x86)\QuickTime\qttask.exe (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe () C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Symantec Corporation) C:\Program Files (x86)\Norton Ghost\Agent\VProSvc.exe (NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe (Acer Group) C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerEvent.exe (Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe (Symantec) C:\Program Files (x86)\Norton Ghost\Shared\Drivers\SymSnapServicex64.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [9644576 2009-12-15] (Realtek Semiconductor) HKLM\...\Run: [synTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1890088 2009-12-10] (Synaptics Incorporated) HKLM\...\Run: [PLFSetI] - C:\Windows\PLFSetI.exe [206208 2009-12-16] () HKLM\...\Run: [Acer ePower Management] - C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe [860704 2010-03-17] (Acer Incorporated) HKLM-x32\...\Run: [backupManagerTray] - C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe [258560 2010-03-09] (NewTech Infosystems, Inc.) HKLM-x32\...\Run: [NortonOnlineBackupReminder] - C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe [588648 2009-07-25] (Symantec Corporation) HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated) HKLM-x32\...\Run: [startCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-03-29] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [LManager] - C:\Program Files (x86)\Launch Manager\LManager.exe [1300560 2010-03-03] (Dritek System Inc.) HKLM-x32\...\Run: [VideoWebCamera] - C:\Program Files (x86)\VideoWebCamera\VideoWebCamera.exe [1541472 2010-03-11] (Suyin) HKLM-x32\...\Run: [GrooveMonitor] - C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation) HKLM-x32\...\Run: [Norton Ghost 15.0] - C:\Program Files (x86)\Norton Ghost\Agent\VProTray.exe [2596712 2009-10-01] (Symantec Corporation) HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\qttask.exe [77824 2011-02-02] (Apple Computer, Inc.) HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated) HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.) HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.) HKLM-x32\...\Run: [sunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKU\S-1-5-21-3698847549-2103893759-2447223158-1000\...\Run: [msnmsgr] - C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [4280184 2012-03-08] (Microsoft Corporation) HKU\S-1-5-21-3698847549-2103893759-2447223158-1000\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2011-06-17] (Google Inc.) HKU\S-1-5-21-3698847549-2103893759-2447223158-1000\...\Run: [Mobile Partner] - C:\Program Files (x86)\Mobile Partner\Mobile Partner.exe [514048 2013-01-16] () HKU\S-1-5-21-3698847549-2103893759-2447223158-1000\...\Run: [GarminExpressTrayApp] - C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1095000 2013-12-30] (Garmin Ltd or its subsidiaries) HKU\S-1-5-21-3698847549-2103893759-2447223158-1000\...\Run: [ChicaPasswordManager] - "C:\Program Files (x86)\ChicaLogic\Chica Password Manager\stpass.exe" /autorunned HKU\S-1-5-21-3698847549-2103893759-2447223158-1000\...\Run: [GoogleDriveSync] - "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart HKU\S-1-5-21-3698847549-2103893759-2447223158-1000\...\Run: [skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20922016 2014-02-10] (Skype Technologies S.A.) HKU\S-1-5-21-3698847549-2103893759-2447223158-1000\...\MountPoints2: {08d8929e-6960-11e2-8db9-70f1a114c2d7} - E:\AutoRun.exe HKU\S-1-5-21-3698847549-2103893759-2447223158-1000\...\MountPoints2: {4c9b4039-33dd-11e2-b38a-70f1a114c2d7} - E:\AutoRun.exe HKU\S-1-5-21-3698847549-2103893759-2447223158-1000\...\MountPoints2: {85eae2ff-bf7a-11e1-8842-88ae1d10436a} - E:\AutoRun.exe HKU\S-1-5-21-3698847549-2103893759-2447223158-1000\...\MountPoints2: {85eae315-bf7a-11e1-8842-88ae1d10436a} - E:\AutoRun.exe HKU\S-1-5-21-3698847549-2103893759-2447223158-1000\...\MountPoints2: {abdecd57-b134-11e0-8a1c-70f1a114c2d7} - E:\AutoRun.exe HKU\S-1-5-21-3698847549-2103893759-2447223158-1000\...\MountPoints2: {abdecdae-b134-11e0-8a1c-70f1a114c2d7} - E:\AutoRun.exe HKU\S-1-5-21-3698847549-2103893759-2447223158-1000\...\MountPoints2: {b2361d48-5ff1-11e2-b0be-88ae1d10436a} - E:\AutoRun.exe HKU\S-1-5-21-3698847549-2103893759-2447223158-1000\...\MountPoints2: {b2361d60-5ff1-11e2-b0be-88ae1d10436a} - E:\AutoRun.exe HKU\S-1-5-21-3698847549-2103893759-2447223158-1000\...\MountPoints2: {b2361dac-5ff1-11e2-b0be-88ae1d10436a} - E:\AutoRun.exe HKU\S-1-5-21-3698847549-2103893759-2447223158-1000\...\MountPoints2: {dce33496-bf72-11e1-8527-88ae1d10436a} - E:\AutoRun.exe HKU\S-1-5-21-3698847549-2103893759-2447223158-1000\...\MountPoints2: {e53c8f9b-e934-11e1-a0f8-70f1a114c2d7} - E:\AutoRun.exe GroupPolicy: Group Policy on Chrome detected <======= ATTENTION ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.swedbank.se/privat/index.htm HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.packardbell.com/rdr.aspx?b=ACPW&l=041d&m=easynote_tm82&r=273608106855l04c4z115f46m2c36q SearchScopes: HKLM-x32 - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACPW BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{BBEEDFEF-420B-4CFB-B8A5-1EA76124319B}: [NameServer]80.251.201.177 80.251.201.178 Tcpip\..\Interfaces\{D5E5E52F-E372-4E63-8882-B4F41BE01134}: [NameServer]80.251.201.177 80.251.201.178 Tcpip\..\Interfaces\{E0327EFA-6047-4717-8876-A344B633580F}: [NameServer]80.251.201.177 80.251.201.178 FireFox: ======== FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll () FF Plugin: @microsoft.com/GENUINE - disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll () FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE - disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @se.nexus/Personal - C:\Program Files (x86)\Personal\bin\np_prsnl.dll (Technology Nexus AB) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.0.2 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Computer, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Computer, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Computer, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Computer, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Computer, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll (Apple Computer, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll (Apple Computer, Inc.) FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\.BackupManager FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\.BackupManager [2010-12-10] FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2010-12-06] FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2011-02-02] FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [2011-06-24] FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2012-08-13] FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2012-09-05] FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2012-10-29] Chrome: ======= CHR HomePage: hxxp://www.google.com/ CHR DefaultSearchKeyword: r CHR DefaultSearchProvider: Web Search CHR DefaultSearchURL: http://www.google.com CHR DefaultNewTabURL: CHR Plugin: (Remoting Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\pdf.dll () CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\gcswf32.dll No File CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll No File CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.) CHR Plugin: (QuickTime Plug-in 6.4) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll (Apple Computer, Inc.) CHR Plugin: (QuickTime Plug-in 6.4) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Computer, Inc.) CHR Plugin: (QuickTime Plug-in 6.4) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Computer, Inc.) CHR Plugin: (QuickTime Plug-in 6.4) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Computer, Inc.) CHR Plugin: (QuickTime Plug-in 6.4) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Computer, Inc.) CHR Plugin: (QuickTime Plug-in 6.4) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll (Apple Computer, Inc.) CHR Plugin: (QuickTime Plug-in 6.4) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll (Apple Computer, Inc.) CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll No File CHR Plugin: (Java Platform SE 6 U33) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll No File CHR Plugin: (Java Deployment Toolkit 6.0.330.5) - C:\Windows\SysWOW64\npdeployJava1.dll No File CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File CHR Plugin: (Nexus Personal) - C:\Program Files (x86)\Personal\bin\np_prsnl.dll (Technology Nexus AB) CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) CHR Extension: (YouTube) - C:\Users\Siba\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-09-03] CHR Extension: (Google Search) - C:\Users\Siba\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-09-03] CHR Extension: (No Name) - C:\Users\Siba\AppData\Local\Google\Chrome\User Data\Default\Extensions\hphibigbodkkohoglgfkddblldpfohjl [2012-10-10] CHR Extension: (Google Wallet) - C:\Users\Siba\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-28] CHR Extension: (No Name) - C:\Users\Siba\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc [2012-09-03] CHR Extension: (Gmail) - C:\Users\Siba\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-09-03] CHR HKCU\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Siba\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2012-09-03] CHR HKLM-x32\...\Chrome\Extension: [dijoojjdmkbmmmbobkingeecghfeciaj] - C:\Program Files (x86)\Spring Smart\dijoojjdmkbmmmbobkingeecghfeciaj.crx [2012-09-03] ==================== Services (Whitelisted) ================= R2 ePowerSvc; C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe [866336 2010-03-17] (Acer Incorporated) S3 GameConsoleService; C:\Program Files (x86)\Packard Bell Games\Packard Bell Game Console\GameConsoleService.exe [238328 2009-10-10] (WildTangent, Inc.) R2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [250712 2013-12-30] (Garmin Ltd or its subsidiaries) S3 GenericMount Helper Service; C:\Program Files (x86)\Norton Ghost\Shared\Drivers\GenericMountHelper.exe [1571336 2009-09-21] (Symantec) R2 GREGService; C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe [23584 2010-01-08] (Acer Incorporated) R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] () S3 LiveUpdate; C:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_2.EXE [2999664 2007-09-12] (Symantec Corporation) R2 Mobile Broadband HL Service; C:\ProgramData\MobileBrServ\mbbservice.exe [230240 2012-08-18] () S2 Mobile Partner. RunOuc; C:\Program Files (x86)\Mobile Partner\UpdateDog\ouc.exe [246112 2013-01-16] () R2 MSSQL$VISMA; C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation) R2 Norton Ghost; C:\Program Files (x86)\Norton Ghost\Agent\VProSvc.exe [4584288 2009-10-01] (Symantec Corporation) R2 NTI IScheduleSvc; C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe [250368 2010-03-09] (NewTech Infosystems, Inc.) S3 Symantec SymSnap VSS Provider; C:\Windows\system32\dllhost.exe [9728 2009-07-14] (Microsoft Corporation) S3 Symantec SymSnap VSS Provider; C:\Windows\SysWOW64\dllhost.exe [7168 2009-07-14] (Microsoft Corporation) R3 SymSnapService; C:\Program Files (x86)\Norton Ghost\Shared\Drivers\SymSnapServicex64.exe [2963960 2009-09-21] (Symantec) R2 Updater Service; C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe [243232 2010-01-29] (Acer Group) S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [X] ==================== Drivers (Whitelisted) ==================== S2 DgiVecp; C:\Windows\SysWOW64\Drivers\DgiVecp.sys [40448 2003-07-29] (DeviceGuys, Inc.) R3 GenericMount; C:\Windows\System32\DRIVERS\GenericMount.sys [54320 2009-09-21] (Symantec Corporation) S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [19936 2010-08-16] () S3 pwdspio; C:\Windows\system32\pwdspio.sys [13280 2010-08-16] () R0 symsnap; C:\Windows\System32\DRIVERS\symsnap.sys [170032 2009-09-21] (StorageCraft) S3 Tdsshbecr; C:\Windows\System32\DRIVERS\shbecr.sys [50176 2008-09-23] (Todos Data System AB) S3 VProEventMonitor; C:\Windows\System32\DRIVERS\vproeventmonitor.sys [20528 2009-09-21] (Symantec Corporation) R1 wStLib64; C:\Windows\System32\drivers\wStLib64.sys [61120 2014-03-18] (StdLib) S3 hwusbdev; system32\DRIVERS\ewusbdev.sys [X] U2 V2iMount; ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-04-07 17:01 - 2014-04-07 17:01 - 00023484 _____ () C:\Users\Siba\Desktop\FRST.txt 2014-04-07 17:00 - 2014-04-07 17:01 - 00000000 ____D () C:\FRST 2014-04-07 16:55 - 2014-04-07 16:55 - 00011904 _____ () C:\Users\Siba\Desktop\AdwCleaner[s0].txt 2014-04-07 16:23 - 2014-04-07 16:22 - 02157056 _____ (Farbar) C:\Users\Siba\Desktop\FRST64.exe 2014-04-07 10:44 - 2014-04-07 16:40 - 00000286 _____ () C:\Windows\Tasks\bench-Updater removing.job 2014-04-07 10:44 - 2014-04-07 10:44 - 00003226 _____ () C:\Windows\System32\Tasks\bench-Updater removing 2014-04-07 10:12 - 2014-04-07 10:12 - 00012045 _____ () C:\Users\Siba\Desktop\AdwCleaner[R0].txt 2014-04-07 10:03 - 2014-04-07 10:03 - 00000000 ____D () C:\Users\Siba\AppData\Local\{B77A7A43-8185-4306-A13C-764BEEB4F694} 2014-04-07 09:39 - 2014-04-07 09:39 - 00001304 _____ () C:\Users\Siba\Desktop\Notepad.lnk 2014-04-07 09:19 - 2014-04-07 16:38 - 00000000 ____D () C:\AdwCleaner 2014-04-06 21:56 - 2014-04-06 21:56 - 00000000 ____D () C:\Users\Siba\AppData\Local\{26A57F1C-BEF0-4343-BE22-E29F0DC9EAD5} 2014-04-06 07:28 - 2014-04-06 07:28 - 00000000 ____D () C:\Users\Siba\AppData\Local\{7C810FEA-A879-45F6-B2E5-0BEE141D3237} 2014-04-05 19:27 - 2014-04-05 19:27 - 00000000 ____D () C:\Users\Siba\AppData\Local\{80C8230E-1512-4C96-A65D-E1DD75E15E1B} 2014-04-05 07:26 - 2014-04-05 07:27 - 00000000 ____D () C:\Users\Siba\AppData\Local\{C42AA0B5-4130-48B1-9199-94A60CE2D6E1} 2014-04-04 19:26 - 2014-04-04 19:26 - 00000000 ____D () C:\Users\Siba\AppData\Local\{CB1FA653-8B76-4739-B301-E63B53E0904D} 2014-04-04 16:32 - 2014-04-04 16:32 - 00000000 ____D () C:\Users\Siba\AppData\Local\TB 2014-04-04 07:25 - 2014-04-04 07:25 - 00000000 ____D () C:\Users\Siba\AppData\Local\{4B98744F-AB5A-413F-B59E-BC0FD0AEBEF6} 2014-04-03 14:22 - 2014-04-03 14:22 - 00000000 ____D () C:\Users\Siba\AppData\Local\{367B4189-8F34-454A-9791-978ED6AF8CBC} 2014-04-02 13:43 - 2014-04-02 13:44 - 00000000 ____D () C:\Users\Siba\AppData\Local\{7683B26D-AB59-44A1-8EF9-FFE9153DD637} 2014-04-01 09:05 - 2014-04-01 09:05 - 00000000 ____D () C:\Users\Siba\AppData\Local\{CFB7990D-2716-4F33-A926-76EAE9450B8C} 2014-03-31 21:05 - 2014-03-31 21:05 - 00000000 ____D () C:\Users\Siba\AppData\Local\{7ACFCE11-03AF-4F45-A6B9-C72B261EE70F} 2014-03-31 09:04 - 2014-03-31 09:04 - 00000000 ____D () C:\Users\Siba\AppData\Local\{99726094-1298-4335-86EB-FA44C30A144F} 2014-03-30 14:41 - 2014-03-30 14:41 - 00000000 ____D () C:\Users\Siba\AppData\Local\{058A51F9-66CA-4605-AF3A-318D3B1ECB2A} 2014-03-30 00:51 - 2014-03-30 00:51 - 00000000 ____D () C:\Users\Siba\AppData\Local\{43779529-A7CD-4355-881E-359AB3B1D6FC} 2014-03-29 12:29 - 2014-03-29 12:29 - 00000000 ____D () C:\Users\Siba\AppData\Local\{594CCCC9-E4D6-47A4-A528-2A2DCBE2F7A8} 2014-03-29 00:28 - 2014-03-29 00:28 - 00000000 ____D () C:\Users\Siba\AppData\Local\{E41EF53C-5C27-4F5C-8B2C-FA123033696D} 2014-03-29 00:21 - 2014-03-29 00:21 - 00000000 ____D () C:\Users\Siba\AppData\Local\{9380C198-F4A2-4D65-BED2-FC57AD183B4C} 2014-03-28 09:05 - 2014-03-28 09:05 - 00000000 ____D () C:\Users\Siba\AppData\Local\{DA3794B0-33A6-41B9-AED0-175A6CE26CC6} 2014-03-27 20:36 - 2014-03-27 20:36 - 00000000 ____D () C:\Users\Siba\AppData\Local\{247A78A1-2A73-426B-9F66-FEFBC25925D8} 2014-03-26 14:01 - 2014-03-26 14:02 - 00000000 ____D () C:\Users\Siba\AppData\Local\{608A521F-D6C3-4BEE-A787-0084CCD4445D} 2014-03-26 01:02 - 2014-03-26 01:02 - 00000000 ____D () C:\Users\Siba\AppData\Local\{02E43831-9AD1-4CF6-934D-A642465E6965} 2014-03-25 13:02 - 2014-03-25 13:02 - 00000000 ____D () C:\Users\Siba\AppData\Local\{D562366B-4A40-4087-97EF-19FB8EEEFB3C} 2014-03-25 01:01 - 2014-03-25 01:01 - 00000000 ____D () C:\Users\Siba\AppData\Local\{C823BFCA-5430-4E5E-839B-95BDC4529016} 2014-03-24 13:01 - 2014-03-24 13:01 - 00000000 ____D () C:\Users\Siba\AppData\Local\{3379839D-BF76-4770-8368-2D8C3997DDE6} 2014-03-24 01:00 - 2014-03-24 01:00 - 00000000 ____D () C:\Users\Siba\AppData\Local\{FEBE8501-6B80-4B53-86D5-66DF9279BA4D} 2014-03-23 12:55 - 2014-03-23 12:55 - 00000000 ____D () C:\Users\Siba\AppData\Local\{F9E3E375-0774-4EDD-9BBA-7A7B0D9BA842} 2014-03-22 10:32 - 2014-03-22 10:32 - 00000000 ____D () C:\Users\Siba\AppData\Local\{BECD6F39-24A4-48F2-9F0E-F8D1B370045B} 2014-03-21 19:54 - 2014-03-21 19:55 - 00000000 ____D () C:\Users\Siba\AppData\Local\{3D75A2C3-53D9-4B7C-98D0-F1557CDC558A} 2014-03-21 07:28 - 2014-03-21 07:29 - 00000000 ____D () C:\Users\Siba\AppData\Local\{DEA4FD81-5F4B-4343-A264-B1F0EC7F8348} 2014-03-20 13:09 - 2014-03-18 22:50 - 277461864 _____ () C:\Users\Siba\Desktop\Mexikansk afton på Odd 007.MOV 2014-03-20 12:33 - 2014-03-20 12:33 - 00000000 ____D () C:\Users\Siba\AppData\Local\{B814A57D-07B2-4B17-8A3A-3F624CF39C87} 2014-03-19 23:50 - 2014-03-19 23:50 - 00000000 ____D () C:\Users\Siba\AppData\Local\{74A2B95B-43F7-450D-9AC5-F3DA3B83500A} 2014-03-19 11:49 - 2014-03-19 11:49 - 00000000 ____D () C:\Users\Siba\AppData\Local\{3AF8729F-00E2-49A0-BECF-9A681DD7CD3A} 2014-03-18 11:55 - 2014-03-18 11:55 - 00000000 ____D () C:\Users\Siba\AppData\Local\{586F9F9A-7ECD-4E3A-8D81-6F4CFB3C913C} 2014-03-18 08:26 - 2014-03-18 08:26 - 00061120 _____ (StdLib) C:\Windows\system32\Drivers\wStLib64.sys 2014-03-17 23:55 - 2014-03-17 23:55 - 00000000 ____D () C:\Users\Siba\AppData\Local\{7931A30A-E2D2-4B36-B6C7-A9BB5F1EFE56} 2014-03-17 10:13 - 2014-03-17 10:13 - 00000000 ____D () C:\Users\Siba\AppData\Local\{E854F2A4-F0E1-45F4-8A21-21618BAC2449} 2014-03-16 22:12 - 2014-03-16 22:13 - 00000000 ____D () C:\Users\Siba\AppData\Local\{A03793CF-63D5-4CF9-A015-C2B15754A94F} 2014-03-16 10:12 - 2014-03-16 10:12 - 00000000 ____D () C:\Users\Siba\AppData\Local\{47DCB76D-1B67-4549-9377-76580E1D97C4} 2014-03-15 22:11 - 2014-03-15 22:12 - 00000000 ____D () C:\Users\Siba\AppData\Local\{FFFFCA90-E3F8-4F8C-99AB-D422A195FF1E} 2014-03-15 10:11 - 2014-03-15 10:11 - 00000000 ____D () C:\Users\Siba\AppData\Local\{A07C8EF3-61D2-48D4-804C-A13D77EEDF73} 2014-03-14 19:52 - 2014-03-14 19:52 - 00000000 ____D () C:\Users\Siba\AppData\Local\{6B398168-9EE2-4208-9D18-E029EC76F2AE} 2014-03-14 07:51 - 2014-03-14 07:51 - 00000000 ____D () C:\Users\Siba\AppData\Local\{1DACC020-F213-4317-89FE-B09BE3B98FD1} 2014-03-13 10:00 - 2014-03-13 10:00 - 00000000 ____D () C:\Users\Siba\AppData\Local\{91B8C9C9-B85E-451B-B440-3194702D7190} 2014-03-13 07:40 - 2014-03-01 08:05 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-03-13 07:40 - 2014-03-01 07:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-03-13 07:40 - 2014-03-01 07:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-03-13 07:40 - 2014-03-01 06:58 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-03-13 07:40 - 2014-03-01 06:52 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-03-13 07:40 - 2014-03-01 06:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-03-13 07:40 - 2014-03-01 06:42 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-03-13 07:40 - 2014-03-01 06:40 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-03-13 07:40 - 2014-03-01 06:37 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-03-13 07:40 - 2014-03-01 06:33 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-03-13 07:40 - 2014-03-01 06:33 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-03-13 07:40 - 2014-03-01 06:32 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-03-13 07:40 - 2014-03-01 06:30 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-03-13 07:40 - 2014-03-01 06:23 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-03-13 07:40 - 2014-03-01 06:17 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-03-13 07:40 - 2014-03-01 06:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-03-13 07:40 - 2014-03-01 06:02 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-03-13 07:40 - 2014-03-01 05:54 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-03-13 07:40 - 2014-03-01 05:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-03-13 07:40 - 2014-03-01 05:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-03-13 07:40 - 2014-03-01 05:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-03-13 07:40 - 2014-03-01 05:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-03-13 07:40 - 2014-03-01 05:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-03-13 07:40 - 2014-03-01 05:42 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-03-13 07:40 - 2014-03-01 05:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-03-13 07:40 - 2014-03-01 05:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-03-13 07:40 - 2014-03-01 05:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-03-13 07:40 - 2014-03-01 05:35 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-03-13 07:40 - 2014-03-01 05:18 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-03-13 07:40 - 2014-03-01 05:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-03-13 07:40 - 2014-03-01 05:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-03-13 07:40 - 2014-03-01 05:10 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-03-13 07:40 - 2014-03-01 05:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-03-13 07:40 - 2014-03-01 05:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-03-13 07:40 - 2014-03-01 04:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-03-13 07:40 - 2014-03-01 04:38 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-03-13 07:40 - 2014-03-01 04:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-03-13 07:40 - 2014-03-01 04:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-03-13 07:40 - 2014-03-01 04:25 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-03-13 07:40 - 2014-03-01 04:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-03-13 07:40 - 2014-02-07 03:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-03-13 07:40 - 2014-01-29 04:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll 2014-03-13 07:40 - 2014-01-29 04:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll 2014-03-13 07:40 - 2014-01-28 04:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll 2014-03-13 07:39 - 2014-02-04 04:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll 2014-03-13 07:39 - 2014-02-04 04:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll 2014-03-13 07:39 - 2014-02-04 04:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll 2014-03-13 07:39 - 2014-02-04 04:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll 2014-03-12 21:59 - 2014-03-12 21:59 - 00000000 ____D () C:\Users\Siba\AppData\Local\{A34D6203-418A-4B59-9C0B-8D83CE1868BA} 2014-03-12 09:58 - 2014-03-12 09:59 - 00000000 ____D () C:\Users\Siba\AppData\Local\{845C3765-FAA9-46DB-82DE-CA78596160E3} 2014-03-11 21:58 - 2014-03-11 21:58 - 00000000 ____D () C:\Users\Siba\AppData\Local\{CE374816-07B6-4666-B3A3-2BDDA5BDE396} 2014-03-11 09:57 - 2014-03-11 09:58 - 00000000 ____D () C:\Users\Siba\AppData\Local\{940CD062-74D2-4C77-92CC-BBB5116A7F10} 2014-03-10 21:57 - 2014-03-10 21:57 - 00000000 ____D () C:\Users\Siba\AppData\Local\{3357E248-6E2A-4291-86E3-D298484614DF} 2014-03-10 08:43 - 2014-03-10 08:43 - 00000000 ____D () C:\Users\Siba\AppData\Local\{9A428C7F-2C15-4562-AF6E-83D1A3D4AB0A} 2014-03-09 20:43 - 2014-03-09 20:43 - 00000000 ____D () C:\Users\Siba\AppData\Local\{41B9C45B-C4FB-4F01-9286-72EE4514589E} 2014-03-09 08:42 - 2014-03-09 08:42 - 00000000 ____D () C:\Users\Siba\AppData\Local\{E6C0677D-4ABC-4D04-B154-D2846B33AAA1} 2014-03-08 20:40 - 2014-03-08 20:40 - 00000000 ____D () C:\Users\Siba\AppData\Local\{C8F2AC0A-09A1-4755-843F-614C24D5A6C6} 2014-03-08 08:39 - 2014-03-08 08:39 - 00000000 ____D () C:\Users\Siba\AppData\Local\{CBF51D31-0A90-40CE-A584-0B60D9685A78} ==================== One Month Modified Files and Folders ======= 2014-04-07 17:01 - 2014-04-07 17:01 - 00023484 _____ () C:\Users\Siba\Desktop\FRST.txt 2014-04-07 17:01 - 2014-04-07 17:00 - 00000000 ____D () C:\FRST 2014-04-07 17:00 - 2010-12-03 17:10 - 00000000 ____D () C:\Users\Siba\AppData\Roaming\Skype 2014-04-07 16:58 - 2012-04-03 11:26 - 00000868 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-04-07 16:55 - 2014-04-07 16:55 - 00011904 _____ () C:\Users\Siba\Desktop\AdwCleaner[s0].txt 2014-04-07 16:48 - 2009-07-14 06:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-04-07 16:48 - 2009-07-14 06:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-04-07 16:44 - 2010-06-21 00:56 - 01951159 _____ () C:\Windows\WindowsUpdate.log 2014-04-07 16:42 - 2010-12-06 16:27 - 00000990 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-04-07 16:40 - 2014-04-07 10:44 - 00000286 _____ () C:\Windows\Tasks\bench-Updater removing.job 2014-04-07 16:40 - 2013-02-28 19:26 - 00054156 ____H () C:\Windows\QTFont.qfn 2014-04-07 16:40 - 2010-12-06 16:27 - 00000986 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-04-07 16:40 - 2010-12-03 16:39 - 00000000 ____D () C:\Users\Siba\Tracing 2014-04-07 16:39 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-04-07 16:39 - 2009-07-14 06:51 - 00232110 _____ () C:\Windows\setupact.log 2014-04-07 16:38 - 2014-04-07 09:19 - 00000000 ____D () C:\AdwCleaner 2014-04-07 16:22 - 2014-04-07 16:23 - 02157056 _____ (Farbar) C:\Users\Siba\Desktop\FRST64.exe 2014-04-07 14:20 - 2011-04-29 16:36 - 00000321 _____ () C:\Windows\Brownie.ini 2014-04-07 13:48 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\Registration 2014-04-07 13:19 - 2013-08-15 18:11 - 00003928 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{616AC308-FC55-4A31-B74C-112D4CC5B179} 2014-04-07 10:44 - 2014-04-07 10:44 - 00003226 _____ () C:\Windows\System32\Tasks\bench-Updater removing 2014-04-07 10:12 - 2014-04-07 10:12 - 00012045 _____ () C:\Users\Siba\Desktop\AdwCleaner[R0].txt 2014-04-07 10:03 - 2014-04-07 10:03 - 00000000 ____D () C:\Users\Siba\AppData\Local\{B77A7A43-8185-4306-A13C-764BEEB4F694} 2014-04-07 10:00 - 2010-04-30 16:49 - 00383912 _____ () C:\Windows\PFRO.log 2014-04-07 09:39 - 2014-04-07 09:39 - 00001304 _____ () C:\Users\Siba\Desktop\Notepad.lnk 2014-04-07 09:23 - 2013-02-28 19:26 - 00001409 _____ () C:\Windows\QTFont.for 2014-04-07 09:15 - 2010-12-03 17:32 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-04-07 09:12 - 2014-02-10 22:03 - 00000254 __RSH () C:\ProgramData\ntuser.pol 2014-04-07 07:12 - 2009-07-14 04:34 - 00000936 _____ () C:\Windows\win.ini 2014-04-06 21:56 - 2014-04-06 21:56 - 00000000 ____D () C:\Users\Siba\AppData\Local\{26A57F1C-BEF0-4343-BE22-E29F0DC9EAD5} 2014-04-06 07:28 - 2014-04-06 07:28 - 00000000 ____D () C:\Users\Siba\AppData\Local\{7C810FEA-A879-45F6-B2E5-0BEE141D3237} 2014-04-05 20:01 - 2010-12-03 21:29 - 00000000 ____D () C:\Users\Siba\AppData\Roaming\vlc 2014-04-05 19:27 - 2014-04-05 19:27 - 00000000 ____D () C:\Users\Siba\AppData\Local\{80C8230E-1512-4C96-A65D-E1DD75E15E1B} 2014-04-05 18:44 - 2011-02-22 15:01 - 00000000 ____D () C:\Users\Siba\AppData\Roaming\dvdcss 2014-04-05 07:27 - 2014-04-05 07:26 - 00000000 ____D () C:\Users\Siba\AppData\Local\{C42AA0B5-4130-48B1-9199-94A60CE2D6E1} 2014-04-04 19:26 - 2014-04-04 19:26 - 00000000 ____D () C:\Users\Siba\AppData\Local\{CB1FA653-8B76-4739-B301-E63B53E0904D} 2014-04-04 16:32 - 2014-04-04 16:32 - 00000000 ____D () C:\Users\Siba\AppData\Local\TB 2014-04-04 07:25 - 2014-04-04 07:25 - 00000000 ____D () C:\Users\Siba\AppData\Local\{4B98744F-AB5A-413F-B59E-BC0FD0AEBEF6} 2014-04-03 14:22 - 2014-04-03 14:22 - 00000000 ____D () C:\Users\Siba\AppData\Local\{367B4189-8F34-454A-9791-978ED6AF8CBC} 2014-04-02 19:46 - 2010-06-21 01:47 - 00713596 _____ () C:\Windows\system32\perfh01D.dat 2014-04-02 19:46 - 2010-06-21 01:47 - 00161298 _____ () C:\Windows\system32\perfc01D.dat 2014-04-02 19:46 - 2009-07-14 07:13 - 01719382 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-04-02 15:00 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF 2014-04-02 13:44 - 2014-04-02 13:43 - 00000000 ____D () C:\Users\Siba\AppData\Local\{7683B26D-AB59-44A1-8EF9-FFE9153DD637} 2014-04-01 09:05 - 2014-04-01 09:05 - 00000000 ____D () C:\Users\Siba\AppData\Local\{CFB7990D-2716-4F33-A926-76EAE9450B8C} 2014-03-31 21:05 - 2014-03-31 21:05 - 00000000 ____D () C:\Users\Siba\AppData\Local\{7ACFCE11-03AF-4F45-A6B9-C72B261EE70F} 2014-03-31 09:04 - 2014-03-31 09:04 - 00000000 ____D () C:\Users\Siba\AppData\Local\{99726094-1298-4335-86EB-FA44C30A144F} 2014-03-30 14:41 - 2014-03-30 14:41 - 00000000 ____D () C:\Users\Siba\AppData\Local\{058A51F9-66CA-4605-AF3A-318D3B1ECB2A} 2014-03-30 00:51 - 2014-03-30 00:51 - 00000000 ____D () C:\Users\Siba\AppData\Local\{43779529-A7CD-4355-881E-359AB3B1D6FC} 2014-03-29 12:29 - 2014-03-29 12:29 - 00000000 ____D () C:\Users\Siba\AppData\Local\{594CCCC9-E4D6-47A4-A528-2A2DCBE2F7A8} 2014-03-29 00:28 - 2014-03-29 00:28 - 00000000 ____D () C:\Users\Siba\AppData\Local\{E41EF53C-5C27-4F5C-8B2C-FA123033696D} 2014-03-29 00:21 - 2014-03-29 00:21 - 00000000 ____D () C:\Users\Siba\AppData\Local\{9380C198-F4A2-4D65-BED2-FC57AD183B4C} 2014-03-28 15:06 - 2010-09-26 19:41 - 00000000 ____D () C:\Users\Siba\AppData\Local\Google 2014-03-28 09:05 - 2014-03-28 09:05 - 00000000 ____D () C:\Users\Siba\AppData\Local\{DA3794B0-33A6-41B9-AED0-175A6CE26CC6} 2014-03-27 20:36 - 2014-03-27 20:36 - 00000000 ____D () C:\Users\Siba\AppData\Local\{247A78A1-2A73-426B-9F66-FEFBC25925D8} 2014-03-26 14:02 - 2014-03-26 14:01 - 00000000 ____D () C:\Users\Siba\AppData\Local\{608A521F-D6C3-4BEE-A787-0084CCD4445D} 2014-03-26 10:37 - 2010-12-06 16:27 - 00003986 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2014-03-26 10:37 - 2010-12-06 16:27 - 00003734 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2014-03-26 01:02 - 2014-03-26 01:02 - 00000000 ____D () C:\Users\Siba\AppData\Local\{02E43831-9AD1-4CF6-934D-A642465E6965} 2014-03-25 22:57 - 2010-12-05 21:32 - 00000000 ____D () C:\Users\Siba\AppData\Roaming\uTorrent 2014-03-25 15:12 - 2012-09-19 16:12 - 00000000 ____D () C:\Users\Siba\Downloads\Into.The.White.2012.Swesub.DVDrip.Xvid.AC3-Haggebulle 2014-03-25 13:02 - 2014-03-25 13:02 - 00000000 ____D () C:\Users\Siba\AppData\Local\{D562366B-4A40-4087-97EF-19FB8EEEFB3C} 2014-03-25 01:01 - 2014-03-25 01:01 - 00000000 ____D () C:\Users\Siba\AppData\Local\{C823BFCA-5430-4E5E-839B-95BDC4529016} 2014-03-24 13:01 - 2014-03-24 13:01 - 00000000 ____D () C:\Users\Siba\AppData\Local\{3379839D-BF76-4770-8368-2D8C3997DDE6} 2014-03-24 01:00 - 2014-03-24 01:00 - 00000000 ____D () C:\Users\Siba\AppData\Local\{FEBE8501-6B80-4B53-86D5-66DF9279BA4D} 2014-03-23 16:04 - 2009-07-14 07:08 - 00032514 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-03-23 12:55 - 2014-03-23 12:55 - 00000000 ____D () C:\Users\Siba\AppData\Local\{F9E3E375-0774-4EDD-9BBA-7A7B0D9BA842} 2014-03-22 10:32 - 2014-03-22 10:32 - 00000000 ____D () C:\Users\Siba\AppData\Local\{BECD6F39-24A4-48F2-9F0E-F8D1B370045B} 2014-03-21 19:55 - 2014-03-21 19:54 - 00000000 ____D () C:\Users\Siba\AppData\Local\{3D75A2C3-53D9-4B7C-98D0-F1557CDC558A} 2014-03-21 07:29 - 2014-03-21 07:28 - 00000000 ____D () C:\Users\Siba\AppData\Local\{DEA4FD81-5F4B-4343-A264-B1F0EC7F8348} 2014-03-20 12:33 - 2014-03-20 12:33 - 00000000 ____D () C:\Users\Siba\AppData\Local\{B814A57D-07B2-4B17-8A3A-3F624CF39C87} 2014-03-19 23:50 - 2014-03-19 23:50 - 00000000 ____D () C:\Users\Siba\AppData\Local\{74A2B95B-43F7-450D-9AC5-F3DA3B83500A} 2014-03-19 16:20 - 2010-12-27 13:42 - 00000000 ____D () C:\Users\Siba\AppData\Local\Windows Live 2014-03-19 11:49 - 2014-03-19 11:49 - 00000000 ____D () C:\Users\Siba\AppData\Local\{3AF8729F-00E2-49A0-BECF-9A681DD7CD3A} 2014-03-18 22:50 - 2014-03-20 13:09 - 277461864 _____ () C:\Users\Siba\Desktop\Mexikansk afton på Odd 007.MOV 2014-03-18 16:13 - 2013-07-18 08:11 - 00000000 ____D () C:\Windows\system32\MRT 2014-03-18 16:10 - 2010-12-27 13:40 - 90015360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-03-18 11:55 - 2014-03-18 11:55 - 00000000 ____D () C:\Users\Siba\AppData\Local\{586F9F9A-7ECD-4E3A-8D81-6F4CFB3C913C} 2014-03-18 08:26 - 2014-03-18 08:26 - 00061120 _____ (StdLib) C:\Windows\system32\Drivers\wStLib64.sys 2014-03-17 23:55 - 2014-03-17 23:55 - 00000000 ____D () C:\Users\Siba\AppData\Local\{7931A30A-E2D2-4B36-B6C7-A9BB5F1EFE56} 2014-03-17 10:13 - 2014-03-17 10:13 - 00000000 ____D () C:\Users\Siba\AppData\Local\{E854F2A4-F0E1-45F4-8A21-21618BAC2449} 2014-03-16 22:13 - 2014-03-16 22:12 - 00000000 ____D () C:\Users\Siba\AppData\Local\{A03793CF-63D5-4CF9-A015-C2B15754A94F} 2014-03-16 10:12 - 2014-03-16 10:12 - 00000000 ____D () C:\Users\Siba\AppData\Local\{47DCB76D-1B67-4549-9377-76580E1D97C4} 2014-03-15 22:12 - 2014-03-15 22:11 - 00000000 ____D () C:\Users\Siba\AppData\Local\{FFFFCA90-E3F8-4F8C-99AB-D422A195FF1E} 2014-03-15 10:11 - 2014-03-15 10:11 - 00000000 ____D () C:\Users\Siba\AppData\Local\{A07C8EF3-61D2-48D4-804C-A13D77EEDF73} 2014-03-14 19:52 - 2014-03-14 19:52 - 00000000 ____D () C:\Users\Siba\AppData\Local\{6B398168-9EE2-4208-9D18-E029EC76F2AE} 2014-03-14 07:51 - 2014-03-14 07:51 - 00000000 ____D () C:\Users\Siba\AppData\Local\{1DACC020-F213-4317-89FE-B09BE3B98FD1} 2014-03-14 07:48 - 2009-07-14 06:45 - 00423384 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-03-14 07:46 - 2013-03-14 01:43 - 00000000 ____D () C:\Program Files\Microsoft Silverlight 2014-03-14 07:46 - 2010-04-30 16:32 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight 2014-03-14 02:02 - 2010-04-30 16:25 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-03-13 17:46 - 2010-12-03 17:47 - 00000000 ____D () C:\Program Files (x86)\Gmail Notifier 2014-03-13 17:27 - 2010-12-03 17:09 - 00000000 ___RD () C:\Program Files (x86)\Skype 2014-03-13 17:25 - 2010-12-03 16:47 - 00000000 ____D () C:\Users\Siba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CrossLoop 2014-03-13 17:25 - 2010-12-03 16:47 - 00000000 ____D () C:\Users\Siba\AppData\Local\CrossLoop 2014-03-13 17:14 - 2011-02-02 12:14 - 00000000 ____D () C:\Program Files (x86)\Kodak 2014-03-13 17:14 - 2011-02-02 12:12 - 00000000 ____D () C:\ProgramData\Kodak 2014-03-13 17:14 - 2010-06-21 01:00 - 00032722 _____ () C:\Windows\DPINST.LOG 2014-03-13 10:00 - 2014-03-13 10:00 - 00000000 ____D () C:\Users\Siba\AppData\Local\{91B8C9C9-B85E-451B-B440-3194702D7190} 2014-03-12 21:59 - 2014-03-12 21:59 - 00000000 ____D () C:\Users\Siba\AppData\Local\{A34D6203-418A-4B59-9C0B-8D83CE1868BA} 2014-03-12 09:59 - 2014-03-12 09:58 - 00000000 ____D () C:\Users\Siba\AppData\Local\{845C3765-FAA9-46DB-82DE-CA78596160E3} 2014-03-11 23:58 - 2012-04-03 11:26 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-03-11 23:58 - 2012-04-03 11:26 - 00003806 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-03-11 23:58 - 2011-06-08 14:39 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-03-11 21:58 - 2014-03-11 21:58 - 00000000 ____D () C:\Users\Siba\AppData\Local\{CE374816-07B6-4666-B3A3-2BDDA5BDE396} 2014-03-11 09:58 - 2014-03-11 09:57 - 00000000 ____D () C:\Users\Siba\AppData\Local\{940CD062-74D2-4C77-92CC-BBB5116A7F10} 2014-03-10 21:57 - 2014-03-10 21:57 - 00000000 ____D () C:\Users\Siba\AppData\Local\{3357E248-6E2A-4291-86E3-D298484614DF} 2014-03-10 08:43 - 2014-03-10 08:43 - 00000000 ____D () C:\Users\Siba\AppData\Local\{9A428C7F-2C15-4562-AF6E-83D1A3D4AB0A} 2014-03-09 20:43 - 2014-03-09 20:43 - 00000000 ____D () C:\Users\Siba\AppData\Local\{41B9C45B-C4FB-4F01-9286-72EE4514589E} 2014-03-09 08:42 - 2014-03-09 08:42 - 00000000 ____D () C:\Users\Siba\AppData\Local\{E6C0677D-4ABC-4D04-B154-D2846B33AAA1} 2014-03-08 20:40 - 2014-03-08 20:40 - 00000000 ____D () C:\Users\Siba\AppData\Local\{C8F2AC0A-09A1-4755-843F-614C24D5A6C6} 2014-03-08 08:39 - 2014-03-08 08:39 - 00000000 ____D () C:\Users\Siba\AppData\Local\{CBF51D31-0A90-40CE-A584-0B60D9685A78} Some content of TEMP: ==================== C:\Users\Siba\AppData\Local\Temp\.exe C:\Users\Siba\AppData\Local\Temp\2238.exe C:\Users\Siba\AppData\Local\Temp\4.0.0.9-EasyShrx.Dll C:\Users\Siba\AppData\Local\Temp\8.2.30.1-EasyShrx.Dll C:\Users\Siba\AppData\Local\Temp\8.3.20.1-EasyShrx.Dll C:\Users\Siba\AppData\Local\Temp\9B45.exe C:\Users\Siba\AppData\Local\Temp\9D38.exe C:\Users\Siba\AppData\Local\Temp\BackupSetup.exe C:\Users\Siba\AppData\Local\Temp\BandooV6.exe C:\Users\Siba\AppData\Local\Temp\DataCard_Setup64.exe C:\Users\Siba\AppData\Local\Temp\DealsPluginROW.exe C:\Users\Siba\AppData\Local\Temp\FP_PL_PFS_INSTALLER.exe C:\Users\Siba\AppData\Local\Temp\IadHide5.dll C:\Users\Siba\AppData\Local\Temp\installhelper.dll C:\Users\Siba\AppData\Local\Temp\jre-6u23-windows-i586-iftw-rv.exe C:\Users\Siba\AppData\Local\Temp\jre-6u26-windows-i586-iftw-rv.exe C:\Users\Siba\AppData\Local\Temp\jre-6u29-windows-i586-iftw-rv.exe C:\Users\Siba\AppData\Local\Temp\jre-6u33-windows-i586-iftw.exe C:\Users\Siba\AppData\Local\Temp\jre-6u35-windows-i586-iftw.exe C:\Users\Siba\AppData\Local\Temp\jre-6u37-windows-i586-iftw.exe C:\Users\Siba\AppData\Local\Temp\jre-6u39-windows-i586-iftw.exe C:\Users\Siba\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe C:\Users\Siba\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe C:\Users\Siba\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe C:\Users\Siba\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe C:\Users\Siba\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe C:\Users\Siba\AppData\Local\Temp\lastpass_1.75.0.exe C:\Users\Siba\AppData\Local\Temp\lastpass_1.80.0.exe C:\Users\Siba\AppData\Local\Temp\lastpass_1.90.0.exe C:\Users\Siba\AppData\Local\Temp\lastpass_2.0.0.exe C:\Users\Siba\AppData\Local\Temp\lastpass_2.0.2.exe C:\Users\Siba\AppData\Local\Temp\Quarantine.exe C:\Users\Siba\AppData\Local\Temp\rcpsetup_26034.exe C:\Users\Siba\AppData\Local\Temp\ResetDevice.exe C:\Users\Siba\AppData\Local\Temp\SkypeSetup.exe C:\Users\Siba\AppData\Local\Temp\SRAssetsHelper.dll C:\Users\Siba\AppData\Local\Temp\tbuTor.dll C:\Users\Siba\AppData\Local\Temp\tmp8819.exe C:\Users\Siba\AppData\Local\Temp\vcredist_x64.exe C:\Users\Siba\AppData\Local\Temp\VistaLib64_1.dll C:\Users\Siba\AppData\Local\Temp\vlc-2.0.4-win32.exe C:\Users\Siba\AppData\Local\Temp\VSUSetup.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-03-30 15:41 ==================== End Of Log ============================ Addition.txt
  5. Tack för att du hjälper oss och här kommer svaret från Adwcleaner: # AdwCleaner v3.023 - Report created 07/04/2014 at 10:06:06 # Updated 01/04/2014 by Xplode # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits) # Username : Siba - SIBA-DATOR # Running from : C:\Users\Siba\Desktop\AdwCleaner.exe # Option : Scan ***** [ Services ] ***** ***** [ Files / Folders ] ***** File Found : C:\Program Files (x86)\Mozilla Firefox\Extensions\{1FD91A9C-410C-4090-BBCC-55D3450EF433} File Found : C:\Program Files (x86)\Mozilla Firefox\searchplugins\SearchResults.xml File Found : C:\Users\Siba\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_app.mam.conduit.com_0.localstorage File Found : C:\Users\Siba\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_app.mam.conduit.com_0.localstorage-journal File Found : C:\Users\Siba\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_apps.conduit.com_0.localstorage File Found : C:\Users\Siba\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_apps.conduit.com_0.localstorage-journal File Found : C:\Users\Siba\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_facebook.conduitapps.com_0.localstorage File Found : C:\Users\Siba\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_facebook.conduitapps.com_0.localstorage-journal File Found : C:\Users\Siba\AppData\Local\Google\Chrome\user data\default\local storage\hxxp_pricegong.conduitapps.com_0.localstorage File Found : C:\Users\Siba\AppData\Local\Google\Chrome\user data\default\local storage\hxxp_pricegong.conduitapps.com_0.localstorage-journal File Found : C:\Users\Siba\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage File Found : C:\Users\Siba\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage-journal File Found : C:\Users\Siba\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_storage.conduit.com_0.localstorage File Found : C:\Users\Siba\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_storage.conduit.com_0.localstorage-journal File Found : C:\Users\Siba\AppData\Local\Temp\Searchqu.ini File Found : C:\Users\Siba\AppData\Local\Temp\searchqutoolbar-manifest.xml File Found : C:\Users\Siba\AppData\Local\Temp\SetupDataMngr_Searchqu.exe File Found : C:\Users\Siba\AppData\Roaming\Mozilla\Firefox\Profiles\.BackupManager\user.js File Found : C:\Users\Siba\AppData\Roaming\Mozilla\Firefox\Profiles\avaji64z.default\user.js File Found : C:\Windows\System32\Tasks\bench-sys File Found : C:\Windows\Tasks\bench-sys.job Folder Found : C:\Users\Siba\AppData\Local\Google\Chrome\User Data\Default\Extensions\hphibigbodkkohoglgfkddblldpfohjl Folder Found : C:\Users\Siba\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc Folder Found : C:\Users\Siba\AppData\Roaming\Mozilla\Firefox\Profiles\avaji64z.default\Extensions\{99079A25-328F-4BD4-BE04-00955ACAA0A7} Folder Found C:\Program Files (x86)\1ClickDownload Folder Found C:\Program Files (x86)\Bandoo Folder Found C:\Program Files (x86)\Bench Folder Found C:\Program Files (x86)\Conduit Folder Found C:\Program Files (x86)\MyPC Backup Folder Found C:\ProgramData\boost_interprocess Folder Found C:\ProgramData\Partner Folder Found C:\Users\Siba\AppData\Local\Conduit Folder Found C:\Users\Siba\AppData\Local\Deals Plugin Extension Folder Found C:\Users\Siba\AppData\Local\Ilivid Player Folder Found C:\Users\Siba\AppData\Local\PackageAware Folder Found C:\Users\Siba\AppData\Local\Temp\boost_interprocess Folder Found C:\Users\Siba\AppData\LocalLow\Bandoo Folder Found C:\Users\Siba\AppData\LocalLow\Conduit Folder Found C:\Users\Siba\AppData\LocalLow\searchquband Folder Found C:\Users\Siba\AppData\LocalLow\SiteRanker Folder Found C:\Users\Siba\AppData\Roaming\Bandoo ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Found : HKCU\Software\1ClickDownload Key Found : HKCU\Software\AppDataLow\Software\Conduit Key Found : HKCU\Software\AppDataLow\Software\Crossrider Key Found : HKCU\Software\AppDataLow\Software\searchqutoolbar Key Found : HKCU\Software\AppDataLow\Software\SmartBar Key Found : HKCU\Software\Conduit Key Found : HKCU\Software\Cr_Installer Key Found : HKCU\Software\DataMngr Key Found : HKCU\Software\Google\Chrome\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D7E97865-918F-41E4-9CD0-25AB1C574CE8} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{99079A25-328F-4BD4-BE04-00955ACAA0A7} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{99079A25-328F-4BD4-BE04-00955ACAA0A7} Key Found : HKCU\Software\powerpack Key Found : HKCU\Software\Softonic Key Found : HKCU\Software\StartSearch Key Found : [x64] HKCU\Software\1ClickDownload Key Found : [x64] HKCU\Software\Conduit Key Found : [x64] HKCU\Software\Cr_Installer Key Found : [x64] HKCU\Software\DataMngr Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6} Key Found : [x64] HKCU\Software\powerpack Key Found : [x64] HKCU\Software\Softonic Key Found : [x64] HKCU\Software\StartSearch Key Found : HKLM\Software\Bench Key Found : HKLM\SOFTWARE\Classes\1ClicktorrentFile Key Found : HKLM\SOFTWARE\Classes\1ClicktorrentFile1 Key Found : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323} Key Found : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826} Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB} Key Found : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C} Key Found : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe Key Found : HKLM\SOFTWARE\Classes\CLSID\{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5} Key Found : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3} Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1} Key Found : HKLM\SOFTWARE\Classes\CLSID\{99079A25-328F-4BD4-BE04-00955ACAA0A7} Key Found : HKLM\SOFTWARE\Classes\oneclick Key Found : HKLM\SOFTWARE\Classes\oneclickmg Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1 Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3072253 Key Found : HKLM\Software\Conduit Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\hphibigbodkkohoglgfkddblldpfohjl Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\pmlghpafmmnmmkjdhacccolfgnkiboco Key Found : HKLM\Software\Iminent Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{424624F4-C5DD-4E1D-BDD0-1E9C9B7799CC} Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7F000001-DB8E-F89C-2FEC-49BF726F8C12} Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9C8A3CA5-889E-4554-BEEC-EC0876E4E96A} Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F9189560-573A-4FDE-B055-AE7B0F4CF080} Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32 Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS Key Found : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker-1_RASAPI32 Key Found : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker-1_RASMANCS Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32 Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs Key Found : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASAPI32 Key Found : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASMANCS Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32 Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32 Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_vlc-media-player[1]_RASAPI32 Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_vlc-media-player[1]_RASMANCS Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6087829B-114F-42A1-A72B-B4AEDCEA4E5B} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D7E97865-918F-41E4-9CD0-25AB1C574CE8} Key Found : HKLM\Software\SiteRanker Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5} Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{06DE5702-44CF-4B79-B4EF-3DDF653358F5} Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{28C3737A-32D1-492D-B76B-8D75EBBFB887} Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{477F210A-2A86-4666-9C4B-1189634D2C84} Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{6F43FA77-C18F-4D0C-9C7E-958876FE2061} Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{CE057E0D-2D7E-4DFF-A890-07BA69B8C762} Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{DF948646-8BF4-450E-A059-CF8A4E0FE2BE} Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{E96B49B0-E11F-48FC-984A-EEC29A4F57E1} Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{FF871E51-2655-4D06-AED5-745962A96B32} Key Found : [x64] HKLM\SOFTWARE\DataMngr Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{424624F4-C5DD-4E1D-BDD0-1E9C9B7799CC} Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7F000001-DB8E-F89C-2FEC-49BF726F8C12} Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9C8A3CA5-889E-4554-BEEC-EC0876E4E96A} Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F9189560-573A-4FDE-B055-AE7B0F4CF080} Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5} Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{687578B9-7132-4A7A-80E4-30EE31099E03}] ***** [ Browsers ] ***** -\\ Internet Explorer v11.0.9600.16521 -\\ Mozilla Firefox v [ File : C:\Users\Siba\AppData\Roaming\Mozilla\Firefox\Profiles\.BackupManager\prefs.js ] [ File : C:\Users\Siba\AppData\Roaming\Mozilla\Firefox\Profiles\avaji64z.default\prefs.js ] -\\ Google Chrome v33.0.1750.154 [ File : C:\Users\Siba\AppData\Local\Google\Chrome\User Data\Default\preferences ] Found : search_url ************************* AdwCleaner[R0].txt - [11803 octets] - [07/04/2014 10:06:06] ########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [11864 octets] ##########
  6. Försöker hjälpa min bror som senaste månaden fått in en massa oönskad reklam och pop-upfönster. Dessutom har hans systemsåterställning satts ur funktion, så det går inte att gå tillbaka till en tidigare fungerande konfiguration. Jag har försökt hjälpa honom lite med att åtminstone ladda ner DDS så här kommer DDS.txt och attachfilen som bilaga. Om någon snäll kan tänka sig att titta på den? DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 11.0.9600.16521 BrowserJavaVersion: 10.51.2 Run by Siba at 15:58:19 on 2014-04-06 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.46.1053.18.2811.860 [GMT 2:00] . SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\atieclxx.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files (x86)\Launch Manager\dsiwmis.exe C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Windows\PLFSetI.exe C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe C:\Program Files (x86)\Skype\Phone\Skype.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe C:\Program Files (x86)\Personal\bin\Personal.exe C:\Program Files (x86)\Launch Manager\LManager.exe C:\ProgramData\DatacardService\HWDeviceService64.exe C:\Program Files (x86)\VideoWebCamera\VideoWebCamera.exe C:\Program Files (x86)\Norton Ghost\Agent\VProTray.exe C:\ProgramData\MobileBrServ\mbbservice.exe C:\Program Files (x86)\QuickTime\qttask.exe C:\ProgramData\DatacardService\DCSHelper.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\Inbox Toolbar\Inbox.exe C:\Program Files (x86)\Bench\BService\bservice.exe C:\Program Files (x86)\Bench\Wd\wd.exe C:\Program Files (x86)\Launch Manager\LMworker.exe C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe C:\Program Files (x86)\Norton Ghost\Agent\VProSvc.exe C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe C:\Program Files (x86)\Spring Smart\updateSpringSmart.exe C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe C:\Program Files (x86)\Spring Smart\bin\utilSpringSmart.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files\iPod\bin\iPodService.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files (x86)\Norton Ghost\Shared\Drivers\SymSnapServicex64.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerEvent.exe C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe C:\Windows\SysWOW64\Rundll32.exe C:\Program Files (x86)\Spring Smart\bin\FilterApp_C64.exe C:\Program Files (x86)\Spring Smart\bin\XTLSApp.exe C:\Windows\System32\svchost.exe -k secsvcs C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe C:\program files (x86)\deals plugin extension\deals plugin extension-bg.exe C:\Windows\splwow64.exe C:\Program Files (x86)\Brownie\brstsw64.exe C:\Program Files (x86)\Brownie\brpjp04a.exe C:\Program Files (x86)\TeamViewer\Version6\TeamViewer.exe c:\program files (x86)\teamviewer\version6\TeamViewer_Desktop.exe C:\Program Files (x86)\TeamViewer\Version6\tv_w32.exe C:\Program Files (x86)\TeamViewer\Version6\tv_x64.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\taskeng.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.swedbank.se/privat/index.htm uDefault_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=041d&m=easynote_tm82&r=273608106855l04c4z115f46m2c36q uURLSearchHooks: {687578b9-7132-4a7a-80e4-30ee31099e03} - <orphaned> mWinlogon: Userinit = userinit.exe BHO: Deals Plugin Extension: {11111111-1111-1111-1111-110211181106} - C:\Program Files (x86)\Deals Plugin Extension\Deals Plugin Extension.dll BHO: <No Name>: {11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5} - BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\ToolBar\searchqudtx.dll BHO: Loader Class: {9D717F81-9148-4f12-8568-69135F087DB0} - C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\BrowserConnection.dll BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll BHO: Inbox Toolbar: {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\Program Files (x86)\Inbox Toolbar\Inbox.dll BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll TB: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\ToolBar\searchqudtx.dll TB: &Inbox Toolbar: {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\Program Files (x86)\Inbox Toolbar\Inbox.dll TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" uRun: [Mobile Partner] C:\Program Files (x86)\Mobile Partner\Mobile Partner.exe uRun: [GarminExpressTrayApp] "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe" uRun: [ChicaPasswordManager] "C:\Program Files (x86)\ChicaLogic\Chica Password Manager\stpass.exe" /autorunned uRun: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun uRun: [APISupport] "C:\Windows\SysWOW64\Rundll32.exe" "C:\Users\Siba\AppData\Local\TB\APISupport\APISupport.dll",DLLRunAPISupport uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun mRun: [backupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe" -h -k mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe mRun: [VideoWebCamera] "C:\Program Files (x86)\VideoWebCamera\VideoWebCamera.exe" -a mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" mRun: [Norton Ghost 15.0] "C:\Program Files (x86)\Norton Ghost\Agent\VProTray.exe" mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\qttask.exe" -atboottime mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [DATAMNGR] C:\PROGRA~2\WI3C8A~1\Datamngr\DATAMN~1.EXE mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [inboxToolbar] "C:\Program Files (x86)\Inbox Toolbar\Inbox.exe" /STARTUP mRun: [bService] C:\Program Files (x86)\Bench\BService\bservice.exe mRun: [Wd] C:\Program Files (x86)\Bench\Wd\wd.exe mRunOnce: [Deals Plugin-repairJob] wscript.exe "C:\Users\Siba\AppData\Local\Deals Plugin\repair.js" "Deals Plugin-repairJob" StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BANKID~1.LNK - C:\Program Files (x86)\Personal\bin\Personal.exe StartupFolder: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\.BackupManager\BackupManager.list uPolicies-Explorer: NoDriveTypeAutoRun = dword:145 mPolicies-Explorer: NoActiveDesktop = dword:1 mPolicies-Explorer: NoActiveDesktopChanges = dword:1 mPolicies-System: ConsentPromptBehaviorAdmin = dword:0 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableLUA = dword:0 mPolicies-System: EnableUIADesktopToggle = dword:0 mPolicies-System: PromptOnSecureDesktop = dword:0 IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 IE: LastPass-formulärifyllning - C:\Program Files (x86)\LastPass\context.html?cmd=fillforms IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/3.0.1.0/GarminAxControl.CAB DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab TCP: NameServer = 192.168.1.1 TCP: Interfaces\{5D093447-3FDB-44ED-9001-6F56B3A87C93} : DHCPNameServer = 192.168.1.1 TCP: Interfaces\{BBEEDFEF-420B-4CFB-B8A5-1EA76124319B} : NameServer = 80.251.201.177 80.251.201.178 TCP: Interfaces\{D5E5E52F-E372-4E63-8882-B4F41BE01134} : NameServer = 80.251.201.177 80.251.201.178 TCP: Interfaces\{E0327EFA-6047-4717-8876-A344B633580F} : NameServer = 80.251.201.177 80.251.201.178 TCP: Interfaces\{E19ED036-23A9-4B42-ABE4-488D4A8DA4CB} : DHCPNameServer = 192.168.1.1 TCP: Interfaces\{F38ADD3E-4812-4DE0-8116-CA8555D33A68} : DHCPNameServer = 192.168.1.1 192.168.1.1 Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll Handler: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} - C:\Program Files (x86)\Inbox Toolbar\Inbox.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll AppInit_DLLs= c:\progra~2\wi3c8a~1\datamngr\datamngr.dll c:\progra~2\wi3c8a~1\datamngr\iebho.dll SSODL: WebCheck - <orphaned> SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome x64-BHO: <No Name>: {11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5} - x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll x64-BHO: Loader Class: {9D717F81-9148-4f12-8568-69135F087DB0} - C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\x64\BrowserConnection.dll x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll x64-BHO: Inbox Toolbar: {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\Program Files (x86)\Inbox Toolbar\Inbox64.dll x64-TB: &Inbox Toolbar: {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\Program Files (x86)\Inbox Toolbar\Inbox64.dll x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s x64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe x64-Run: [PLFSetI] C:\Windows\PLFSetI.exe x64-Run: [Acer ePower Management] C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned> x64-Handler: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} - C:\Program Files (x86)\Inbox Toolbar\Inbox64.dll x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned> x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned> x64-SSODL: WebCheck - <orphaned> Hosts: 54.204.28.26 fickfgcleonkfojnjddoccbkaliaobcf ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Siba\AppData\Roaming\Mozilla\Firefox\Profiles\avaji64z.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.searchqu.com//406 FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=2&q= FF - prefs.js: network.proxy.type - 0 FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll FF - component: C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF3.dll FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\Java\jre7\bin\npjpi170_45.dll FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll FF - plugin: C:\Program Files (x86)\Personal\bin\np_prsnl.dll FF - plugin: C:\Program Files (x86)\Personal\bin\np_prsnl64.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\Users\Siba\AppData\Roaming\Mozilla\Firefox\Profiles\avaji64z.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\plugins\np-mswmp.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} FF - Ext: uTorrentControl2 Community Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - %profile%\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03} FF - Ext: Deals Plugin Extension: extension21806@extension21806.com - %profile%\extensions\extension21806@extension21806.com . ---- FIREFOX POLICIES ---- user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0); ============= SERVICES / DRIVERS =============== . R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2010-8-31 55024] R1 wStLib64;wStLib64;C:\Windows\System32\drivers\wStLib64.sys [2014-3-18 61120] R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-4-30 202752] R3 GenericMount;Generic Mount Driver;C:\Windows\System32\drivers\GenericMount.sys [2009-9-21 54320] R3 huawei_enumerator;huawei_enumerator;C:\Windows\System32\drivers\ew_jubusenum.sys [2013-1-16 86016] R3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2010-4-30 321064] R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2010-6-21 38456] S3 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-10-9 169312] S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;C:\Windows\System32\drivers\ew_hwusbdev.sys [2013-1-16 117248] S3 ew_usbenumfilter;huawei_CompositeFilter;C:\Windows\System32\drivers\ew_usbenumfilter.sys [2013-1-16 13952] S3 ewusbmbb;HUAWEI USB-WWAN miniport;C:\Windows\System32\drivers\ewusbwwan.sys [2013-1-16 415744] S3 hwdatacard;Huawei DataCard USB Modem and USB Serial;C:\Windows\System32\drivers\ewusbmdm.sys [2013-1-16 222464] S3 pwdrvio;pwdrvio;C:\Windows\System32\pwdrvio.sys [2011-2-4 19936] S3 pwdspio;pwdspio;C:\Windows\System32\pwdspio.sys [2011-2-4 13280] S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2010-4-30 239136] S3 Tdsshbecr;Handelsbanken card reader;C:\Windows\System32\drivers\shbecr.sys [2008-9-23 50176] S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-4-8 59392] S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784] . =============== File Associations =============== . ShellExec: EasyShare.exe: Preview="C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\EasyShare.exe" . =============== Created Last 30 ================ . 2014-04-06 05:28:02 -------- d-----w- C:\Users\Siba\AppData\Local\{7C810FEA-A879-45F6-B2E5-0BEE141D3237} 2014-04-05 17:27:33 -------- d-----w- C:\Users\Siba\AppData\Local\{80C8230E-1512-4C96-A65D-E1DD75E15E1B} 2014-04-05 05:26:53 -------- d-----w- C:\Users\Siba\AppData\Local\{C42AA0B5-4130-48B1-9199-94A60CE2D6E1} 2014-04-04 17:26:24 -------- d-----w- C:\Users\Siba\AppData\Local\{CB1FA653-8B76-4739-B301-E63B53E0904D} 2014-04-04 14:32:10 -------- d-----w- C:\Users\Siba\AppData\Local\TB 2014-04-04 09:19:13 10521840 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{C33D76C1-00CA-4DF0-9A9E-B958A1CD6B37}\mpengine.dll 2014-04-04 05:25:22 -------- d-----w- C:\Users\Siba\AppData\Local\{4B98744F-AB5A-413F-B59E-BC0FD0AEBEF6} 2014-04-03 12:22:24 -------- d-----w- C:\Users\Siba\AppData\Local\{367B4189-8F34-454A-9791-978ED6AF8CBC} 2014-04-02 11:43:50 -------- d-----w- C:\Users\Siba\AppData\Local\{7683B26D-AB59-44A1-8EF9-FFE9153DD637} 2014-04-01 07:05:32 -------- d-----w- C:\Users\Siba\AppData\Local\{CFB7990D-2716-4F33-A926-76EAE9450B8C} 2014-03-31 19:05:02 -------- d-----w- C:\Users\Siba\AppData\Local\{7ACFCE11-03AF-4F45-A6B9-C72B261EE70F} 2014-03-31 07:04:10 -------- d-----w- C:\Users\Siba\AppData\Local\{99726094-1298-4335-86EB-FA44C30A144F} 2014-03-30 12:41:08 -------- d-----w- C:\Users\Siba\AppData\Local\{058A51F9-66CA-4605-AF3A-318D3B1ECB2A} 2014-03-29 22:51:10 -------- d-----w- C:\Users\Siba\AppData\Local\{43779529-A7CD-4355-881E-359AB3B1D6FC} 2014-03-29 10:29:13 -------- d-----w- C:\Users\Siba\AppData\Local\{594CCCC9-E4D6-47A4-A528-2A2DCBE2F7A8} 2014-03-28 22:28:31 -------- d-----w- C:\Users\Siba\AppData\Local\{E41EF53C-5C27-4F5C-8B2C-FA123033696D} 2014-03-28 22:21:32 -------- d-----w- C:\Users\Siba\AppData\Local\{9380C198-F4A2-4D65-BED2-FC57AD183B4C} 2014-03-28 07:05:26 -------- d-----w- C:\Users\Siba\AppData\Local\{DA3794B0-33A6-41B9-AED0-175A6CE26CC6} 2014-03-27 18:36:00 -------- d-----w- C:\Users\Siba\AppData\Local\{247A78A1-2A73-426B-9F66-FEFBC25925D8} 2014-03-26 12:01:51 -------- d-----w- C:\Users\Siba\AppData\Local\{608A521F-D6C3-4BEE-A787-0084CCD4445D} 2014-03-25 23:02:39 -------- d-----w- C:\Users\Siba\AppData\Local\{02E43831-9AD1-4CF6-934D-A642465E6965} 2014-03-25 11:02:08 -------- d-----w- C:\Users\Siba\AppData\Local\{D562366B-4A40-4087-97EF-19FB8EEEFB3C} 2014-03-24 23:01:36 -------- d-----w- C:\Users\Siba\AppData\Local\{C823BFCA-5430-4E5E-839B-95BDC4529016} 2014-03-24 11:01:06 -------- d-----w- C:\Users\Siba\AppData\Local\{3379839D-BF76-4770-8368-2D8C3997DDE6} 2014-03-23 23:00:24 -------- d-----w- C:\Users\Siba\AppData\Local\{FEBE8501-6B80-4B53-86D5-66DF9279BA4D} 2014-03-23 10:55:33 -------- d-----w- C:\Users\Siba\AppData\Local\{F9E3E375-0774-4EDD-9BBA-7A7B0D9BA842} 2014-03-22 08:32:20 -------- d-----w- C:\Users\Siba\AppData\Local\{BECD6F39-24A4-48F2-9F0E-F8D1B370045B} 2014-03-21 17:54:51 -------- d-----w- C:\Users\Siba\AppData\Local\{3D75A2C3-53D9-4B7C-98D0-F1557CDC558A} 2014-03-21 05:28:57 -------- d-----w- C:\Users\Siba\AppData\Local\{DEA4FD81-5F4B-4343-A264-B1F0EC7F8348} 2014-03-20 10:33:19 -------- d-----w- C:\Users\Siba\AppData\Local\{B814A57D-07B2-4B17-8A3A-3F624CF39C87} 2014-03-19 21:50:00 -------- d-----w- C:\Users\Siba\AppData\Local\{74A2B95B-43F7-450D-9AC5-F3DA3B83500A} 2014-03-19 09:49:22 -------- d-----w- C:\Users\Siba\AppData\Local\{3AF8729F-00E2-49A0-BECF-9A681DD7CD3A} 2014-03-18 09:55:47 -------- d-----w- C:\Users\Siba\AppData\Local\{586F9F9A-7ECD-4E3A-8D81-6F4CFB3C913C} 2014-03-18 06:26:03 61120 ----a-w- C:\Windows\System32\drivers\wStLib64.sys 2014-03-17 21:55:09 -------- d-----w- C:\Users\Siba\AppData\Local\{7931A30A-E2D2-4B36-B6C7-A9BB5F1EFE56} 2014-03-17 08:13:28 -------- d-----w- C:\Users\Siba\AppData\Local\{E854F2A4-F0E1-45F4-8A21-21618BAC2449} 2014-03-16 20:12:56 -------- d-----w- C:\Users\Siba\AppData\Local\{A03793CF-63D5-4CF9-A015-C2B15754A94F} 2014-03-16 08:12:23 -------- d-----w- C:\Users\Siba\AppData\Local\{47DCB76D-1B67-4549-9377-76580E1D97C4} 2014-03-15 20:11:51 -------- d-----w- C:\Users\Siba\AppData\Local\{FFFFCA90-E3F8-4F8C-99AB-D422A195FF1E} 2014-03-15 08:11:07 -------- d-----w- C:\Users\Siba\AppData\Local\{A07C8EF3-61D2-48D4-804C-A13D77EEDF73} 2014-03-14 17:52:06 -------- d-----w- C:\Users\Siba\AppData\Local\{6B398168-9EE2-4208-9D18-E029EC76F2AE} 2014-03-14 05:51:26 -------- d-----w- C:\Users\Siba\AppData\Local\{1DACC020-F213-4317-89FE-B09BE3B98FD1} 2014-03-13 08:00:05 -------- d-----w- C:\Users\Siba\AppData\Local\{91B8C9C9-B85E-451B-B440-3194702D7190} 2014-03-13 05:39:55 624128 ----a-w- C:\Windows\System32\qedit.dll 2014-03-13 05:39:55 509440 ----a-w- C:\Windows\SysWow64\qedit.dll 2014-03-13 05:39:48 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll 2014-03-13 05:39:48 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll 2014-03-12 19:59:34 -------- d-----w- C:\Users\Siba\AppData\Local\{A34D6203-418A-4B59-9C0B-8D83CE1868BA} 2014-03-12 07:58:57 -------- d-----w- C:\Users\Siba\AppData\Local\{845C3765-FAA9-46DB-82DE-CA78596160E3} 2014-03-11 19:58:24 -------- d-----w- C:\Users\Siba\AppData\Local\{CE374816-07B6-4666-B3A3-2BDDA5BDE396} 2014-03-11 07:57:52 -------- d-----w- C:\Users\Siba\AppData\Local\{940CD062-74D2-4C77-92CC-BBB5116A7F10} 2014-03-10 19:57:12 -------- d-----w- C:\Users\Siba\AppData\Local\{3357E248-6E2A-4291-86E3-D298484614DF} 2014-03-10 06:43:39 -------- d-----w- C:\Users\Siba\AppData\Local\{9A428C7F-2C15-4562-AF6E-83D1A3D4AB0A} 2014-03-09 18:43:04 -------- d-----w- C:\Users\Siba\AppData\Local\{41B9C45B-C4FB-4F01-9286-72EE4514589E} 2014-03-09 06:42:26 -------- d-----w- C:\Users\Siba\AppData\Local\{E6C0677D-4ABC-4D04-B154-D2846B33AAA1} 2014-03-08 18:40:24 -------- d-----w- C:\Users\Siba\AppData\Local\{C8F2AC0A-09A1-4755-843F-614C24D5A6C6} 2014-03-08 06:39:45 -------- d-----w- C:\Users\Siba\AppData\Local\{CBF51D31-0A90-40CE-A584-0B60D9685A78} 2014-03-07 17:57:12 -------- d-----w- C:\Users\Siba\AppData\Local\{FC24D2B0-28FF-4943-B045-5FADD7929475} . ==================== Find3M ==================== . 2014-03-13 15:25:51 1409 ----a-w- C:\Windows\QTFont.for 2014-03-11 21:58:23 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2014-03-11 21:58:23 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2014-03-01 05:17:02 2724864 ----a-w- C:\Windows\System32\mshtml.tlb 2014-03-01 05:16:26 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll 2014-03-01 04:52:55 66048 ----a-w- C:\Windows\System32\iesetup.dll 2014-03-01 04:51:59 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll 2014-03-01 04:33:52 139264 ----a-w- C:\Windows\System32\ieUnatt.exe 2014-03-01 04:33:34 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe 2014-03-01 04:32:59 708608 ----a-w- C:\Windows\System32\jscript9diag.dll 2014-03-01 04:23:49 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe 2014-03-01 04:11:20 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2014-03-01 03:54:33 5768704 ----a-w- C:\Windows\System32\jscript9.dll 2014-03-01 03:52:43 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll 2014-03-01 03:51:53 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll 2014-03-01 03:38:26 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe 2014-03-01 03:37:35 553472 ----a-w- C:\Windows\SysWow64\jscript9diag.dll 2014-03-01 03:35:11 2041856 ----a-w- C:\Windows\System32\inetcpl.cpl 2014-03-01 03:14:15 4244480 ----a-w- C:\Windows\SysWow64\jscript9.dll 2014-03-01 03:10:28 2334208 ----a-w- C:\Windows\System32\wininet.dll 2014-03-01 03:00:08 1964032 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2014-03-01 02:32:16 1820160 ----a-w- C:\Windows\SysWow64\wininet.dll 2014-02-07 01:23:30 3156480 ----a-w- C:\Windows\System32\win32k.sys 2014-01-29 02:32:18 484864 ----a-w- C:\Windows\System32\wer.dll 2014-01-29 02:06:47 381440 ----a-w- C:\Windows\SysWow64\wer.dll 2014-01-28 02:32:46 228864 ----a-w- C:\Windows\System32\wwansvc.dll . ============= FINISH: 16:02:12,54 =============== attach.txt
  7. eirmark

    Boota med Windows 7-skiva

    Tack alla! Det var mycket riktigt så att USB-funktionen för mus och tangentbord stod på Disabled i BIOS, så när jag tillät det, så hoppade allt igång direkt! Problemet löst!
  8. eirmark

    Boota med Windows 7-skiva

    Jag blir inte klok på detta! Jag har windows 7 installerad ovanpå en gammal XP, men vill nu göra en ren installation. Jag har ställt in i BIOS att datorn skall boota från CD, och när jag lägger i skivan (W7) och startar om, så kommer jag till Press any key to boot from CD/DVD. När jag då klickar på någon tangent, så startar datorn ändå upp med det gamla operativet. Jag vill göra en clean install för att rensa bort windows old-mappar och lägga in 64-bitars systemet eftersom processorn stöder detta. Men vad jag än gör, så startar Windows som vanligt. Har det att göra med att Windows 7 skivan är en DVD och i BIOS står first priority boot CDrom?
  9. Tack för hjälpen med virus i BIOS! Mycket bra och överskådlig information!

  10. Tack för all hjälp! Det verkar som om det löste sig med att ta ur batteriet.
  11. @ Thomas1: Tyvärr händer inget när jag försöker ladda felsäkert läge från BIOS. Inget händer när man försöker spara inställningarna därifrån. Att plocka bort batteriet skulle kunna vara en möjlighet. Men då är frågan: var sitter det, och hur ser det ut? Det är en stationär dator. Måste man inte flasha BIOS därefter för att vara säker på att det blir rensat? Vad händer om man flashar med fel BIOSmjukvara?
  12. eirmark

    Datorkaos

    Du kan börja med att högerklicka på papperskorgen och välja Egenskaper. Sedan ställer du in att den skall radera filerna utan att lägga dem i papperskorgen. Där kan du frigöra en del utrymme. Sedan kan du gå in under Start -> Alla program -> Tillbehör -> Systemverktyg -> Diskrensning, och köra det programmet för att ta bort en del onödigt. Kör även diskfragmenteringen (sannolikt måste du göra det flera gånger för att det skall bli någorlunda defragmenterat).
  13. En yngre släkting har sedan ett besök på (enligt honom ) "alldeles vanliga sidor" drabbats av någon smitta som verkar ha krupit in i BIOS och som direkt ändrar bootordningen från CD/Rom till Floppy (vilket han inte ens har installerat). Det har resulterat i att det nu inte går att formatera om datorn, eftersom datorn inte läser från skivan. Vad jag tyckt mig förstå fanns ett program, lsass under C:/ Det har nu gått så långt att när man försöker starta datorn, kommer man inte ens in i windows, det blir bara en svart skärm. Han har Windows XP SP3, men har sedan årsskiftet inte haft något antivirusprogram i datorn. Hur gör man för att kunna rensa BIOS, så det går att formatera om datorn? När man trycker Delete, går det att komma in i BIOS, och det går att ändra bootordningen, men den sparar det inte. Det går inte att ställa om till felsäkert läge och starta därifrån. Om man trycker f12, hamnar man i bootordningen, och där står markören överst, på floppy, och det går inte att flytta markören med piltangenterna. (Vilket dock går i BIOS.) Hoppas jag beskrivit problemet så pass utförligt att någon kan ge råd om vilka åtgärder som det går att vidta, pojken är väldigt ledsen just nu. :-/
  14. eirmark

    Logga in på Windows XP Pro

    Tack Cecilia, det gick vägen!
  15. eirmark

    Logga in på Windows XP Pro

    Tack för svaret, men han är tyvärr inte hjälpt av det, eftersom han aldrig hunnit skapa någon återställningsskiva. Surt! Allt var precis klart, alla program inlagda, och så uppträder detta!
×