Just nu i M3-nätverket
Gå till innehåll

lizzy_lini

Medlem
  • Antal inlägg

    469
  • Gick med

  • Senaste besök

Om lizzy_lini

  • Medlemstitel
    Aktiv

Profil

  • Kön
    Kvinna
  1. Hejsan Någon som vet om bluestacks är ett seriöst program att ladda ner?
  2. Gjorde en ny scanning. Ser att jag inte var inloggad som administratör tidigare. Additionadmin.txt FRSTadmin.txt
  3. Min sons steam konto har blivit hackat, så misstänker att det kan vara något skit på datorn. Bifogar två filer från FRST. Han har inte upptäckt något på datorn tidigare. Men ser direkt jag startar google chrome att det kommer annonser om freespins och reklam om ngn kontaktsida Någon som ser något elände? FRST.txt Addition.txt
  4. Har varit med om nåt skumt. Användarnamnet på min fars dator har ändrats till zzzzzzzzzzzz Och nu kommer man inte in i den. Finns det någon återvändo eller är det kört? Det är en Samsung laptop med Windows 7. Har testat återställning genom att reparera datorn. Men då kommer det att ange lösen.
  5. Hejsan Såg det efter jag skickat loggarna. Gick inte att ta bort med adw cleaner, så jag tog bort chromiummappen. Verkar vara samma innehåll som i nya chrome. Så det kan väl inte göra ngt eller?
  6. Hejsan Här kommer nya loggar. Har ominstallerat chrome, men verkar vara kvar några rester ändå. / Linda AdwCleanerR3.txt Fixlog.txt
  7. Här kommer loggen C:\Users\Filip\AppData\Local Microsoft Windows\Temporary Internet Files\Content.IE5\0D10A9XV\Coupish_vittalia_Filewin[1].exe Win32/BrowserCompanion.B potentially unwanted application C:\Users\Filip\AppData\Local Microsoft Windows\Temporary Internet Files\Content.IE5\0D10A9XV\toolbar[1].exe Win32/Toolbar.Babylon potentially unwanted application C:\Users\Filip\AppData\Local\Temp\ICSW1.8_1H1T1I1T2X1L1Q1T1.8.exe a variant of Win32/InstallCore.VD potentially unwanted application C:\Users\Filip\AppData\Local\Temp\is367047667\579B83E9_stp\icc.dll a variant of Win32/InstallCore.YX potentially unwanted application C:\Users\Filip\AppData\Roaming\uTorrent updates\3.4.3_40097.exe a variant of Win32/OpenCandy.C potentially unsafe application C:\Users\Filip Downloads\Babylon10_setup(1).exe a variant of Win32/Toolbar.Babylon.E potentially unwanted application C:\Users\Filip Downloads\Babylon10_setup.exe a variant of Win32/Toolbar.Babylon.E potentially unwanted application C:\Users\Filip Downloads\uTorrent.exe a variant of Win32/OpenCandy.C potentially unsafe application Addition_16-07-2015_19-03-55.txt FRST_16-07-2015_19-03-55.txt
  8. Här kommer loggen # AdwCleaner v4.208 - Logfile created 14/07/2015 at 20:31:35 # Updated 09/07/2015 by Xplode # Database : 2015-07-11.1 [server] # Operating system : Windows 7 Home Premium Service Pack 1 (x64) # Username : Filip - RASK # Running from : C:\Users\Filip\Downloads\adwcleaner_4.208.exe # Option : Scan ***** [ Services ] ***** ***** [ Files / Folders ] ***** File Found : C:\Program Files (x86)\prefs.js File Found : C:\Users\Filip\AppData\Local\Chromium\User Data\Default\Local Storage\hxxp_www.dregol.com_0.localstorage File Found : C:\Users\Filip\AppData\Local\Chromium\User Data\Default\Local Storage\hxxp_www1.delta-search.com_0.localstorage File Found : C:\Users\Filip\AppData\Local\Chromium\User Data\Default\Local Storage\hxxp_www1.delta-search.com_0.localstorage-journal File Found : C:\Users\Filip\AppData\Roaming\Mozilla\Firefox\Profiles\uvh9low0.default\invalidprefs.js File Found : C:\Users\Filip\AppData\Roaming\Mozilla\Firefox\Profiles\uvh9low0.default\user.js Folder Found : C:\Program Files (x86)\fastusaler Folder Found : C:\Program Files (x86)\nItrOduEal Folder Found : C:\Program Files (x86)\offErsoefti Folder Found : C:\Program Files (x86)\ss helper Folder Found : C:\Program Files (x86)\Super Optimizer Folder Found : C:\Program Files (x86)\VideoDownloadConverter_4zEI Folder Found : C:\ProgramData\1067752904453267938 Folder Found : C:\ProgramData\Download keEper Folder Found : C:\Users\Filip\AppData\LocalLow\VideoDownloadConverter_4zEI Folder Found : C:\Users\Filip\AppData\Roaming\Mozilla\Firefox\Profiles\uvh9low0.default\Extensions\ck_sljgvygjxhyg@vltzhvhxwqawl.org Folder Found : C:\Users\Filip\AppData\Roaming\OpenCandy ***** [ Scheduled tasks ] ***** Task Found : Run_Dregol ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Data Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local Data Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - c:\progra~2\sshelp~1\sprote~1.dll Key Found : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F} Key Found : HKCU\Software\AppDataLow\Software\VideoDownloadConverter_4zEI Key Found : HKCU\Software\AppDataLow\SProtector Key Found : HKCU\Software\Avg Secure Update Key Found : HKCU\Software\Google\Chrome\Extensions\ihokndmjeombjojnfkmapfnjeghjohim Key Found : HKCU\Software\PRODUCTSETUP Key Found : HKCU\Software\torch Key Found : [x64] HKCU\Software\Avg Secure Update Key Found : [x64] HKCU\Software\PRODUCTSETUP Key Found : [x64] HKCU\Software\torch Key Found : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F} Key Found : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0} Key Found : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C} Key Found : HKLM\SOFTWARE\a468d12f-e9f0-b130-cd2b-ced426b3eae3 Key Found : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56} Key Found : HKLM\SOFTWARE\Classes\CLSID\{38122A36-83B2-46B8-B39A-EC72A4614A07} Key Found : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE} Key Found : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96} Key Found : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556} Key Found : HKLM\SOFTWARE\Classes\CLSID\{F83D1872-D9FF-47F8-B5A0-49CC51E24EE8} Key Found : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE} Key Found : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{BDAF5CA1-4082-4F20-B44D-0238A9183DCA} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{FC39A9F4-77FF-4595-BDEC-8B768C481257} Key Found : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4zInstaller.Start Key Found : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4zInstaller.Start.1 Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\ihokndmjeombjojnfkmapfnjeghjohim Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\kiplfnciaokpcennlkldkdaeaaomamof Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{38122A36-83B2-46B8-B39A-EC72A4614A07} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{20188537-BC86-1F4B-6B72-1AA2EC4E9C93} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C1A27135-69EB-8D44-7358-34727DD7B820} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SP_eea72b4f Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Super Optimizer_is1 Key Found : HKLM\SOFTWARE\SP Global Key Found : HKLM\SOFTWARE\SProtector Key Found : HKLM\SOFTWARE\torch Key Found : HKLM\SOFTWARE\VideoDownloadConverter_4zEI Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE} Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE} Key Found : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\ihokndmjeombjojnfkmapfnjeghjohim Key Found : HKU\.DEFAULT\Software\Avg Secure Update ***** [ Web browsers ] ***** -\\ Internet Explorer v11.0.9600.17840 -\\ Mozilla Firefox v39.0 (x86 sv-SE) [uvh9low0.default] - Line Found : user_pref("aol_toolbar.default.homepage.check", false); [uvh9low0.default] - Line Found : user_pref("aol_toolbar.default.search.check", false); [uvh9low0.default] - Line Found : user_pref("extensions.BabylonToolbar.prtkDS", 0); [uvh9low0.default] - Line Found : user_pref("extensions.BabylonToolbar.prtkHmpg", 0); [uvh9low0.default] - Line Found : user_pref("extensions.OZTZBlkxAQnUaMEn.scode", "(function(){try{if(window.location.href.indexOf(\"rjs9qTk5pds6rHn4qdrHqjrHpdw\")>-1){return;}}catch(e){}try{var d=[[\"cryptogmail.com\",\"bancdebinary.c[...] [uvh9low0.default] - Line Found : user_pref("extensions.toolbar.mindspark._9tMembers_.BUTTON_STRUCTURE", "[{\"b\":221351975,\"c\":\"mindspark.magnify\",\"p\":\"L.0\"},{\"b\":221351976,\"c\":\"mindspark.entersearchterms\",\"p\":\"L.0.0[...] [uvh9low0.default] - Line Found : user_pref("extensions.toolbar.mindspark._9tMembers_.browser.search.defaultenginename.prev", "Allaannonser"); [uvh9low0.default] - Line Found : user_pref("extensions.toolbar.mindspark._9tMembers_.browser.search.defaultenginename.savedPrev", "true"); [uvh9low0.default] - Line Found : user_pref("extensions.toolbar.mindspark._9tMembers_.browser.search.defaultenginename.tb", "Ask Web Search"); [uvh9low0.default] - Line Found : user_pref("extensions.toolbar.mindspark._9tMembers_.browser.search.selectedEngine.prev", "Ask Web Search"); [uvh9low0.default] - Line Found : user_pref("extensions.toolbar.mindspark._9tMembers_.browser.search.selectedEngine.savedPrev", "true"); [uvh9low0.default] - Line Found : user_pref("extensions.toolbar.mindspark._9tMembers_.browser.search.selectedEngine.tb", "Ask Web Search"); [uvh9low0.default] - Line Found : user_pref("extensions.toolbar.mindspark._9tMembers_.browser.startup.homepage.savedPrev", "true"); [uvh9low0.default] - Line Found : user_pref("extensions.toolbar.mindspark._9tMembers_.browser.startup.homepage.tb", "hxxp://home.tb.ask.com/index.jhtml?ptb=85B6FF42-F4DC-4E7A-9C34-678CD6E42C03&n=781b15ea&p2=^BBQ^xdm184^YYA^se&si=downs[...] [uvh9low0.default] - Line Found : user_pref("extensions.toolbar.mindspark._9tMembers_.browser.startup.page.savedPrev", 1); [uvh9low0.default] - Line Found : user_pref("extensions.toolbar.mindspark._9tMembers_.browser.startup.page.tb", 1); [uvh9low0.default] - Line Found : user_pref("extensions.toolbar.mindspark._9tMembers_.browser.version.last", "37.0"); [uvh9low0.default] - Line Found : user_pref("extensions.toolbar.mindspark._9tMembers_.firstKnownVersion", "6.85.5.65004"); [uvh9low0.default] - Line Found : user_pref("extensions.toolbar.mindspark._9tMembers_.homepage", "hxxp://home.tb.ask.com/index.jhtml?ptb=85B6FF42-F4DC-4E7A-9C34-678CD6E42C03&n=781b15ea&p2=^BBQ^xdm184^YYA^se&si=downspeedtest"); [uvh9low0.default] - Line Found : user_pref("extensions.toolbar.mindspark._9tMembers_.hp.enabled", false); [uvh9low0.default] - Line Found : user_pref("extensions.toolbar.mindspark._9tMembers_.hp.guardType", "HPR"); [uvh9low0.default] - Line Found : user_pref("extensions.toolbar.mindspark._9tMembers_.hp.user.defined", true); [uvh9low0.default] - Line Found : user_pref("extensions.toolbar.mindspark._9tMembers_.initialized", true); [uvh9low0.default] - Line Found : user_pref("extensions.toolbar.mindspark._9tMembers_.installKeysSource", "LocalStorage"); [uvh9low0.default] - Line Found : user_pref("extensions.toolbar.mindspark._9tMembers_.installType", "XPI"); [uvh9low0.default] - Line Found : user_pref("extensions.toolbar.mindspark._9tMembers_.installation.contextKey", ""); [uvh9low0.default] - Line Found : user_pref("extensions.toolbar.mindspark._9tMembers_.installation.installDate", "2015041002"); [uvh9low0.default] - Line Found : user_pref("extensions.toolbar.mindspark._9tMembers_.installation.partnerId", "^BBQ^xdm184^YYA^se"); [uvh9low0.default] - Line Found : user_pref("extensions.toolbar.mindspark._9tMembers_.installation.partnerSubId", "downspeedtest"); [uvh9low0.default] - Line Found : user_pref("extensions.toolbar.mindspark._9tMembers_.installation.pixelUrl", "hxxp://free.internetspeedtracker.com/install_pixels.jhtml?partner=^BBQ^xdm184^YYA^se&sub_id=downspeedtest&coId=467647f4334c[...] [uvh9low0.default] - Line Found : user_pref("extensions.toolbar.mindspark._9tMembers_.installation.success", true); [uvh9low0.default] - Line Found : user_pref("extensions.toolbar.mindspark._9tMembers_.installation.toolbarId", "85B6FF42-F4DC-4E7A-9C34-678CD6E42C03"); [uvh9low0.default] - Line Found : user_pref("extensions.toolbar.mindspark._9tMembers_.isCompliantUninstallImplementation", true); [uvh9low0.default] - Line Found : user_pref("extensions.toolbar.mindspark._9tMembers_.lastActivePing", "1428693984558"); [uvh9low0.default] - Line Found : user_pref("extensions.toolbar.mindspark._9tMembers_.lastKnownVersion", "6.85.5.65004"); [uvh9low0.default] - Line Found : user_pref("extensions.toolbar.mindspark._9tMembers_.options.defaultSearch", true); [uvh9low0.default] - Line Found : user_pref("extensions.toolbar.mindspark._9tMembers_.options.homePageEnabled", true); [uvh9low0.default] - Line Found : user_pref("extensions.toolbar.mindspark._9tMembers_.options.keywordEnabled", false); [uvh9low0.default] - Line Found : user_pref("extensions.toolbar.mindspark._9tMembers_.options.tabEnabled", false); [uvh9low0.default] - Line Found : user_pref("extensions.toolbar.mindspark._9tMembers_.partnerPixelFired", true); [uvh9low0.default] - Line Found : user_pref("extensions.toolbar.mindspark._9tMembers_.successUrl", "hxxp://downspeedtest.com/thankyou.php"); [uvh9low0.default] - Line Found : user_pref("extensions.toolbar.mindspark._9tMembers_.toolbar.ownSearch", false); [uvh9low0.default] - Line Found : user_pref("extensions.toolbar.mindspark._9tMembers_.toolbarCollapsed", true); [uvh9low0.default] - Line Found : user_pref("extensions.toolbar.mindspark._9tMembers_.weather.location", "10001"); [uvh9low0.default] - Line Found : user_pref("extensions.toolbar.mindspark.hp.enabled", false); [uvh9low0.default] - Line Found : user_pref("extensions.toolbar.mindspark.hp.enabled.guid", ""); [uvh9low0.default] - Line Found : user_pref("extensions.toolbar.mindspark.lastInstalled", "internetspeedtracker@mindspark.com"); -\\ Google Chrome v [C:\Users\Filip\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Found [Homepage] : hxxp://www.dregol.com/?f=1&a=drg_mlvi_15_20&cd=2XzuyEtN2Y1L1QzuyByE0D0EtB0ByD0Bzy0DtA0D0EtAyBtCtN0D0Tzu0StCtBtBzztN1L2XzutAtFtCtDtFtBtFtDtN1L1CzutCyEtBzytDyD1V1QtN1L1G1B1V1N2Y1L1Qzu2SyD0B0DyB0E0ByE0EtG0EyCtDyBtG0FyCtCtBtGzy0ByD0FtGtA0CzytB0DzztB0CtC0FyB0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0EtB0DzztBtDyCyEtGyCyDtByCtGyEtA0D0EtGzzyB0B0CtGzytD0AtAtBzzzy0CtD0D0E0D2QtN0A0LzuyE&cr=537982374&ir= [C:\Users\Filip\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Found [startup_URLs] : 140C7EDADC93CA7DAE2C566572C7C51CA4BEB34A027442B756A9F4979569A5BB"},"software_reporter":{"prompt_reason":"CD6076AE1580DE18A41E888A993626AB2A21DD39B17D616AB022BACCE9F10F70","prompt_seed":"1B4FF98CA21072B52DB5EFDB0A62680FA2D4071059BE46041445617423193E66","prompt_version":"BC689076883504ADFBDB3CA8644F4818EC37C55B453C455714E0D1588839F4D8"},"sync":{"remaining_rollback_tries":"1E5375822B10D2F06C191CAA9C9FE9C31A1C455B2FA5502FF92A62956B74E291"}},"super_mac":"E54603080B76351A4FDC4214AC5BF1B691B488EB0A9A2E1C6072B87B67411B3B"},"safebrowsing":{"incidents_sent":{"6":{"script_request_incident":"42"}}},"session":{"startup_urls":["hxxp://www.dregol.com/?f=7&a=drg_mlvi_15_20&cd=2XzuyEtN2Y1L1QzuyByE0D0EtB0ByD0Bzy0DtA0D0EtAyBtCtN0D0Tzu0StCtBtBzztN1L2XzutAtFtCtDtFtBtFtDtN1L1CzutCyEtBzytDyD1V1QtN1L1G1B1V1N2Y1L1Qzu2SyD0B0DyB0E0ByE0EtG0EyCtDyBtG0FyCtCtBtGzy0ByD0FtGtA0CzytB0DzztB0CtC0FyB0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0EtB0DzztBtDyCyEtGyCyDtByCtGyEtA0D0EtGzzyB0B0CtGzytD0AtAtBzzzy0CtD0D0E0D2QtN0A0LzuyE&cr=537982374&ir= -\\ Chromium v44.0.2397.0 [C:\Users\Filip\AppData\Local\Chromium\User Data\Default\Web data] - Found [search Provider] : hxxp://www.dregol.com/results.php?f=4&q={searchTerms}&a=drg_mlvi_15_20&cd=2XzuyEtN2Y1L1QzuyByE0D0EtB0ByD0Bzy0DtA0D0EtAyBtCtN0D0Tzu0StCtBtBzztN1L2XzutAtFtCtDtFtBtFtDtN1L1CzutCyEtBzytDyD1V1QtN1L1G1B1V1N2Y1L1Qzu2SyD0B0DyB0E0ByE0EtG0EyCtDyBtG0FyCtCtBtGzy0ByD0FtGtA0CzytB0DzztB0CtC0FyB0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0EtB0DzztBtDyCyEtGyCyDtByCtGyEtA0D0EtGzzyB0B0CtGzytD0AtAtBzzzy0CtD0D0E0D2QtN0A0LzuyE&cr=537982374&ir=&uref=chmm [C:\Users\Filip\AppData\Local\Chromium\User Data\Default\Secure Preferences] - Found [Homepage] : hxxp://www.dregol.com/?f=1&a=drg_mlvi_15_20&cd=2XzuyEtN2Y1L1QzuyByE0D0EtB0ByD0Bzy0DtA0D0EtAyBtCtN0D0Tzu0StCtBtBzztN1L2XzutAtFtCtDtFtBtFtDtN1L1CzutCyEtBzytDyD1V1QtN1L1G1B1V1N2Y1L1Qzu2SyD0B0DyB0E0ByE0EtG0EyCtDyBtG0FyCtCtBtGzy0ByD0FtGtA0CzytB0DzztB0CtC0FyB0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0EtB0DzztBtDyCyEtGyCyDtByCtGyEtA0D0EtGzzyB0B0CtGzytD0AtAtBzzzy0CtD0D0E0D2QtN0A0LzuyE&cr=537982374&ir=&uref=chmm [C:\Users\Filip\AppData\Local\Chromium\User Data\Default\Secure Preferences] - Found [startup_URLs] : 5D766E80B36CEEA0079E4C08C721010A72D6DDB52409AFD8808CE1B4D8026624"},"software_reporter":{"prompt_reason":"5A1EEE6610B0E60FAD44D731D9768B67743F2307846BA8C85E4A6884DBA2CC78","prompt_seed":"D12521B12F27ED8D55846D6FE25154BD22242084A3546A89F2435F0D6575A92E","prompt_version":"565C7DC33789AA140A0FFC230B569B2F592F494FD1FE1EF8BAEA97F43DB5B49E"},"sync":{"remaining_rollback_tries":"330199A48C5F90321D74BF4A3B8CAD4B7FF7FA5817F414DCBE4E6C2F52FBDA56"}},"super_mac":"F45FF46EB5D57D566D0AD52CCE97D02474B7D33D1709913AD3DE94B58CCD5361"},"search_provider_overrides":[{"encoding":"UTF-8","favicon_url":"hxxp://www.dregol.com/favicon.ico ************************* AdwCleaner[R0].txt - [14883 bytes] - [14/07/2015 20:31:35] ########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [14943 bytes] ##########
  9. Har fått problem med dregol. Bifogar loggarna. Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:13-07-2015 Ran by Filip (administrator) on RASK on 13-07-2015 20:54:30 Running from C:\Users\Filip\Downloads Loaded Profiles: Filip (Available Profiles: Filip) Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Svenska (Sverige) Internet Explorer Version 11 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgrsa.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe (HP) C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (EasyBits Software AS) C:\Windows\SysWOW64\ezSharedSvcHost.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe (Hi-Rez Studios) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe (Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe (HP) C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe () C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\ModLEDKey.exe (Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe (HP) C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe () C:\Windows\SysWOW64\PnkBstrA.exe (Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (Google Inc.) C:\Users\Filip\AppData\Local\Google\Update\GoogleUpdate.exe (Spotify Ltd) C:\Users\Filip\AppData\Roaming\Spotify\SpotifyWebHelper.exe (SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Spotify Ltd) C:\Users\Filip\AppData\Roaming\Spotify\Spotify.exe (BitTorrent Inc.) C:\Users\Filip\AppData\Roaming\uTorrent\uTorrent.exe (The Chromium Authors) C:\Users\Filip\AppData\Local\Chromium\Application\chrome.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (Bogdan Sharkov) C:\Program Files (x86)\Clownfish\Clownfish.exe (McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (Dropbox, Inc.) C:\Users\Filip\AppData\Roaming\Dropbox\bin\Dropbox.exe (Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\Applets\LCDClock.exe (Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\Applets\LCDCountdown.exe (Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\Applets\LCDMedia.exe (Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\Applets\LCDPop3.exe (Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\Applets\LCDRSS.exe (Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\Applets\ColorOnly\LCDMovieViewer.exe (Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\Applets\ColorOnly\LCDPictureViewer.exe (Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\Applets\ColorOnly\LCDYT.exe (Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe (Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe (Razer, Inc.) C:\Program Files (x86)\Razer\Core\64bit\RzOvlMon.exe (The Chromium Authors) C:\Users\Filip\AppData\Local\Chromium\Application\chrome.exe (Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Spotify Ltd) C:\Users\Filip\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd) C:\Users\Filip\AppData\Roaming\Spotify\Spotify.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe (The Chromium Authors) C:\Users\Filip\AppData\Local\Chromium\Application\chrome.exe (The Chromium Authors) C:\Users\Filip\AppData\Local\Chromium\Application\chrome.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_203.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_203.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard) HKLM\...\Run: [Launch LgDeviceAgent] => C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe [415752 2009-08-13] (Logitech Inc.) HKLM\...\Run: [Launch LCDMon] => C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe [2093064 2009-08-13] (Logitech Inc.) HKLM\...\Run: [Launch LGDCore] => C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe [4195848 2009-08-13] (Logitech Inc.) HKLM\...\Run: [Nvtmru] => "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" HKLM\...\Run: [shadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2531472 2014-12-13] (NVIDIA Corporation) HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation) HKLM-x32\...\Run: [HP Software Update] => c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54576 2008-12-08] (Hewlett-Packard) HKLM-x32\...\Run: [bATINDICATOR] => C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\BATINDICATOR.exe HKLM-x32\...\Run: [Easybits Recovery] => C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe [61112 2011-05-17] (EasyBits Software AS) HKLM-x32\...\Run: [PDF Complete] => C:\Program Files (x86)\PDF Complete\pdfsty.exe [658424 2011-05-06] (PDF Complete Inc) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.) HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-05-07] (Oracle Corporation) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [590144 2015-03-12] (Razer Inc.) HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2072928 2014-10-31] (Wondershare) HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3730344 2015-06-30] (AVG Technologies CZ, s.r.o.) HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1 HKU\S-1-5-21-2388294183-88590935-431825232-1000\...\Run: [Google Update] => C:\Users\Filip\AppData\Local\Google\Update\GoogleUpdate.exe [107912 2014-10-16] (Google Inc.) HKU\S-1-5-21-2388294183-88590935-431825232-1000\...\Run: [spotify Web Helper] => C:\Users\Filip\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2030648 2015-07-09] (Spotify Ltd) HKU\S-1-5-21-2388294183-88590935-431825232-1000\...\Run: [sUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7800088 2015-07-09] (SUPERAntiSpyware) HKU\S-1-5-21-2388294183-88590935-431825232-1000\...\Run: [EvolveClient] => C:\Program Files\Echobit\Evolve\EvolveClient.exe [3333504 2015-06-29] (Echobit LLC) HKU\S-1-5-21-2388294183-88590935-431825232-1000\...\Run: [skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [28787840 2015-06-02] (Skype Technologies S.A.) HKU\S-1-5-21-2388294183-88590935-431825232-1000\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3632472 2015-06-07] (Electronic Arts) HKU\S-1-5-21-2388294183-88590935-431825232-1000\...\Run: [spotify] => C:\Users\Filip\AppData\Roaming\Spotify\Spotify.exe [7504952 2015-07-09] (Spotify Ltd) HKU\S-1-5-21-2388294183-88590935-431825232-1000\...\Run: [uTorrent] => C:\Users\Filip\AppData\Roaming\uTorrent\uTorrent.exe [1694560 2015-05-06] (BitTorrent Inc.) HKU\S-1-5-21-2388294183-88590935-431825232-1000\...\Run: [GoogleChromeAutoLaunch_F683F8BD1A08EAFEA1F373385AC52822] => C:\Users\Filip\AppData\Local\Chromium\Application\chrome.exe [656896 2015-05-10] (The Chromium Authors) HKU\S-1-5-21-2388294183-88590935-431825232-1000\...\Run: [Clownfish] => C:\Program Files (x86)\Clownfish\Clownfish.exe [1332480 2015-04-11] (Bogdan Sharkov) HKU\S-1-5-21-2388294183-88590935-431825232-1000\...\Run: [Dropbox Update] => C:\Users\Filip\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-17] (Dropbox, Inc.) HKU\S-1-5-21-2388294183-88590935-431825232-1000\...\Policies\system: [DisableLockWorkstation] 0 HKU\S-1-5-21-2388294183-88590935-431825232-1000\...\Policies\system: [DisableChangePassword] 0 HKU\S-1-5-21-2388294183-88590935-431825232-1000\...\MountPoints2: F - F:\HTC_Sync_Manager_PC.exe HKU\S-1-5-21-2388294183-88590935-431825232-1000\...\MountPoints2: {0a65fb4a-f9b4-11e0-b8a4-806e6f6e6963} - E:\Setup.exe HKU\S-1-5-21-2388294183-88590935-431825232-1000\...\MountPoints2: {bfcf1e39-c796-11e4-a8f5-2c413895c303} - F:\HTC_Sync_Manager_PC.exe HKU\S-1-5-21-2388294183-88590935-431825232-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\PhotoScreensaver.scr [477696 2010-11-21] (Microsoft Corporation) AppInit_DLLs-x32: C:\PROGRA~3\{0623E~1\1170~1.1\mice.dll => "C:\PROGRA~3\{0623E~1\1170~1.1\mice.dll" File not found AppInit_DLLs-x32: c:\progra~2\sshelp~1\sprote~1.dll => "c:\progra~2\sshelp~1\sprote~1.dll" File not found Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2013-04-17] ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.) Startup: C:\Users\Filip\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2013-09-18] ShortcutTarget: Dropbox.lnk -> C:\Users\Filip\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Filip\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-26] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Filip\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-26] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Filip\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-26] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Filip\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-26] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Filip\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-26] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Filip\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-26] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Filip\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-26] (Dropbox, Inc.) CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION CHR HKU\S-1-5-21-2388294183-88590935-431825232-1000\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-2388294183-88590935-431825232-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSSE HKU\S-1-5-21-2388294183-88590935-431825232-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPCON/33 HKU\S-1-5-21-2388294183-88590935-431825232-1000\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkID=226786&Mkt=sv-SE&Src=MSE&Tid=000328B0&OHP=http%3A%2F%2Fwww.dregol.com%2F%3Ff%3D1%26a%3Ddrg%5Fmlvi%5F15%5F20%26cd%3D2XzuyEtN2Y1L1QzuyByE0D0EtB0ByD0Bzy0DtA0D0EtAyBtCtN0D0Tzu0StCtBtBzztN1L2XzutAtFtCtDtFtBtFtDtN1L1CzutCyEtBzytDyD1V1QtN1L1G1B1V1N2Y1L1Qzu2SyD0B0DyB0E0ByE0EtG0EyCtDyBtG0FyCtCtBtGzy0ByD0FtGtA0CzytB0DzztB0CtC0FyB0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0EtB0DzztBtDyCyEtGyCyDtByCtGyEtA0D0EtGzzyB0B0CtGzytD0AtAtBzzzy0CtD0D0E0D2QtN0A0LzuyE%26cr%3D537982374%26ir%3D,http%3A%2F%2Fwww.google.com&OSP=http%3A%2F%2Fwww.dregol.com%2Fresults.php%3Ff%3D4%26q%3D%7BsearchTerms%7D%26a%3Ddrg%5Fmlvi%5F15%5F20%26cd%3D2XzuyEtN2Y1L1QzuyByE0D0EtB0ByD0Bzy0DtA0D0EtAyBtCtN0D0Tzu0StCtBtBzztN1L2XzutAtFtCtDtFtBtFtDtN1L1CzutCyEtBzytDyD1V1QtN1L1G1B1V1N2Y1L1Qzu2SyD0B0DyB0E0ByE0EtG0EyCtDyBtG0FyCtCtBtGzy0ByD0FtGtA0CzytB0DzztB0CtC0FyB0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0EtB0DzztBtDyCyEtGyCyDtByCtGyEtA0D0EtGzzyB0B0CtGzytD0AtAtBzzzy0CtD0D0E0D2QtN0A0LzuyE%26cr%3D537982374%26ir%3D SearchScopes: HKLM -> DefaultScope value is missing SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox SearchScopes: HKLM -> {8624B0F3-BAD3-4037-B615-1D44EA7C769D} URL = http://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKLM -> {c9ab6446-7efc-47fe-966c-dc54324eff9f} URL = SearchScopes: HKLM-x32 -> DefaultScope value is missing SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox SearchScopes: HKLM-x32 -> {8624B0F3-BAD3-4037-B615-1D44EA7C769D} URL = http://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKU\S-1-5-21-2388294183-88590935-431825232-1000 -> DefaultScope {E040BB68-7249-4DF9-AEFB-53522DF0AE97} URL = http://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE SearchScopes: HKU\S-1-5-21-2388294183-88590935-431825232-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox SearchScopes: HKU\S-1-5-21-2388294183-88590935-431825232-1000 -> {8624B0F3-BAD3-4037-B615-1D44EA7C769D} URL = http://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKU\S-1-5-21-2388294183-88590935-431825232-1000 -> {c9ab6446-7efc-47fe-966c-dc54324eff9f} URL = https://se.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=903578&p={searchTerms} SearchScopes: HKU\S-1-5-21-2388294183-88590935-431825232-1000 -> {E040BB68-7249-4DF9-AEFB-53522DF0AE97} URL = http://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2015-04-04] (Oracle Corporation) BHO: TrueSuite Website Log On -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files (x86)\HP SimplePass 2011\x64\IEBHO.dll [2011-06-09] (HP) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.) BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2015-04-04] (Oracle Corporation) BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard) BHO-x32: No Name -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> No File BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-05-07] (Oracle Corporation) BHO-x32: TrueSuite Website Log On -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll [2011-06-09] (HP) BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.) BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-05-07] (Oracle Corporation) BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard) BHO-x32: Crazy Score -> {f439aa7e-a2a0-4635-99a2-164180e848ca} -> C:\Program Files (x86)\Crazy Score\Extensions\f439aa7e-a2a0-4635-99a2-164180e848ca.dll No File Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies) ShellExecuteHooks-x32: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll [52920 2011-10-18] (EasyBits Software Corp.) Tcpip\Parameters: [DhcpNameServer] 172.20.10.1 Tcpip\..\Interfaces\{DF61C49A-D06F-404D-9503-7EF47F6AE95C}: [DhcpNameServer] 192.168.1.254 Tcpip\..\Interfaces\{F43805EE-02C3-4A10-94EE-7C024FE63073}: [DhcpNameServer] 172.20.10.1 Tcpip\..\Interfaces\{F4573B01-6A67-4A18-BDAF-3DD4AA1E4941}: [DhcpNameServer] 195.67.199.18 195.67.199.19 StartMenuInternet: IEXPLORE.EXE - iexplore.exe FireFox: ======== FF ProfilePath: C:\Users\Filip\AppData\Roaming\Mozilla\Firefox\Profiles\uvh9low0.default FF DefaultSearchEngine,S: FF DefaultSearchUrl: FF SearchEngineOrder.1: FF SearchEngineOrder.1,S: FF SelectedSearchEngine: Yahoo! FF SelectedSearchEngine,S: FF Homepage: https://www.google.se/ FF Keyword.URL: https://se.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=903578&p= FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_203.dll [2015-07-09] () FF Plugin: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll [2015-01-13] (EA Digital Illusions CE AB) FF Plugin: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2015-04-04] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2015-04-04] (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_203.dll [2015-07-09] () FF Plugin-x32: @bankid.com/BankID säkerhetsprogram,version=5.1.3.2 -> C:\Program Files (x86)\BankID\npBispBrowser.dll [2014-02-11] (Finansiell ID-Teknik BID AB) FF Plugin-x32: @ei.VideoDownloadConverter_4z.com/Plugin -> C:\Program Files (x86)\VideoDownloadConverter_4zEI\Installr\1.bin\NP4zEISB.dll No File FF Plugin-x32: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll No File FF Plugin-x32: @java.com/DTPlugin,version=10.60.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-05-07] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.60.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-05-07] (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation) FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2010-12-08] () FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-2388294183-88590935-431825232-1000: @nsroblox.roblox.com/launcher -> C:\Users\Filip\AppData\Local\Roblox\Versions\version-a730860d440c4e6c\\NPRobloxProxy.dll [2013-01-01] ( ROBLOX Corporation) FF Plugin HKU\S-1-5-21-2388294183-88590935-431825232-1000: @nsroblox.roblox.com/launcher64 -> C:\Users\Filip\AppData\Local\Roblox\Versions\version-a730860d440c4e6c\\NPRobloxProxy64.dll [2013-01-01] ( ROBLOX Corporation) FF Plugin HKU\S-1-5-21-2388294183-88590935-431825232-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Filip\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.) FF Plugin HKU\S-1-5-21-2388294183-88590935-431825232-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Filip\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.) FF Plugin HKU\S-1-5-21-2388294183-88590935-431825232-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Filip\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-06-21] (Unity Technologies ApS) FF user.js: detected! => C:\Users\Filip\AppData\Roaming\Mozilla\Firefox\Profiles\uvh9low0.default\user.js [2015-05-13] FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-05-01] (Adobe Systems Inc.) FF SearchPlugin: C:\Users\Filip\AppData\Roaming\Mozilla\Firefox\Profiles\uvh9low0.default\searchplugins\mozilla-support.xml [2015-07-13] FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\allaannonser-sv-SE.xml [2014-09-19] FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\prisjakt-sv-SE.xml [2014-09-19] FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\tyda-sv-SE.xml [2014-09-19] FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\wikipedia-sv-SE.xml [2015-01-14] FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-sv-SE.xml [2014-09-19] FF Extension: shoppilation - C:\Users\Filip\AppData\Roaming\Mozilla\Firefox\Profiles\uvh9low0.default\Extensions\ck_sljgvygjxhyg@vltzhvhxwqawl.org [2015-07-05] FF Extension: Widevine Media Optimizer - C:\Users\Filip\AppData\Roaming\Mozilla\Firefox\Profiles\uvh9low0.default\Extensions\{2d3fbcf7-be69-4433-8858-c621a8d0e58d} [2014-07-24] FF Extension: TrueSuite Website Logon - C:\Program Files (x86)\Mozilla Firefox\extensions\websitelogon@truesuite.com [2015-07-09] FF HKU\S-1-5-21-2388294183-88590935-431825232-1000\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi Chrome: ======= CHR dev: Chrome dev build detected! <======= ATTENTION CHR Profile: C:\Users\Filip\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (dregol New Tab) - C:\Users\Filip\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihokndmjeombjojnfkmapfnjeghjohim [2015-07-13] CHR Extension: (Google Wallet) - C:\Users\Filip\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-12] CHR HKLM\...\Chrome\Extension: [ihokndmjeombjojnfkmapfnjeghjohim] - https://clients2.google.com/service/update2/crx CHR HKU\S-1-5-21-2388294183-88590935-431825232-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [ihokndmjeombjojnfkmapfnjeghjohim] - https://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - http://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [ihokndmjeombjojnfkmapfnjeghjohim] - https://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [kiplfnciaokpcennlkldkdaeaaomamof] - C:\Users\Filip\AppData\Local\Torch\Plugins\TorchPlugin.crx [Not Found] StartMenuInternet: Google Chrome - chrome.exe ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-08-25] (SUPERAntiSpyware.com) R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3518376 2015-06-30] (AVG Technologies CZ, s.r.o.) R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [314304 2015-06-30] (AVG Technologies CZ, s.r.o.) S3 EvoSvc; C:\Program Files\Echobit\Evolve\EvoSvc.exe [1583488 2015-05-11] (Echobit LLC) R2 ezSharedSvc; C:\Windows\SysWOW64\ezSharedSvcHost.exe [514232 2010-04-23] (EasyBits Software AS) [File not signed] R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148560 2014-12-13] (NVIDIA Corporation) R2 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9216 2015-03-12] (Hi-Rez Studios) [File not signed] S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed] R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation) R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation) R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation) R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1701520 2014-12-13] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19823248 2014-12-13] (NVIDIA Corporation) S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1997168 2015-06-07] (Electronic Arts) R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1128952 2011-05-06] (PDF Complete Inc) R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76152 2015-02-03] () S2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [187072 2015-02-05] () R2 RzOvlMon; C:\Program Files (x86)\Razer\Core\64bit\rzovlmon.exe [32960 2014-04-18] (Razer, Inc.) S3 WsDrvInst; C:\Program Files (x86)\Wondershare\MobileTrans\DriverInstall.exe [100752 2015-05-07] (Wondershare) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [162784 2015-03-11] (AVG Technologies CZ, s.r.o.) R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [293296 2015-06-26] (AVG Technologies CZ, s.r.o.) R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [253408 2015-05-12] (AVG Technologies CZ, s.r.o.) R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [259040 2015-06-16] (AVG Technologies CZ, s.r.o.) R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [378336 2015-05-07] (AVG Technologies CZ, s.r.o.) R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [226784 2015-06-10] (AVG Technologies CZ, s.r.o.) R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [40928 2015-03-20] (AVG Technologies CZ, s.r.o.) R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [281568 2015-05-12] (AVG Technologies CZ, s.r.o.) S3 CMUSBDAC; C:\Windows\System32\DRIVERS\CMUSBDAC.sys [386560 2013-10-15] (C-Media Inc.) R3 EvolveVirtualAdapter; C:\Windows\System32\DRIVERS\evolve.sys [21656 2014-08-14] (Echobit, LLC) R3 LGPBTDD; C:\Windows\System32\Drivers\LGPBTDD.sys [30728 2009-07-01] (Logitech Inc.) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [113880 2015-07-13] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation) R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation) R3 netr28x; C:\Windows\System32\DRIVERS\netr28x.sys [2486416 2014-12-31] (MediaTek Inc.) R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation) R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2014-12-13] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation) S3 pmxdrv; C:\Windows\system32\drivers\pmxdrv.sys [31152 2011-10-18] () S3 RzDxgk; C:\Windows\system32\drivers\RzDxgk.sys [129472 2014-04-18] (Razer, Inc.) R3 rzendpt; C:\Windows\System32\DRIVERS\rzendpt.sys [39592 2014-12-30] (Razer Inc) S1 RzFilter; C:\Windows\system32\drivers\RzFilter.sys [74432 2014-04-18] (Razer, Inc.) R3 rzmpos; C:\Windows\System32\DRIVERS\rzmpos.sys [35496 2014-12-30] (Razer Inc) R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [37184 2015-02-05] (Razer, Inc.) R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [129600 2015-03-03] (Razer, Inc.) R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com) R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com) S3 Tdsshbecr; C:\Windows\System32\DRIVERS\shbecr.sys [50176 2008-09-23] (Todos Data System AB) S3 xb1usb; C:\Windows\System32\DRIVERS\xb1usb.sys [34016 2014-05-27] (Microsoft Corporation) S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-07-13 20:54 - 2015-07-13 20:54 - 00033614 _____ C:\Users\Filip\Downloads\FRST.txt 2015-07-13 20:54 - 2015-07-13 20:54 - 00000000 ____D C:\FRST 2015-07-13 20:51 - 2015-07-13 20:51 - 02133504 _____ (Farbar) C:\Users\Filip\Downloads\FRST64.exe 2015-07-13 20:21 - 2015-07-13 20:21 - 00036500 _____ C:\malware antibytes.txt 2015-07-13 19:34 - 2015-07-13 20:39 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-07-13 19:34 - 2015-07-13 19:34 - 00001100 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2015-07-13 19:33 - 2015-07-13 19:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2015-07-13 19:33 - 2015-07-13 19:33 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware 2015-07-13 19:33 - 2015-06-18 08:41 - 00109272 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-07-13 19:33 - 2015-06-18 08:41 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2015-07-13 19:31 - 2015-07-13 19:31 - 00000024 _____ C:\Users\Filip\AppData\Roaming\appdataFr25.bin 2015-07-11 16:57 - 2015-07-11 16:57 - 00000000 ____D C:\Users\Filip\AppData\Roaming\AVG2015 2015-07-11 16:56 - 2015-07-11 16:56 - 00000967 _____ C:\Users\Public\Desktop\AVG 2015.lnk 2015-07-11 16:56 - 2015-07-11 16:56 - 00000000 ____D C:\Users\Filip\AppData\Roaming\TuneUp Software 2015-07-11 16:56 - 2015-07-11 16:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2015-07-11 16:56 - 2015-07-11 16:56 - 00000000 ____D C:\Program Files\Common Files\AV 2015-07-11 16:54 - 2015-07-11 16:56 - 00000000 ____D C:\ProgramData\AVG2015 2015-07-11 16:54 - 2015-07-11 16:54 - 00000000 ___HD C:\$AVG 2015-07-11 16:52 - 2015-07-11 16:52 - 00000000 ____D C:\Program Files (x86)\AVG 2015-07-11 16:37 - 2015-07-11 16:37 - 04928968 _____ (AVG Technologies) C:\Users\Filip\Downloads\avg_free_stb_all_5961p1_177(1).exe 2015-07-11 16:20 - 2015-07-11 16:20 - 00000000 ____D C:\Users\Filip\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2015-07-11 16:07 - 2015-07-13 20:35 - 00000000 ____D C:\ProgramData\MFAData 2015-07-11 16:07 - 2015-07-11 17:06 - 00000000 ____D C:\Users\Filip\AppData\Local\Avg2015 2015-07-11 16:07 - 2015-07-11 16:07 - 04928968 _____ (AVG Technologies) C:\Users\Filip\Downloads\avg_free_stb_all_5961p1_177.exe 2015-07-11 16:07 - 2015-07-11 16:07 - 00000000 ____D C:\Users\Filip\AppData\Local\MFAData 2015-07-08 23:57 - 2015-07-09 00:57 - 18174128 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe 2015-07-08 01:47 - 2015-07-11 17:37 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2015-07-02 19:58 - 2015-07-02 20:03 - 00000000 ____D C:\Users\Filip\Desktop\direwolf20_17 2015-06-27 15:49 - 2015-06-27 15:49 - 00000000 ____D C:\Users\Filip\AppData\Local\RzStats 2015-06-26 09:49 - 2015-06-26 09:49 - 00293296 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdrivera.sys 2015-06-25 23:47 - 2015-06-26 00:32 - 1354572050 _____ C:\Users\Filip\Desktop\The_Reckoning(1).zip 2015-06-23 19:33 - 2015-06-23 19:33 - 00001190 _____ C:\Users\Filip\Desktop\Paint.NET.lnk 2015-06-23 19:28 - 2015-06-23 19:28 - 00000000 ____D C:\Users\Filip\Desktop\Calradia Imperial Age3.1 2015-06-23 19:24 - 2015-06-23 19:24 - 00272005 _____ C:\Users\Filip\Desktop\swed banner.xcf 2015-06-23 19:24 - 2015-06-23 19:24 - 00002094 _____ C:\Users\Filip\AppData\Local\recently-used.xbel 2015-06-19 19:34 - 2015-06-19 19:36 - 00000000 ____D C:\Users\Filip\Desktop\MindCrack 2015-06-17 20:16 - 2015-07-13 20:21 - 00001014 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2388294183-88590935-431825232-1000UA.job 2015-06-17 20:16 - 2015-07-13 20:21 - 00000962 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2388294183-88590935-431825232-1000Core.job 2015-06-17 20:16 - 2015-06-17 20:16 - 00003984 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2388294183-88590935-431825232-1000UA 2015-06-17 20:16 - 2015-06-17 20:16 - 00003588 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2388294183-88590935-431825232-1000Core 2015-06-17 20:16 - 2015-06-17 20:16 - 00000000 ____D C:\Users\Filip\AppData\Local\Dropbox 2015-06-17 20:16 - 2015-06-17 20:16 - 00000000 ____D C:\ProgramData\Dropbox 2015-06-16 15:55 - 2015-06-16 15:55 - 00259040 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgldx64.sys ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-07-13 20:51 - 2015-04-25 14:26 - 00000000 ____D C:\Users\Filip\AppData\Roaming\uTorrent 2015-07-13 20:49 - 2012-12-26 13:05 - 00000000 ____D C:\Users\Filip\AppData\Roaming\Skype 2015-07-13 20:42 - 2015-05-13 16:42 - 00000292 _____ C:\Windows\Tasks\Run_dregol.job 2015-07-13 20:41 - 2009-07-14 06:45 - 00024608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-07-13 20:41 - 2009-07-14 06:45 - 00024608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-07-13 20:39 - 2012-03-28 15:49 - 00000000 ____D C:\Users\Filip\AppData\Roaming\Spotify 2015-07-13 20:36 - 2011-12-24 20:29 - 02050163 _____ C:\Windows\WindowsUpdate.log 2015-07-13 20:34 - 2013-09-18 19:41 - 00000000 ___RD C:\Users\Filip\Dropbox 2015-07-13 20:34 - 2013-09-18 19:37 - 00000000 ____D C:\Users\Filip\AppData\Roaming\Dropbox 2015-07-13 20:31 - 2012-03-28 15:50 - 00000000 ____D C:\Users\Filip\AppData\Local\Spotify 2015-07-13 20:31 - 2011-10-18 18:54 - 00000000 ____D C:\ProgramData\PDFC 2015-07-13 20:29 - 2009-07-14 06:51 - 00372500 _____ C:\Windows\setupact.log 2015-07-13 20:28 - 2010-11-21 05:47 - 00832188 _____ C:\Windows\PFRO.log 2015-07-13 20:28 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2015-07-13 19:57 - 2012-11-10 13:32 - 00000868 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-07-13 19:34 - 2013-02-10 17:32 - 00000000 ____D C:\Users\Filip\AppData\Roaming\Malwarebytes 2015-07-13 19:33 - 2013-02-10 17:32 - 00000000 ____D C:\ProgramData\Malwarebytes 2015-07-13 19:33 - 2013-02-10 17:32 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2015-07-13 18:07 - 2011-12-24 20:37 - 00003908 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{664738AC-293D-4CDD-954C-1CFDB6083071} 2015-07-13 15:34 - 2013-12-15 00:38 - 00000332 _____ C:\Windows\Tasks\HPCeeScheduleForFilip.job 2015-07-13 13:58 - 2012-01-25 17:38 - 00000000 ____D C:\Windows\System32\Tasks\Games 2015-07-13 03:55 - 2011-12-26 15:21 - 00000952 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2388294183-88590935-431825232-1000Core.job 2015-07-13 00:00 - 2011-10-18 19:00 - 00000000 ____D C:\ProgramData\truesuite 2015-07-12 09:41 - 2012-02-19 21:30 - 00000052 _____ C:\Windows\SysWOW64\DOErrors.log 2015-07-12 09:39 - 2012-02-19 21:28 - 00000000 ____D C:\Users\Filip\AppData\Roaming\HP Support Assistant 2015-07-12 09:39 - 2011-12-25 20:59 - 00000000 ____D C:\Users\Filip\AppData\Roaming\HpUpdate 2015-07-11 17:53 - 2015-05-13 16:41 - 00000000 ____D C:\Program Files (x86)\Super Optimizer 2015-07-11 16:07 - 2013-10-23 10:59 - 00000000 ____D C:\Users\Filip\AppData\Local\Battle.net 2015-07-11 15:38 - 2014-06-03 16:57 - 00000000 ____D C:\Program Files (x86)\Steam 2015-07-09 21:23 - 2013-02-10 18:59 - 00000000 ____D C:\Program Files\SUPERAntiSpyware 2015-07-09 21:23 - 2012-05-04 20:51 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2015-07-09 19:44 - 2013-10-23 10:59 - 00000000 ____D C:\Program Files (x86)\Battle.net 2015-07-09 18:06 - 2014-08-26 16:27 - 00000000 ____D C:\Users\Filip\AppData\Local\Adobe 2015-07-09 18:05 - 2012-11-10 13:32 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2015-07-09 18:05 - 2012-11-10 13:32 - 00003806 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2015-07-09 18:05 - 2011-10-18 18:50 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2015-07-09 09:31 - 2013-12-15 00:38 - 00003186 _____ C:\Windows\System32\Tasks\HPCeeScheduleForFilip 2015-07-05 12:08 - 2010-11-21 05:27 - 00300704 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe 2015-07-03 00:30 - 2015-03-10 17:09 - 00000000 ____D C:\Users\Filip\AppData\Local\Windows Live 2015-07-02 19:58 - 2015-04-03 14:12 - 00000000 ____D C:\Users\Filip\AppData\Local\ftblauncher 2015-07-02 19:58 - 2015-04-03 14:11 - 06628862 _____ () C:\Users\Filip\Desktop\FTB_Launcher.exe 2015-07-02 19:58 - 2013-03-23 18:14 - 00000000 ____D C:\Users\Filip\AppData\Roaming\ftblauncher 2015-06-30 19:41 - 2013-10-23 11:01 - 00000000 ____D C:\Program Files (x86)\Hearthstone 2015-06-30 12:38 - 2014-10-10 16:20 - 00000000 ____D C:\ProgramData\Origin 2015-06-24 23:30 - 2014-06-03 17:39 - 00000000 ____D C:\Users\Filip\Documents\Mount&Blade Warband Savegames 2015-06-24 22:41 - 2013-09-14 11:09 - 00000000 ____D C:\Users\Filip\AppData\Local\Paint.NET 2015-06-24 11:15 - 2014-12-30 23:52 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task 2015-06-23 19:25 - 2015-04-25 14:36 - 00000000 ____D C:\Users\Filip\.gimp-2.8 2015-06-23 19:24 - 2015-04-25 15:38 - 00000000 ____D C:\Users\Filip\AppData\Local\gtk-2.0 2015-06-22 17:02 - 2009-07-14 07:08 - 00032514 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2015-06-19 19:36 - 2015-04-04 20:57 - 00000000 ____D C:\Users\Filip\Desktop\assets 2015-06-19 19:35 - 2015-04-04 20:57 - 00000000 ____D C:\Users\Filip\Desktop\versions 2015-06-19 19:12 - 2014-11-01 18:16 - 00000000 ____D C:\Users\Filip\AppData\Roaming\Audacity 2015-06-18 08:41 - 2013-02-10 17:32 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys ==================== Files in the root of some directories ======= 2011-10-18 19:00 - 2011-06-10 01:44 - 0002792 _____ () C:\Program Files\HP SimplePass 2011 2015-06-02 07:34 - 2015-06-02 07:34 - 0000079 _____ () C:\Program Files (x86)\prefs.js 2015-07-13 19:31 - 2015-07-13 19:31 - 0000024 _____ () C:\Users\Filip\AppData\Roaming\appdataFr25.bin 2013-02-26 15:33 - 2013-02-26 15:33 - 0703117 _____ () C:\Users\Filip\AppData\Roaming\technic-launcher.jar 2015-06-23 19:24 - 2015-06-23 19:24 - 0002094 _____ () C:\Users\Filip\AppData\Local\recently-used.xbel 2013-12-04 16:00 - 2013-12-04 16:00 - 0007605 _____ () C:\Users\Filip\AppData\Local\Resmon.ResmonCfg 2012-01-13 21:31 - 2012-01-13 21:31 - 0000003 _____ () C:\ProgramData\MusicStation.log 2012-01-13 21:24 - 2012-01-13 21:24 - 0000243 _____ () C:\ProgramData\MusicStation.xml Some files in TEMP: ==================== C:\Users\Filip\AppData\Local\Temp\05989ba9835688c880afaaa90a04c180.dll C:\Users\Filip\AppData\Local\Temp\27fff54a706caf16275619fa9b79269c.dll C:\Users\Filip\AppData\Local\Temp\8378cfe9e2de447216881cb9b08de2c9.dll C:\Users\Filip\AppData\Local\Temp\drm_dyndata_7370014.dll C:\Users\Filip\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpiojt4p.dll C:\Users\Filip\AppData\Local\Temp\EAD21F5.exe C:\Users\Filip\AppData\Local\Temp\EAD2210.exe C:\Users\Filip\AppData\Local\Temp\EAD2625.exe C:\Users\Filip\AppData\Local\Temp\EAD297F.exe C:\Users\Filip\AppData\Local\Temp\EAD3366.exe C:\Users\Filip\AppData\Local\Temp\EAD3726.exe C:\Users\Filip\AppData\Local\Temp\EAD3AAE.exe C:\Users\Filip\AppData\Local\Temp\EAD3CE0.exe C:\Users\Filip\AppData\Local\Temp\EAD45F4.exe C:\Users\Filip\AppData\Local\Temp\EAD547C.exe C:\Users\Filip\AppData\Local\Temp\EAD63E0.exe C:\Users\Filip\AppData\Local\Temp\EAD6DEE.exe C:\Users\Filip\AppData\Local\Temp\EAD6E2D.exe C:\Users\Filip\AppData\Local\Temp\EAD7CEC.exe C:\Users\Filip\AppData\Local\Temp\EAD7F0F.exe C:\Users\Filip\AppData\Local\Temp\EAD8323.exe C:\Users\Filip\AppData\Local\Temp\EAD83A0.exe C:\Users\Filip\AppData\Local\Temp\EAD9491.exe C:\Users\Filip\AppData\Local\Temp\EAD9775.exe C:\Users\Filip\AppData\Local\Temp\EAD99BF.exe C:\Users\Filip\AppData\Local\Temp\EAD99DE.exe C:\Users\Filip\AppData\Local\Temp\EADAF8.exe C:\Users\Filip\AppData\Local\Temp\EADB06A.exe C:\Users\Filip\AppData\Local\Temp\EADB431.exe C:\Users\Filip\AppData\Local\Temp\EADB653.exe C:\Users\Filip\AppData\Local\Temp\EADBFD5.exe C:\Users\Filip\AppData\Local\Temp\EADDA66.exe C:\Users\Filip\AppData\Local\Temp\EADDC88.exe C:\Users\Filip\AppData\Local\Temp\EADE520.exe C:\Users\Filip\AppData\Local\Temp\EADE968.exe C:\Users\Filip\AppData\Local\Temp\EADEB96.exe C:\Users\Filip\AppData\Local\Temp\EADFF64.exe C:\Users\Filip\AppData\Local\Temp\Extract.exe C:\Users\Filip\AppData\Local\Temp\ICReinstall_Malavida_Download_Manager.exe C:\Users\Filip\AppData\Local\Temp\ICSW1.8_1H1T1I1T2X1L1Q1T1.8.exe C:\Users\Filip\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe C:\Users\Filip\AppData\Local\Temp\jre-8u40-windows-au.exe C:\Users\Filip\AppData\Local\Temp\Nexus Mod Manager-0.53.4.exe C:\Users\Filip\AppData\Local\Temp\Nexus Mod Manager-0.53.6.exe C:\Users\Filip\AppData\Local\Temp\Nexus Mod Manager-0.53.7.exe C:\Users\Filip\AppData\Local\Temp\Nexus Mod Manager-0.54.10.exe C:\Users\Filip\AppData\Local\Temp\Nexus Mod Manager-0.54.9.exe C:\Users\Filip\AppData\Local\Temp\Nexus Mod Manager-0.55.0.exe C:\Users\Filip\AppData\Local\Temp\NVI2_29.DLL C:\Users\Filip\AppData\Local\Temp\nvSCPAPI.dll C:\Users\Filip\AppData\Local\Temp\nvStInst.exe C:\Users\Filip\AppData\Local\Temp\SAS6_Update.exe C:\Users\Filip\AppData\Local\Temp\setacl.exe C:\Users\Filip\AppData\Local\Temp\SkypeSetup.exe C:\Users\Filip\AppData\Local\Temp\SP70418.exe C:\Users\Filip\AppData\Local\Temp\uttB66B.tmp.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-07-13 00:35 ==================== End of log ============================ Addition.txt
  10. Hejsan Har tömt inkorgen. Bifogar loggen från frst: MBAM hittade inget. Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 17-12-2014 Ran by PetraL at 2014-12-18 09:52:36 Run:1 Running from C:\Users\PetraL\Desktop Loaded Profiles: PetraL & (Available profiles: PetraL) Boot Mode: Normal ============================================== Content of fixlist: ***************** SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-1988245170-786186578-318433116-1001 -> {A4784A78-86AA-410A-B275-A16A50D72315} URL = FF Extension: No Name - wrc@avast.com [Not Found] C:\Users\PetraL\AppData\Local\Temp\ICReinstall_Malavida_Download_Manager.exe ***************** HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully. HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully. HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully. "HKU\S-1-5-21-1988245170-786186578-318433116-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{A4784A78-86AA-410A-B275-A16A50D72315}" => Key deleted successfully. "HKCR\CLSID\{A4784A78-86AA-410A-B275-A16A50D72315}" => Key not found. FF Extension: No Name - wrc@avast.com [Not Found] not found. C:\Users\PetraL\AppData\Local\Temp\ICReinstall_Malavida_Download_Manager.exe => Moved successfully. ==== End of Fixlog ====
  11. Hejsan Har nu redigerat och lagt till sista loggen Här kommer två av loggarna, bifogar den tredje senare. Den lär nog ta en längre stund att genomföra =) ´# AdwCleaner v4.105 - Report created 17/12/2014 at 17:01:44 # Updated 08/12/2014 by Xplode # Database : 2014-12-16.1 [Live] # Operating System : Windows 8.1 (64 bits) # Username : PetraL - PETRA # Running from : C:\Users\PetraL\Desktop\adwcleaner_4.105.exe # Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** Folder Deleted : C:\ProgramData\tOppdeal Folder Deleted : C:\ProgramData\b2c05059bc36ccba Folder Deleted : C:\Users\PetraL\AppData\Roaming\vi-view ***** [ Scheduled Tasks ] ***** ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}] Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB} Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472F-A0FF-E1416B8B2E3A} Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472F-A0FF-E1416B8B2E3A} Key Deleted : HKCU\Software\SecuredDownload Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\OpenOffice Packages Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\vi-view uninstall ***** [ Browsers ] ***** -\\ Internet Explorer v11.0.9600.17416 Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL] Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [search Page] Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL] -\\ Mozilla Firefox v34.0.5 (x86 sv-SE) [z3xxmext.default\prefs.js] - Line Deleted : user_pref("extensions.irmysearch.aflt", "vit_14_13_ff"); [z3xxmext.default\prefs.js] - Line Deleted : user_pref("extensions.irmysearch.cd", "2XzuyEtN2Y1L1QzutD0Czz0B0F0DtByEtD0E0B0DtBtByD0EtN0D0Tzu0SzztCyDtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StByCyDzzyB0CzytAtG0CtCtByEt[...] [z3xxmext.default\prefs.js] - Line Deleted : user_pref("extensions.irmysearch.cr", "453903572"); [z3xxmext.default\prefs.js] - Line Deleted : user_pref("extensions.irmysearch.instlRef", "140305_b"); [z3xxmext.default\prefs.js] - Line Deleted : user_pref("extensions.quick_start.enable_search1", false); [z3xxmext.default\prefs.js] - Line Deleted : user_pref("extensions.quick_start.sd.closeWindowWithLastTab_prev_state", true); ************************* AdwCleaner[R0].txt - [2902 octets] - [17/12/2014 13:29:09] AdwCleaner[R1].txt - [2962 octets] - [17/12/2014 16:59:59] AdwCleaner[s0].txt - [2592 octets] - [17/12/2014 17:01:44] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [2652 octets] ########## Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-12-2014 Ran by PetraL (administrator) on PETRA on 17-12-2014 17:05:25 Running from C:\Users\PetraL\Desktop Loaded Profile: PetraL (Available profiles: PetraL) Platform: Windows 8.1 (X64) OS Language: Svenska (Sverige) Internet Explorer Version 11 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (Intel Corporation) C:\Windows\System32\igfxCUIService.exe (Hewlett-Packard Company) C:\Windows\System32\hpservice.exe (Stardock Software, Inc) C:\Program Files (x86)\Stardock\Start8\Start8Srv.exe (Stardock Software, Inc) C:\Program Files (x86)\Stardock\Start8\Start8_64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe (Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe (CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe (CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe () C:\ProgramData\DatacardService\DCService.exe (Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Microsoft Corporation) C:\Windows\System32\dasHost.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe (Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe (Intel Corporation) C:\Windows\SysWOW64\irstrtsv.exe () C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe (Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe (Intel) C:\Program Files\Intel Corporation\Intel WiDi\BrcmSetSecurity.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Intel Corporation) C:\Windows\Temp\irstrtsv\scrncap.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe (Intel Corporation) C:\Windows\System32\igfxEM.exe (Intel Corporation) C:\Windows\System32\igfxHK.exe (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\livecomm.exe (Intel Corporation) C:\Windows\System32\igfxTray.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\SkyDrive.exe (Intel) C:\Program Files (x86)\Intel\irstrt\RapidStartConfig.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apoint.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe (Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApMsgFwd.exe (Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe (Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\hidfind.exe (Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApntEx.exe (Spotify Ltd) C:\Users\PetraL\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Intel Corporation) C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTsysTray8.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe (CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe (Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe (Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe (Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Reader_6.3.9654.17499_x64__8wekyb3d8bbwe\glcnd.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7188552 2013-05-28] (Realtek Semiconductor) HKLM\...\Run: [Apoint] => C:\Program Files\Apoint2K\Apoint.exe [682840 2013-06-24] (Alps Electric Co., Ltd.) HKLM\...\Run: [bTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp HKLM-x32\...\Run: [AccelerometerSysTrayApplet] => C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe [77088 2013-03-01] (Hewlett-Packard Company) HKLM-x32\...\Run: [YouCam Service] => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [267224 2013-05-22] (CyberLink Corp.) HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [1045304 2013-05-03] (Hewlett-Packard Development Company, L.P.) HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2014-12-15] (AVAST Software) HKLM-x32\...\Run: [startCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-11-05] (Advanced Micro Devices, Inc.) Winlogon\Notify\igfxcui: igfxdev.dll [X] HKU\S-1-5-21-1988245170-786186578-318433116-1001\...\Run: [spotify] => C:\Users\PetraL\AppData\Roaming\Spotify\Spotify.exe [6737976 2014-12-15] (Spotify Ltd) HKU\S-1-5-21-1988245170-786186578-318433116-1001\...\Run: [spotify Web Helper] => C:\Users\PetraL\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1676344 2014-12-15] (Spotify Ltd) HKU\S-1-5-21-1988245170-786186578-318433116-1001\...\MountPoints2: {02bcdad4-2242-11e4-8250-0c8bfd240ebd} - "F:\AutoRun.exe" HKU\S-1-5-21-1988245170-786186578-318433116-1001\...\MountPoints2: {02bcdb30-2242-11e4-8250-0c8bfd240ebd} - "F:\AutoRun.exe" HKU\S-1-5-21-1988245170-786186578-318433116-1001\...\MountPoints2: {296be81f-2775-11e4-be98-0c8bfd240ebd} - "F:\AutoRun.exe" Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\iSCTsysTray.lnk ShortcutTarget: iSCTsysTray.lnk -> C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTsysTray8.exe (Intel Corporation) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software) CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = https://se.yahoo.com/?fr=hp-avast&type=avastbcl HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = https://se.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = HKU\S-1-5-21-1988245170-786186578-318433116-1001\Software\Microsoft\Internet Explorer\Main,Start Page = https://se.yahoo.com/?fr=hp-avast&type=avastbcl HKU\S-1-5-21-1988245170-786186578-318433116-1001\Software\Microsoft\Internet Explorer\Main,Search Page = https://se.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms} HKU\S-1-5-21-1988245170-786186578-318433116-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = https://se.yahoo.com/?fr=hp-avast&type=avastbcl SearchScopes: HKLM -> {A4784A78-86AA-410A-B275-A16A50D72315} URL = http://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKLM-x32 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://se.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms} SearchScopes: HKLM-x32 -> {A4784A78-86AA-410A-B275-A16A50D72315} URL = http://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-1988245170-786186578-318433116-1001 -> {58F12B37-D3CB-4ECD-85B8-7B6C479B3994} URL = http://www.google.com/search?hl=sv&q={searchTerms} SearchScopes: HKU\S-1-5-21-1988245170-786186578-318433116-1001 -> {A4784A78-86AA-410A-B275-A16A50D72315} URL = BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard) Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Users\PetraL\AppData\Roaming\Mozilla\Firefox\Profiles\z3xxmext.default FF DefaultSearchEngine: Yahoo! (Avast) FF DefaultSearchUrl: https://se.search.yahoo.com/yhs/search FF SearchEngineOrder.1: Yahoo! (Avast) FF SelectedSearchEngine: Yahoo! (Avast) FF Homepage: https://se.yahoo.com/?fr=hp-avast&type=avastbcl FF Keyword.URL: https://se.search.yahoo.com/yhs/search FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_16_0_0_235.dll () FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll () FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.) FF Plugin-x32: @bankid.com/BankID säkerhetsprogram,version=5.1.3.2 -> C:\Program Files (x86)\BankID\npBispBrowser.dll (Finansiell ID-Teknik BID AB) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.5.29 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF SearchPlugin: C:\Users\PetraL\AppData\Roaming\Mozilla\Firefox\Profiles\z3xxmext.default\searchplugins\yahoo-avast.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\allaannonser-sv-SE.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\prisjakt-sv-SE.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\tyda-sv-SE.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\wikipedia-sv-SE.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-sv-SE.xml FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-03-25] FF Extension: No Name - wrc@avast.com [Not Found] Chrome: ======= CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-12-15] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-12-15] (AVAST Software) R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [104416 2014-12-15] (AVAST Software) R2 BrcmSetSecurity; C:\Program Files\Intel Corporation\Intel WiDi\BrcmSetSecurity.exe [101536 2013-05-28] (Intel) R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2443960 2014-10-30] (Microsoft Corporation) R2 CyberLink PowerDVD 12 Media Server Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [77576 2013-06-26] (CyberLink) R2 CyberLink PowerDVD 12 Media Server Service; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [294664 2013-06-26] (CyberLink) R2 DCService.exe; C:\ProgramData\DatacardService\DCService.exe [229376 2010-08-19] () [File not signed] R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-06-07] (Hewlett-Packard Company) [File not signed] R2 HPWMISVC; C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [1039160 2013-05-03] (Hewlett-Packard Development Company, L.P.) R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-04-30] (Intel Corporation) R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [314696 2014-05-20] (Intel Corporation) R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-13] (Intel® Corporation) [File not signed] S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel® Corporation) R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-05-08] (Intel Corporation) R2 Intel® Wireless Bluetooth® 4.0 Radio Management; C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [156104 2013-06-04] (Intel Corporation) R2 irstrtsv; C:\Windows\SysWOW64\irstrtsv.exe [758072 2013-04-19] (Intel Corporation) R2 ISCTAgent; C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe [182760 2013-04-15] () S3 iumsvc; C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [174368 2014-02-28] () R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-05-08] (Intel Corporation) R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation) S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-04-16] () R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [245832 2013-05-17] (Realtek Semiconductor) R2 Start8; C:\Program Files (x86)\Stardock\Start8\Start8Srv.exe [142960 2013-03-19] (Stardock Software, Inc) S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2014-07-30] (Microsoft Corporation) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation) R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3379440 2013-04-16] (Intel® Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-12-15] () R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28184 2014-12-15] (AVAST Software) R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-12-15] (AVAST Software) R0 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [449936 2014-12-15] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-12-15] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-12-15] () R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-12-15] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-12-15] (AVAST Software) R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-12-15] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-12-15] () R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation) R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1366328 2013-03-28] (Motorola Solutions, Inc.) R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink) S3 ewusbnet; C:\Windows\system32\DRIVERS\ewusbnet.sys [256000 2010-08-31] (Huawei Technologies Co., Ltd.) R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [112584 2013-06-20] (Intel Corporation) R3 ikbevent; C:\Windows\system32\DRIVERS\ikbevent.sys [21048 2013-04-15] () R3 imsevent; C:\Windows\system32\DRIVERS\imsevent.sys [21048 2013-04-15] () R3 irstrtdv; C:\Windows\System32\drivers\irstrtdv.sys [43800 2013-03-29] (Intel Corporation) R3 ISCT; C:\Windows\System32\drivers\ISCTD64.sys [46568 2013-04-15] () R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [129752 2014-12-17] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2014-11-21] (Malwarebytes Corporation) R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99800 2013-05-08] (Intel Corporation) R3 NETwNb64; C:\Windows\system32\DRIVERS\NETwbw02.sys [3589600 2013-09-25] (Intel Corporation) S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew02.sys [3597792 2013-05-14] (Intel Corporation) R3 usb3Hub; C:\Windows\System32\drivers\usb3Hub.sys [206744 2013-05-28] (Windows ® Win 7 DDK provider) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation) R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2012-08-31] (Hewlett-Packard Development Company, L.P.) R3 WPRO_41_2001; C:\Windows\System32\drivers\WPRO_41_2001.sys [34752 2014-12-17] () ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-12-17 17:04 - 2014-12-17 17:04 - 00000000 ____D () C:\Users\PetraL\Desktop\FRST-OlderVersion 2014-12-17 13:29 - 2014-12-17 17:01 - 00000000 ____D () C:\AdwCleaner 2014-12-17 13:28 - 2014-12-17 13:28 - 02166272 _____ () C:\Users\PetraL\Desktop\adwcleaner_4.105.exe 2014-12-17 13:13 - 2014-12-17 17:02 - 00094656 _____ (CACE Technologies) C:\WINDOWS\system32\WPRO_41_2001woem.tmp 2014-12-16 20:45 - 2014-12-17 17:05 - 00021698 _____ () C:\Users\PetraL\Desktop\FRST.txt 2014-12-16 20:45 - 2014-12-16 20:46 - 00025973 _____ () C:\Users\PetraL\Desktop\Addition.txt 2014-12-16 20:44 - 2014-12-17 17:05 - 00000000 ____D () C:\FRST 2014-12-16 20:43 - 2014-12-17 17:04 - 02121216 _____ (Farbar) C:\Users\PetraL\Desktop\FRST64.exe 2014-12-16 11:17 - 2014-12-16 11:17 - 00003252 _____ () C:\WINDOWS\System32\Tasks\avastBCLRestartS-1-5-21-1988245170-786186578-318433116-1001 2014-12-15 23:28 - 2014-10-30 23:37 - 00129536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe 2014-12-15 23:28 - 2014-10-30 23:34 - 00146432 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe 2014-12-15 14:40 - 2014-10-30 12:25 - 00275080 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe 2014-12-15 14:37 - 2014-12-15 14:37 - 00449936 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswNdisFlt.sys 2014-12-15 14:37 - 2014-12-15 14:37 - 00364512 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe 2014-12-15 14:37 - 2014-12-15 14:37 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr 2014-12-15 14:37 - 2014-12-15 14:37 - 00028184 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys 2014-12-15 14:37 - 2014-12-15 14:37 - 00002013 _____ () C:\Users\Public\Desktop\Avast SafeZone.lnk 2014-12-15 14:37 - 2014-12-15 14:37 - 00001953 _____ () C:\Users\Public\Desktop\Avast Internet Security.lnk 2014-12-15 14:37 - 2014-12-15 14:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software 2014-12-15 14:34 - 2014-12-15 14:34 - 00000000 ____D () C:\Users\PetraL\AppData\Roaming\WebTest 2014-12-15 14:33 - 2014-12-15 14:33 - 00777328 _____ ( ) C:\Users\PetraL\Downloads\details.exe 2014-12-15 14:20 - 2014-12-15 14:20 - 00000000 ____D () C:\WINDOWS\system32\appraiser 2014-12-11 21:01 - 2014-11-10 03:29 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceSetupStatusProvider.dll 2014-12-11 21:01 - 2014-11-10 02:51 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DeviceSetupStatusProvider.dll 2014-12-11 21:01 - 2014-10-31 00:39 - 01970432 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll 2014-12-11 21:01 - 2014-10-31 00:38 - 01612992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll 2014-12-11 18:53 - 2014-12-04 00:37 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll 2014-12-11 18:53 - 2014-12-04 00:09 - 00830464 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll 2014-12-11 18:53 - 2014-12-03 00:09 - 01083392 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll 2014-12-11 18:53 - 2014-12-03 00:09 - 00740864 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll 2014-12-11 18:53 - 2014-12-03 00:09 - 00412672 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll 2014-12-11 18:53 - 2014-12-03 00:09 - 00396288 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll 2014-12-11 18:53 - 2014-12-03 00:09 - 00192000 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll 2014-12-11 18:53 - 2014-11-07 05:16 - 01762840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll 2014-12-11 18:53 - 2014-11-07 04:26 - 01489072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll 2014-12-11 18:53 - 2014-10-13 03:43 - 00238912 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys 2014-12-11 18:53 - 2014-10-13 03:43 - 00153920 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys 2014-12-11 18:53 - 2014-10-13 03:43 - 00086336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys 2014-12-11 18:53 - 2014-10-13 03:43 - 00039744 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelpep.sys 2014-12-11 18:52 - 2014-11-22 04:13 - 25059840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2014-12-11 18:52 - 2014-11-22 03:50 - 00580096 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll 2014-12-11 18:52 - 2014-11-22 03:49 - 02885120 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2014-12-11 18:52 - 2014-11-22 03:49 - 00417280 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec 2014-12-11 18:52 - 2014-11-22 03:48 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll 2014-12-11 18:52 - 2014-11-22 03:35 - 00812544 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll 2014-12-11 18:52 - 2014-11-22 03:34 - 06039552 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll 2014-12-11 18:52 - 2014-11-22 03:22 - 19749376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2014-12-11 18:52 - 2014-11-22 03:08 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll 2014-12-11 18:52 - 2014-11-22 03:07 - 00501248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll 2014-12-11 18:52 - 2014-11-22 03:06 - 00340992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec 2014-12-11 18:52 - 2014-11-22 03:06 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll 2014-12-11 18:52 - 2014-11-22 03:05 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll 2014-12-11 18:52 - 2014-11-22 03:05 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll 2014-12-11 18:52 - 2014-11-22 03:01 - 02277888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll 2014-12-11 18:52 - 2014-11-22 02:59 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll 2014-12-11 18:52 - 2014-11-22 02:55 - 00661504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll 2014-12-11 18:52 - 2014-11-22 02:52 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll 2014-12-11 18:52 - 2014-11-22 02:49 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll 2014-12-11 18:52 - 2014-11-22 02:49 - 00718848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe 2014-12-11 18:52 - 2014-11-22 02:49 - 00373760 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll 2014-12-11 18:52 - 2014-11-22 02:46 - 02125312 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl 2014-12-11 18:52 - 2014-11-22 02:43 - 14412800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2014-12-11 18:52 - 2014-11-22 02:35 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll 2014-12-11 18:52 - 2014-11-22 02:34 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll 2014-12-11 18:52 - 2014-11-22 02:33 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll 2014-12-11 18:52 - 2014-11-22 02:29 - 04299264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll 2014-12-11 18:52 - 2014-11-22 02:29 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll 2014-12-11 18:52 - 2014-11-22 02:28 - 02358272 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll 2014-12-11 18:52 - 2014-11-22 02:25 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll 2014-12-11 18:52 - 2014-11-22 02:23 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll 2014-12-11 18:52 - 2014-11-22 02:23 - 00326656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll 2014-12-11 18:52 - 2014-11-22 02:22 - 02052096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl 2014-12-11 18:52 - 2014-11-22 02:15 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll 2014-12-11 18:52 - 2014-11-22 02:13 - 12836864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2014-12-11 18:52 - 2014-11-22 02:03 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll 2014-12-11 18:52 - 2014-11-22 02:00 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll 2014-12-11 18:52 - 2014-11-22 01:56 - 01307136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll 2014-12-11 18:52 - 2014-11-22 01:54 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll 2014-12-11 18:52 - 2014-11-01 00:57 - 01091072 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll 2014-12-11 18:52 - 2014-11-01 00:47 - 00790528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll 2014-12-11 09:10 - 2014-12-11 09:10 - 00000000 ____D () C:\Users\PetraL\AppData\Local\Adobe 2014-12-10 12:27 - 2014-12-10 12:27 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-11-30 15:17 - 2014-11-30 15:17 - 00000000 __SHD () C:\Users\PetraL\AppData\Local\EmieBrowserModeList 2014-11-19 19:11 - 2014-11-10 00:19 - 00991232 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll 2014-11-19 19:11 - 2014-11-10 00:19 - 00806400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll 2014-11-19 19:11 - 2014-11-10 00:18 - 00259584 _____ (Microsoft Corporation) C:\WINDOWS\system32\pku2u.dll 2014-11-19 19:11 - 2014-11-10 00:18 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pku2u.dll ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-12-17 17:05 - 2014-03-25 16:55 - 00000000 ____D () C:\Users\PetraL\Documents\Youcam 2014-12-17 17:04 - 2014-07-30 14:31 - 00000000 ___DO () C:\Users\PetraL\OneDrive 2014-12-17 17:04 - 2014-05-28 20:55 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2014-12-17 17:04 - 2014-05-12 15:51 - 00000000 ____D () C:\Users\PetraL\AppData\Local\Spotify 2014-12-17 17:04 - 2014-05-12 15:50 - 00000000 ____D () C:\Users\PetraL\AppData\Roaming\Spotify 2014-12-17 17:04 - 2013-10-06 17:58 - 00003306 _____ () C:\WINDOWS\System32\Tasks\Intel® Rapid Start Technology Manager 2014-12-17 17:02 - 2014-07-30 13:40 - 01791137 _____ () C:\WINDOWS\WindowsUpdate.log 2014-12-17 17:02 - 2014-03-18 02:54 - 00035522 _____ () C:\WINDOWS\PFRO.log 2014-12-17 17:02 - 2013-10-06 18:14 - 00034752 _____ () C:\WINDOWS\system32\Drivers\WPRO_41_2001.sys 2014-12-17 17:02 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT 2014-12-17 17:02 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI 2014-12-17 17:00 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru 2014-12-17 13:27 - 2014-09-21 19:49 - 00003916 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{B3B76A1C-8ECE-4183-9C01-16C1F77BF7C0} 2014-12-17 13:20 - 2014-03-18 11:04 - 01933442 _____ () C:\WINDOWS\system32\PerfStringBackup.INI 2014-12-17 13:20 - 2014-03-18 10:32 - 00798886 _____ () C:\WINDOWS\system32\perfh01D.dat 2014-12-17 13:20 - 2014-03-18 10:32 - 00183530 _____ () C:\WINDOWS\system32\perfc01D.dat 2014-12-16 23:56 - 2014-03-26 12:56 - 00000868 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2014-12-16 20:39 - 2013-08-22 15:46 - 00306137 _____ () C:\WINDOWS\setupact.log 2014-12-16 11:36 - 2014-03-25 17:00 - 00003596 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1988245170-786186578-318433116-1001 2014-12-16 11:20 - 2014-05-28 20:54 - 00001121 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2014-12-16 11:20 - 2014-05-28 20:54 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware 2014-12-16 11:17 - 2014-03-29 07:57 - 00000000 ____D () C:\Users\PetraL\Documents\Medicin 1 2014-12-16 11:17 - 2014-03-25 20:22 - 00001142 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk 2014-12-16 11:17 - 2014-03-25 20:22 - 00001142 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2014-12-16 07:41 - 2012-07-26 08:59 - 00000000 ____D () C:\WINDOWS\CbsTemp 2014-12-15 16:40 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\rescache 2014-12-15 14:37 - 2014-05-28 21:12 - 00029208 _____ () C:\WINDOWS\system32\Drivers\aswHwid.sys 2014-12-15 14:37 - 2014-03-25 17:18 - 01050432 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsnx.sys 2014-12-15 14:37 - 2014-03-25 17:18 - 00436624 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsp.sys 2014-12-15 14:37 - 2014-03-25 17:18 - 00267632 _____ () C:\WINDOWS\system32\Drivers\aswVmm.sys 2014-12-15 14:37 - 2014-03-25 17:18 - 00116728 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswstm.sys 2014-12-15 14:37 - 2014-03-25 17:18 - 00093568 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys 2014-12-15 14:37 - 2014-03-25 17:18 - 00083280 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys 2014-12-15 14:37 - 2014-03-25 17:18 - 00065776 _____ () C:\WINDOWS\system32\Drivers\aswRvrt.sys 2014-12-15 14:37 - 2014-03-25 17:18 - 00003924 _____ () C:\WINDOWS\System32\Tasks\avast! Emergency Update 2014-12-15 14:37 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM 2014-12-15 14:20 - 2014-07-16 15:43 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel 2014-12-15 14:20 - 2014-03-25 20:22 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-12-15 14:20 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\PolicyDefinitions 2014-12-15 14:20 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppCompat 2014-12-15 14:08 - 2014-03-25 16:52 - 00000000 ____D () C:\Users\PetraL\AppData\Local\Packages 2014-12-15 14:01 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness 2014-12-12 13:07 - 2014-03-25 19:32 - 00000000 ____D () C:\WINDOWS\system32\MRT 2014-12-12 13:07 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sr-Latn-RS 2014-12-12 13:07 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sr-Latn-CS 2014-12-12 13:05 - 2014-03-25 19:32 - 112710672 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2014-12-11 09:10 - 2014-03-26 12:56 - 00003756 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater 2014-11-26 22:10 - 2013-08-22 16:38 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2014-11-26 22:10 - 2013-08-22 16:38 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl 2014-11-26 08:56 - 2014-03-26 11:01 - 00000000 ____D () C:\Program Files\Microsoft Office 15 2014-11-21 06:14 - 2014-05-28 20:54 - 00093400 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys 2014-11-21 06:14 - 2014-05-28 20:54 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys 2014-11-21 06:14 - 2014-05-28 20:54 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys 2014-11-19 19:28 - 2013-08-22 15:44 - 00511528 _____ () C:\WINDOWS\system32\FNTCACHE.DAT 2014-11-19 19:27 - 2013-08-22 16:36 - 00000000 ___RD () C:\WINDOWS\ToastData 2014-11-19 19:27 - 2013-08-22 16:36 - 00000000 ___RD () C:\WINDOWS\ImmersiveControlPanel 2014-11-19 19:27 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2014-11-19 19:27 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2014-11-19 19:27 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Windows Defender 2014-11-19 19:27 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender 2014-11-17 19:34 - 2014-03-26 13:02 - 00000000 ____D () C:\Users\PetraL\AppData\Roaming\BankID Some content of TEMP: ==================== C:\Users\PetraL\AppData\Local\Temp\ICReinstall_Malavida_Download_Manager.exe C:\Users\PetraL\AppData\Local\Temp\Quarantine.exe C:\Users\PetraL\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-12-16 11:36 ==================== End Of Log Och med esetloggen C:\$Recycle.Bin\S-1-5-21-1988245170-786186578-318433116-1001\$RUAI3F0.exe a variant of Win32/InstallCore.UE potentially unwanted application C:\Users\PetraL\AppData\Local\Temp\ICReinstall_Malavida_Download_Manager.exe a variant of Win32/InstallCore.UE potentially unwanted application C:\Users\PetraL\Downloads\bitcomet_setup.exe a variant of Win32/InstallCore.UE potentially unwanted application C:\Users\PetraL\Downloads\details.exe a variant of Win32/InstallCore.TC potentially unwanted application
  12. Hade inte tagit bort med MBAM innan jag skickade logg. Nu är det fixat, och här kommer logg. # AdwCleaner v4.105 - Report created 17/12/2014 at 13:29:09 # Updated 08/12/2014 by Xplode # Database : 2014-12-16.1 [Live] # Operating System : Windows 8.1 (64 bits) # Username : PetraL - PETRA # Running from : C:\Users\PetraL\Desktop\adwcleaner_4.105.exe # Option : Scan ***** [ Services ] ***** ***** [ Files / Folders ] ***** Folder Found : C:\ProgramData\b2c05059bc36ccba Folder Found : C:\ProgramData\tOppdeal Folder Found : C:\Users\PetraL\AppData\Roaming\vi-view ***** [ Scheduled Tasks ] ***** ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\OpenOffice Packages Key Found : HKCU\Software\SecuredDownload Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472F-A0FF-E1416B8B2E3A} Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB} Key Found : [x64] HKCU\Software\SecuredDownload Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\vi-view uninstall Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472F-A0FF-E1416B8B2E3A} Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}] ***** [ Browsers ] ***** -\\ Internet Explorer v11.0.9600.17416 Setting Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL] - hxxp://myhome.vi-view.com/web/?type=ds&ts=1418650465&from=cor&uid=3219913727_263761_902A225E&q={searchTerms} Setting Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [search Page] - hxxp://myhome.vi-view.com/web/?type=ds&ts=1418650465&from=cor&uid=3219913727_263761_902A225E&q={searchTerms} Setting Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL] - hxxp://myhome.vi-view.com/?type=hp&ts=1418650465&from=cor&uid=3219913727_263761_902A225E -\\ Mozilla Firefox v34.0.5 (x86 sv-SE) [z3xxmext.default] - Line Found : user_pref("extensions.irmysearch.aflt", "vit_14_13_ff"); [z3xxmext.default] - Line Found : user_pref("extensions.irmysearch.cd", "2XzuyEtN2Y1L1QzutD0Czz0B0F0DtByEtD0E0B0DtBtByD0EtN0D0Tzu0SzztCyDtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StByCyDzzyB0CzytAtG0CtCtByEt[...] [z3xxmext.default] - Line Found : user_pref("extensions.irmysearch.cr", "453903572"); [z3xxmext.default] - Line Found : user_pref("extensions.irmysearch.instlRef", "140305_b"); [z3xxmext.default] - Line Found : user_pref("extensions.quick_start.enable_search1", false); [z3xxmext.default] - Line Found : user_pref("extensions.quick_start.sd.closeWindowWithLastTab_prev_state", true); ************************* AdwCleaner[R0].txt - [2734 octets] - [17/12/2014 13:29:09] ########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [2794 octets] ##########
  13. Hejsan Kommer upp varning från Malware antibytes Malwarebytes Anti-Malware www.malwarebytes.org Update, 2014-12-16 11:19:17, SYSTEM, PETRA, Manual, Remediation Database, 2013.10.16.1, 2014.12.6.1, Update, 2014-12-16 11:19:19, SYSTEM, PETRA, Manual, Rootkit Database, 2014.9.15.1, 2014.12.14.1, Update, 2014-12-16 11:19:51, SYSTEM, PETRA, Manual, Malware Database, 2014.5.30.7, 2014.12.16.2, Update, 2014-12-16 11:19:59, SYSTEM, PETRA, Manual, program, 2.0.2.1012, 2.0.4.1028, Protection, 2014-12-16 11:20:35, SYSTEM, PETRA, Protection, Malware Protection, Starting, Protection, 2014-12-16 11:20:35, SYSTEM, PETRA, Protection, Malware Protection, Started, Protection, 2014-12-16 11:20:35, SYSTEM, PETRA, Protection, Malicious Website Protection, Starting, Protection, 2014-12-16 11:20:36, SYSTEM, PETRA, Protection, Malicious Website Protection, Started, Update, 2014-12-16 11:20:37, SYSTEM, PETRA, Manual, Remediation Database, 2013.10.16.1, 2014.12.6.1, Update, 2014-12-16 11:20:37, SYSTEM, PETRA, Manual, Rootkit Database, 2014.11.18.1, 2014.12.14.1, Update, 2014-12-16 11:20:49, SYSTEM, PETRA, Manual, Malware Database, 2014.11.20.6, 2014.12.16.2, Protection, 2014-12-16 11:20:49, SYSTEM, PETRA, Protection, Refresh, Starting, Protection, 2014-12-16 11:20:49, SYSTEM, PETRA, Protection, Malicious Website Protection, Stopping, Protection, 2014-12-16 11:20:49, SYSTEM, PETRA, Protection, Malicious Website Protection, Stopped, Protection, 2014-12-16 11:20:54, SYSTEM, PETRA, Protection, Refresh, Success, Protection, 2014-12-16 11:20:54, SYSTEM, PETRA, Protection, Malicious Website Protection, Starting, Protection, 2014-12-16 11:20:55, SYSTEM, PETRA, Protection, Malicious Website Protection, Started, Protection, 2014-12-16 11:22:00, SYSTEM, PETRA, Protection, Malware Protection, Starting, Protection, 2014-12-16 11:22:00, SYSTEM, PETRA, Protection, Malware Protection, Started, Protection, 2014-12-16 11:22:00, SYSTEM, PETRA, Protection, Malicious Website Protection, Starting, Protection, 2014-12-16 11:22:01, SYSTEM, PETRA, Protection, Malicious Website Protection, Started, Detection, 2014-12-16 11:27:50, SYSTEM, PETRA, Protection, Malware Protection, File, PUP.Optional.ClickCaption.A, C:\Program Files (x86)\ClickCaption_1.10.0.4\Service\ccsvc.exe, Quarantine Failed, 5, Ãtkomst nekad. , [740eb7acb8c4999d891001e4936ed32d] Detection, 2014-12-16 11:27:55, SYSTEM, PETRA, Protection, Malware Protection, File, PUP.Optional.ClickCaption.A, C:\Program Files (x86)\ClickCaption_1.10.0.4\Service\ccsvc.exe, Quarantine Failed, 5, Ãtkomst nekad. , [740eb7acb8c4999d891001e4936ed32d] Detection, 2014-12-16 11:28:05, SYSTEM, PETRA, Protection, Malware Protection, File, PUP.Optional.ClickCaption.A, C:\Program Files (x86)\ClickCaption_1.10.0.4\Service\ccsvc.exe, Quarantine Failed, 5, Ãtkomst nekad. , [740eb7acb8c4999d891001e4936ed32d] Detection, 2014-12-16 11:28:08, SYSTEM, PETRA, Protection, Malware Protection, File, PUP.Optional.ClickCaption.A, C:\Program Files (x86)\ClickCaption_1.10.0.4\Service\ccsvc.exe, Quarantine Failed, 5, Ãtkomst nekad. , [740eb7acb8c4999d891001e4936ed32d] Detection, 2014-12-16 11:28:14, SYSTEM, PETRA, Protection, Malware Protection, File, PUP.Optional.ClickCaption.A, C:\Program Files (x86)\ClickCaption_1.10.0.4\Service\ccsvc.exe, Quarantine Failed, 5, Ãtkomst nekad. , [740eb7acb8c4999d891001e4936ed32d] Detection, 2014-12-16 11:28:17, SYSTEM, PETRA, Protection, Malware Protection, File, PUP.Optional.ClickCaption.A, C:\Program Files (x86)\ClickCaption_1.10.0.4\Service\ccsvc.exe, Quarantine Failed, 5, Ãtkomst nekad. , [740eb7acb8c4999d891001e4936ed32d] Detection, 2014-12-16 11:28:23, SYSTEM, PETRA, Protection, Malware Protection, File, PUP.Optional.ClickCaption.A, C:\Program Files (x86)\ClickCaption_1.10.0.4\Service\ccsvc.exe, Quarantine Failed, 5, Ãtkomst nekad. , [740eb7acb8c4999d891001e4936ed32d] Detection, 2014-12-16 11:28:28, SYSTEM, PETRA, Protection, Malware Protection, File, PUP.Optional.ClickCaption.A, C:\Program Files (x86)\ClickCaption_1.10.0.4\Service\ccsvc.exe, Quarantine Failed, 5, Ãtkomst nekad. , [740eb7acb8c4999d891001e4936ed32d] Detection, 2014-12-16 11:28:33, SYSTEM, PETRA, Protection, Malware Protection, File, PUP.Optional.ClickCaption.A, C:\Program Files (x86)\ClickCaption_1.10.0.4\Service\ccsvc.exe, Quarantine Failed, 5, Ãtkomst nekad. , [740eb7acb8c4999d891001e4936ed32d] Detection, 2014-12-16 11:28:38, SYSTEM, PETRA, Protection, Malware Protection, File, PUP.Optional.ClickCaption.A, C:\Program Files (x86)\ClickCaption_1.10.0.4\Service\ccsvc.exe, Quarantine Failed, 5, Ãtkomst nekad. , [740eb7acb8c4999d891001e4936ed32d] Detection, 2014-12-16 11:28:47, SYSTEM, PETRA, Protection, Malware Protection, File, PUP.Optional.ClickCaption.A, C:\Program Files (x86)\ClickCaption_1.10.0.4\Service\ccsvc.exe, Quarantine Failed, 5, Ãtkomst nekad. , [740eb7acb8c4999d891001e4936ed32d] Detection, 2014-12-16 11:28:53, SYSTEM, PETRA, Protection, Malware Protection, File, PUP.Optional.ClickCaption.A, C:\Program Files (x86)\ClickCaption_1.10.0.4\Service\ccsvc.exe, Quarantine Failed, 5, Ãtkomst nekad. , [740eb7acb8c4999d891001e4936ed32d] Detection, 2014-12-16 11:28:56, SYSTEM, PETRA, Protection, Malware Protection, File, PUP.Optional.ClickCaption.A, C:\Program Files (x86)\ClickCaption_1.10.0.4\Service\ccsvc.exe, Quarantine Failed, 5, Ãtkomst nekad. , [740eb7acb8c4999d891001e4936ed32d] Detection, 2014-12-16 11:29:04, SYSTEM, PETRA, Protection, Malware Protection, File, PUP.Optional.ClickCaption.A, C:\Program Files (x86)\ClickCaption_1.10.0.4\Service\ccsvc.exe, Quarantine Failed, 5, Ãtkomst nekad. , [740eb7acb8c4999d891001e4936ed32d] Detection, 2014-12-16 11:29:09, SYSTEM, PETRA, Protection, Malware Protection, File, PUP.Optional.ClickCaption.A, C:\Program Files (x86)\ClickCaption_1.10.0.4\Service\ccsvc.exe, Quarantine Failed, 5, Ãtkomst nekad. , [740eb7acb8c4999d891001e4936ed32d] Detection, 2014-12-16 11:29:14, SYSTEM, PETRA, Protection, Malware Protection, File, PUP.Optional.ClickCaption.A, C:\Program Files (x86)\ClickCaption_1.10.0.4\Service\ccsvc.exe, Quarantine Failed, 5, Ãtkomst nekad. , [740eb7acb8c4999d891001e4936ed32d] Detection, 2014-12-16 11:29:17, SYSTEM, PETRA, Protection, Malware Protection, File, PUP.Optional.ClickCaption.A, C:\Program Files (x86)\ClickCaption_1.10.0.4\Service\ccsvc.exe, Quarantine Failed, 5, Ãtkomst nekad. , [740eb7acb8c4999d891001e4936ed32d] Detection, 2014-12-16 11:29:28, SYSTEM, PETRA, Protection, Malware Protection, File, PUP.Optional.ClickCaption.A, C:\Program Files (x86)\ClickCaption_1.10.0.4\Service\ccsvc.exe, Quarantine Failed, 5, Ãtkomst nekad. , [740eb7acb8c4999d891001e4936ed32d] Detection, 2014-12-16 11:29:34, SYSTEM, PETRA, Protection, Malware Protection, File, PUP.Optional.ClickCaption.A, C:\Program Files (x86)\ClickCaption_1.10.0.4\Service\ccsvc.exe, Quarantine Failed, 5, Ãtkomst nekad. , [740eb7acb8c4999d891001e4936ed32d] Detection, 2014-12-16 11:29:41, SYSTEM, PETRA, Protection, Malware Protection, File, PUP.Optional.ClickCaption.A, C:\Program Files (x86)\ClickCaption_1.10.0.4\Service\ccsvc.exe, Quarantine Failed, 5, Ãtkomst nekad. , [740eb7acb8c4999d891001e4936ed32d] Detection, 2014-12-16 11:29:58, SYSTEM, PETRA, Protection, Malware Protection, File, PUP.Optional.ClickCaption.A, C:\Program Files (x86)\ClickCaption_1.10.0.4\Service\ccsvc.exe, Quarantine Failed, 5, Ãtkomst nekad. , [740eb7acb8c4999d891001e4936ed32d] Detection, 2014-12-16 11:30:07, SYSTEM, PETRA, Protection, Malware Protection, File, PUP.Optional.ClickCaption.A, C:\Program Files (x86)\ClickCaption_1.10.0.4\Service\ccsvc.exe, Quarantine Failed, 5, Ãtkomst nekad. , [740eb7acb8c4999d891001e4936ed32d] Detection, 2014-12-16 12:36:11, SYSTEM, PETRA, Protection, Malware Protection, File, PUP.Optional.ClickCaption.A, C:\Program Files (x86)\ClickCaption_1.10.0.4\Service\ccsvc.exe, Quarantine Failed, 5, Ãtkomst nekad. , [740eb7acb8c4999d891001e4936ed32d] Detection, 2014-12-16 12:36:18, SYSTEM, PETRA, Protection, Malware Protection, File, PUP.Optional.ClickCaption.A, C:\Program Files (x86)\ClickCaption_1.10.0.4\Service\ccsvc.exe, Quarantine Failed, 5, Ãtkomst nekad. , [740eb7acb8c4999d891001e4936ed32d] Detection, 2014-12-16 12:36:24, SYSTEM, PETRA, Protection, Malware Protection, File, PUP.Optional.ClickCaption.A, C:\Program Files (x86)\ClickCaption_1.10.0.4\Service\ccsvc.exe, Quarantine Failed, 5, Ãtkomst nekad. , [740eb7acb8c4999d891001e4936ed32d] Update, 2014-12-16 17:36:07, SYSTEM, PETRA, Scheduler, Malware Database, 2014.12.16.2, 2014.12.16.3, Protection, 2014-12-16 17:36:07, SYSTEM, PETRA, Protection, Refresh, Starting, Protection, 2014-12-16 17:36:07, SYSTEM, PETRA, Protection, Malicious Website Protection, Stopping, Protection, 2014-12-16 17:36:07, SYSTEM, PETRA, Protection, Malicious Website Protection, Stopped, Protection, 2014-12-16 17:36:18, SYSTEM, PETRA, Protection, Refresh, Success, Protection, 2014-12-16 17:36:18, SYSTEM, PETRA, Protection, Malicious Website Protection, Starting, Protection, 2014-12-16 17:36:18, SYSTEM, PETRA, Protection, Malicious Website Protection, Started, Detection, 2014-12-16 17:37:41, SYSTEM, PETRA, Protection, Malware Protection, File, PUP.Optional.ClickCaption.A, C:\Program Files (x86)\ClickCaption_1.10.0.4\Service\ccsvc.exe, Quarantine Failed, 5, Ãtkomst nekad. , [592a1152f08c989ec6d9697c3ac72bd5] Detection, 2014-12-16 17:37:54, SYSTEM, PETRA, Protection, Malware Protection, File, PUP.Optional.ClickCaption.A, C:\Program Files (x86)\ClickCaption_1.10.0.4\Service\ccsvc.exe, Quarantine Failed, 5, Ãtkomst nekad. , [592a1152f08c989ec6d9697c3ac72bd5] Detection, 2014-12-16 17:37:58, SYSTEM, PETRA, Protection, Malware Protection, File, PUP.Optional.ClickCaption.A, C:\Program Files (x86)\ClickCaption_1.10.0.4\Service\ccsvc.exe, Quarantine Failed, 5, Ãtkomst nekad. , [592a1152f08c989ec6d9697c3ac72bd5] Detection, 2014-12-16 17:38:06, SYSTEM, PETRA, Protection, Malware Protection, File, PUP.Optional.ClickCaption.A, C:\Program Files (x86)\ClickCaption_1.10.0.4\Service\ccsvc.exe, Quarantine Failed, 5, Ãtkomst nekad. , [592a1152f08c989ec6d9697c3ac72bd5] Detection, 2014-12-16 17:38:10, SYSTEM, PETRA, Protection, Malware Protection, File, PUP.Optional.ClickCaption.A, C:\Program Files (x86)\ClickCaption_1.10.0.4\Service\ccsvc.exe, Quarantine Failed, 5, Ãtkomst nekad. , [592a1152f08c989ec6d9697c3ac72bd5] Detection, 2014-12-16 17:38:13, SYSTEM, PETRA, Protection, Malware Protection, File, PUP.Optional.ClickCaption.A, C:\Program Files (x86)\ClickCaption_1.10.0.4\Service\ccsvc.exe, Quarantine Failed, 5, Ãtkomst nekad. , [592a1152f08c989ec6d9697c3ac72bd5] Detection, 2014-12-16 17:38:20, SYSTEM, PETRA, Protection, Malware Protection, File, PUP.Optional.ClickCaption.A, C:\Program Files (x86)\ClickCaption_1.10.0.4\Service\ccsvc.exe, Quarantine Failed, 5, Ãtkomst nekad. , [592a1152f08c989ec6d9697c3ac72bd5] Update, 2014-12-16 19:32:57, SYSTEM, PETRA, Scheduler, Malware Database, 2014.12.16.3, 2014.12.16.4, Protection, 2014-12-16 19:32:57, SYSTEM, PETRA, Protection, Refresh, Starting, Protection, 2014-12-16 19:32:57, SYSTEM, PETRA, Protection, Malicious Website Protection, Stopping, Protection, 2014-12-16 19:32:57, SYSTEM, PETRA, Protection, Malicious Website Protection, Stopped, Protection, 2014-12-16 19:33:03, SYSTEM, PETRA, Protection, Refresh, Success, Protection, 2014-12-16 19:33:03, SYSTEM, PETRA, Protection, Malicious Website Protection, Starting, Protection, 2014-12-16 19:33:03, SYSTEM, PETRA, Protection, Malicious Website Protection, Started, Detection, 2014-12-16 19:33:23, SYSTEM, PETRA, Protection, Malware Protection, File, PUP.Optional.ClickCaption.A, C:\Program Files (x86)\ClickCaption_1.10.0.4\Service\ccsvc.exe, Quarantine Failed, 5, Ãtkomst nekad. , [3c489ac96319d066e7bdfbea0ff247b9] Detection, 2014-12-16 20:31:40, SYSTEM, PETRA, Protection, Malware Protection, File, PUP.Optional.ClickCaption.A, C:\Program Files (x86)\ClickCaption_1.10.0.4\Service\ccsvc.exe, Quarantine Failed, 5, Ãtkomst nekad. , [3c489ac96319d066e7bdfbea0ff247b9] Detection, 2014-12-16 20:31:43, SYSTEM, PETRA, Protection, Malware Protection, File, PUP.Optional.ClickCaption.A, C:\Program Files (x86)\ClickCaption_1.10.0.4\Service\ccsvc.exe, Quarantine Failed, 5, Ãtkomst nekad. , [3c489ac96319d066e7bdfbea0ff247b9] Detection, 2014-12-16 20:31:50, SYSTEM, PETRA, Protection, Malware Protection, File, PUP.Optional.ClickCaption.A, C:\Program Files (x86)\ClickCaption_1.10.0.4\Service\ccsvc.exe, Quarantine Failed, 5, Ãtkomst nekad. , [3c489ac96319d066e7bdfbea0ff247b9] Detection, 2014-12-16 20:31:56, SYSTEM, PETRA, Protection, Malware Protection, File, PUP.Optional.ClickCaption.A, C:\Program Files (x86)\ClickCaption_1.10.0.4\Service\ccsvc.exe, Quarantine Failed, 5, Ãtkomst nekad. , [3c489ac96319d066e7bdfbea0ff247b9] Detection, 2014-12-16 20:32:03, SYSTEM, PETRA, Protection, Malware Protection, File, PUP.Optional.ClickCaption.A, C:\Program Files (x86)\ClickCaption_1.10.0.4\Service\ccsvc.exe, Quarantine Failed, 5, Ãtkomst nekad. , [3c489ac96319d066e7bdfbea0ff247b9] Detection, 2014-12-16 20:32:07, SYSTEM, PETRA, Protection, Malware Protection, File, PUP.Optional.ClickCaption.A, C:\Program Files (x86)\ClickCaption_1.10.0.4\Service\ccsvc.exe, Quarantine Failed, 5, Ãtkomst nekad. , [3c489ac96319d066e7bdfbea0ff247b9] Detection, 2014-12-16 20:32:13, SYSTEM, PETRA, Protection, Malware Protection, File, PUP.Optional.ClickCaption.A, C:\Program Files (x86)\ClickCaption_1.10.0.4\Service\ccsvc.exe, Quarantine Failed, 5, Ãtkomst nekad. , [3c489ac96319d066e7bdfbea0ff247b9] Detection, 2014-12-16 20:32:41, SYSTEM, PETRA, Protection, Malware Protection, File, PUP.Optional.ClickCaption.A, C:\Program Files (x86)\ClickCaption_1.10.0.4\Service\ccsvc.exe, Quarantine Failed, 5, Ãtkomst nekad. , [3c489ac96319d066e7bdfbea0ff247b9] Detection, 2014-12-16 20:32:47, SYSTEM, PETRA, Protection, Malware Protection, File, PUP.Optional.ClickCaption.A, C:\Program Files (x86)\ClickCaption_1.10.0.4\Service\ccsvc.exe, Quarantine Failed, 5, Ãtkomst nekad. , [3c489ac96319d066e7bdfbea0ff247b9] Detection, 2014-12-16 20:32:53, SYSTEM, PETRA, Protection, Malware Protection, File, PUP.Optional.ClickCaption.A, C:\Program Files (x86)\ClickCaption_1.10.0.4\Service\ccsvc.exe, Quarantine Failed, 5, Ãtkomst nekad. , [3c489ac96319d066e7bdfbea0ff247b9] Detection, 2014-12-16 20:33:07, SYSTEM, PETRA, Protection, Malware Protection, File, PUP.Optional.ClickCaption.A, C:\Program Files (x86)\ClickCaption_1.10.0.4\Service\ccsvc.exe, Quarantine Failed, 5, Ãtkomst nekad. , [3c489ac96319d066e7bdfbea0ff247b9] Detection, 2014-12-16 20:33:10, SYSTEM, PETRA, Protection, Malware Protection, File, PUP.Optional.ClickCaption.A, C:\Program Files (x86)\ClickCaption_1.10.0.4\Service\ccsvc.exe, Quarantine Failed, 5, Ãtkomst nekad. , [3c489ac96319d066e7bdfbea0ff247b9] Detection, 2014-12-16 20:33:15, SYSTEM, PETRA, Protection, Malware Protection, File, PUP.Optional.ClickCaption.A, C:\Program Files (x86)\ClickCaption_1.10.0.4\Service\ccsvc.exe, Quarantine Failed, 5, Ãtkomst nekad. , [3c489ac96319d066e7bdfbea0ff247b9] Detection, 2014-12-16 20:33:18, SYSTEM, PETRA, Protection, Malware Protection, File, PUP.Optional.ClickCaption.A, C:\Program Files (x86)\ClickCaption_1.10.0.4\Service\ccsvc.exe, Quarantine Failed, 5, Ãtkomst nekad. , [3c489ac96319d066e7bdfbea0ff247b9] Detection, 2014-12-16 20:33:22, SYSTEM, PETRA, Protection, Malware Protection, File, PUP.Optional.ClickCaption.A, C:\Program Files (x86)\ClickCaption_1.10.0.4\Service\ccsvc.exe, Quarantine Failed, 5, Ãtkomst nekad. , [3c489ac96319d066e7bdfbea0ff247b9] Detection, 2014-12-16 20:33:25, SYSTEM, PETRA, Protection, Malware Protection, File, PUP.Optional.ClickCaption.A, C:\Program Files (x86)\ClickCaption_1.10.0.4\Service\ccsvc.exe, Quarantine Failed, 5, Ãtkomst nekad. , [3c489ac96319d066e7bdfbea0ff247b9] Detection, 2014-12-16 20:33:29, SYSTEM, PETRA, Protection, Malware Protection, File, PUP.Optional.ClickCaption.A, C:\Program Files (x86)\ClickCaption_1.10.0.4\Service\ccsvc.exe, Quarantine Failed, 5, Ãtkomst nekad. , [3c489ac96319d066e7bdfbea0ff247b9] Detection, 2014-12-16 20:33:33, SYSTEM, PETRA, Protection, Malware Protection, File, PUP.Optional.ClickCaption.A, C:\Program Files (x86)\ClickCaption_1.10.0.4\Service\ccsvc.exe, Quarantine Failed, 5, Ãtkomst nekad. , [3c489ac96319d066e7bdfbea0ff247b9] Detection, 2014-12-16 20:33:36, SYSTEM, PETRA, Protection, Malware Protection, File, PUP.Optional.ClickCaption.A, C:\Program Files (x86)\ClickCaption_1.10.0.4\Service\ccsvc.exe, Quarantine Failed, 5, Ãtkomst nekad. , [3c489ac96319d066e7bdfbea0ff247b9] Detection, 2014-12-16 20:33:39, SYSTEM, PETRA, Protection, Malware Protection, File, PUP.Optional.ClickCaption.A, C:\Program Files (x86)\ClickCaption_1.10.0.4\Service\ccsvc.exe, Quarantine Failed, 5, Ãtkomst nekad. , [3c489ac96319d066e7bdfbea0ff247b9] Detection, 2014-12-16 20:33:43, SYSTEM, PETRA, Protection, Malware Protection, File, PUP.Optional.ClickCaption.A, C:\Program Files (x86)\ClickCaption_1.10.0.4\Service\ccsvc.exe, Quarantine Failed, 5, Ãtkomst nekad. , [3c489ac96319d066e7bdfbea0ff247b9] Detection, 2014-12-16 20:33:47, SYSTEM, PETRA, Protection, Malware Protection, File, PUP.Optional.ClickCaption.A, C:\Program Files (x86)\ClickCaption_1.10.0.4\Service\ccsvc.exe, Quarantine Failed, 5, Ãtkomst nekad. , [3c489ac96319d066e7bdfbea0ff247b9] Detection, 2014-12-16 20:33:51, SYSTEM, PETRA, Protection, Malware Protection, File, PUP.Optional.ClickCaption.A, C:\Program Files (x86)\ClickCaption_1.10.0.4\Service\ccsvc.exe, Quarantine Failed, 5, Ãtkomst nekad. , [3c489ac96319d066e7bdfbea0ff247b9] Detection, 2014-12-16 20:33:54, SYSTEM, PETRA, Protection, Malware Protection, File, PUP.Optional.ClickCaption.A, C:\Program Files (x86)\ClickCaption_1.10.0.4\Service\ccsvc.exe, Quarantine Failed, 5, Ãtkomst nekad. , [3c489ac96319d066e7bdfbea0ff247b9] Detection, 2014-12-16 20:33:58, SYSTEM, PETRA, Protection, Malware Protection, File, PUP.Optional.ClickCaption.A, C:\Program Files (x86)\ClickCaption_1.10.0.4\Service\ccsvc.exe, Quarantine Failed, 5, Ãtkomst nekad. , [3c489ac96319d066e7bdfbea0ff247b9] Detection, 2014-12-16 20:34:01, SYSTEM, PETRA, Protection, Malware Protection, File, PUP.Optional.ClickCaption.A, C:\Program Files (x86)\ClickCaption_1.10.0.4\Service\ccsvc.exe, Quarantine Failed, 5, Ãtkomst nekad. , [3c489ac96319d066e7bdfbea0ff247b9] Detection, 2014-12-16 20:34:05, SYSTEM, PETRA, Protection, Malware Protection, File, PUP.Optional.ClickCaption.A, C:\Program Files (x86)\ClickCaption_1.10.0.4\Service\ccsvc.exe, Quarantine Failed, 5, Ãtkomst nekad. , [3c489ac96319d066e7bdfbea0ff247b9] (end) Här kommer loggen från FRST Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-12-2014 01 Ran by PetraL (administrator) on PETRA on 16-12-2014 20:45:17 Running from C:\Users\PetraL\Desktop Loaded Profile: PetraL (Available profiles: PetraL) Platform: Windows 8.1 (X64) OS Language: Svenska (Sverige) Internet Explorer Version 11 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe (Intel Corporation) C:\Windows\System32\igfxCUIService.exe (AMD) C:\Windows\System32\atieclxx.exe (Hewlett-Packard Company) C:\Windows\System32\hpservice.exe (Stardock Software, Inc) C:\Program Files (x86)\Stardock\Start8\Start8Srv.exe (Stardock Software, Inc) C:\Program Files (x86)\Stardock\Start8\Start8_64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Fuyu LIMITED) C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe (Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (ClickCaption) C:\Program Files (x86)\ClickCaption_1.10.0.4\Service\ccsvc.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe (CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe () C:\ProgramData\DatacardService\DCService.exe (Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Microsoft Corporation) C:\Windows\System32\dasHost.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe (Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe (Intel Corporation) C:\Windows\SysWOW64\irstrtsv.exe () C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe (Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe (Intel) C:\Program Files\Intel Corporation\Intel WiDi\BrcmSetSecurity.exe (Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe (Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe (Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe (Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation) C:\Windows\Temp\irstrtsv\scrncap.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe (Intel Corporation) C:\Windows\System32\igfxEM.exe (Intel Corporation) C:\Windows\System32\igfxHK.exe (Intel Corporation) C:\Windows\System32\igfxTray.exe (Microsoft Corporation) C:\Windows\System32\SkyDrive.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Avanquest Software) C:\Program Files (x86)\PC Speed Maximizer\SPMSchedule.exe (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe (Intel) C:\Program Files (x86)\Intel\irstrt\RapidStartConfig.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apoint.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Spotify Ltd) C:\Users\PetraL\AppData\Roaming\Spotify\spotify.exe (Spotify Ltd) C:\Users\PetraL\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Intel Corporation) C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTsysTray8.exe (Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApMsgFwd.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe (CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe (Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\hidfind.exe (Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApntEx.exe () C:\Users\PetraL\AppData\Roaming\Spotify\Data\SpotifyHelper.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe () C:\Users\PetraL\AppData\Roaming\Spotify\Data\SpotifyHelper.exe () C:\Users\PetraL\AppData\Roaming\Spotify\Data\SpotifyHelper.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe () C:\Users\PetraL\AppData\Roaming\Spotify\Data\SpotifyHelper.exe () C:\Users\PetraL\AppData\Roaming\Spotify\Data\SpotifyHelper.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe (CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Reader_6.3.9654.17499_x64__8wekyb3d8bbwe\glcnd.exe (CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_235.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_235.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7188552 2013-05-28] (Realtek Semiconductor) HKLM\...\Run: [Apoint] => C:\Program Files\Apoint2K\Apoint.exe [682840 2013-06-24] (Alps Electric Co., Ltd.) HKLM\...\Run: [bTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp HKLM-x32\...\Run: [AccelerometerSysTrayApplet] => C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe [77088 2013-03-01] (Hewlett-Packard Company) HKLM-x32\...\Run: [YouCam Service] => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [267224 2013-05-22] (CyberLink Corp.) HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [1045304 2013-05-03] (Hewlett-Packard Development Company, L.P.) HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2014-12-15] (AVAST Software) HKLM-x32\...\Run: [startCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-11-05] (Advanced Micro Devices, Inc.) Winlogon\Notify\igfxcui: igfxdev.dll [X] HKU\S-1-5-21-1988245170-786186578-318433116-1001\...\Run: [spotify] => C:\Users\PetraL\AppData\Roaming\Spotify\Spotify.exe [6737976 2014-12-15] (Spotify Ltd) HKU\S-1-5-21-1988245170-786186578-318433116-1001\...\Run: [spotify Web Helper] => C:\Users\PetraL\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1676344 2014-12-15] (Spotify Ltd) HKU\S-1-5-21-1988245170-786186578-318433116-1001\...\MountPoints2: {02bcdad4-2242-11e4-8250-0c8bfd240ebd} - "F:\AutoRun.exe" HKU\S-1-5-21-1988245170-786186578-318433116-1001\...\MountPoints2: {02bcdb30-2242-11e4-8250-0c8bfd240ebd} - "F:\AutoRun.exe" HKU\S-1-5-21-1988245170-786186578-318433116-1001\...\MountPoints2: {296be81f-2775-11e4-be98-0c8bfd240ebd} - "F:\AutoRun.exe" Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\iSCTsysTray.lnk ShortcutTarget: iSCTsysTray.lnk -> C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTsysTray8.exe (Intel Corporation) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software) BootExecute: autocheck autochk * aswBoot.exe /A:"* " /L:"1053" /heur:80 /RA:ask /pup /archives /IA:0 /KBD:1 /wow /dir:"C:\Program Files\AVAST Software\Avast" CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://myhome.vi-view.com/?type=hp&ts=1418650465&from=cor&uid=3219913727_263761_902A225E HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = https://se.yahoo.com/?fr=hp-avast&type=avastbcl HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://myhome.vi-view.com/web/?type=ds&ts=1418650465&from=cor&uid=3219913727_263761_902A225E&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = https://se.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://myhome.vi-view.com/?type=hp&ts=1418650465&from=cor&uid=3219913727_263761_902A225E HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://myhome.vi-view.com/web/?type=ds&ts=1418650465&from=cor&uid=3219913727_263761_902A225E&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = HKU\S-1-5-21-1988245170-786186578-318433116-1001\Software\Microsoft\Internet Explorer\Main,Start Page = https://se.yahoo.com/?fr=hp-avast&type=avastbcl HKU\S-1-5-21-1988245170-786186578-318433116-1001\Software\Microsoft\Internet Explorer\Main,Search Page = https://se.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms} HKU\S-1-5-21-1988245170-786186578-318433116-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = https://se.yahoo.com/?fr=hp-avast&type=avastbcl SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://myhome.vi-view.com/web/?type=ds&ts=1418650465&from=cor&uid=3219913727_263761_902A225E&q={searchTerms} SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://myhome.vi-view.com/web/?type=ds&ts=1418650465&from=cor&uid=3219913727_263761_902A225E&q={searchTerms} SearchScopes: HKLM -> {A4784A78-86AA-410A-B275-A16A50D72315} URL = http://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKLM-x32 -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://se.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms} SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://myhome.vi-view.com/web/?type=ds&ts=1418650465&from=cor&uid=3219913727_263761_902A225E&q={searchTerms} SearchScopes: HKLM-x32 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://se.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms} SearchScopes: HKLM-x32 -> {A4784A78-86AA-410A-B275-A16A50D72315} URL = http://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKU\S-1-5-21-1988245170-786186578-318433116-1001 -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://se.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms} SearchScopes: HKU\S-1-5-21-1988245170-786186578-318433116-1001 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://myhome.vi-view.com/web/?type=ds&ts=1418650465&from=cor&uid=3219913727_263761_902A225E&q={searchTerms} SearchScopes: HKU\S-1-5-21-1988245170-786186578-318433116-1001 -> {58F12B37-D3CB-4ECD-85B8-7B6C479B3994} URL = http://www.google.com/search?hl=sv&q={searchTerms} SearchScopes: HKU\S-1-5-21-1988245170-786186578-318433116-1001 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://se.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms} SearchScopes: HKU\S-1-5-21-1988245170-786186578-318433116-1001 -> {A4784A78-86AA-410A-B275-A16A50D72315} URL = BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard) Toolbar: HKU\S-1-5-21-1988245170-786186578-318433116-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Users\PetraL\AppData\Roaming\Mozilla\Firefox\Profiles\z3xxmext.default FF DefaultSearchEngine: Yahoo! (Avast) FF DefaultSearchUrl: https://se.search.yahoo.com/yhs/search FF SearchEngineOrder.1: Yahoo! (Avast) FF SelectedSearchEngine: Yahoo! (Avast) FF Homepage: https://se.yahoo.com/?fr=hp-avast&type=avastbcl FF Keyword.URL: https://se.search.yahoo.com/yhs/search FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_16_0_0_235.dll () FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll () FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.) FF Plugin-x32: @bankid.com/BankID säkerhetsprogram,version=5.1.3.2 -> C:\Program Files (x86)\BankID\npBispBrowser.dll (Finansiell ID-Teknik BID AB) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.5.29 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF SearchPlugin: C:\Users\PetraL\AppData\Roaming\Mozilla\Firefox\Profiles\z3xxmext.default\searchplugins\yahoo-avast.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\allaannonser-sv-SE.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\prisjakt-sv-SE.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\tyda-sv-SE.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\vi-view.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\wikipedia-sv-SE.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-sv-SE.xml FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-03-25] FF HKLM-x32\...\Firefox\Extensions: [faststartff@gmail.com] - C:\Users\PetraL\AppData\Roaming\Mozilla\Firefox\Profiles\z3xxmext.default\extensions\faststartff@gmail.com FF Extension: No Name - wrc@avast.com [Not Found] Chrome: ======= CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-12-15] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-12-15] (AVAST Software) R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [104416 2014-12-15] (AVAST Software) R2 BrcmSetSecurity; C:\Program Files\Intel Corporation\Intel WiDi\BrcmSetSecurity.exe [101536 2013-05-28] (Intel) R2 ccsvc_1.10.0.4; C:\Program Files (x86)\ClickCaption_1.10.0.4\Service\ccsvc.exe [277584 2014-12-04] (ClickCaption) R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2443960 2014-10-30] (Microsoft Corporation) R2 CyberLink PowerDVD 12 Media Server Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [77576 2013-06-26] (CyberLink) R2 CyberLink PowerDVD 12 Media Server Service; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [294664 2013-06-26] (CyberLink) R2 DCService.exe; C:\ProgramData\DatacardService\DCService.exe [229376 2010-08-19] () [File not signed] R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-06-07] (Hewlett-Packard Company) [File not signed] R2 HPWMISVC; C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [1039160 2013-05-03] (Hewlett-Packard Development Company, L.P.) R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-04-30] (Intel Corporation) R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [314696 2014-05-20] (Intel Corporation) R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-13] (Intel® Corporation) [File not signed] S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel® Corporation) R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-05-08] (Intel Corporation) R2 Intel® Wireless Bluetooth® 4.0 Radio Management; C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [156104 2013-06-04] (Intel Corporation) R2 irstrtsv; C:\Windows\SysWOW64\irstrtsv.exe [758072 2013-04-19] (Intel Corporation) R2 ISCTAgent; C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe [182760 2013-04-15] () S3 iumsvc; C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [174368 2014-02-28] () R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-05-08] (Intel Corporation) R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation) S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-04-16] () R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [245832 2013-05-17] (Realtek Semiconductor) R2 Start8; C:\Program Files (x86)\Stardock\Start8\Start8Srv.exe [142960 2013-03-19] (Stardock Software, Inc) S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2014-07-30] (Microsoft Corporation) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation) R2 WindowsMangerProtect; C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe [485888 2014-12-15] (Fuyu LIMITED) [File not signed] R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3379440 2013-04-16] (Intel® Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-12-15] () R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28184 2014-12-15] (AVAST Software) R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-12-15] (AVAST Software) R0 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [449936 2014-12-15] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-12-15] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-12-15] () R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-12-15] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-12-15] (AVAST Software) R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-12-15] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-12-15] () R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation) R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1366328 2013-03-28] (Motorola Solutions, Inc.) R1 ccnfd_1_10_0_4; C:\Windows\System32\drivers\ccnfd_1_10_0_4.sys [58232 2014-12-04] (ClickCaption) R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink) S3 ewusbnet; C:\Windows\system32\DRIVERS\ewusbnet.sys [256000 2010-08-31] (Huawei Technologies Co., Ltd.) R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [112584 2013-06-20] (Intel Corporation) R3 ikbevent; C:\Windows\system32\DRIVERS\ikbevent.sys [21048 2013-04-15] () R3 imsevent; C:\Windows\system32\DRIVERS\imsevent.sys [21048 2013-04-15] () R3 irstrtdv; C:\Windows\System32\drivers\irstrtdv.sys [43800 2013-03-29] (Intel Corporation) R3 ISCT; C:\Windows\System32\drivers\ISCTD64.sys [46568 2013-04-15] () R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [129752 2014-12-16] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2014-11-21] (Malwarebytes Corporation) R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99800 2013-05-08] (Intel Corporation) R3 NETwNb64; C:\Windows\system32\DRIVERS\NETwbw02.sys [3589600 2013-09-25] (Intel Corporation) S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew02.sys [3597792 2013-05-14] (Intel Corporation) R3 usb3Hub; C:\Windows\System32\drivers\usb3Hub.sys [206744 2013-05-28] (Windows ® Win 7 DDK provider) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation) R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2012-08-31] (Hewlett-Packard Development Company, L.P.) R3 WPRO_41_2001; C:\Windows\System32\drivers\WPRO_41_2001.sys [34752 2014-12-16] () ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-12-16 20:45 - 2014-12-16 20:45 - 00024917 _____ () C:\Users\PetraL\Desktop\FRST.txt 2014-12-16 20:44 - 2014-12-16 20:45 - 00000000 ____D () C:\FRST 2014-12-16 20:43 - 2014-12-16 20:43 - 02119168 _____ (Farbar) C:\Users\PetraL\Desktop\FRST64.exe 2014-12-16 11:21 - 2014-12-16 11:21 - 00094656 _____ (CACE Technologies) C:\WINDOWS\system32\WPRO_41_2001woem.tmp 2014-12-16 11:17 - 2014-12-16 11:17 - 00003252 _____ () C:\WINDOWS\System32\Tasks\avastBCLRestartS-1-5-21-1988245170-786186578-318433116-1001 2014-12-15 23:28 - 2014-10-30 23:37 - 00129536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe 2014-12-15 23:28 - 2014-10-30 23:34 - 00146432 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe 2014-12-15 14:40 - 2014-10-30 12:25 - 00275080 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe 2014-12-15 14:39 - 2014-12-16 07:18 - 00003246 _____ () C:\WINDOWS\System32\Tasks\PC Speed Maximizer Schedule 2014-12-15 14:37 - 2014-12-15 14:37 - 00449936 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswNdisFlt.sys 2014-12-15 14:37 - 2014-12-15 14:37 - 00364512 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe 2014-12-15 14:37 - 2014-12-15 14:37 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr 2014-12-15 14:37 - 2014-12-15 14:37 - 00028184 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys 2014-12-15 14:37 - 2014-12-15 14:37 - 00002013 _____ () C:\Users\Public\Desktop\Avast SafeZone.lnk 2014-12-15 14:37 - 2014-12-15 14:37 - 00001953 _____ () C:\Users\Public\Desktop\Avast Internet Security.lnk 2014-12-15 14:37 - 2014-12-15 14:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software 2014-12-15 14:34 - 2014-12-15 14:34 - 00000000 ____D () C:\Users\PetraL\AppData\Roaming\vi-view 2014-12-15 14:34 - 2014-12-15 14:34 - 00000000 ____D () C:\Users\PetraL\AppData\Roaming\WebTest 2014-12-15 14:34 - 2014-12-15 14:34 - 00000000 ____D () C:\ProgramData\WindowsMangerProtect 2014-12-15 14:34 - 2014-12-15 14:34 - 00000000 ____D () C:\Program Files (x86)\PC Speed Maximizer 2014-12-15 14:34 - 2014-12-15 14:34 - 00000000 ____D () C:\Program Files (x86)\ClickCaption_1.10.0.4 2014-12-15 14:33 - 2014-12-15 14:33 - 00777328 _____ ( ) C:\Users\PetraL\Downloads\details.exe 2014-12-15 14:20 - 2014-12-15 14:20 - 00000000 ____D () C:\WINDOWS\system32\appraiser 2014-12-11 21:01 - 2014-11-10 03:29 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceSetupStatusProvider.dll 2014-12-11 21:01 - 2014-11-10 02:51 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DeviceSetupStatusProvider.dll 2014-12-11 21:01 - 2014-10-31 00:39 - 01970432 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll 2014-12-11 21:01 - 2014-10-31 00:38 - 01612992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll 2014-12-11 18:53 - 2014-12-04 00:37 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll 2014-12-11 18:53 - 2014-12-04 00:09 - 00830464 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll 2014-12-11 18:53 - 2014-12-03 00:09 - 01083392 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll 2014-12-11 18:53 - 2014-12-03 00:09 - 00740864 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll 2014-12-11 18:53 - 2014-12-03 00:09 - 00412672 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll 2014-12-11 18:53 - 2014-12-03 00:09 - 00396288 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll 2014-12-11 18:53 - 2014-12-03 00:09 - 00192000 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll 2014-12-11 18:53 - 2014-11-07 05:16 - 01762840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll 2014-12-11 18:53 - 2014-11-07 04:26 - 01489072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll 2014-12-11 18:53 - 2014-10-13 03:43 - 00238912 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys 2014-12-11 18:53 - 2014-10-13 03:43 - 00153920 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys 2014-12-11 18:53 - 2014-10-13 03:43 - 00086336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys 2014-12-11 18:53 - 2014-10-13 03:43 - 00039744 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelpep.sys 2014-12-11 18:52 - 2014-11-22 04:13 - 25059840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2014-12-11 18:52 - 2014-11-22 03:50 - 00580096 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll 2014-12-11 18:52 - 2014-11-22 03:49 - 02885120 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2014-12-11 18:52 - 2014-11-22 03:49 - 00417280 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec 2014-12-11 18:52 - 2014-11-22 03:48 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll 2014-12-11 18:52 - 2014-11-22 03:35 - 00812544 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll 2014-12-11 18:52 - 2014-11-22 03:34 - 06039552 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll 2014-12-11 18:52 - 2014-11-22 03:22 - 19749376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2014-12-11 18:52 - 2014-11-22 03:08 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll 2014-12-11 18:52 - 2014-11-22 03:07 - 00501248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll 2014-12-11 18:52 - 2014-11-22 03:06 - 00340992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec 2014-12-11 18:52 - 2014-11-22 03:06 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll 2014-12-11 18:52 - 2014-11-22 03:05 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll 2014-12-11 18:52 - 2014-11-22 03:05 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll 2014-12-11 18:52 - 2014-11-22 03:01 - 02277888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll 2014-12-11 18:52 - 2014-11-22 02:59 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll 2014-12-11 18:52 - 2014-11-22 02:55 - 00661504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll 2014-12-11 18:52 - 2014-11-22 02:52 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll 2014-12-11 18:52 - 2014-11-22 02:49 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll 2014-12-11 18:52 - 2014-11-22 02:49 - 00718848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe 2014-12-11 18:52 - 2014-11-22 02:49 - 00373760 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll 2014-12-11 18:52 - 2014-11-22 02:46 - 02125312 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl 2014-12-11 18:52 - 2014-11-22 02:43 - 14412800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2014-12-11 18:52 - 2014-11-22 02:35 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll 2014-12-11 18:52 - 2014-11-22 02:34 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll 2014-12-11 18:52 - 2014-11-22 02:33 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll 2014-12-11 18:52 - 2014-11-22 02:29 - 04299264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll 2014-12-11 18:52 - 2014-11-22 02:29 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll 2014-12-11 18:52 - 2014-11-22 02:28 - 02358272 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll 2014-12-11 18:52 - 2014-11-22 02:25 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll 2014-12-11 18:52 - 2014-11-22 02:23 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll 2014-12-11 18:52 - 2014-11-22 02:23 - 00326656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll 2014-12-11 18:52 - 2014-11-22 02:22 - 02052096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl 2014-12-11 18:52 - 2014-11-22 02:15 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll 2014-12-11 18:52 - 2014-11-22 02:13 - 12836864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2014-12-11 18:52 - 2014-11-22 02:03 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll 2014-12-11 18:52 - 2014-11-22 02:00 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll 2014-12-11 18:52 - 2014-11-22 01:56 - 01307136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll 2014-12-11 18:52 - 2014-11-22 01:54 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll 2014-12-11 18:52 - 2014-11-01 00:57 - 01091072 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll 2014-12-11 18:52 - 2014-11-01 00:47 - 00790528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll 2014-12-11 09:10 - 2014-12-11 09:10 - 00000000 ____D () C:\Users\PetraL\AppData\Local\Adobe 2014-12-10 12:27 - 2014-12-10 12:27 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-12-04 20:19 - 2014-12-04 20:19 - 00058232 _____ (ClickCaption) C:\WINDOWS\system32\Drivers\ccnfd_1_10_0_4.sys 2014-11-30 15:17 - 2014-11-30 15:17 - 00000000 __SHD () C:\Users\PetraL\AppData\Local\EmieBrowserModeList 2014-11-19 19:11 - 2014-11-10 00:19 - 00991232 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll 2014-11-19 19:11 - 2014-11-10 00:19 - 00806400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll 2014-11-19 19:11 - 2014-11-10 00:18 - 00259584 _____ (Microsoft Corporation) C:\WINDOWS\system32\pku2u.dll 2014-11-19 19:11 - 2014-11-10 00:18 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pku2u.dll ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-12-16 20:39 - 2014-07-30 13:40 - 01673954 _____ () C:\WINDOWS\WindowsUpdate.log 2014-12-16 20:39 - 2013-08-22 15:46 - 00306137 _____ () C:\WINDOWS\setupact.log 2014-12-16 20:35 - 2014-05-12 15:50 - 00000000 ____D () C:\Users\PetraL\AppData\Roaming\Spotify 2014-12-16 20:30 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru 2014-12-16 19:32 - 2014-05-28 20:55 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2014-12-16 17:38 - 2014-09-21 19:49 - 00003916 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{B3B76A1C-8ECE-4183-9C01-16C1F77BF7C0} 2014-12-16 11:56 - 2014-03-26 12:56 - 00000868 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2014-12-16 11:36 - 2014-03-25 17:00 - 00003596 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1988245170-786186578-318433116-1001 2014-12-16 11:27 - 2014-07-30 14:31 - 00000000 ___DO () C:\Users\PetraL\OneDrive 2014-12-16 11:27 - 2014-03-25 16:55 - 00000000 ____D () C:\Users\PetraL\Documents\Youcam 2014-12-16 11:27 - 2013-10-06 17:58 - 00003300 _____ () C:\WINDOWS\System32\Tasks\Intel® Rapid Start Technology Manager 2014-12-16 11:26 - 2014-03-18 11:04 - 01933442 _____ () C:\WINDOWS\system32\PerfStringBackup.INI 2014-12-16 11:26 - 2014-03-18 10:32 - 00798886 _____ () C:\WINDOWS\system32\perfh01D.dat 2014-12-16 11:26 - 2014-03-18 10:32 - 00183530 _____ () C:\WINDOWS\system32\perfc01D.dat 2014-12-16 11:21 - 2014-03-18 02:54 - 00026642 _____ () C:\WINDOWS\PFRO.log 2014-12-16 11:21 - 2013-10-06 18:14 - 00034752 _____ () C:\WINDOWS\system32\Drivers\WPRO_41_2001.sys 2014-12-16 11:21 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT 2014-12-16 11:21 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI 2014-12-16 11:20 - 2014-05-28 20:54 - 00001121 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2014-12-16 11:20 - 2014-05-28 20:54 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware 2014-12-16 11:17 - 2014-03-29 07:57 - 00000000 ____D () C:\Users\PetraL\Documents\Medicin 1 2014-12-16 11:17 - 2014-03-25 20:22 - 00001142 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk 2014-12-16 11:17 - 2014-03-25 20:22 - 00001142 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2014-12-16 07:41 - 2012-07-26 08:59 - 00000000 ____D () C:\WINDOWS\CbsTemp 2014-12-15 16:40 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\rescache 2014-12-15 14:37 - 2014-05-28 21:12 - 00029208 _____ () C:\WINDOWS\system32\Drivers\aswHwid.sys 2014-12-15 14:37 - 2014-03-25 17:18 - 01050432 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsnx.sys 2014-12-15 14:37 - 2014-03-25 17:18 - 00436624 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsp.sys 2014-12-15 14:37 - 2014-03-25 17:18 - 00267632 _____ () C:\WINDOWS\system32\Drivers\aswVmm.sys 2014-12-15 14:37 - 2014-03-25 17:18 - 00116728 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswstm.sys 2014-12-15 14:37 - 2014-03-25 17:18 - 00093568 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys 2014-12-15 14:37 - 2014-03-25 17:18 - 00083280 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys 2014-12-15 14:37 - 2014-03-25 17:18 - 00065776 _____ () C:\WINDOWS\system32\Drivers\aswRvrt.sys 2014-12-15 14:37 - 2014-03-25 17:18 - 00003924 _____ () C:\WINDOWS\System32\Tasks\avast! Emergency Update 2014-12-15 14:37 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM 2014-12-15 14:20 - 2014-07-16 15:43 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel 2014-12-15 14:20 - 2014-03-25 20:22 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-12-15 14:20 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\PolicyDefinitions 2014-12-15 14:20 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppCompat 2014-12-15 14:08 - 2014-03-25 16:52 - 00000000 ____D () C:\Users\PetraL\AppData\Local\Packages 2014-12-15 14:01 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness 2014-12-12 13:07 - 2014-03-25 19:32 - 00000000 ____D () C:\WINDOWS\system32\MRT 2014-12-12 13:07 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sr-Latn-RS 2014-12-12 13:07 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sr-Latn-CS 2014-12-12 13:05 - 2014-03-25 19:32 - 112710672 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2014-12-11 09:10 - 2014-03-26 12:56 - 00003756 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater 2014-12-10 15:18 - 2014-05-12 15:51 - 00000000 ____D () C:\Users\PetraL\AppData\Local\Spotify 2014-11-26 22:10 - 2013-08-22 16:38 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2014-11-26 22:10 - 2013-08-22 16:38 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl 2014-11-26 08:56 - 2014-03-26 11:01 - 00000000 ____D () C:\Program Files\Microsoft Office 15 2014-11-21 06:14 - 2014-05-28 20:54 - 00093400 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys 2014-11-21 06:14 - 2014-05-28 20:54 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys 2014-11-21 06:14 - 2014-05-28 20:54 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys 2014-11-19 19:28 - 2013-08-22 15:44 - 00511528 _____ () C:\WINDOWS\system32\FNTCACHE.DAT 2014-11-19 19:27 - 2013-08-22 16:36 - 00000000 ___RD () C:\WINDOWS\ToastData 2014-11-19 19:27 - 2013-08-22 16:36 - 00000000 ___RD () C:\WINDOWS\ImmersiveControlPanel 2014-11-19 19:27 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2014-11-19 19:27 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2014-11-19 19:27 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Windows Defender 2014-11-19 19:27 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender 2014-11-17 19:34 - 2014-03-26 13:02 - 00000000 ____D () C:\Users\PetraL\AppData\Roaming\BankID Some content of TEMP: ==================== C:\Users\PetraL\AppData\Local\Temp\ICReinstall_Malavida_Download_Manager.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-12-16 11:36 ==================== End Of Log ============================ Addition.txt
  14. C:\AdwCleaner\Quarantine\C\Users\PetraL\AppData\Roaming\0V1L2Z2Z1T1I1L1T\OpenOffice Packages\uninstaller.exe.vir Win32/InstallCore.AZ potentially unwanted application C:\Users\PetraL\Downloads\ccsetup414.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
×
×
  • Skapa nytt...