Just nu i M3-nätverket
Gå till innehåll

Arwen

Medlem
  • Antal inlägg

    41
  • Gick med

  • Senaste besök

Om Arwen

  • Medlemstitel
    Användare
  • Födelsedag 1979-04-07

Kontaktinformation

  • Hemsida
    http://

Profil

  • Ort
    Örebro
  1. Arwen

    Problem med Outlook kalender

    Rummet bokades innan mötet ägde rum :-) däremot vill jag ta bort bokningen efter att mötet ägt rum. Jag har tagit bort mötesinbjudan från min kalender och i normala fall borde det bli som du säger att det cancelleras i rumsbokningen också, men det är det som är problemet. Det tas inte bort.
  2. Arwen

    Problem med Outlook kalender

    Hej, har bokat ett möte i ett konferensrum som jag inte lyckas ta bort bokningen på då den är synlig för alla (vill att den är osynlig dock bokat rum). Jag har tagit bort den från min kalender, men den försvinner inte från den gemensamma konferensrums kalendern. Det är ett möte som redan ägt rum (dvs passerat). Kan det vara en anledning till att den inte går att ta bort? Hur får jag bort den? Får felmeddelandet "You don't have appropriate permission to perform this operation" när jag försöker ta bort den från rumskalendern. Mvh
  3. Arwen

    Misstänkt virus

    Skickar scan resultat från FRST. Addition.txt FRST.txt
  4. Arwen

    Misstänkt virus

    Oj förlåt här kommer den :-)
  5. Arwen

    Misstänkt virus

    Stängt av Defender nu och körde virustotal efter att jag laddat ner FRST. Den hittade en trojan om jag förstod det rätt. Bifogar en bild. Ska det där Scan it! Finnas i virustotal? Hittade ingen sån knapp. Filen från Esets scan är borta. Hittar ingen sådan så den kanske är åtgärdad.
  6. Arwen

    Misstänkt virus

    Den fanns inte kvar i mappen därför försökte jag ladda ner den igen, men då sa Windows defener att den hittar malaware. Körde eset scann igen och fick resultat enligt bifogad bild.
  7. Arwen

    Misstänkt virus

    Hej, tror den hittade två. Håller på att köra om den nu, men det tar nästan två timmar. Jag har försökt ladda ner FRST igen, men det funkar inte. Den säger att det hittades malaware och filen kan inte öppnas så jag lyckas inte köra något fix med FRST. Vet du varför? Jag använder ju länken som finns på idg forumet till att ladda ner FRST. Mvh Marianne
  8. Arwen

    Misstänkt virus

    Hej, har gjort enligt instruktionerna, men stötte på lite problem. Körde EST online, men kom aldrig till alternativet att jag kan exportera till fil. Tror inte jag missade något eftersom jag följde det som står ovan. Bifogar dock ADW och FRTS filerna. # AdwCleaner v5.033 - Logfile created 10/02/2016 at 21:16:05 # Updated 07/02/2016 by Xplode # Database : 2016-02-07.2 [server] # Operating system : Windows 10 Home (x64) # Username : Marianne - MM # Running from : C:\Users\Marianne\Downloads\adwcleaner_5.033 (2).exe # Option : Cleaning # Support : http://toolslib.net/forum ***** [ Services ] ***** [-] Service Deleted : PrivoxyService [-] Service Deleted : ReimageRealTimeProtector ***** [ Folders ] ***** [-] Folder Deleted : C:\rei [-] Folder Deleted : C:\Program Files\Reimage [-] Folder Deleted : C:\Program Files (x86)\Megasoft Security [-] Folder Deleted : C:\ProgramData\Reimage Protector [-] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\reimage repair [-] Folder Deleted : C:\Users\Marianne\AppData\Roaming\Interstat [-] Folder Deleted : C:\Users\Marianne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Interstat ***** [ Files ] ***** [-] File Deleted : C:\WINDOWS\Reimage.ini ***** [ DLLs ] ***** ***** [ Shortcuts ] ***** ***** [ Scheduled tasks ] ***** [-] Task Deleted : ReimageUpdater [-] Task Deleted : ReimageUpdater ***** [ Registry ] ***** [-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\REI_AxControl.DLL [-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Reimage.exe [-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{28FF42B8-A0DA-4BE5-9B81-E26DD59B350A} [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4} [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546} [-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{FA6468D2-FAA4-4951-A53B-2A5CF9CC0A36} [-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{10ECCE17-29B5-4880-A8F5-EAD298611484} [-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{10ECCE17-29B5-4880-A8F5-EAD298611484} [-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{801B440B-1EE3-49B0-B05D-2AB076D4E8CB} [-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4} [-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546} [-] Key Deleted : HKCU\Software\Interstat [-] Key Deleted : HKCU\Software\WEBAPP [-] Key Deleted : HKCU\Software\Local AppWizard-Generated Applications\Reimage - Windows Problem Relief. [-] Key Deleted : HKLM\SOFTWARE\SecureWeb [-] Key Deleted : HKLM\SOFTWARE\SecureWebChannel [-] Key Deleted : [x64] HKLM\SOFTWARE\Reimage [-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Reimage Repair [-] Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [interstat] ***** [ Web browsers ] ***** ************************* :: "Tracing" keys removed :: Winsock settings cleared ########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [2805 bytes] ########## FRST.txt AdwCleanerC1.txt
  9. Arwen

    Misstänkt virus

    Hej, gjort enligt beskrivningen nu, men vet inte om jag fått bort allt som är proxy. Bifogar en bild. Har Windows 10 Home så det är lite annorlunda än beskrivningen. # AdwCleaner v5.033 - Logfile created 09/02/2016 at 07:38:35 # Updated 07/02/2016 by Xplode # Database : 2016-02-07.2 [server] # Operating system : Windows 10 Home (x64) # Username : Marianne - MM # Running from : C:\Users\Marianne\Downloads\adwcleaner_5.033.exe # Option : Scan # Support : http://toolslib.net/forum ***** [ Services ] ***** Service Found : PrivoxyService Service Found : ReimageRealTimeProtector ***** [ Folders ] ***** Folder Found : C:\rei Folder Found : C:\Program Files\Reimage Folder Found : C:\Program Files (x86)\Megasoft Security Folder Found : C:\ProgramData\Reimage Protector Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\reimage repair ***** [ Files ] ***** File Found : C:\WINDOWS\Reimage.ini ***** [ DLL ] ***** ***** [ Shortcuts ] ***** ***** [ Scheduled tasks ] ***** Task Found : ReimageUpdater Task Found : ReimageUpdater ***** [ Registry ] ***** Key Found : HKLM\SOFTWARE\Classes\AppID\REI_AxControl.DLL Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Reimage.exe Key Found : HKLM\SOFTWARE\Classes\AppID\{28FF42B8-A0DA-4BE5-9B81-E26DD59B350A} Key Found : HKLM\SOFTWARE\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4} Key Found : HKLM\SOFTWARE\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{FA6468D2-FAA4-4951-A53B-2A5CF9CC0A36} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{10ECCE17-29B5-4880-A8F5-EAD298611484} Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{10ECCE17-29B5-4880-A8F5-EAD298611484} Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{801B440B-1EE3-49B0-B05D-2AB076D4E8CB} Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4} Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546} Key Found : HKCU\Software\WEBAPP Key Found : HKCU\Software\Local AppWizard-Generated Applications\Reimage - Windows Problem Relief. Key Found : HKLM\SOFTWARE\SecureWeb Key Found : HKLM\SOFTWARE\SecureWebChannel Key Found : [x64] HKLM\SOFTWARE\Reimage Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Reimage Repair ***** [ Web browsers ] ***** ########## EOF - C:\AdwCleaner\AdwCleaner[s1].txt - [2250 bytes] ##########
  10. Hej, var dumt nog inne på piratebay och skulle ladda ner filmen the big short och klickade runt och helt plötsligt segar min Chrome och en massa reklam fönster popar upp hela tiden och jag hinner knappt klicka på någon länk så kommer det ett pop up fönster. Har kört FRTS scan. Bifogar filer. Tacksam för hjälp! Mvh Marianne Additional scan result of Farbar Recovery Scan Tool (x64) Version:07-02-2016 Ran by Marianne (2016-02-08 22:18:52) Running from C:\Users\Marianne\Downloads Windows 10 Home (X64) (2015-12-06 09:47:19) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-2348459548-535266051-4205585465-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-2348459548-535266051-4205585465-503 - Limited - Disabled) Guest (S-1-5-21-2348459548-535266051-4205585465-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-2348459548-535266051-4205585465-1003 - Limited - Enabled) Marianne (S-1-5-21-2348459548-535266051-4205585465-1001 - Administrator - Enabled) => C:\Users\Marianne ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov) Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.4.144 - Adobe Systems, Inc.) avast! SecureLine (HKLM\...\{2CD3C92F-EDC5-4B02-9B0A-9C1D37C58EF5}_is1) (Version: 1.0.139.2 - AVAST Software) BankID säkerhetsprogram (HKLM-x32\...\{BF2AF534-AB4A-42CC-9292-6A7998750034}) (Version: 7.0.1.8 - Finansiell ID-Teknik BID AB) Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.) Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.) Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.) CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.8.4420 - CyberLink Corp.) Cyberlink PhotoDirector (HKLM-x32\...\InstallShield_{5A454EC5-217A-42a5-8CE1-2DDEC4E70E01}) (Version: 5.0.3.5715 - CyberLink Corp.) Cyberlink PhotoDirector (Version: 5.0.3.5715 - Ditt företagsnamn) Hidden CyberLink Power Media Player 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.5.4505 - CyberLink Corp.) CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.8.4316 - CyberLink Corp.) CyberLink PowerBackup 2.6 (HKLM-x32\...\InstallShield_{ADD5DB49-72CF-11D8-9D75-000129760D75}) (Version: 2.6.1.0903 - CyberLink Corp.) CyberLink PowerDirector 12 (HKLM-x32\...\InstallShield_{E1646825-D391-42A0-93AA-27FA810DA093}) (Version: 12.0.2.3324 - CyberLink Corp.) CyberLink PowerDirector 12 (Version: 12.0.2.3324 - Ditt företagsnamn) Hidden CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 5.0.5.4523 - CyberLink Corp.) DisableMSDefender (Version: 1.0.0 - Hewlett-Packard Company) Hidden Dropbox (HKLM-x32\...\Dropbox) (Version: 3.12.5 - Dropbox, Inc.) Dropbox 25 GB (HKLM-x32\...\{597A58EC-42D6-4940-8739-FB94491B013C}) (Version: 0.9.0 - Dropbox, Inc.) Dropbox Update Helper (x32 Version: 1.3.27.33 - Dropbox, Inc.) Hidden Edge 5.2 (x32 Version: 5.2.24557.0 - Six AB) Hidden Energy Star (HKLM\...\{465CA2B6-98AF-4E77-BE22-A908C34BB9EC}) (Version: 1.0.9 - Hewlett-Packard Company) Evernote v. 5.5.3 (HKLM-x32\...\{B1A0F908-1448-11E4-8684-00163E98E7D0}) (Version: 5.5.3.4236 - Evernote Corp.) Foxit PhantomPDF (HKLM-x32\...\{89BF1D4D-1D62-451E-9496-B971BDE82720}) (Version: 6.0.33.715 - Foxit Corporation) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 48.0.2564.103 - Google Inc.) Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden HP Documentation (HKLM-x32\...\{EA7EA537-8F93-42A2-9384-66E7F049E6B0}) (Version: 1.4.0.0 - Hewlett-Packard) HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.7745.4851 - Hewlett-Packard) HP SimplePass (HKLM-x32\...\InstallShield_{314FAD12-F785-4471-BCE8-AB506642B9A1}) (Version: 8.01.11 - Hewlett-Packard) HP Support Assistant (HKLM-x32\...\{79C54A05-F146-4EA0-8A70-D4EFE6181E52}) (Version: 8.1.40.3 - Hewlett-Packard Company) HP Support Solutions Framework (HKLM-x32\...\{A0E89543-3D17-4218-A28A-06D037E0BF46}) (Version: 12.0.30.219 - Hewlett-Packard Company) HP System Event Utility (HKLM-x32\...\{8B4EE87E-6D40-4C91-B5E8-0DC77DC412F1}) (Version: 1.4.1 - Hewlett-Packard Company) HP Wireless Button Driver (HKLM-x32\...\{30B2D1D8-0A07-4B71-9553-0710C5D31E35}) (Version: 1.1.2.1 - Hewlett-Packard Company) Infront (HKLM-x32\...\{BCFB1866-AE50-4D92-AAEC-891270D6A33D}) (Version: 6.3.63 - Infront) Inst5675 (Version: 8.01.11 - Softex Inc.) Hidden Inst5676 (Version: 8.01.11 - Softex Inc.) Hidden Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4276 - Intel Corporation) Intel® Sideband Fabric Device Driver (HKLM-x32\...\C5A8BC6E-723A-4C0F-96E1-C426D1A4BCA9) (Version: 1.70.305.16316 - Intel Corporation) Intel® Trusted Execution Engine (HKLM\...\{176E2755-0A17-42C6-88E2-192AB2131278}) (Version: 1.0.0.1064 - Intel Corporation) Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation) Microsoft Office Professional Plus 2013 - sv-se (HKLM\...\ProPlusRetail - sv-se) (Version: 15.0.4787.1002 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation) Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4787.1002 - Microsoft Corporation) Hidden Office 15 Click-to-Run Licensing Component (Version: 15.0.4787.1002 - Microsoft Corporation) Hidden Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4787.1002 - Microsoft Corporation) Hidden REALTEK Bluetooth Driver (HKLM-x32\...\{9D3D8C60-A5EF-4123-B2B9-172095903AB}) (Version: 1.0.0.24 - REALTEK Semiconductor Corp.) Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.29082 - Realtek Semiconductor Corp.) Realtek Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 8.35.716.2014 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7335 - Realtek Semiconductor Corp.) REALTEK Wireless LAN Driver (HKLM-x32\...\{A5107464-AA9B-4177-8129-5FF2F42DD322}) (Version: 1.0.0.38 - REALTEK Semiconductor Corp.) Reimage Repair (HKLM\...\Reimage Repair) (Version: 1.8.2.6 - Reimage) <==== ATTENTION Snagit 11 (HKLM-x32\...\{E724600B-5568-47C7-ACDF-490D366719E2}) (Version: 11.4.0 - TechSmith Corporation) swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.12.95 - Synaptics Incorporated) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-2348459548-535266051-4205585465-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Marianne\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\FileCoAuth.exe (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-2348459548-535266051-4205585465-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {0268AC31-E0ED-4611-9CD0-81047A0908D7} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-12-08] (Microsoft Corporation) Task: {0928F4E8-D7F9-4C4B-8D9A-50A002FA0CC3} - System32\Tasks\HPCeeScheduleForMarianne => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard) Task: {0EEDAC53-382B-4A2E-95EE-12830F22E931} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION Task: {1847962A-1F18-4FD0-BD12-E31E4D5BFE32} - System32\Tasks\ReimageUpdater => C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe [2015-08-19] (Reimage®) <==== ATTENTION Task: {1A4AD559-BB32-43CF-BC75-2B7F05CA2AE1} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION Task: {1F49AB17-6904-4AA3-ACCB-B944FA5130B4} - System32\Tasks\Megasoft Security Schedualer => C:\Program Files (x86)\Megasoft Security\jptask.exe [2016-02-08] (West CH Soft) <==== ATTENTION Task: {215C0B99-805E-4A6D-BD5A-16B7B9550C73} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION Task: {2F679557-92B7-458C-B819-ACB1DA993FAB} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION Task: {2FC6B22E-907B-48E9-A0A6-A1EDE1FB6364} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION Task: {30F1FEC8-5E0F-4E60-9959-5DA1694FA898} - System32\Tasks\YCMServiceAgent => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [2014-09-23] (CyberLink Corp.) Task: {3D92E647-6F4C-4735-BE3B-15CC5183AFFB} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-12-22] (Microsoft Corporation) Task: {5B1E8B27-0097-47FD-8712-B3DF7FDCE041} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-02] (Google Inc.) Task: {66EDD990-2860-466D-A460-DA3A8DF51190} - System32\Tasks\Win Menager => C:\Users\Marianne\AppData\Roaming\Win Menager\Win Menager.exe [2016-02-08] () <==== ATTENTION Task: {6A1C1556-09E1-433A-ADB1-FB242408AEEF} - System32\Tasks\TechSmith Updater => C:\Program Files (x86)\Common Files\TechSmith Shared\Updater\TSCUpdClt.exe [2013-10-04] (TechSmith Corporation) Task: {7995EBCF-4AF8-409C-A4BF-34BF6788A675} - System32\Tasks\avast! SL Update => C:\Program Files\AVAST Software\SecureLine\SLUpdate.exe [2015-12-17] (AVAST Software) Task: {9F2B1B77-DA9F-4364-B53C-AA521F9B45BC} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION Task: {A19CC3C6-162C-4481-8918-4C7D455F8503} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-12-22] (Microsoft Corporation) Task: {A77CE136-826B-41CE-981D-ECA9D3E9C4E4} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION Task: {ABB550AD-236B-43D1-A689-9CCFC2E871A1} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-01-06] (Hewlett-Packard) Task: {B0256107-7CE2-4BC3-86D5-F631626F045A} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION Task: {C2663973-620D-46EC-A3AC-218247DDEF40} - System32\Tasks\Bidaily Synchronize Task[973b] => c:\programdata\{d909de0a-6eef-eb4a-d909-9de0a6ee7829}\techsmith snagit 12.2 full.exe <==== ATTENTION Task: {D1678B22-74CD-4D15-AAEA-A51360A13151} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2015-09-28] (Hewlett-Packard Company) Task: {D664B382-FA1B-4DE0-93F6-F1FD61967BD7} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-12-08] (Microsoft Corporation) Task: {DA6ECF38-62BF-4B08-8AB6-C618FC0EB631} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-01-12] (Hewlett-Packard Company) Task: {DDD72028-698C-4C57-9A98-8B5D8E604808} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Active Health Launcher => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-01-11] (Hewlett-Packard) Task: {E201AC57-517A-4D15-A664-4B0FE1E84DC7} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION Task: {E2CF2EFF-7019-4CF4-9C17-C4698D99D0CE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-02] (Google Inc.) Task: {E2DA2564-F3E5-49C5-95FF-3B4A21CB3598} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION Task: {E2E9B11E-65C7-4977-972E-9A590F2A274E} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-06-10] (Dropbox, Inc.) Task: {E453390F-A939-404F-A8BD-201D8983A4D7} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-06-10] (Dropbox, Inc.) Task: {F40BA577-9C32-4719-A271-DFAD5DF15472} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2015-09-28] (Hewlett-Packard Company) Task: {FD6ADF5A-0E56-494A-87AD-D1ADCB359FD7} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\Bidaily Synchronize Task[973b].job => c:\programdata\{d909de0a-6eef-eb4a-d909-9de0a6ee7829}\techsmith snagit 12.2 full.exe <==== ATTENTION Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\HPCeeScheduleForMarianne.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2015-10-30 08:17 - 2015-10-30 08:17 - 00028672 _____ () C:\WINDOWS\SYSTEM32\efsext.dll 2014-03-28 14:31 - 2014-03-28 14:31 - 02110464 _____ () C:\Program Files\Hewlett-Packard\SimplePass\autheng.dll 2014-03-28 14:27 - 2014-03-28 14:27 - 00035328 _____ () C:\Program Files\Hewlett-Packard\SimplePass\ssplogon.dll 2014-03-28 14:27 - 2014-03-28 14:27 - 00021504 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cryptodll.dll 2014-03-28 14:27 - 2014-03-28 14:27 - 00055296 _____ () C:\Program Files\Hewlett-Packard\SimplePass\RandomPass.dll 2014-03-28 14:48 - 2014-03-28 14:48 - 00367504 _____ () C:\Program Files\Hewlett-Packard\SimplePass\mstrpwd.dll 2014-03-28 14:48 - 2014-03-28 14:48 - 00712080 _____ () C:\Program Files\Hewlett-Packard\SimplePass\GraphicalPwd.dll 2015-03-14 15:17 - 2014-10-11 11:24 - 00098816 _____ () C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe 2015-12-06 10:57 - 2015-10-13 04:34 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll 2015-12-17 15:40 - 2015-12-17 15:40 - 00452456 _____ () C:\Program Files\AVAST Software\SecureLine\VpnSvc.exe 2015-03-14 16:03 - 2014-04-14 19:59 - 00389896 _____ () C:\Program Files\CyberLink\Shared files\RichVideo64.exe 2015-10-30 08:18 - 2015-10-30 08:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll 2015-12-05 23:38 - 2015-12-05 23:38 - 02653816 _____ () C:\WINDOWS\system32\CoreUIComponents.dll 2015-12-05 23:38 - 2015-12-05 23:38 - 02653816 _____ () C:\WINDOWS\System32\CoreUIComponents.dll 2015-12-18 10:00 - 2015-12-07 05:14 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll 2015-12-18 10:00 - 2015-12-07 05:00 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll 2016-01-13 11:11 - 2016-01-05 02:29 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll 2016-01-13 11:11 - 2016-01-05 02:23 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll 2016-01-28 09:17 - 2016-01-16 06:10 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll 2016-01-28 09:17 - 2016-01-16 06:13 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll 2014-03-28 14:36 - 2014-03-28 14:36 - 00065024 _____ () C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe 2016-02-05 07:55 - 2016-02-05 07:55 - 00015872 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.201.11370.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe 2016-02-05 07:55 - 2016-02-05 07:55 - 14869504 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.201.11370.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll 2015-12-07 08:38 - 2015-12-07 08:39 - 00258560 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.201.11370.0_x64__8wekyb3d8bbwe\StoreRatingPromotion.dll 2016-01-22 07:30 - 2016-01-22 07:32 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe 2016-01-21 08:00 - 2016-01-21 08:00 - 03746816 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1601.49020.0_x64__8wekyb3d8bbwe\Calculator.exe 2015-12-15 08:21 - 2015-12-15 08:21 - 00258560 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1601.49020.0_x64__8wekyb3d8bbwe\StoreRatingPromotion.dll 2015-08-19 09:56 - 2015-08-19 09:56 - 06908904 _____ () C:\Program Files\Reimage\Reimage Protector\ReiSystem.exe 2015-12-17 15:40 - 2015-12-17 15:40 - 38561984 _____ () C:\Program Files\AVAST Software\SecureLine\libcef.dll 2015-12-14 15:47 - 2015-10-31 01:59 - 00034768 _____ () C:\Program Files (x86)\Dropbox\Client\_multiprocessing.pyd 2015-12-14 15:47 - 2015-10-31 02:00 - 00019408 _____ () C:\Program Files (x86)\Dropbox\Client\faulthandler.pyd 2015-12-14 15:47 - 2015-12-08 22:36 - 00022848 _____ () C:\Program Files (x86)\Dropbox\Client\Crypto.Random.OSRNG.winrandom.pyd 2015-12-14 15:47 - 2015-12-08 22:36 - 00023352 _____ () C:\Program Files (x86)\Dropbox\Client\Crypto.Util._counter.pyd 2015-12-14 15:47 - 2015-12-08 22:36 - 00042296 _____ () C:\Program Files (x86)\Dropbox\Client\Crypto.Cipher._AES.pyd 2015-12-14 15:47 - 2015-10-31 01:59 - 00116688 _____ () C:\Program Files (x86)\Dropbox\Client\pywintypes27.dll 2015-12-14 15:47 - 2015-10-31 01:59 - 00093640 _____ () C:\Program Files (x86)\Dropbox\Client\_ctypes.pyd 2015-12-14 15:47 - 2015-10-31 01:59 - 00018376 _____ () C:\Program Files (x86)\Dropbox\Client\select.pyd 2015-12-14 15:47 - 2015-12-08 22:36 - 00019760 _____ () C:\Program Files (x86)\Dropbox\Client\tornado.speedups.pyd 2015-12-14 15:47 - 2015-10-31 02:00 - 00105928 _____ () C:\Program Files (x86)\Dropbox\Client\win32api.pyd 2015-12-14 15:47 - 2015-10-31 01:59 - 00392144 _____ () C:\Program Files (x86)\Dropbox\Client\pythoncom27.dll 2015-12-14 15:47 - 2015-12-08 22:36 - 00381752 _____ () C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.pyd 2015-12-14 15:47 - 2015-10-31 01:59 - 00692688 _____ () C:\Program Files (x86)\Dropbox\Client\unicodedata.pyd 2015-12-14 15:47 - 2015-12-08 22:36 - 00020816 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd 2015-12-14 15:47 - 2015-10-31 02:00 - 00109520 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_backend.pyd 2015-12-14 15:47 - 2015-12-08 22:36 - 01737032 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd 2015-12-14 15:47 - 2015-12-08 22:36 - 00020808 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd 2015-12-14 15:47 - 2015-12-08 22:36 - 00020800 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_python_x66cf7a7cx17a72769.pyd 2015-12-14 15:47 - 2015-12-08 22:36 - 00021840 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_unicode_environ_win32_x8bf8e68bx9968e850.pyd 2015-12-14 15:47 - 2015-12-08 22:36 - 00038696 _____ () C:\Program Files (x86)\Dropbox\Client\fastpath.pyd 2015-12-14 15:47 - 2015-10-31 02:00 - 00024528 _____ () C:\Program Files (x86)\Dropbox\Client\win32event.pyd 2015-12-14 15:47 - 2015-10-31 02:00 - 00020936 _____ () C:\Program Files (x86)\Dropbox\Client\mmapfile.pyd 2015-12-14 15:47 - 2015-10-31 02:00 - 00114640 _____ () C:\Program Files (x86)\Dropbox\Client\win32security.pyd 2015-12-14 15:47 - 2015-12-08 22:36 - 00021320 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_pywin_kernel32_xde9e4433x360333f0.pyd 2015-12-14 15:47 - 2015-10-31 02:00 - 00124880 _____ () C:\Program Files (x86)\Dropbox\Client\win32file.pyd 2015-12-14 15:47 - 2015-10-31 02:00 - 00030160 _____ () C:\Program Files (x86)\Dropbox\Client\win32pipe.pyd 2015-12-14 15:47 - 2015-10-31 02:00 - 00043472 _____ () C:\Program Files (x86)\Dropbox\Client\win32process.pyd 2015-12-14 15:47 - 2015-10-31 02:00 - 00175560 _____ () C:\Program Files (x86)\Dropbox\Client\win32gui.pyd 2015-12-14 15:47 - 2015-10-31 02:00 - 00028616 _____ () C:\Program Files (x86)\Dropbox\Client\win32ts.pyd 2015-12-14 15:47 - 2015-10-31 02:00 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32clipboard.pyd 2015-12-14 15:47 - 2015-10-31 02:00 - 00048592 _____ () C:\Program Files (x86)\Dropbox\Client\win32service.pyd 2015-12-14 15:47 - 2015-12-08 22:36 - 00024392 _____ () C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd 2015-12-14 15:47 - 2015-10-31 02:00 - 00036296 _____ () C:\Program Files (x86)\Dropbox\Client\librsync.dll 2015-12-14 15:47 - 2015-10-31 02:00 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32profile.pyd 2015-12-14 15:47 - 2015-12-08 22:36 - 00117056 _____ () C:\Program Files (x86)\Dropbox\Client\breakpad.client.windows.handler.pyd 2015-12-14 15:47 - 2015-12-08 22:36 - 00031568 _____ () C:\Program Files (x86)\Dropbox\Client\enterprise_data.compiled._enterprise_data.pyd 2015-11-11 08:08 - 2015-11-05 01:04 - 00293392 _____ () C:\Program Files (x86)\Dropbox\Client\EnterpriseDataAdapter.dll 2015-12-14 15:47 - 2015-12-08 22:36 - 00023376 _____ () C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd 2015-12-14 15:47 - 2015-10-31 01:59 - 00134608 _____ () C:\Program Files (x86)\Dropbox\Client\_elementtree.pyd 2015-12-14 15:47 - 2015-10-31 01:59 - 00134088 _____ () C:\Program Files (x86)\Dropbox\Client\pyexpat.pyd 2015-12-14 15:47 - 2015-10-31 02:00 - 00240584 _____ () C:\Program Files (x86)\Dropbox\Client\jpegtran.pyd 2015-12-14 15:47 - 2015-12-08 22:36 - 00020280 _____ () C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.pyd 2015-12-14 15:47 - 2015-12-08 22:36 - 00052024 _____ () C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.pyd 2015-12-14 15:47 - 2015-12-08 22:36 - 00021304 _____ () C:\Program Files (x86)\Dropbox\Client\Crypto.Util.strxor.pyd 2015-12-14 15:47 - 2015-10-31 02:00 - 00350152 _____ () C:\Program Files (x86)\Dropbox\Client\winxpgui.pyd 2015-12-14 15:47 - 2015-12-08 22:36 - 00084792 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.DLL 2015-12-14 15:47 - 2015-12-08 22:36 - 01826608 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.pyd 2015-12-14 15:47 - 2015-10-31 02:00 - 00083912 _____ () C:\Program Files (x86)\Dropbox\Client\sip.pyd 2015-12-14 15:47 - 2015-12-08 22:36 - 03891504 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.pyd 2015-12-14 15:47 - 2015-12-08 22:36 - 01950000 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.pyd 2015-12-14 15:47 - 2015-12-08 22:36 - 00519984 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.pyd 2015-12-14 15:47 - 2015-12-08 22:36 - 00133936 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.pyd 2015-12-14 15:47 - 2015-12-08 22:36 - 00225080 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd 2015-12-14 15:47 - 2015-12-08 22:36 - 00207672 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.pyd 2015-12-14 15:47 - 2015-12-08 22:36 - 00024904 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_wpad_proxy_win_x752e3d61xdcfdcc84.pyd 2015-12-14 15:47 - 2015-12-08 22:36 - 00486704 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQuick.pyd 2015-12-14 15:47 - 2015-12-08 22:36 - 00357680 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQml.pyd 2015-11-11 08:08 - 2015-10-31 02:01 - 00019920 _____ () C:\Program Files (x86)\Dropbox\Client\QtQuick.2\qtquick2plugin.dll 2015-11-11 08:08 - 2015-10-31 02:00 - 00786904 _____ () C:\Program Files (x86)\Dropbox\Client\QtQuick\Controls\qtquickcontrolsplugin.dll 2015-11-11 08:08 - 2015-10-31 02:00 - 00063448 _____ () C:\Program Files (x86)\Dropbox\Client\QtQuick\Layouts\qquicklayoutsplugin.dll 2015-11-11 08:08 - 2015-10-31 02:00 - 00019408 _____ () C:\Program Files (x86)\Dropbox\Client\QtQuick\Window.2\windowplugin.dll 2016-02-05 08:33 - 2016-02-03 08:27 - 01632584 _____ () C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.103\libglesv2.dll 2016-02-05 08:33 - 2016-02-03 08:27 - 00087880 _____ () C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.103\libegl.dll 2015-12-08 09:46 - 2015-12-08 09:46 - 00316576 _____ () C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\AppVIsvStream32.dll 2016-01-22 07:30 - 2016-01-22 07:32 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll 2016-01-22 07:30 - 2016-01-22 07:32 - 22330368 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkyWrap.dll 2016-02-08 21:47 - 2016-02-08 21:48 - 00086528 _____ () C:\Program Files (x86)\Megasoft Security\mgwz.dll 2016-02-05 08:33 - 2016-02-03 08:27 - 16799048 _____ () C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.103\PepperFlash\pepflashplayer.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-2348459548-535266051-4205585465-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Marianne\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackground\{03f7ae54-e3b7-4482-94c2-c00b4ee80389}.JPG DNS Servers: 192.168.1.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139 FirewallRules: [{455672C2-620C-4ECB-A493-14595561CA1A}] => (Allow) LPort=8298 FirewallRules: [{C5711BFE-D3DE-46B8-9908-ED54A1A16CEF}] => (Allow) C:\Program Files\CyberLink\PowerDirector12\PDR10.EXE FirewallRules: [{A1C318AC-1DE1-4CC6-8BD5-F91D9EC8124E}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD.exe FirewallRules: [{37329A54-738A-49D2-9662-6F95C850FF37}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe FirewallRules: [{655642F2-04E7-44E8-B52A-86C3AD0843D8}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe FirewallRules: [{DDAA4682-8769-4DB8-94DA-9A3FBC9BBDC6}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe FirewallRules: [{6D04822A-8383-4ADD-BCF2-36E4652B46A5}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe FirewallRules: [{A8FD1FC1-AA28-4396-9949-A585E9A2CF18}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exe FirewallRules: [{36A73F8D-7C41-412A-82EC-21B006964EB3}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{9C10B4B2-90A1-4761-94B1-637AA010C3C3}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{49AAA486-AFB2-4F98-A86D-811051103AFB}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{B6552506-98FC-4845-A3BA-16AB1BF789C6}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{4287BA73-F99A-4B08-BA24-FCC7BB32E1B7}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe FirewallRules: [{2D58E177-B20D-474C-9FD1-C1ABA59D50F4}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe FirewallRules: [{57639413-9991-41AD-A76D-19D367405066}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe FirewallRules: [{3AE1B335-231E-4881-99A4-12879EEC41F7}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe FirewallRules: [{46528386-C11E-4E87-B90A-AE17714B9185}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe FirewallRules: [{F0A8547B-306F-48A8-A6D7-C5967E3C0F89}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe FirewallRules: [{1AB6E8BA-0F11-49EE-A1AB-22D76B62563C}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe FirewallRules: [{5D26B9EB-3B54-4317-B1DD-E4DBA81B902A}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Restore Points ========================= 21-01-2016 10:01:01 Scheduled Checkpoint 28-01-2016 09:39:59 Windows Update 04-02-2016 16:44:22 Scheduled Checkpoint 08-02-2016 22:03:59 Edge 5.2 ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (02/08/2016 10:15:14 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Felet uppstod i programmet med namn: regsvr32.exe, version 10.0.10586.0, tidsstämpel 0x5632d864 , felet uppstod i modulen med namn: ntdll.dll, version 10.0.10586.20, tidsstämpel 0x56540c3b Undantagskod: 0xc0000005 Felförskjutning: 0x00000000000252d0 Process-ID: 0x1dd4 Programmets starttid: 0xregsvr32.exe0 Sökväg till program: regsvr32.exe1 Sökväg till modul: regsvr32.exe2 Rapport-ID: regsvr32.exe3 Fullständigt namn på felaktigt paket: regsvr32.exe4 Program-ID relativt till felaktigt paket: regsvr32.exe5 Error: (02/08/2016 10:04:14 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Anropet OnIdentity() i systemskrivarobjektet misslyckades för tjänsten Cryptographic Services. Details: AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol. System Error: Access is denied. . Error: (02/08/2016 09:48:33 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Felet uppstod i programmet med namn: jptask.exe, version 1.4.2.0, tidsstämpel 0x56b87d5c , felet uppstod i modulen med namn: jptask.exe, version 1.4.2.0, tidsstämpel 0x56b87d5c Undantagskod: 0xc0000417 Felförskjutning: 0x0009ffe5 Process-ID: 0x2218 Programmets starttid: 0xjptask.exe0 Sökväg till program: jptask.exe1 Sökväg till modul: jptask.exe2 Rapport-ID: jptask.exe3 Fullständigt namn på felaktigt paket: jptask.exe4 Program-ID relativt till felaktigt paket: jptask.exe5 Error: (02/08/2016 02:27:46 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 5068000 Error: (02/08/2016 02:27:46 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 5068000 Error: (02/08/2016 02:27:46 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (02/08/2016 07:14:20 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 42471219 Error: (02/08/2016 07:14:20 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 42471219 Error: (02/08/2016 07:14:20 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (02/07/2016 07:19:39 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: MM) Description: Aktiveringen av appen Microsoft.Messaging_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 misslyckades med felet: -2147023174 Mer information finns i loggen Microsoft-Windows-TWinUI/Operational. System errors: ============= Error: (02/08/2016 10:15:15 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: application-specificLocalActivation{3185A766-B338-11E4-A71E-12E3F512A338}{7006698D-2974-4091-A424-85DD0B909E23}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable Error: (02/08/2016 09:48:32 PM) (Source: Service Control Manager) (EventID: 7030) (User: ) Description: Tjänsten Privoxy (PrivoxyService) är markerad som en interaktiv tjänst. Systemet är dock konfigurerat för att inte tillåta interaktiva tjänster. Tjänsten kommer kanske inte att fungera korrekt. Error: (02/08/2016 09:48:00 PM) (Source: Service Control Manager) (EventID: 7030) (User: ) Description: Tjänsten Privoxy (PrivoxyService) är markerad som en interaktiv tjänst. Systemet är dock konfigurerat för att inte tillåta interaktiva tjänster. Tjänsten kommer kanske inte att fungera korrekt. Error: (02/08/2016 09:42:45 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable Error: (02/08/2016 09:18:43 PM) (Source: BTHUSB) (EventID: 17) (User: ) Description: Det lokala Bluetooth-kortet fungerade inte på ett odefinierat sätt och kommer inte att användas. Drivrutinen har inaktiverats. Error: (02/08/2016 06:29:59 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable Error: (02/08/2016 05:53:55 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable Error: (02/08/2016 02:27:50 PM) (Source: ACPI) (EventID: 13) (User: ) Description: : Den inbäddade styrenheten (EC) svarade inte inom den tidsgräns som angetts. Detta kan bero på att det finns fel i styrenhetens maskinvara eller i den inbyggda programvaran, eller att BIOS använder styrenheten felaktigt. Du bör be datortillverkaren om en BIOS-uppgradering. I vissa fall kan det här felet orsaka att datorn inte fungerar som den ska. Error: (02/08/2016 01:03:16 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable Error: (02/08/2016 10:02:20 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable CodeIntegrity: =================================== Date: 2016-02-08 22:14:55.986 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-02-08 22:14:55.944 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-02-04 09:31:32.967 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-02-01 16:19:31.531 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-01-31 13:56:03.687 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-01-18 08:50:15.550 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-01-16 08:45:58.376 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-01-15 08:05:27.108 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-01-11 07:20:49.241 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-01-07 10:58:46.219 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Processor: Intel® Pentium® CPU N3540 @ 2.16GHz Percentage of memory in use: 42% Total physical RAM: 8078.27 MB Available physical RAM: 4685 MB Total Virtual: 9358.27 MB Available Virtual: 5580.31 MB ==================== Drives ================================ Drive c: (Windows) (Fixed) (Total:438.89 GB) (Free:384.44 GB) NTFS Drive d: (RECOVERY) (Fixed) (Total:25.07 GB) (Free:2.82 GB) NTFS ==>[system with boot components (obtained from drive)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 465.8 GB) (Disk ID: 6ED269FC) Partition: GPT. ==================== End of Addition.txt ============================ Addition.txt FRST.txt
  11. Hej, har en dator som bara är en vecka gammal som jag installerat bland annat Snagit, Office (nedladdade) och fört över dokument, bilder etc från den gamla datorn. Imorse när jag startade Chrome så fick jag en reklamdel på sidan som verkar komma från något som heter Browser Shop med reklamadds. Hur får jag bort något sånt? Kan jag ha fått något virus/trojan eller liknande som drar ner datorns hastighet? Internet har segt ner sig rejält. Tack på förhand! Vänlig hälsning, Marianne
  12. Hej, bifogar filer från frst, men hittar inte addition filen och resultat från Adwcleaner: # AdwCleaner v3.304 - Report created 08/08/2014 at 20:54:59 # Updated 08/08/2014 by Xplode # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits) # Username : Rebecca - REBECCA-DATOR # Running from : C:\Users\Rebecca\Desktop\adwcleaner_3.304.exe # Option : Scan ***** [ Services ] ***** ***** [ Files / Folders ] ***** ***** [ Scheduled Tasks ] ***** ***** [ Shortcuts ] ***** ***** [ Registry ] ***** ***** [ Browsers ] ***** -\\ Internet Explorer v11.0.9600.17207 -\\ Mozilla Firefox v [ File : C:\Users\Rebecca\AppData\Roaming\Mozilla\Firefox\Profiles\qc9730u6.default\prefs.js ] -\\ Google Chrome v [ File : C:\Users\Rebecca\AppData\Local\Google\Chrome\User Data\Default\preferences ] Found [Extension] : booedmolknjekdopkepjjeckmjkdpfgl Found [Extension] : flpcjncodpafbgdpnkljologafpionhb ************************* AdwCleaner[R0].txt - [9489 octets] - [05/08/2014 22:43:36] AdwCleaner[R1].txt - [9551 octets] - [06/08/2014 22:12:31] AdwCleaner[R2].txt - [1396 octets] - [06/08/2014 22:17:54] AdwCleaner[R3].txt - [1456 octets] - [06/08/2014 22:20:32] AdwCleaner[R4].txt - [1453 octets] - [06/08/2014 22:25:16] AdwCleaner[R5].txt - [1197 octets] - [08/08/2014 20:54:59] AdwCleaner[s0].txt - [8990 octets] - [06/08/2014 22:15:11] AdwCleaner[s1].txt - [1054 octets] - [06/08/2014 22:22:33] ########## EOF - C:\AdwCleaner\AdwCleaner[R5].txt - [1377 octets] ##########
  13. Hej, punkt nr 1 är utförd. 2. Har inte tänkt så mycket på det. Använder dator mindre sällan numera. Förslag på något bra program? 3. Rapport från Adwcleaner: # AdwCleaner v3.302 - Report created 05/08/2014 at 22:43:36 # Updated 30/07/2014 by Xplode # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits) # Username : Rebecca - REBECCA-DATOR # Running from : C:\Users\Rebecca\Desktop\adwcleaner_3.302.exe # Option : Scan ***** [ Services ] ***** Service Found : CltMngSvc ***** [ Files / Folders ] ***** File Found : C:\Program Files (x86)\Mozilla Firefox\searchplugins\Search_Results.xml File Found : C:\Users\Rebecca\AppData\Roaming\Mozilla\Firefox\Profiles\qc9730u6.default\searchplugins\Search_Results.xml Folder Found : C:\Program Files (x86)\SearchProtect Folder Found : C:\ProgramData\Partner Folder Found : C:\Users\Rebecca\AppData\Local\Google\Chrome\User Data\Default\Extensions\bopakagnckmlgajfccecajhnimjiiedh Folder Found : C:\Users\Rebecca\AppData\Local\Ilivid Player Folder Found : C:\Users\Rebecca\AppData\Local\PackageAware Folder Found : C:\Users\Rebecca\AppData\Local\SearchProtect Folder Found : C:\Users\Rebecca\AppData\LocalLow\BabylonToolbar Folder Found : C:\Users\Rebecca\AppData\LocalLow\Conduit Folder Found : C:\Users\Rebecca\AppData\LocalLow\DataMngr Folder Found : C:\Users\Rebecca\AppData\LocalLow\PriceGong Folder Found : C:\Users\Rebecca\AppData\LocalLow\searchquband Folder Found : C:\Users\Rebecca\AppData\Roaming\Mozilla\Firefox\Profiles\qc9730u6.default\Searchqutoolbar ***** [ Scheduled Tasks ] ***** ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Data Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll Data Found : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll Key Found : HKCU\Software\AppDataLow\Software\Conduit Key Found : HKCU\Software\AppDataLow\Software\Crossrider Key Found : HKCU\Software\AppDataLow\Software\PriceGong Key Found : HKCU\Software\AppDataLow\Software\searchqutoolbar Key Found : HKCU\Software\AppDataLow\Software\ShoppingReport2 Key Found : HKCU\Software\Conduit Key Found : HKCU\Software\Cr_Installer Key Found : HKCU\Software\DataMngr Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{99079A25-328F-4BD4-BE04-00955ACAA0A7} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{99079A25-328F-4BD4-BE04-00955ACAA0A7} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} Key Found : HKCU\Software\Myfree Codec Key Found : HKCU\Software\Softonic Key Found : [x64] HKCU\Software\Conduit Key Found : [x64] HKCU\Software\Cr_Installer Key Found : [x64] HKCU\Software\DataMngr Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} Key Found : [x64] HKCU\Software\Myfree Codec Key Found : [x64] HKCU\Software\Softonic Key Found : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56} Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB} Key Found : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17} Key Found : HKLM\SOFTWARE\Classes\AppID\BHO.DLL Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL Key Found : HKLM\SOFTWARE\Classes\AppID\secman.DLL Key Found : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe Key Found : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr Key Found : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1 Key Found : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B} Key Found : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE} Key Found : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556} Key Found : HKLM\SOFTWARE\Classes\CLSID\{99079A25-328F-4BD4-BE04-00955ACAA0A7} Key Found : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1} Key Found : HKLM\SOFTWARE\Classes\Conduit.Engine Key Found : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE} Key Found : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE} Key Found : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager Key Found : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager.1 Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2786678 Key Found : HKLM\SOFTWARE\Classes\TypeLib\{09C554C3-109B-483C-A06B-F14172F1A947} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994} Key Found : HKLM\Software\Conduit Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} Key Found : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32 Key Found : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32 Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs Key Found : HKLM\SOFTWARE\Microsoft\Tracing\ClickPotatoLiteSA_RASAPI32 Key Found : HKLM\SOFTWARE\Microsoft\Tracing\ClickPotatoLiteSA_RASMANCS Key Found : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASAPI32 Key Found : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASMANCS Key Found : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32 Key Found : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS Key Found : HKLM\SOFTWARE\Microsoft\Tracing\Searchqu Toolbar uninstall_RASAPI32 Key Found : HKLM\SOFTWARE\Microsoft\Tracing\Searchqu Toolbar uninstall_RASMANCS Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32 Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32 Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_directx[1]_RASAPI32 Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_directx[1]_RASMANCS Key Found : HKLM\SOFTWARE\Microsoft\Tracing\wajamupdater_rasapi32 Key Found : HKLM\SOFTWARE\Microsoft\Tracing\wajamupdater_rasmancs Key Found : HKLM\SOFTWARE\Microsoft\Tracing\Vid-Saver_RASAPI32 Key Found : HKLM\SOFTWARE\Microsoft\Tracing\Vid-Saver_RASMANCS Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079A25-328F-4BD4-BE04-00955ACAA0A7} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EE171732-BEB4-4576-887D-CB62727F01CA} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect Key Found : HKLM\Software\Myfree Codec Key Found : HKLM\Software\SearchProtect Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE} Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE} Key Found : [x64] HKLM\SOFTWARE\DataMngr Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} Key Found : [x64] HKLM\SOFTWARE\SearchCore for Browsers Value Found : HKCU\Software\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com] Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}] Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}] Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com] Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{99079A25-328F-4BD4-BE04-00955ACAA0A7}] ***** [ Browsers ] ***** -\\ Internet Explorer v11.0.9600.17207 Setting Found : HKCU\Software\Microsoft\Internet Explorer\Main [start Page] - hxxp://search.conduit.com/?gd=&ctid=CT3321897&octid=EB_ORIGINAL_CTID&ISID=M5FA4B0F4-0ED4-4FBC-90CE-377DC9236704&SearchSource=55&CUI=&UM=5&UP=SP8C430C30-245A-4CA4-82C1-48165AB0FB19&SSPV= -\\ Mozilla Firefox v [ File : C:\Users\Rebecca\AppData\Roaming\Mozilla\Firefox\Profiles\qc9730u6.default\prefs.js ] Line Found : user_pref("browser.search.defaultenginename", "Search Results"); Line Found : user_pref("browser.search.order.1", "Search Results"); Line Found : user_pref("extensions.basicscan.init", true); Line Found : user_pref("extensions.crossrider.bic", "1383c1ce52b37eab19e70268cbb1ccc4"); Line Found : user_pref("keyword.URL", "hxxp://www.basicscan.com/?tmp=nemo_results_removelink&prt=BscscnPB&keywords="); -\\ Google Chrome v [ File : C:\Users\Rebecca\AppData\Local\Google\Chrome\User Data\Default\preferences ] Found [search Provider] : hxxp://search.conduit.com/Results.aspx?gd=&ctid=CT3321897&octid=EB_ORIGINAL_CTID&ISID=M5FA4B0F4-0ED4-4FBC-90CE-377DC9236704&SearchSource=58&CUI=&UM=5&UP=SP8C430C30-245A-4CA4-82C1-48165AB0FB19&q={searchTerms}&SSPV= Found [Extension] : booedmolknjekdopkepjjeckmjkdpfgl Found [Extension] : bopakagnckmlgajfccecajhnimjiiedh Found [Extension] : flpcjncodpafbgdpnkljologafpionhb ************************* AdwCleaner[R0].txt - [9301 octets] - [05/08/2014 22:43:36] ########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [9361 octets] ##########
  14. Hej, jag har en konstig startsida som jag inte har valt själv i Google Chrome och oavsett hur många gånger jag ändrar startsidan till en annan så trillar den bort och jag hamnar på search.conduit.com Datorn är också seg, vilket den inte borde vara enligt mig eftersom vi knappt använder den egentligen. Tacksam för hjälp! Mvh Marianne Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-08-2014 Ran by Rebecca (administrator) on REBECCA-DATOR on 02-08-2014 20:47:37 Running from C:\Users\Rebecca\Downloads Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Svenska (Sverige) Internet Explorer Version 11 Boot Mode: Normal The only official download link for FRST: ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell PowerSave Solution\ePowerSvc.exe (NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe (Acer Incorporated) C:\Program Files\Packard Bell\Optical Drive Power Management\ODDPWRSvc.exe (Acer) C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe (Voddler) C:\Program Files (x86)\Voddler\service\voddler.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Acer Incorporated) C:\Program Files\Packard Bell\Optical Drive Power Management\ODDPWR.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (SecMaker AB) C:\Program Files\Net iD\iid.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (Dropbox, Inc.) C:\Users\Rebecca\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe (Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe (Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe () C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe (Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell PowerSave Solution\ePowerTray.exe (Intel Corporation) C:\Windows\System32\igfxext.exe (Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell PowerSave Solution\ePowerEvent.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Client Connect LTD) C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe (Client Connect LTD) C:\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe (Client Connect LTD) C:\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Google Inc.) C:\Users\Rebecca\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Rebecca\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Rebecca\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Rebecca\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Rebecca\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Rebecca\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Rebecca\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Rebecca\AppData\Local\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\System32\msiexec.exe (Farbar) C:\Users\Rebecca\Downloads\FRST64 (1).exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [iAAnotif] => C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-05] (Intel Corporation) HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1808168 2009-06-18] (Synaptics Incorporated) HKLM\...\Run: [ODDPwr] => C:\Program Files\Packard Bell\Optical Drive Power Management\ODDPwr.exe [215040 2009-07-31] (Acer Incorporated) HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Packard Bell\Packard Bell PowerSave Solution\ePowerTrayLauncher.exe [489472 2009-08-20] (Acer Incorporated) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7940128 2009-07-06] (Realtek Semiconductor) HKLM\...\Run: [skytel] => C:\Program Files\Realtek\Audio\HDA\Skytel.exe [1833504 2009-07-06] (Realtek Semiconductor Corp.) HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch HKLM\...\Run: [Net iD] => C:\Program Files\Net iD\iid.exe [113408 2013-10-15] (SecMaker AB) HKLM-x32\...\Run: [startCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-09-02] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1191432 2009-08-27] (Dritek System Inc.) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation) HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [36800 2012-07-27] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [823224 2012-07-27] (Adobe Systems Inc.) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.) HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252296 2012-01-17] (Sun Microsystems, Inc.) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.) HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-08-16] (Apple Inc.) HKLM-x32\...\Run: [Net iD] => C:\Program Files (x86)\Net iD\iid.exe [104704 2013-10-15] (SecMaker AB) HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311616 2014-02-03] (Samsung Electronics Co., Ltd.) HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2014-02-14] (DivX, LLC) HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2014-01-10] () Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-43749023-2764538973-4219892048-1000\...\Run: [Google Update] => C:\Users\Rebecca\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2012-03-08] (Google Inc.) HKU\S-1-5-21-43749023-2764538973-4219892048-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-04-05] (Apple Inc.) HKU\S-1-5-21-43749023-2764538973-4219892048-1000\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-04-05] (Apple Inc.) HKU\S-1-5-21-43749023-2764538973-4219892048-1000\...\Run: [com.apple.dav.bookmarks.daemon] => C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe [59720 2013-04-05] (Apple Inc.) HKU\S-1-5-21-43749023-2764538973-4219892048-1000\...\Run: [skyDrive] => C:\Users\Rebecca\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe [251040 2014-08-02] (Microsoft Corporation) HKU\S-1-5-21-43749023-2764538973-4219892048-1000\...\Run: [KiesAirMessage] => C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup HKU\S-1-5-21-43749023-2764538973-4219892048-1000\...\RunOnce: [uninstall C:\Users\Rebecca\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Rebecca\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64" HKU\S-1-5-21-43749023-2764538973-4219892048-1000\...\RunOnce: [uninstall C:\Users\Rebecca\AppData\Local\Microsoft\SkyDrive\17.0.4029.0217\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Rebecca\AppData\Local\Microsoft\SkyDrive\17.0.4029.0217\amd64" HKU\S-1-5-21-43749023-2764538973-4219892048-1000\...\RunOnce: [uninstall C:\Users\Rebecca\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Rebecca\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64" HKU\S-1-5-21-43749023-2764538973-4219892048-1000\...\RunOnce: [uninstall C:\Users\Rebecca\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Rebecca\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512\amd64" HKU\S-1-5-21-43749023-2764538973-4219892048-1000\...\RunOnce: [uninstall C:\Users\Rebecca\AppData\Local\Microsoft\SkyDrive\17.3.1165.0612\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Rebecca\AppData\Local\Microsoft\SkyDrive\17.3.1165.0612\amd64" AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64Loader.dll [232896 2014-07-22] (Client Connect LTD) AppInit_DLLs-x32: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32Loader.dll [187328 2014-07-22] (Client Connect LTD) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.) Startup: C:\Users\Rebecca\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\Rebecca\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) ShellIconOverlayIdentifiers: SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Rebecca\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\SkyDriveShell64.dll (Microsoft Corporation) ShellIconOverlayIdentifiers: SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Rebecca\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\SkyDriveShell64.dll (Microsoft Corporation) ShellIconOverlayIdentifiers: SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Rebecca\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\SkyDriveShell64.dll (Microsoft Corporation) ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Rebecca\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Rebecca\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Rebecca\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Rebecca\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Rebecca\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\SkyDriveShell.dll (Microsoft Corporation) ShellIconOverlayIdentifiers-x32: SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Rebecca\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\SkyDriveShell.dll (Microsoft Corporation) ShellIconOverlayIdentifiers-x32: SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Rebecca\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\SkyDriveShell.dll (Microsoft Corporation) ShellIconOverlayIdentifiers-x32: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Rebecca\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Rebecca\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Rebecca\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com/?gd=&ctid=CT3321897&octid=EB_ORIGINAL_CTID&ISID=M5FA4B0F4-0ED4-4FBC-90CE-377DC9236704&SearchSource=55&CUI=&UM=5&UP=SP8C430C30-245A-4CA4-82C1-48165AB0FB19&SSPV= HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch SearchScopes: HKLM - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search-results.com/sr?src=ieb&appid=119&systemid=406&sr=0&q={searchTerms} SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search-results.com/sr?src=ieb&appid=119&systemid=406&sr=0&q={searchTerms} SearchScopes: HKLM-x32 - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search-results.com/sr?src=ieb&appid=119&systemid=406&sr=0&q={searchTerms} SearchScopes: HKLM-x32 - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACPW SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search-results.com/sr?src=ieb&appid=119&systemid=406&sr=0&q={searchTerms} SearchScopes: HKCU - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search-results.com/sr?src=ieb&appid=119&systemid=406&sr=0&q={searchTerms} SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACPW SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search-results.com/sr?src=ieb&appid=119&systemid=406&sr=0&q={searchTerms} BHO: SnagIt Toolbar Loader -> {00C6482D-C502-44C8-8409-FCE54AD9C208} -> C:\Program Files (x86)\TechSmith\Snagit 9\DLLx64\SnagitBHO64.dll (TechSmith Corporation) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: SnagIt Toolbar Loader -> {00C6482D-C502-44C8-8409-FCE54AD9C208} -> C:\Program Files (x86)\TechSmith\Snagit 9\SnagitBHO.dll (TechSmith Corporation) BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.) BHO-x32: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation) BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Searchqu Toolbar -> {99079a25-328f-4bd4-be04-00955acaa0a7} -> C:\PROGRA~2\WI3C8A~1\Datamngr\ToolBar\searchqudtx.dll No File BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) BHO-x32: Skype Plug-In -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) Toolbar: HKLM-x32 - Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 9\SnagitIEAddin.dll (TechSmith Corporation) Toolbar: HKLM-x32 - Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WI3C8A~1\Datamngr\ToolBar\searchqudtx.dll No File Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File Toolbar: HKCU - No Name - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No File Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File Toolbar: HKCU - No Name - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab DPF: HKLM-x32 {11260943-421B-11D0-8EAC-0000C07D88CF} http://www.ipix.com/download/ipixx.cab DPF: HKLM-x32 {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab DPF: HKLM-x32 {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: HKLM-x32 {DC6FEBC5-0A2D-458A-A01B-5DB15EEC4305} http://webc.mariakyrkan.org/auth/controls/IlosoftImageUpload.dll DPF: HKLM-x32 {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx1.hotmail.com/mail/w4/m3/photouploadcontrol/VistaMSNPUplden-us.cab Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - No File Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Users\Rebecca\AppData\Roaming\Mozilla\Firefox\Profiles\qc9730u6.default FF DefaultSearchEngine: Search Results FF SearchEngineOrder.1: Search Results FF SelectedSearchEngine: Google FF Homepage: hxxp://di.se/ FF Keyword.URL: hxxp://www.basicscan.com/?tmp=nemo_results_removelink&prt=BscscnPB&keywords= FF NetworkProxy: "no_proxies_on", "*.local" FF NetworkProxy: "type", 0 FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll () FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll () FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.) FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @bankid.com/BankID säkerhetsprogram,version=5.1.4.3 -> C:\Program Files (x86)\BankID\npBispBrowser.dll (Finansiell ID-Teknik BID AB) FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC) FF Plugin-x32: @java.com/DTPlugin,version=10.4.1 -> C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.4.1 -> C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @pages.tvunetworks.com/WebPlayer -> C:\Windows\system32\TVUAx\npTVUAx.dll No File FF Plugin-x32: @voddler/voddlerplugin -> C:\Program Files (x86)\Voddler\plugin\npvoddler.dll (Voddler Sweden AB) FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Rebecca\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Rebecca\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Rebecca\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npiidplg.dll (SecMaker AB) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.) FF SearchPlugin: C:\Users\Rebecca\AppData\Roaming\Mozilla\Firefox\Profiles\qc9730u6.default\searchplugins\Search_Results.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\Search_Results.xml FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2010-12-28] FF HKCU\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04] Chrome: ======= CHR HomePage: hxxp://google.com/ CHR StartupUrls: "hxxp://www.di.se/" CHR Plugin: (Remoting Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Users\Rebecca\AppData\Local\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Users\Rebecca\AppData\Local\Google\Chrome\Application\36.0.1985.125\pdf.dll () CHR Plugin: (Shockwave Flash) - C:\Users\Rebecca\AppData\Local\Google\Chrome\Application\36.0.1985.125\gcswf32.dll No File CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll No File CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File CHR Plugin: (Net iD) - C:\Program Files (x86)\Mozilla Firefox\plugins\npiidplg.dll (SecMaker AB) CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll No File CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll No File CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) CHR Plugin: (Java Platform SE 7 U4) - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation) CHR Plugin: (Java Deployment Toolkit 7.0.40.255) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) CHR Plugin: (Nexus Personal) - C:\Program Files (x86)\Personal\bin\np_prsnl.dll No File CHR Plugin: (Voddler Web Plugin) - C:\Program Files (x86)\Voddler\plugin\npvoddler.dll (Voddler Sweden AB) CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () CHR Plugin: (Google Update) - C:\Users\Rebecca\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll No File CHR Plugin: (TVU Web Player for FireFox) - C:\Windows\system32\TVUAx\npTVUAx.dll No File CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File CHR Extension: (YouTube) - C:\Users\Rebecca\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-03-08] CHR Extension: (McAfee Security Scan+) - C:\Users\Rebecca\AppData\Local\Google\Chrome\User Data\Default\Extensions\bopakagnckmlgajfccecajhnimjiiedh [2014-03-18] CHR Extension: (Sök på Google) - C:\Users\Rebecca\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-03-08] CHR Extension: (Google Wallet) - C:\Users\Rebecca\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-21] CHR Extension: (Gmail) - C:\Users\Rebecca\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-03-08] CHR Extension: (Extutil) - C:\Users\Rebecca\AppData\Local\Temp\D7ADFCCA-EE7E-442C-9999-C4D14FEF360B [2014-04-07] CHR Extension: (Managera) - C:\Users\Rebecca\AppData\Local\Temp\38fdaae5-8e0e-493c-88ec-e05c3be06e42 [2014-04-07] CHR HKLM-x32\...\Chrome\Extension: [dhkplhfnhceodhffomolpfigojocbpcb] - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbar.crx [2014-04-07] CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2011-04-15] CHR StartMenuInternet: Google Chrome - C:\Users\Rebecca\AppData\Local\Google\Chrome\Application\chrome.exe ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 CltMngSvc; C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe [2975168 2014-07-22] (Client Connect LTD) R2 ePowerSvc; C:\Program Files\Packard Bell\Packard Bell PowerSave Solution\ePowerSvc.exe [787968 2009-08-20] (Acer Incorporated) [File not signed] S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2011-03-11] (Macrovision Europe Ltd.) [File not signed] S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.) R2 NTI IScheduleSvc; C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe [62720 2009-08-21] (NewTech Infosystems, Inc.) R2 ODDPwrSvc; C:\Program Files\Packard Bell\Optical Drive Power Management\ODDPWRSvc.exe [151552 2009-07-31] (Acer Incorporated) [File not signed] S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [117264 2009-10-20] (CACE Technologies, Inc.) S2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.) S3 Sony Ericsson PCCompanion; C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [150528 2011-02-10] (Avanquest Software) [File not signed] R2 Updater Service; C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe [240160 2009-07-04] (Acer) R2 VoddlerNet; C:\Program Files (x86)\Voddler\service\voddler.exe [1194192 2010-08-24] (Voddler) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) R2 NPF; C:\Windows\System32\drivers\npf.sys [47632 2009-10-20] (CACE Technologies, Inc.) R3 seehcri; C:\Windows\System32\DRIVERS\seehcri.sys [34032 2010-06-19] (Sony Ericsson Mobile Communications) S3 Tdsshbecr; C:\Windows\System32\DRIVERS\shbecr.sys [50176 2008-09-23] (Todos Data System AB) U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [59904 2009-07-14] (Microsoft Corporation) S3 catchme; \??\C:\ComboFix\catchme.sys [X] S3 dgderdrv; System32\drivers\dgderdrv.sys [X] R3 SPPD; \??\C:\Windows\system32\drivers\SPPD.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-08-02 20:47 - 2014-08-02 20:49 - 00032301 _____ () C:\Users\Rebecca\Downloads\FRST.txt 2014-08-02 20:47 - 2014-08-02 20:47 - 02094080 _____ (Farbar) C:\Users\Rebecca\Downloads\FRST64 (1).exe 2014-08-02 20:47 - 2014-08-02 20:47 - 00000000 ____D () C:\FRST 2014-08-02 20:46 - 2014-08-02 20:46 - 02094080 _____ (Farbar) C:\Users\Rebecca\Downloads\FRST64.exe 2014-07-10 17:44 - 2014-06-30 04:09 - 00519168 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-07-10 17:44 - 2014-06-30 04:04 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-07-10 17:44 - 2014-06-18 04:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe 2014-07-10 17:44 - 2014-06-18 03:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe 2014-07-10 17:44 - 2014-06-18 03:10 - 03157504 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-07-10 17:44 - 2014-06-06 12:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll 2014-07-10 17:44 - 2014-06-06 11:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll 2014-07-10 17:44 - 2014-05-30 10:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2014-07-10 17:44 - 2014-05-30 10:08 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2014-07-10 17:44 - 2014-05-30 09:52 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2014-07-10 17:44 - 2014-05-30 09:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2014-07-10 17:44 - 2014-05-30 08:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys 2014-07-10 17:43 - 2014-06-20 22:14 - 00266424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-07-10 17:43 - 2014-06-20 21:39 - 00240824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2014-07-10 17:43 - 2014-06-19 03:39 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-07-10 17:43 - 2014-06-19 03:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-07-10 17:43 - 2014-06-19 03:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-07-10 17:43 - 2014-06-19 02:48 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-07-10 17:43 - 2014-06-19 02:42 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-07-10 17:43 - 2014-06-19 02:42 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-07-10 17:43 - 2014-06-19 02:41 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2014-07-10 17:43 - 2014-06-19 02:41 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-07-10 17:43 - 2014-06-19 02:32 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-07-10 17:43 - 2014-06-19 02:31 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-07-10 17:43 - 2014-06-19 02:26 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-07-10 17:43 - 2014-06-19 02:24 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-07-10 17:43 - 2014-06-19 02:24 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-07-10 17:43 - 2014-06-19 02:23 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-07-10 17:43 - 2014-06-19 02:16 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-07-10 17:43 - 2014-06-19 02:14 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-07-10 17:43 - 2014-06-19 02:09 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-07-10 17:43 - 2014-06-19 01:59 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-07-10 17:43 - 2014-06-19 01:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-07-10 17:43 - 2014-06-19 01:53 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-07-10 17:43 - 2014-06-19 01:51 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-07-10 17:43 - 2014-06-19 01:50 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-07-10 17:43 - 2014-06-19 01:48 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-07-10 17:43 - 2014-06-19 01:39 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-07-10 17:43 - 2014-06-19 01:38 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-07-10 17:43 - 2014-06-19 01:37 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-07-10 17:43 - 2014-06-19 01:36 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-07-10 17:43 - 2014-06-19 01:35 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2014-07-10 17:43 - 2014-06-19 01:33 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-07-10 17:43 - 2014-06-19 01:32 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-07-10 17:43 - 2014-06-19 01:28 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-07-10 17:43 - 2014-06-19 01:28 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-07-10 17:43 - 2014-06-19 01:27 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-07-10 17:43 - 2014-06-19 01:27 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2014-07-10 17:43 - 2014-06-19 01:25 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-07-10 17:43 - 2014-06-19 01:23 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-07-10 17:43 - 2014-06-19 01:22 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-07-10 17:43 - 2014-06-19 01:12 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-07-10 17:43 - 2014-06-19 01:06 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-07-10 17:43 - 2014-06-19 01:01 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-07-10 17:43 - 2014-06-19 00:59 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-07-10 17:43 - 2014-06-19 00:58 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-07-10 17:43 - 2014-06-19 00:58 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-07-10 17:43 - 2014-06-19 00:52 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-07-10 17:43 - 2014-06-19 00:51 - 13527040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-07-10 17:43 - 2014-06-19 00:49 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-07-10 17:43 - 2014-06-19 00:46 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2014-07-10 17:43 - 2014-06-19 00:45 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-07-10 17:43 - 2014-06-19 00:35 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-07-10 17:43 - 2014-06-19 00:34 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-07-10 17:43 - 2014-06-19 00:15 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-07-10 17:43 - 2014-06-19 00:13 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-07-10 17:43 - 2014-06-19 00:09 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-07-10 17:43 - 2014-06-19 00:07 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-07-10 17:43 - 2014-06-05 16:45 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2014-07-10 17:43 - 2014-06-05 16:26 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2014-07-10 17:43 - 2014-06-05 16:25 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2014-07-10 17:43 - 2014-05-30 10:08 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2014-07-10 17:43 - 2014-05-30 10:08 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2014-07-10 17:43 - 2014-05-30 10:08 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2014-07-10 17:43 - 2014-05-30 10:08 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2014-07-10 17:43 - 2014-05-30 10:08 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2014-07-10 17:43 - 2014-05-30 09:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2014-07-10 17:43 - 2014-05-30 09:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2014-07-10 17:43 - 2014-05-30 09:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll 2014-07-10 17:43 - 2014-05-30 09:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2014-07-10 17:43 - 2014-05-30 09:52 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2014-07-09 21:33 - 2014-07-09 21:33 - 12137400 _____ () C:\Users\Rebecca\Downloads\BankID_installation_6_0_1.exe 2014-07-09 21:31 - 2014-07-09 21:31 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WUDFUsbccidDriver_01_09_00.Wdf 2014-07-09 19:35 - 2014-07-09 19:35 - 11204096 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-08-02 20:49 - 2014-08-02 20:47 - 00032301 _____ () C:\Users\Rebecca\Downloads\FRST.txt 2014-08-02 20:49 - 2013-08-21 12:29 - 00000000 ____D () C:\Program Files (x86)\QuickTime 2014-08-02 20:47 - 2014-08-02 20:47 - 02094080 _____ (Farbar) C:\Users\Rebecca\Downloads\FRST64 (1).exe 2014-08-02 20:47 - 2014-08-02 20:47 - 00000000 ____D () C:\FRST 2014-08-02 20:46 - 2014-08-02 20:46 - 02094080 _____ (Farbar) C:\Users\Rebecca\Downloads\FRST64.exe 2014-08-02 20:46 - 2011-12-04 20:47 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-08-02 20:45 - 2009-10-01 01:15 - 00000000 ____D () C:\Program Files (x86)\Packard Bell 2014-08-02 20:38 - 2009-10-21 14:26 - 01540138 _____ () C:\Windows\WindowsUpdate.log 2014-08-02 20:36 - 2012-06-03 07:29 - 00000868 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-08-02 20:22 - 2012-03-08 08:35 - 00001012 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-43749023-2764538973-4219892048-1000UA.job 2014-08-02 18:55 - 2009-07-14 06:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-08-02 18:55 - 2009-07-14 06:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-08-02 18:48 - 2012-10-17 10:20 - 00000000 ___RD () C:\Users\Rebecca\Dropbox 2014-08-02 18:48 - 2012-10-17 10:19 - 00000000 ____D () C:\Users\Rebecca\AppData\Roaming\Dropbox 2014-08-02 18:47 - 2010-06-11 20:12 - 00000000 ____D () C:\Voddler 2014-08-02 18:45 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-08-02 18:45 - 2009-07-14 06:51 - 00213919 _____ () C:\Windows\setupact.log 2014-08-02 16:09 - 2014-02-19 22:34 - 00002197 _____ () C:\Users\Rebecca\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk 2014-07-31 22:06 - 2012-03-08 08:35 - 00000960 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-43749023-2764538973-4219892048-1000Core.job 2014-07-25 21:29 - 2014-04-07 22:04 - 00000000 ____D () C:\Program Files (x86)\SearchProtect 2014-07-25 09:37 - 2012-10-17 10:19 - 00000000 ____D () C:\Users\Rebecca\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2014-07-25 09:37 - 2011-05-10 08:01 - 00002027 _____ () C:\Windows\wininit.ini 2014-07-24 09:28 - 2013-03-14 07:28 - 00000000 ____D () C:\Program Files\Microsoft Silverlight 2014-07-24 09:28 - 2013-03-14 07:28 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight 2014-07-23 22:39 - 2013-03-14 07:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 2014-07-23 21:11 - 2012-03-08 08:35 - 00002387 _____ () C:\Users\Rebecca\Desktop\Google Chrome.lnk 2014-07-23 20:49 - 2012-06-08 22:32 - 00000521 _____ () C:\Users\Rebecca\Desktop\Paxord.txt 2014-07-14 14:53 - 2010-06-13 14:02 - 00000000 ____D () C:\Users\Rebecca\AppData\Roaming\vlc 2014-07-14 13:51 - 2013-11-14 22:15 - 00009216 ___SH () C:\Users\Rebecca\Thumbs.db 2014-07-12 22:06 - 2009-07-14 09:45 - 00000000 ____D () C:\Program Files\Windows Journal 2014-07-11 16:19 - 2009-07-14 06:45 - 02349824 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-07-11 16:16 - 2014-05-07 09:48 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-07-11 16:16 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism 2014-07-11 16:16 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\Dism 2014-07-11 15:59 - 2013-08-14 22:34 - 00000000 ____D () C:\Windows\system32\MRT 2014-07-11 15:55 - 2010-08-09 12:54 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-07-11 15:54 - 2009-10-01 01:24 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-07-09 21:33 - 2014-07-09 21:33 - 12137400 _____ () C:\Users\Rebecca\Downloads\BankID_installation_6_0_1.exe 2014-07-09 21:31 - 2014-07-09 21:31 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WUDFUsbccidDriver_01_09_00.Wdf 2014-07-09 21:17 - 2012-11-24 10:56 - 00000000 ____D () C:\Users\Rebecca\Desktop\Documents\Recept 2014-07-09 19:35 - 2014-07-09 19:35 - 11204096 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe 2014-07-09 19:35 - 2012-06-03 07:29 - 00003806 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-07-09 19:35 - 2012-06-03 07:28 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-07-09 19:35 - 2011-08-01 20:47 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-07-05 11:16 - 2009-07-14 07:08 - 00032514 _____ () C:\Windows\Tasks\SCHEDLGU.TXT Some content of TEMP: ==================== C:\Users\Rebecca\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpjnaykh.dll C:\Users\Rebecca\AppData\Local\Temp\SPSetup.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2013-10-03 19:24 ==================== End Of Log ============================ Addition.txt
  15. ComboFix 12-01-05.01 - Rebecca 2012-01-05 19:38:39.1.2 - x64 Microsoft Windows 7 Home Premium 6.1.7600.0.1252.46.1053.18.3999.2545 [GMT 1:00] Körs från: c:\users\Rebecca\Downloads\ComboFix.exe SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Skapade en ny återställningspunkt . . ((((((((((((((((((((((((((((((((((((((( Andra raderingar )))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files (x86)\INSTALL.LOG c:\programdata\FullRemove.exe c:\users\Rebecca\AppData\Roaming\.# . . (((((((((((((((((((((((( Filer skapade från 2011-12-05 till 2012-01-05 )))))))))))))))))))))))))))))) . . 2012-01-05 18:49 . 2012-01-05 18:49 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-01-04 15:50 . 2012-01-04 15:50 -------- d-----w- c:\windows\system32\Macromed 2012-01-03 17:54 . 2012-01-03 17:54 -------- d-----w- c:\program files (x86)\Common Files\Java 2012-01-03 17:53 . 2012-01-03 17:53 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll 2011-12-20 17:11 . 2011-12-20 17:11 388096 ----a-r- c:\users\Rebecca\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2011-12-20 17:11 . 2011-12-20 17:11 -------- d-----w- c:\program files (x86)\Trend Micro 2011-12-15 21:38 . 2011-11-04 01:53 2309120 ----a-w- c:\windows\system32\jscript9.dll 2011-12-15 21:38 . 2011-11-04 01:44 1493504 ----a-w- c:\windows\system32\inetcpl.cpl 2011-12-15 21:38 . 2011-11-03 22:47 1798144 ----a-w- c:\windows\SysWow64\jscript9.dll 2011-12-15 21:38 . 2011-11-03 22:40 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl 2011-12-15 21:38 . 2011-11-04 01:48 887296 ----a-w- c:\program files\Internet Explorer\iedvtool.dll 2011-12-15 21:38 . 2011-11-03 22:42 678912 ----a-w- c:\program files (x86)\Internet Explorer\iedvtool.dll 2011-12-15 16:00 . 2011-10-26 05:19 43520 ----a-w- c:\windows\system32\csrsrv.dll 2011-12-15 16:00 . 2011-10-15 06:25 723456 ----a-w- c:\windows\system32\EncDec.dll 2011-12-15 16:00 . 2011-10-15 05:48 534528 ----a-w- c:\windows\SysWow64\EncDec.dll 2011-12-15 16:00 . 2011-11-24 05:00 3141632 ----a-w- c:\windows\system32\win32k.sys 2011-12-15 16:00 . 2011-11-05 05:17 2048 ----a-w- c:\windows\system32\tzres.dll 2011-12-15 16:00 . 2011-11-05 04:30 2048 ----a-w- c:\windows\SysWow64\tzres.dll 2011-12-14 19:35 . 2011-12-14 19:35 -------- d-----w- c:\program files\iPod 2011-12-14 19:35 . 2011-12-14 19:36 -------- d-----w- c:\program files\iTunes 2011-12-14 19:35 . 2011-12-14 19:36 -------- d-----w- c:\program files (x86)\iTunes . . . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-01-04 15:50 . 2011-08-01 18:47 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2011-12-02 06:45 . 2011-12-02 06:45 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll 2011-12-02 06:45 . 2011-12-02 06:45 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe 2011-12-02 06:45 . 2011-12-02 06:45 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe 2011-12-02 06:45 . 2011-12-02 06:45 74752 ----a-w- c:\windows\SysWow64\iesetup.dll 2011-12-02 06:45 . 2011-12-02 06:45 63488 ----a-w- c:\windows\SysWow64\tdc.ocx 2011-12-02 06:45 . 2011-12-02 06:45 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll 2011-12-02 06:45 . 2011-12-02 06:45 420864 ----a-w- c:\windows\SysWow64\vbscript.dll 2011-12-02 06:45 . 2011-12-02 06:45 367104 ----a-w- c:\windows\SysWow64\html.iec 2011-12-02 06:45 . 2011-12-02 06:45 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll 2011-12-02 06:45 . 2011-12-02 06:45 161792 ----a-w- c:\windows\SysWow64\msls31.dll 2011-12-02 06:45 . 2011-12-02 06:45 152064 ----a-w- c:\windows\SysWow64\wextract.exe 2011-12-02 06:45 . 2011-12-02 06:45 150528 ----a-w- c:\windows\SysWow64\iexpress.exe 2011-12-02 06:45 . 2011-12-02 06:45 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll 2011-12-02 06:45 . 2011-12-02 06:45 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe 2011-12-02 06:45 . 2011-12-02 06:45 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe 2011-12-02 06:45 . 2011-12-02 06:45 85504 ----a-w- c:\windows\system32\iesetup.dll 2011-12-02 06:45 . 2011-12-02 06:45 76800 ----a-w- c:\windows\system32\tdc.ocx 2011-12-02 06:45 . 2011-12-02 06:45 603648 ----a-w- c:\windows\system32\vbscript.dll 2011-12-02 06:45 . 2011-12-02 06:45 49664 ----a-w- c:\windows\system32\imgutil.dll 2011-12-02 06:45 . 2011-12-02 06:45 48640 ----a-w- c:\windows\system32\mshtmler.dll 2011-12-02 06:45 . 2011-12-02 06:45 448512 ----a-w- c:\windows\system32\html.iec 2011-12-02 06:45 . 2011-12-02 06:45 35840 ----a-w- c:\windows\SysWow64\imgutil.dll 2011-12-02 06:45 . 2011-12-02 06:45 30720 ----a-w- c:\windows\system32\licmgr10.dll 2011-12-02 06:45 . 2011-12-02 06:45 222208 ----a-w- c:\windows\system32\msls31.dll 2011-12-02 06:45 . 2011-12-02 06:45 173056 ----a-w- c:\windows\system32\ieUnatt.exe 2011-12-02 06:45 . 2011-12-02 06:45 165888 ----a-w- c:\windows\system32\iexpress.exe 2011-12-02 06:45 . 2011-12-02 06:45 160256 ----a-w- c:\windows\system32\wextract.exe 2011-12-02 06:45 . 2011-12-02 06:45 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe 2011-12-02 06:45 . 2011-12-02 06:45 135168 ----a-w- c:\windows\system32\IEAdvpack.dll 2011-12-02 06:45 . 2011-12-02 06:45 12288 ----a-w- c:\windows\system32\mshta.exe 2011-12-02 06:45 . 2011-12-02 06:45 11776 ----a-w- c:\windows\SysWow64\mshta.exe 2011-12-02 06:45 . 2011-12-02 06:45 114176 ----a-w- c:\windows\system32\admparse.dll 2011-12-02 06:45 . 2011-12-02 06:45 111616 ----a-w- c:\windows\system32\iesysprep.dll 2011-12-02 06:45 . 2011-12-02 06:45 101888 ----a-w- c:\windows\SysWow64\admparse.dll 2011-10-24 13:29 . 2011-10-24 13:29 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx 2011-10-24 13:29 . 2011-10-24 13:29 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts 2010-01-05 10:32 . 2010-08-11 10:12 12148656 ----a-w- c:\program files (x86)\fcc32.exe 2009-07-08 15:57 . 2010-08-11 10:12 1061944 ----a-w- c:\program files (x86)\dbghelp.dll 2008-01-08 17:41 . 2010-08-11 10:12 970752 ----a-w- c:\program files (x86)\fcsmapi.dll . . (((((((((((((((((((((((((((((((((( Startpunkter i registret ))))))))))))))))))))))))))))))))))))))))))))))) . . *Not* tomma poster & legitima standardposter visas inte. REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-09-02 98304] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760] "LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2009-08-27 1191432] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-10-25 932288] "GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072] "Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2010-10-25 36760] "Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2010-10-25 821144] "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-05-29 449584] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-12-08 421736] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [x] R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys [x] R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x] R3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [2011-02-10 150528] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x] R3 WatAdminSvc;Aktiveringsteknologier för Windows-tjänst;c:\windows\system32\Wat\WatAdminSvc.exe [x] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x] S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2009-08-24 107016] S2 ePowerSvc;Acer ePower Service;c:\program files\Packard Bell\Packard Bell PowerSave Solution\ePowerSvc.exe [2009-08-19 787968] S2 Greg_Service;GRegService;c:\program files (x86)\Packard Bell\Registration\GregHSRW.exe [2009-06-04 1150496] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-05-29 366640] S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe [2009-08-21 62720] S2 ODDPwrSvc;Acer ODD Power Service;c:\program files\Packard Bell\Optical Drive Power Management\ODDPWRSvc.exe [2009-07-30 151552] S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368] S2 Updater Service;Updater Service;c:\program files\Packard Bell\Packard Bell Updater\UpdaterService.exe [2009-07-04 240160] S2 VoddlerNet;VoddlerNet;c:\program files (x86)\Voddler\service\voddler.exe [2010-08-24 1194192] S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [x] S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x] S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys [x] S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys [x] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x] S3 NETw1v64;Intel® Wireless WiFi Link 1000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\NETw1v64.sys [x] S3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\DRIVERS\seehcri.sys [x] . . --- Övriga tjänster/drivrutiner i minnet --- . *NewlyCreated* - WS2IFSL . Innehåll i mappen 'Schemalagda aktiviteter': . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-01 165912] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-01 387608] "Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-01 365592] "ODDPwr"="c:\program files\Packard Bell\Optical Drive Power Management\ODDPwr.exe" [2009-07-30 215040] "Acer ePower Management"="c:\program files\Packard Bell\Packard Bell PowerSave Solution\ePowerTrayLauncher.exe" [2009-08-19 489472] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-06 7940128] "Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-07-06 1833504] "Logitech Download Assistant"="c:\windows\system32\rundll32.exe" [2009-07-14 45568] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x1 . ------- Extra genomsökning ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.di.se/nyheter mStart Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=041d&m=en_butterfly_m&r=27360510s306l0321z1k5f4831u257 mLocal Page = c:\windows\SysWOW64\blank.htm IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html TCP: DhcpNameServer = 192.168.1.1 192.168.1.1 DPF: {DC6FEBC5-0A2D-458A-A01B-5DB15EEC4305} - hxxp://webc.mariakyrkan.org/auth/controls/IlosoftImageUpload.dll FF - ProfilePath - c:\users\Rebecca\AppData\Roaming\Mozilla\Firefox\Profiles\qc9730u6.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.di.se/nyheter FF - prefs.js: network.proxy.type - 0 . - - - - FÖRÄLDRALÖSA POSTER SOM TAGITS BORT - - - - . Toolbar-Locked - (no file) Toolbar-10 - (no file) Toolbar-Locked - (no file) Toolbar-10 - (no file) WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file) WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file) WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file) HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe . . . --------------------- LÅSTA REGISTERNYCKLAR --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows CE Services] "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\ . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Andra processer som körs ------------------------ . c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\windows\SysWOW64\rundll32.exe c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe . ************************************************************************** . Sluttid: 2012-01-05 19:58:37 - datorn startades om. ComboFix-quarantined-files.txt 2012-01-05 18:58 . Före genomsökningen: 332 251 971 584 byte ledigt Efter genomsökningen: 331 625 041 920 byte ledigt . - - End Of File - - 4ED85EA0D4158F8125A4E77CE69DE50C
×