Just nu i M3-nätverket
Gå till innehåll
Toonky

Hjälp med Awesomehp, Blir inte av med dem.

Rekommendera Poster

Toonky

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-02-2014
Ran by Tony (administrator) on TL-SAMSUNG on 04-02-2014 19:43:24
Running from C:\Users\Tony\Desktop
Windows 8.1 (X64) OS Language: Swedish
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Nero AG) C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
() C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\sSettings.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Qualcomm Atheros) C:\Program Files (x86)\Bluetooth Suite\BtTray.exe
(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
() C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareTray.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe
() C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Lavasoft) C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
(Samsung Electronics CO., LTD.) C:\Program Files\Samsung\S Agent\CommonAgent.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(Samsung Electronics CO., LTD.) C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_43.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_43.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Samsung Electronics CO., LTD.) C:\Program Files\Samsung\Support Center\GuaranaAgent.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13191824 2012-08-10] (Realtek Semiconductor)
HKLM\...\Run: [btTray] - C:\Program Files (x86)\Bluetooth Suite\BtTray.exe [766080 2012-12-05] (Qualcomm Atheros)
HKLM\...\Run: [btvStack] - C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [128640 2012-12-05] (Atheros Communications)
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [499608 2011-06-16] (Adobe Systems Incorporated)
HKLM\...\Run: [bitcasa] - C:\Program Files\Bitcasa\Bitcasa.exe [3952128 2012-11-27] (Bitcasa, Inc)
HKLM\...\Run: [CDAServer] - C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe [456704 2012-02-20] ()
HKLM\...\Run: [synTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2917688 2012-10-16] (Synaptics Incorporated)
HKLM\...\Run: [] - [X]
HKLM\...\Run: [AdAwareTray] - C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareTray.exe [4114264 2014-01-23] ()
HKLM-x32\...\Run: [startCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642216 2012-09-12] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Norton Online Backup] - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [2994880 2012-08-15] (Symantec Corporation)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [35736 2012-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [843712 2012-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [RemoteControl10] - C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [97392 2012-08-15] (CyberLink Corp.)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] - C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-08] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] - C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-12] (CyberLink Corp.)
HKLM-x32\...\Run: [NBKeyScan] - C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [1836328 2007-09-20] (Nero AG)
HKLM-x32\...\Run: [AVG_UI] - C:\Program Files (x86)\AVG\AVG2014\avgui.exe [4956176 2013-11-07] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [mobilegeni daemon] - C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
HKLM-x32\...\Run: [Ad-Aware Browsing Protection] - C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe [559696 2013-09-27] (Lavasoft)
HKU\S-1-5-21-2315020279-1530564925-723535831-1001\...\Run: [spotify Web Helper] - C:\Users\Tony\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1171968 2014-01-22] (Spotify Ltd)
HKU\S-1-5-21-2315020279-1530564925-723535831-1001\...\Run: [DAEMON Tools Lite] - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3673184 2013-07-03] (Disc Soft Ltd)
HKU\S-1-5-21-2315020279-1530564925-723535831-1001\...\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] - C:\Program Files (x86)\Common Files\Nero\Lib\NMBgMonitor.exe [202024 2007-09-20] (Nero AG)
HKU\S-1-5-21-2315020279-1530564925-723535831-1001\...\Run: [uTorrent] - C:\Users\Tony\AppData\Roaming\uTorrent\uTorrent.exe [900440 2013-11-16] (BitTorrent Inc.)
HKU\S-1-5-21-2315020279-1530564925-723535831-1001\...\Policies\system: [DisableLockWorkstation] 0
HKU\S-1-5-21-2315020279-1530564925-723535831-1001\...\MountPoints2: {36241a36-eed2-11e2-be97-1867b0533b71} - "E:\Autorun.exe"
AppInit_DLLs: C:\WINDOWS\Jaksta\AC\x64\jaudcap.dll => C:\WINDOWS\Jaksta\AC\x64\jaudcap.dll [311584 2013-12-21] (Jaksta Technologies Pty Ltd)
AppInit_DLLs-x32: C:\WINDOWS\Jaksta\AC\x86\jaudcap.dll => C:\WINDOWS\Jaksta\AC\x86\jaudcap.dll [264480 2013-12-21] (Jaksta Technologies Pty Ltd)
SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\windows\system32\CbFsMntNtf3.dll (EldoS Corporation)
SSODL-x32: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\windows\SysWow64\CbFsMntNtf3.dll (EldoS Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securedsearch2.lavasoft.com/index.php?pr=vmn&id=adawaretb&v=3_8&idate=2014-02-03&ent=hp&u=F8DD181E78DD7ACEB7694052EFFB18C5
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.awesomehp.com/?type=hp&ts=1391454160&from=ild&uid=ST1000LM024XHN-M101MBB_S2RQJ9DD316234
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.awesomehp.com/web/?type=ds&ts=1391454160&from=ild&uid=ST1000LM024XHN-M101MBB_S2RQJ9DD316234&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.awesomehp.com/?type=hp&ts=1391454160&from=ild&uid=ST1000LM024XHN-M101MBB_S2RQJ9DD316234
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.awesomehp.com/?type=hp&ts=1391454160&from=ild&uid=ST1000LM024XHN-M101MBB_S2RQJ9DD316234
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.awesomehp.com/web/?type=ds&ts=1391454160&from=ild&uid=ST1000LM024XHN-M101MBB_S2RQJ9DD316234&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.awesomehp.com/web/?type=ds&ts=1391454160&from=ild&uid=ST1000LM024XHN-M101MBB_S2RQJ9DD316234&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.awesomehp.com/?type=hp&ts=1391454160&from=ild&uid=ST1000LM024XHN-M101MBB_S2RQJ9DD316234
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.awesomehp.com/?type=hp&ts=1391454160&from=ild&uid=ST1000LM024XHN-M101MBB_S2RQJ9DD316234
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.awesomehp.com/web/?type=ds&ts=1391454160&from=ild&uid=ST1000LM024XHN-M101MBB_S2RQJ9DD316234&q={searchTerms}
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe http://www.awesomehp.com/?type=sc&ts=1391454160&from=ild&uid=ST1000LM024XHN-M101MBB_S2RQJ9DD316234
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.awesomehp.com/web/?type=ds&ts=1391454160&from=ild&uid=ST1000LM024XHN-M101MBB_S2RQJ9DD316234&q={searchTerms}
SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.awesomehp.com/web/?type=ds&ts=1391454160&from=ild&uid=ST1000LM024XHN-M101MBB_S2RQJ9DD316234&q={searchTerms}
SearchScopes: HKLM - {EDF0E249-8725-4587-BAA6-F2CDE369EE8F} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASMJS
SearchScopes: HKLM-x32 - {EDF0E249-8725-4587-BAA6-F2CDE369EE8F} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASMJS
SearchScopes: HKCU - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKCU - {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = http://securedsearch2.lavasoft.com/results.php?pr=vmn&id=adawaretb&v=3_8&idate=2014-02-03&hsimp=yhs-lavasoft&ent=ch&q={searchTerms}
SearchScopes: HKCU - {EDF0E249-8725-4587-BAA6-F2CDE369EE8F} URL =
BHO: Torntv V6.0 - {11111111-1111-1111-1111-110411591160} - C:\Program Files (x86)\Torntv V6.0\Torntv V6.0-bho64.dll No File
BHO: Ad-Aware Security Add-on - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\adawareDx64.dll ()
BHO: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
BHO: Freecorder extension x64 - {B15BBE59-42F5-4206-B3F0-BE98F5DC4B93} - C:\Program Files\Freecorder extension x64\ScriptHost.dll (Applian Technologies Inc.)
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Ad-Aware Security Add-on - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\adawareDx.dll ()
Toolbar: HKLM - Ad-Aware Security Add-on - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\adawareDx64.dll ()
Toolbar: HKLM-x32 - Ad-Aware Security Add-on - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\adawareDx.dll ()
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Tony\AppData\Roaming\Mozilla\Firefox\Profiles\e1f5p2p9.default
FF user.js: detected! => C:\Users\Tony\AppData\Roaming\Mozilla\Firefox\Profiles\e1f5p2p9.default\user.js
FF Homepage: https://www.google.se/
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF64_12_0_0_43.dll ()
FF Plugin: @videolan.org/vlc,version=2.0.7 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.8 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_43.dll ()
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\adawaretb.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\allaannonser-sv-SE.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\awesomehp.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\prisjakt-sv-SE.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\tyda-sv-SE.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\wikipedia-sv-SE.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-sv-SE.xml
FF Extension: Torntv V6.0 - C:\Users\Tony\AppData\Roaming\Mozilla\Firefox\Profiles\e1f5p2p9.default\Extensions\e2fd07a6-e282-4f2e-8965-85565fcb6384@b69158e6-3c3b-476c-9d98-ae5838c5b707.com [2014-02-03]
FF Extension: GrabRez - C:\Users\Tony\AppData\Roaming\Mozilla\Firefox\Profiles\e1f5p2p9.default\Extensions\{0602868e-3e6e-4d93-81e8-5b2290f620ba}.xpi [2014-02-01]
FF StartMenuInternet: FIREFOX.EXE - C:\Program Files (x86)\Mozilla Firefox\firefox.exe http://www.awesomehp.com/?type=sc&ts=1391454160&from=ild&uid=ST1000LM024XHN-M101MBB_S2RQJ9DD316234

==================== Services (Whitelisted) =================

R2 AdobeActiveFileMonitor11.0; C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe [172104 2013-01-26] (Adobe Systems Incorporated)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [231552 2012-12-05] (Qualcomm Atheros Commnucations)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3478544 2013-11-11] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [348008 2013-09-24] (AVG Technologies CZ, s.r.o.)
R2 Easy Launcher; C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe [1591176 2012-11-30] (Samsung Electronics CO., LTD.)
R2 LavasoftAdAwareService11; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareService.exe [702744 2014-01-23] ()
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [288776 2013-09-06] (McAfee, Inc.)
R2 Nero BackItUp Scheduler 3; C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe [853288 2007-09-20] (Nero AG)
S3 NMIndexingService; C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe [382248 2007-09-20] (Nero AG)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [3943104 2012-08-15] (Symantec Corporation)
R2 SWUpdateService; C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe [3018800 2013-10-21] (Samsung Electronics CO., LTD.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [346872 2013-08-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23840 2013-08-22] (Microsoft Corporation)
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2012-12-05] (Atheros)

==================== Drivers (Whitelisted) ====================

S0 ADP80XX; C:\Windows\System32\drivers\ADP80XX.SYS [782176 2013-08-22] (PMC-Sierra)
R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [35496 2012-07-09] (Advanced Micro Devices, Inc.)
S2 APXACC; C:\Windows\system32\DRIVERS\appexDrv.sys [199008 2012-06-22] (AppEx Networks Corporation)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [91648 2012-08-21] (Advanced Micro Devices)
S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [20496 2013-09-04] (AVG Technologies CZ, s.r.o.)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [150808 2013-11-05] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [240920 2013-11-04] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [194872 2013-10-24] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [212280 2013-10-31] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [294712 2013-10-31] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123704 2013-10-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31544 2013-09-10] (AVG Technologies CZ, s.r.o.)
R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [252728 2013-10-21] (AVG Technologies CZ, s.r.o.)
S3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2013-08-13] (Windows ® Win 7 DDK provider)
S3 BTATH_HID; C:\Windows\system32\DRIVERS\btath_hid.sys [222360 2012-12-05] (Qualcomm Atheros)
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2012-12-05] (Qualcomm Atheros)
S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [224768 2013-08-22] (Microsoft Corporation)
R1 cbfs3; C:\windows\system32\drivers\cbfs3.sys [352456 2012-08-06] (EldoS Corporation)
R1 ccSet_NARA; C:\Windows\system32\drivers\NARAx64\0401000.00E\ccSetx64.sys [168608 2012-05-26] (Symantec Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283064 2013-07-17] (Disc Soft Ltd)
S3 iaLPSSi_GPIO; C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [24568 2013-07-30] (Intel Corporation)
S3 iaLPSSi_I2C; C:\Windows\System32\drivers\iaLPSSi_I2C.sys [99320 2013-07-25] (Intel Corporation)
S0 iaStorAV; C:\Windows\System32\drivers\iaStorAV.sys [651248 2013-08-10] (Intel Corporation)
R0 intelpep; C:\Windows\System32\drivers\intelpep.sys [39768 2013-11-11] (Microsoft Corporation)
S0 LSI_SAS3; C:\Windows\System32\drivers\lsi_sas3.sys [81760 2013-08-22] (LSI Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 NdisVirtualBus; C:\Windows\System32\drivers\NdisVirtualBus.sys [16384 2013-08-22] (Microsoft Corporation)
S3 netvsc; C:\Windows\system32\DRIVERS\netvsc63.sys [87040 2013-08-22] (Microsoft Corporation)
R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-08-09] (Corel Corporation)
R3 RadioHIDMini; C:\Windows\System32\drivers\RadioHIDMini.sys [23408 2012-07-27] (Windows ® Win 7 DDK provider)
S3 ReFS; C:\Windows\System32\Drivers\ReFS.sys [924512 2013-08-22] (Microsoft Corporation)
S3 SerCx2; C:\Windows\System32\drivers\SerCx2.sys [146776 2013-10-26] (Microsoft Corporation)
S0 stornvme; C:\Windows\System32\drivers\stornvme.sys [57176 2013-10-05] (Microsoft Corporation)
R3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [329800 2013-07-17] (BitDefender S.R.L.)
S3 UEFI; C:\Windows\System32\drivers\UEFI.sys [26976 2013-08-22] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124256 2013-08-22] (Microsoft Corporation)
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-02-04 19:43 - 2014-02-04 19:43 - 00021277 _____ () C:\Users\Tony\Desktop\FRST.txt
2014-02-04 19:43 - 2014-02-04 19:43 - 00000000 ____D () C:\FRST
2014-02-04 19:42 - 2014-02-04 19:42 - 02080256 _____ (Farbar) C:\Users\Tony\Desktop\FRST64.exe
2014-02-04 19:28 - 2014-02-04 19:28 - 01166132 _____ () C:\Users\Tony\Downloads\adwcleaner.exe
2014-02-04 18:56 - 2014-02-04 18:56 - 00001121 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-02-04 18:56 - 2014-02-04 18:56 - 00000000 ____D () C:\Users\Tony\AppData\Roaming\Malwarebytes
2014-02-04 18:56 - 2014-02-04 18:56 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-02-04 18:56 - 2014-02-04 18:56 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-02-04 18:56 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-02-04 18:55 - 2014-02-04 18:56 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Tony\Downloads\mbam-setup-1.75.0.1300.exe
2014-02-03 21:41 - 2014-02-03 23:46 - 00000000 ____D () C:\WINDOWS\1F7E4FF9D2E542589AE1E16E6CB3252A.TMP
2014-02-03 21:41 - 2014-02-03 21:41 - 00000000 ____D () C:\Users\Tony\AppData\Roaming\LavasoftStatistics
2014-02-03 21:41 - 2014-02-03 21:41 - 00000000 ____D () C:\Users\Tony\AppData\Roaming\Lavasoft
2014-02-03 21:25 - 2014-02-04 19:31 - 00002329 _____ () C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
2014-02-03 21:25 - 2014-02-04 19:30 - 00000000 ____D () C:\ProgramData\Search Protection
2014-02-03 21:25 - 2014-02-03 23:46 - 00000000 ____D () C:\Users\Tony\AppData\Roaming\SecureSearch
2014-02-03 21:25 - 2014-02-03 23:46 - 00000000 ____D () C:\ProgramData\Ad-Aware Browsing Protection
2014-02-03 21:25 - 2014-02-03 23:46 - 00000000 ____D () C:\Program Files (x86)\Toolbar Cleaner
2014-02-03 21:25 - 2014-02-03 21:52 - 00000000 ____D () C:\Users\Tony\AppData\Local\adawarebp
2014-02-03 21:25 - 2014-02-03 21:25 - 00000000 ____D () C:\ProgramData\blekko toolbars
2014-02-03 21:25 - 2014-02-03 21:25 - 00000000 ____D () C:\Program Files\Lavasoft
2014-02-03 21:24 - 2014-02-03 21:24 - 00000000 ____D () C:\Program Files (x86)\Lavasoft
2014-02-03 21:23 - 2014-02-03 21:23 - 01727624 _____ () C:\Users\Tony\Downloads\Adaware_Installer.exe
2014-02-03 21:23 - 2014-02-03 21:23 - 00000000 ____D () C:\ProgramData\Lavasoft
2014-02-03 21:23 - 2014-02-03 21:23 - 00000000 ____D () C:\Program Files\Common Files\Lavasoft
2014-02-03 20:49 - 2014-02-03 20:49 - 00000000 _____ () C:\autoexec.bat
2014-02-03 20:48 - 2014-02-03 20:48 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-02-03 20:21 - 2014-02-03 20:21 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Tony\Downloads\SpyHunter-Installer.exe
2014-02-03 20:07 - 2014-02-04 19:26 - 00000000 ____D () C:\Users\Tony\AppData\Local\genienext
2014-02-03 20:07 - 2014-02-03 20:07 - 00000000 ____D () C:\Users\Tony\Documents\Mobogenie
2014-02-03 20:07 - 2014-02-03 20:07 - 00000000 ____D () C:\Users\Tony\AppData\Local\Mobogenie
2014-02-03 20:07 - 2014-02-03 20:07 - 00000000 ____D () C:\Users\Tony\AppData\Local\cache
2014-02-03 20:07 - 2014-02-03 20:07 - 00000000 ____D () C:\Users\Tony\.android
2014-02-03 20:07 - 2014-02-03 20:07 - 00000000 _____ () C:\Users\Tony\daemonprocess.txt
2014-02-03 20:06 - 2014-02-03 23:46 - 00000000 ____D () C:\Program Files (x86)\Mobogenie
2014-02-03 20:03 - 2014-02-04 19:30 - 00000000 ____D () C:\ProgramData\WPM
2014-02-03 20:00 - 2014-02-03 20:00 - 00000000 ____D () C:\Users\Tony\Documents\Homefront.2013.720p.HDRip.h264.AAC-RARBG
2014-01-24 15:18 - 2014-02-03 23:05 - 00000000 ____D () C:\WINDOWS\Minidump
2014-01-24 15:18 - 2014-01-24 15:18 - 00721136 _____ () C:\WINDOWS\Minidump\012414-59671-01.dmp
2014-01-23 17:53 - 2014-02-03 23:05 - 00000000 ___RD () C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2014-01-22 21:26 - 2014-02-03 23:05 - 00000000 ____D () C:\Users\Tony\Desktop\Spotify Recorder
2014-01-22 20:54 - 2014-01-22 20:54 - 00000000 ____D () C:\Users\Tony\AppData\Roaming\Freecorder 8 Video
2014-01-22 20:54 - 2014-01-22 20:54 - 00000000 ____D () C:\Users\Tony\AppData\Local\Freecorder 8 Video
2014-01-22 20:53 - 2014-01-22 20:53 - 00000000 ____D () C:\Users\Tony\AppData\Roaming\Freecorder 8 Converter
2014-01-22 20:52 - 2014-01-22 20:54 - 00000000 ____D () C:\Users\Tony\Documents\Freecorder
2014-01-22 20:52 - 2014-01-22 20:52 - 00000000 ____D () C:\Users\Tony\AppData\Roaming\Freecorder 8 Audio
2014-01-22 20:51 - 2014-02-03 23:05 - 00000000 ____D () C:\Users\Tony\AppData\Local\Jaksta_Technologies_Pty_L
2014-01-22 20:47 - 2014-02-03 23:05 - 00000000 ____D () C:\Program Files\Freecorder extension x64
2014-01-22 20:47 - 2014-01-22 20:48 - 00000000 ____D () C:\Program Files (x86)\Applian Technologies
2014-01-22 20:47 - 2014-01-22 20:47 - 00000000 ____D () C:\WINDOWS\Jaksta
2014-01-22 20:38 - 2014-01-22 20:38 - 00000000 ____D () C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Downtube
2014-01-19 12:55 - 2013-12-09 01:15 - 00787968 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll
2014-01-19 12:55 - 2013-11-27 16:36 - 03395920 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSService.dll
2014-01-19 12:55 - 2013-11-27 12:41 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSCollect.exe
2014-01-19 12:55 - 2013-11-27 11:34 - 00138240 _____ () C:\WINDOWS\system32\OEMLicense.dll
2014-01-19 12:55 - 2013-11-27 10:54 - 00103936 _____ () C:\WINDOWS\SysWOW64\OEMLicense.dll
2014-01-19 12:55 - 2013-11-27 09:48 - 00249856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-01-19 12:55 - 2013-11-27 09:45 - 00206336 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSClient.dll
2014-01-19 12:55 - 2013-11-27 09:40 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-01-19 12:55 - 2013-11-27 09:38 - 00174592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSClient.dll
2014-01-19 12:55 - 2013-11-27 09:17 - 00695808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2014-01-19 12:55 - 2013-11-27 09:12 - 00848384 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2014-01-19 12:49 - 2014-01-19 12:49 - 00000000 ____D () C:\Users\Tony\Documents\NFS Carbon

==================== One Month Modified Files and Folders =======

2014-02-04 19:43 - 2014-02-04 19:43 - 00021277 _____ () C:\Users\Tony\Desktop\FRST.txt
2014-02-04 19:43 - 2014-02-04 19:43 - 00000000 ____D () C:\FRST
2014-02-04 19:42 - 2014-02-04 19:42 - 02080256 _____ (Farbar) C:\Users\Tony\Desktop\FRST64.exe
2014-02-04 19:37 - 2013-09-30 05:14 - 01740478 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-02-04 19:37 - 2013-09-30 04:57 - 00733830 _____ () C:\WINDOWS\system32\perfh01D.dat
2014-02-04 19:37 - 2013-09-30 04:57 - 00152166 _____ () C:\WINDOWS\system32\perfc01D.dat
2014-02-04 19:36 - 2013-07-12 14:34 - 00003596 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2315020279-1530564925-723535831-1001
2014-02-04 19:34 - 2013-03-19 09:08 - 00000000 ____D () C:\ProgramData\WinClon
2014-02-04 19:33 - 2013-11-12 19:41 - 01277652 _____ () C:\WINDOWS\WindowsUpdate.log
2014-02-04 19:32 - 2013-11-12 20:01 - 00000000 __RDO () C:\Users\Tony\SkyDrive
2014-02-04 19:31 - 2014-02-03 21:25 - 00002329 _____ () C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
2014-02-04 19:30 - 2014-02-03 21:25 - 00000000 ____D () C:\ProgramData\Search Protection
2014-02-04 19:30 - 2014-02-03 20:03 - 00000000 ____D () C:\ProgramData\WPM
2014-02-04 19:30 - 2013-09-29 20:05 - 00145000 _____ () C:\WINDOWS\PFRO.log
2014-02-04 19:30 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-02-04 19:29 - 2013-08-22 14:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI
2014-02-04 19:28 - 2014-02-04 19:28 - 01166132 _____ () C:\Users\Tony\Downloads\adwcleaner.exe
2014-02-04 19:26 - 2014-02-03 20:07 - 00000000 ____D () C:\Users\Tony\AppData\Local\genienext
2014-02-04 19:21 - 2013-07-12 15:58 - 00000868 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-02-04 19:02 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-02-04 18:56 - 2014-02-04 18:56 - 00001121 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-02-04 18:56 - 2014-02-04 18:56 - 00000000 ____D () C:\Users\Tony\AppData\Roaming\Malwarebytes
2014-02-04 18:56 - 2014-02-04 18:56 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-02-04 18:56 - 2014-02-04 18:56 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-02-04 18:56 - 2014-02-04 18:55 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Tony\Downloads\mbam-setup-1.75.0.1300.exe
2014-02-04 18:51 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-02-04 18:45 - 2013-09-14 19:34 - 00000000 ____D () C:\ProgramData\MFAData
2014-02-03 23:46 - 2014-02-03 21:41 - 00000000 ____D () C:\WINDOWS\1F7E4FF9D2E542589AE1E16E6CB3252A.TMP
2014-02-03 23:46 - 2014-02-03 21:25 - 00000000 ____D () C:\Users\Tony\AppData\Roaming\SecureSearch
2014-02-03 23:46 - 2014-02-03 21:25 - 00000000 ____D () C:\ProgramData\Ad-Aware Browsing Protection
2014-02-03 23:46 - 2014-02-03 21:25 - 00000000 ____D () C:\Program Files (x86)\Toolbar Cleaner
2014-02-03 23:46 - 2014-02-03 20:06 - 00000000 ____D () C:\Program Files (x86)\Mobogenie
2014-02-03 23:46 - 2013-12-22 20:00 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-03 23:46 - 2013-08-23 19:31 - 00000000 ____D () C:\Users\Tony\AppData\Roaming\uTorrent
2014-02-03 23:46 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\WinStore
2014-02-03 23:46 - 2013-08-22 14:36 - 00000000 ____D () C:\WINDOWS\system32\Sysprep
2014-02-03 23:46 - 2013-08-22 14:36 - 00000000 ____D () C:\WINDOWS\servicing
2014-02-03 23:46 - 2013-08-11 14:37 - 00000000 ____D () C:\Users\Tony\AppData\Roaming\vlc
2014-02-03 23:46 - 2013-07-12 15:58 - 00000000 ____D () C:\ProgramData\McAfee Security Scan
2014-02-03 23:38 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\registration
2014-02-03 23:05 - 2014-01-24 15:18 - 00000000 ____D () C:\WINDOWS\Minidump
2014-02-03 23:05 - 2014-01-23 17:53 - 00000000 ___RD () C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2014-02-03 23:05 - 2014-01-22 21:26 - 00000000 ____D () C:\Users\Tony\Desktop\Spotify Recorder
2014-02-03 23:05 - 2014-01-22 20:51 - 00000000 ____D () C:\Users\Tony\AppData\Local\Jaksta_Technologies_Pty_L
2014-02-03 23:05 - 2014-01-22 20:47 - 00000000 ____D () C:\Program Files\Freecorder extension x64
2014-02-03 23:05 - 2013-07-13 12:55 - 00000000 ____D () C:\Users\Tony\AppData\Roaming\Spotify
2014-02-03 21:52 - 2014-02-03 21:25 - 00000000 ____D () C:\Users\Tony\AppData\Local\adawarebp
2014-02-03 21:41 - 2014-02-03 21:41 - 00000000 ____D () C:\Users\Tony\AppData\Roaming\LavasoftStatistics
2014-02-03 21:41 - 2014-02-03 21:41 - 00000000 ____D () C:\Users\Tony\AppData\Roaming\Lavasoft
2014-02-03 21:25 - 2014-02-03 21:25 - 00000000 ____D () C:\ProgramData\blekko toolbars
2014-02-03 21:25 - 2014-02-03 21:25 - 00000000 ____D () C:\Program Files\Lavasoft
2014-02-03 21:24 - 2014-02-03 21:24 - 00000000 ____D () C:\Program Files (x86)\Lavasoft
2014-02-03 21:23 - 2014-02-03 21:23 - 01727624 _____ () C:\Users\Tony\Downloads\Adaware_Installer.exe
2014-02-03 21:23 - 2014-02-03 21:23 - 00000000 ____D () C:\ProgramData\Lavasoft
2014-02-03 21:23 - 2014-02-03 21:23 - 00000000 ____D () C:\Program Files\Common Files\Lavasoft
2014-02-03 21:09 - 2013-07-17 13:08 - 00000000 ____D () C:\Filmer
2014-02-03 20:49 - 2014-02-03 20:49 - 00000000 _____ () C:\autoexec.bat
2014-02-03 20:48 - 2014-02-03 20:48 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-02-03 20:21 - 2014-02-03 20:21 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Tony\Downloads\SpyHunter-Installer.exe
2014-02-03 20:07 - 2014-02-03 20:07 - 00000000 ____D () C:\Users\Tony\Documents\Mobogenie
2014-02-03 20:07 - 2014-02-03 20:07 - 00000000 ____D () C:\Users\Tony\AppData\Local\Mobogenie
2014-02-03 20:07 - 2014-02-03 20:07 - 00000000 ____D () C:\Users\Tony\AppData\Local\cache
2014-02-03 20:07 - 2014-02-03 20:07 - 00000000 ____D () C:\Users\Tony\.android
2014-02-03 20:07 - 2014-02-03 20:07 - 00000000 _____ () C:\Users\Tony\daemonprocess.txt
2014-02-03 20:07 - 2013-11-12 19:18 - 00000000 ____D () C:\Users\Tony
2014-02-03 20:03 - 2012-12-21 09:19 - 00773680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr100.dll
2014-02-03 20:03 - 2012-12-21 09:19 - 00420912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcp100.dll
2014-02-03 20:02 - 2013-11-12 19:55 - 00001656 _____ () C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-02-03 20:00 - 2014-02-03 20:00 - 00000000 ____D () C:\Users\Tony\Documents\Homefront.2013.720p.HDRip.h264.AAC-RARBG
2014-02-02 10:46 - 2013-07-13 12:56 - 00000000 ____D () C:\Users\Tony\AppData\Local\Spotify
2014-02-01 10:00 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2014-01-26 21:47 - 2013-07-12 14:23 - 00000000 ____D () C:\Users\Tony\AppData\Local\VirtualStore
2014-01-26 20:36 - 2013-09-29 20:49 - 00001208 _____ () C:\Users\Tony\Desktop\Tony o Suzette Ekonomi.txt
2014-01-24 15:18 - 2014-01-24 15:18 - 00721136 _____ () C:\WINDOWS\Minidump\012414-59671-01.dmp
2014-01-24 15:18 - 2013-09-08 17:52 - 488319198 _____ () C:\WINDOWS\MEMORY.DMP
2014-01-22 23:05 - 2013-08-20 20:18 - 00000000 ____D () C:\Users\Tony\Desktop\Ny skiva
2014-01-22 21:01 - 2013-07-12 14:23 - 00000000 ____D () C:\Users\Tony\AppData\Local\Packages
2014-01-22 20:54 - 2014-01-22 20:54 - 00000000 ____D () C:\Users\Tony\AppData\Roaming\Freecorder 8 Video
2014-01-22 20:54 - 2014-01-22 20:54 - 00000000 ____D () C:\Users\Tony\AppData\Local\Freecorder 8 Video
2014-01-22 20:54 - 2014-01-22 20:52 - 00000000 ____D () C:\Users\Tony\Documents\Freecorder
2014-01-22 20:53 - 2014-01-22 20:53 - 00000000 ____D () C:\Users\Tony\AppData\Roaming\Freecorder 8 Converter
2014-01-22 20:52 - 2014-01-22 20:52 - 00000000 ____D () C:\Users\Tony\AppData\Roaming\Freecorder 8 Audio
2014-01-22 20:48 - 2014-01-22 20:47 - 00000000 ____D () C:\Program Files (x86)\Applian Technologies
2014-01-22 20:47 - 2014-01-22 20:47 - 00000000 ____D () C:\WINDOWS\Jaksta
2014-01-22 20:38 - 2014-01-22 20:38 - 00000000 ____D () C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Downtube
2014-01-22 18:15 - 2013-08-17 10:41 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-01-22 18:13 - 2013-07-14 13:53 - 86054176 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-01-22 17:30 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-01-22 16:50 - 2013-07-12 14:47 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-01-22 16:48 - 2013-08-22 16:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2014-01-22 16:48 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\MediaViewer
2014-01-22 16:48 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\FileManager
2014-01-22 16:48 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\Camera
2014-01-19 12:49 - 2014-01-19 12:49 - 00000000 ____D () C:\Users\Tony\Documents\NFS Carbon
2014-01-19 12:45 - 2013-07-12 15:49 - 00000000 ____D () C:\Users\Tony\Desktop\Spel
2014-01-19 12:34 - 2013-09-08 10:22 - 00000000 ____D () C:\Program Files (x86)\Electronic Arts
2014-01-19 12:33 - 2013-03-19 09:19 - 00442880 _____ () C:\WINDOWS\DirectX.log
2014-01-19 12:31 - 2013-10-12 19:12 - 00000000 ____D () C:\ProgramData\AVG2014
2014-01-19 12:28 - 2013-07-12 14:42 - 00000000 ____D () C:\Spel
2014-01-17 16:34 - 2013-07-12 15:58 - 00003756 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2014-01-17 16:34 - 2013-07-12 14:27 - 00000000 ____D () C:\Users\Tony\AppData\Local\Adobe
2014-01-06 23:31 - 2013-08-22 16:38 - 00693240 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-01-06 23:31 - 2013-08-22 16:38 - 00105464 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2014-01-06 14:41 - 2013-08-22 15:46 - 00293773 _____ () C:\WINDOWS\setupact.log

Files to move or delete:
====================
C:\ProgramData\MakeMarkerFile.exe
C:\Users\EasySurvey\EasySurvey.exe


Some content of TEMP:
====================
C:\Users\Tony\AppData\Local\Temp\2d953087-a30d-4067-97cc-5db48ea5a9e4.exe
C:\Users\Tony\AppData\Local\Temp\SHSetup.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-11-23 11:30

==================== End Of Log ============================

Addition.txt

Dela detta inlägg


Länk till inlägg
Dela på andra webbplatser
Cecilia

Vet du varifrån du fick in Awesomehp, har du webbsidan?

 

Bra jag ser att du redan har MBAM installerad och då antar jag att du har låtit programmet ta bort allt den hittat.

 

1. Har du tagit bort allt som AdwCleaner hittade också?

Om inte kollar jag gärna loggen först.

Stäng alla program, inklusive webbläsare.
Dubbelklicka på AdwCleaner för att starta programmet.

Klicka på Scan-knappen.
Vänta tills sökningen är klar.
Klicka på Report-knappen.
En rapport kommer upp, kopiera innehållet och klistra in i ditt svar.
Om rapporten inte kommer upp, så finns den även som C:\AdwCleaner[R0].txt

http://general-changelog-team.fr/en/tools/15-adwcleaner
http://www.bleepingcomputer.com/forums/topic469711.html/page__view__findpost__p__2850275

 

2. Spara ShortcutCleaner på skrivbordet: http://www.bleepingcomputer.com/download/shortcut-cleaner/dl/172/
Starta den nedladdade filen ss-cleaner.exe.
Vänta tills den är klar.
En rapport kommer upp, bifoga den till ditt svar.

 

3. Kör FRST igen och klistra in den nya FRST.txt.

Dela detta inlägg


Länk till inlägg
Dela på andra webbplatser
Toonky

# AdwCleaner v3.018 - Report created 08/02/2014 at 17:56:06
# Updated 28/01/2014 by Xplode
# Operating System : Windows 8.1  (64 bits)
# Username : Tony - TL-SAMSUNG
# Running from : C:\Users\Tony\Desktop\adwcleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

File Found : C:\Users\Tony\AppData\Roaming\Mozilla\Firefox\Profiles\e1f5p2p9.default\user.js
File Found : C:\WINDOWS\System32\Tasks\Desk 365 RunAsStdUser
Folder Found C:\Program Files (x86)\Toolbar Cleaner
Folder Found C:\ProgramData\blekko toolbars
Folder Found C:\ProgramData\boost_interprocess
Folder Found C:\ProgramData\Search Protection
Folder Found C:\Users\Tony\AppData\LocalLow\adawaretb
Folder Found C:\Users\Tony\AppData\Roaming\Mozilla\Firefox\Profiles\e1f5p2p9.default\adawaretb

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\AppDataLow\Software\smartbar
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\installedbrowserextensions
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Key Found : HKCU\Software\Softonic
Key Found : [x64] HKCU\Software\Conduit
Key Found : [x64] HKCU\Software\installedbrowserextensions
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
Key Found : [x64] HKCU\Software\Softonic
Key Found : HKLM\Software\adawaretb
Key Found : HKLM\Software\AVG Security Toolbar
Key Found : HKLM\SOFTWARE\Classes\AppID\{544C2426-48FD-4C40-AE3B-31257FF334D0}
Key Found : HKLM\SOFTWARE\Classes\AppID\RegistryHelper.DLL
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1917AB4C-E2E9-42AE-A51E-B5750F160BFB}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{A4341726-E922-47BB-86A6-23F4F4F67342}
Key Found : HKLM\SOFTWARE\Classes\Interface\{045F91B3-695F-423A-98C7-8DE3C47AA020}
Key Found : HKLM\SOFTWARE\Classes\Interface\{1348BD1B-C32A-41A7-9BD4-5377AA1AB925}
Key Found : HKLM\SOFTWARE\Classes\Interface\{395AFE6E-8308-48DB-89BE-ED5F4AA3D3EC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{43969E3F-3E7C-4911-A8F1-79C6CA6AC731}
Key Found : HKLM\SOFTWARE\Classes\Interface\{43B390F0-6BA2-45CA-ABF2-5DB0CEE9B49D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660466596660}
Key Found : HKLM\SOFTWARE\Classes\Interface\{93CF54F5-CFAA-4440-B588-8ED0DFAD5C21}
Key Found : HKLM\SOFTWARE\Classes\Interface\{94CADA2E-1D3F-419F-8A3D-06C58EDF53C8}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E52EB8B-8DD9-4605-AD36-D352BCD482F2}
Key Found : HKLM\SOFTWARE\Classes\Interface\{A1440EC3-F0FA-407A-B811-DE6668C06D29}
Key Found : HKLM\SOFTWARE\Classes\Interface\{B887CA3B-D82B-4A01-AD29-E97444D01CE6}
Key Found : HKLM\SOFTWARE\Classes\Interface\{B9A84AD0-5777-46FD-8B8F-1EBD06750FBC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C1995F88-1C7F-40D7-B0FA-6F107F6308B8}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C815E3DA-0823-49B0-9270-D1771D58B317}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D3BC53E7-0437-4C97-90EE-2CD6FF47FB14}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E4A994B0-5550-4680-A4C6-B9470B888069}
Key Found : HKLM\Software\Conduit
Key Found : HKLM\Software\Desksvc
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AFB904C4-C255-4540-B97E-A75A34F1FFB0}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\adawaretb
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Toolbar Cleaner
Key Found : HKLM\Software\Toolbar Cleaner
Key Found : HKLM\Software\V9
Key Found : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\DeskSvc
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{1917AB4C-E2E9-42AE-A51E-B5750F160BFB}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{43969E3F-3E7C-4911-A8F1-79C6CA6AC731}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{6C65F1F0-8088-414B-828C-813207ADE75A}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{A4341726-E922-47BB-86A6-23F4F4F67342}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{B15BBE59-42F5-4206-B3F0-BE98F5DC4B93}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{C9B4F046-2A8C-46BD-B1A1-CF0EAE5EA521}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{DCA1528D-A3C0-4A9F-AA6E-DCE643F91495}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{045F91B3-695F-423A-98C7-8DE3C47AA020}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{1348BD1B-C32A-41A7-9BD4-5377AA1AB925}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{395AFE6E-8308-48DB-89BE-ED5F4AA3D3EC}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{43969E3F-3E7C-4911-A8F1-79C6CA6AC731}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{43B390F0-6BA2-45CA-ABF2-5DB0CEE9B49D}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660466596660}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{93CF54F5-CFAA-4440-B588-8ED0DFAD5C21}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{94CADA2E-1D3F-419F-8A3D-06C58EDF53C8}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{9E52EB8B-8DD9-4605-AD36-D352BCD482F2}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{A1440EC3-F0FA-407A-B811-DE6668C06D29}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{B887CA3B-D82B-4A01-AD29-E97444D01CE6}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{B9A84AD0-5777-46FD-8B8F-1EBD06750FBC}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{C1995F88-1C7F-40D7-B0FA-6F107F6308B8}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{C815E3DA-0823-49B0-9270-D1771D58B317}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{D3BC53E7-0437-4C97-90EE-2CD6FF47FB14}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{E4A994B0-5550-4680-A4C6-B9470B888069}
Key Found : [x64] HKLM\SOFTWARE\Conduit
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B15BBE59-42F5-4206-B3F0-BE98F5DC4B93}
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{6C97A91E-4524-4019-86AF-2AA2D567BF5C}]
Value Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{6C97A91E-4524-4019-86AF-2AA2D567BF5C}]

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16384


-\\ Mozilla Firefox v26.0 (sv-SE)

[ File : C:\Users\Tony\AppData\Roaming\Mozilla\Firefox\Profiles\e1f5p2p9.default\prefs.js ]

Line Found : user_pref("CT3225826.FF19Solved", "true");
Line Found : user_pref("CT3225826.UserID", "UN27786234623028329");
Line Found : user_pref("CT3225826.installDate", "17/7/2013 13:21:46");
Line Found : user_pref("CT3225826.installSessionId", "-1");
Line Found : user_pref("CT3225826.installSp", "FALSE");
Line Found : user_pref("CT3225826.installerVersion", "1.4.2.3");
Line Found : user_pref("CT3225826.searchRevert", "FALSE");
Line Found : user_pref("CT3225826.searchUserMode", "1");
Line Found : user_pref("CT3225826.versionFromInstaller", "10.16.2.9");
Line Found : user_pref("extensions.crossrider.bic", "143f921e9e735031208aa7dcc5f305c4");
Line Found : user_pref("extensions.freecorder@freecorder.com.menuitems", "[{\"name\":\"Freecorder Menu Header\",\"img\":\"hxxp://freecorder.com/fc8/ui/buttons/menu_header.png\",\"width\":225,\"height\":65},{\"name[...]

*************************

AdwCleaner[R0].txt - [8287 octets] - [08/02/2014 17:51:08]
AdwCleaner[R1].txt - [8071 octets] - [08/02/2014 17:56:06]

########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [8131 octets] ##########
 

Dela detta inlägg


Länk till inlägg
Dela på andra webbplatser
Toonky

Jag var inne på "rarbg.com" klickade på något där och då fick jag denne skiten :(

Jepp jag tog bort allt som MBAM hittade, tror det var 315 saker. Inte helt hundra men har för mig detta.

Dela detta inlägg


Länk till inlägg
Dela på andra webbplatser
Toonky

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-02-2014
Ran by Tony (administrator) on TL-SAMSUNG on 08-02-2014 18:13:36
Running from C:\Users\Tony\Desktop
Windows 8.1 (X64) OS Language: Swedish
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Nero AG) C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
() C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\sSettings.exe
(Samsung Electronics CO., LTD.) C:\Program Files\Samsung\S Agent\CommonAgent.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Qualcomm Atheros) C:\Program Files (x86)\Bluetooth Suite\BtTray.exe
(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
() C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareTray.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
() C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe
(Lavasoft) C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(Samsung Electronics CO., LTD.) C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe
(Samsung Electronics CO., LTD.) C:\Program Files\Samsung\Support Center\GuaranaAgent.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13191824 2012-08-10] (Realtek Semiconductor)
HKLM\...\Run: [btTray] - C:\Program Files (x86)\Bluetooth Suite\BtTray.exe [766080 2012-12-05] (Qualcomm Atheros)
HKLM\...\Run: [btvStack] - C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [128640 2012-12-05] (Atheros Communications)
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [499608 2011-06-16] (Adobe Systems Incorporated)
HKLM\...\Run: [bitcasa] - C:\Program Files\Bitcasa\Bitcasa.exe [3952128 2012-11-27] (Bitcasa, Inc)
HKLM\...\Run: [CDAServer] - C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe [456704 2012-02-20] ()
HKLM\...\Run: [synTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2917688 2012-10-16] (Synaptics Incorporated)
HKLM\...\Run: [] - [X]
HKLM\...\Run: [AdAwareTray] - C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareTray.exe [4114264 2014-01-23] ()
HKLM-x32\...\Run: [startCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642216 2012-09-12] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Norton Online Backup] - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [2994880 2012-08-15] (Symantec Corporation)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [35736 2012-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [843712 2012-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [RemoteControl10] - C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [97392 2012-08-15] (CyberLink Corp.)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] - C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-08] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] - C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-12] (CyberLink Corp.)
HKLM-x32\...\Run: [NBKeyScan] - C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [1836328 2007-09-20] (Nero AG)
HKLM-x32\...\Run: [AVG_UI] - C:\Program Files (x86)\AVG\AVG2014\avgui.exe [4956176 2013-11-07] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [mobilegeni daemon] - C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
HKLM-x32\...\Run: [Ad-Aware Browsing Protection] - C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe [559696 2013-09-27] (Lavasoft)
HKU\S-1-5-21-2315020279-1530564925-723535831-1001\...\Run: [spotify Web Helper] - C:\Users\Tony\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1171968 2014-01-22] (Spotify Ltd)
HKU\S-1-5-21-2315020279-1530564925-723535831-1001\...\Run: [DAEMON Tools Lite] - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3673184 2013-07-03] (Disc Soft Ltd)
HKU\S-1-5-21-2315020279-1530564925-723535831-1001\...\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] - C:\Program Files (x86)\Common Files\Nero\Lib\NMBgMonitor.exe [202024 2007-09-20] (Nero AG)
HKU\S-1-5-21-2315020279-1530564925-723535831-1001\...\Run: [uTorrent] - C:\Users\Tony\AppData\Roaming\uTorrent\uTorrent.exe [900440 2013-11-16] (BitTorrent Inc.)
HKU\S-1-5-21-2315020279-1530564925-723535831-1001\...\Policies\system: [DisableLockWorkstation] 0
HKU\S-1-5-21-2315020279-1530564925-723535831-1001\...\MountPoints2: {36241a36-eed2-11e2-be97-1867b0533b71} - "E:\Autorun.exe"
AppInit_DLLs: C:\WINDOWS\Jaksta\AC\x64\jaudcap.dll => C:\WINDOWS\Jaksta\AC\x64\jaudcap.dll [311584 2013-12-21] (Jaksta Technologies Pty Ltd)
AppInit_DLLs-x32: C:\WINDOWS\Jaksta\AC\x86\jaudcap.dll => C:\WINDOWS\Jaksta\AC\x86\jaudcap.dll [264480 2013-12-21] (Jaksta Technologies Pty Ltd)
SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\windows\system32\CbFsMntNtf3.dll (EldoS Corporation)
SSODL-x32: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\windows\SysWow64\CbFsMntNtf3.dll (EldoS Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securedsearch2.lavasoft.com/index.php?pr=vmn&id=adawaretb&v=3_8&idate=2014-02-03&ent=hp&u=F8DD181E78DD7ACEB7694052EFFB18C5
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.awesomehp.com/?type=hp&ts=1391454160&from=ild&uid=ST1000LM024XHN-M101MBB_S2RQJ9DD316234
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.awesomehp.com/web/?type=ds&ts=1391454160&from=ild&uid=ST1000LM024XHN-M101MBB_S2RQJ9DD316234&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.awesomehp.com/?type=hp&ts=1391454160&from=ild&uid=ST1000LM024XHN-M101MBB_S2RQJ9DD316234
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.awesomehp.com/?type=hp&ts=1391454160&from=ild&uid=ST1000LM024XHN-M101MBB_S2RQJ9DD316234
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.awesomehp.com/web/?type=ds&ts=1391454160&from=ild&uid=ST1000LM024XHN-M101MBB_S2RQJ9DD316234&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.awesomehp.com/web/?type=ds&ts=1391454160&from=ild&uid=ST1000LM024XHN-M101MBB_S2RQJ9DD316234&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.awesomehp.com/?type=hp&ts=1391454160&from=ild&uid=ST1000LM024XHN-M101MBB_S2RQJ9DD316234
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.awesomehp.com/?type=hp&ts=1391454160&from=ild&uid=ST1000LM024XHN-M101MBB_S2RQJ9DD316234
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.awesomehp.com/web/?type=ds&ts=1391454160&from=ild&uid=ST1000LM024XHN-M101MBB_S2RQJ9DD316234&q={searchTerms}
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe http://www.awesomehp.com/?type=sc&ts=1391454160&from=ild&uid=ST1000LM024XHN-M101MBB_S2RQJ9DD316234
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKLM - {EDF0E249-8725-4587-BAA6-F2CDE369EE8F} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASMJS
SearchScopes: HKLM-x32 - {EDF0E249-8725-4587-BAA6-F2CDE369EE8F} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASMJS
SearchScopes: HKCU - {EDF0E249-8725-4587-BAA6-F2CDE369EE8F} URL =
BHO: Torntv V6.0 - {11111111-1111-1111-1111-110411591160} - C:\Program Files (x86)\Torntv V6.0\Torntv V6.0-bho64.dll No File
BHO: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Tony\AppData\Roaming\Mozilla\Firefox\Profiles\e1f5p2p9.default
FF Homepage: https://www.google.se/
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF64_12_0_0_43.dll ()
FF Plugin: @videolan.org/vlc,version=2.0.7 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.8 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll ()
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\adawaretb.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\allaannonser-sv-SE.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\awesomehp.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\prisjakt-sv-SE.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\tyda-sv-SE.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\wikipedia-sv-SE.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-sv-SE.xml
FF Extension: Torntv V6.0 - C:\Users\Tony\AppData\Roaming\Mozilla\Firefox\Profiles\e1f5p2p9.default\Extensions\e2fd07a6-e282-4f2e-8965-85565fcb6384@b69158e6-3c3b-476c-9d98-ae5838c5b707.com [2014-02-03]
FF Extension: GrabRez - C:\Users\Tony\AppData\Roaming\Mozilla\Firefox\Profiles\e1f5p2p9.default\Extensions\{0602868e-3e6e-4d93-81e8-5b2290f620ba}.xpi [2014-02-01]
FF StartMenuInternet: FIREFOX.EXE - C:\Program Files (x86)\Mozilla Firefox\firefox.exe http://www.awesomehp.com/?type=sc&ts=1391454160&from=ild&uid=ST1000LM024XHN-M101MBB_S2RQJ9DD316234

==================== Services (Whitelisted) =================

R2 AdobeActiveFileMonitor11.0; C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe [172104 2013-01-26] (Adobe Systems Incorporated)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [231552 2012-12-05] (Qualcomm Atheros Commnucations)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3478544 2013-11-11] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [348008 2013-09-24] (AVG Technologies CZ, s.r.o.)
R2 Easy Launcher; C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe [1591176 2012-11-30] (Samsung Electronics CO., LTD.)
R2 LavasoftAdAwareService11; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareService.exe [702744 2014-01-23] ()
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [288776 2013-09-06] (McAfee, Inc.)
R2 Nero BackItUp Scheduler 3; C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe [853288 2007-09-20] (Nero AG)
S3 NMIndexingService; C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe [382248 2007-09-20] (Nero AG)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [3943104 2012-08-15] (Symantec Corporation)
R2 SWUpdateService; C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe [3018800 2013-10-21] (Samsung Electronics CO., LTD.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [346872 2013-08-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23840 2013-08-22] (Microsoft Corporation)
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2012-12-05] (Atheros)

==================== Drivers (Whitelisted) ====================

S0 ADP80XX; C:\Windows\System32\drivers\ADP80XX.SYS [782176 2013-08-22] (PMC-Sierra)
R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [35496 2012-07-09] (Advanced Micro Devices, Inc.)
S2 APXACC; C:\Windows\system32\DRIVERS\appexDrv.sys [199008 2012-06-22] (AppEx Networks Corporation)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [91648 2012-08-21] (Advanced Micro Devices)
S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [20496 2013-09-04] (AVG Technologies CZ, s.r.o.)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [150808 2013-11-05] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [240920 2013-11-04] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [194872 2013-10-24] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [212280 2013-10-31] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [294712 2013-10-31] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123704 2013-10-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31544 2013-09-10] (AVG Technologies CZ, s.r.o.)
R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [252728 2013-10-21] (AVG Technologies CZ, s.r.o.)
S3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2013-08-13] (Windows ® Win 7 DDK provider)
S3 BTATH_HID; C:\Windows\system32\DRIVERS\btath_hid.sys [222360 2012-12-05] (Qualcomm Atheros)
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2012-12-05] (Qualcomm Atheros)
S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [224768 2013-08-22] (Microsoft Corporation)
R1 cbfs3; C:\windows\system32\drivers\cbfs3.sys [352456 2012-08-06] (EldoS Corporation)
R1 ccSet_NARA; C:\Windows\system32\drivers\NARAx64\0401000.00E\ccSetx64.sys [168608 2012-05-26] (Symantec Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283064 2013-07-17] (Disc Soft Ltd)
S3 iaLPSSi_GPIO; C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [24568 2013-07-30] (Intel Corporation)
S3 iaLPSSi_I2C; C:\Windows\System32\drivers\iaLPSSi_I2C.sys [99320 2013-07-25] (Intel Corporation)
S0 iaStorAV; C:\Windows\System32\drivers\iaStorAV.sys [651248 2013-08-10] (Intel Corporation)
R0 intelpep; C:\Windows\System32\drivers\intelpep.sys [39768 2013-11-11] (Microsoft Corporation)
S0 LSI_SAS3; C:\Windows\System32\drivers\lsi_sas3.sys [81760 2013-08-22] (LSI Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 NdisVirtualBus; C:\Windows\System32\drivers\NdisVirtualBus.sys [16384 2013-08-22] (Microsoft Corporation)
S3 netvsc; C:\Windows\system32\DRIVERS\netvsc63.sys [87040 2013-08-22] (Microsoft Corporation)
R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-08-09] (Corel Corporation)
R3 RadioHIDMini; C:\Windows\System32\drivers\RadioHIDMini.sys [23408 2012-07-27] (Windows ® Win 7 DDK provider)
S3 ReFS; C:\Windows\System32\Drivers\ReFS.sys [924512 2013-08-22] (Microsoft Corporation)
S3 SerCx2; C:\Windows\System32\drivers\SerCx2.sys [146776 2013-10-26] (Microsoft Corporation)
S0 stornvme; C:\Windows\System32\drivers\stornvme.sys [57176 2013-10-05] (Microsoft Corporation)
R3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [329800 2013-07-17] (BitDefender S.R.L.)
S3 UEFI; C:\Windows\System32\drivers\UEFI.sys [26976 2013-08-22] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124256 2013-08-22] (Microsoft Corporation)
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-02-08 18:13 - 2014-02-08 18:13 - 00000000 ____D () C:\Users\Tony\Desktop\Virus
2014-02-08 18:13 - 2014-02-08 18:13 - 00000000 ____D () C:\Users\Tony\Desktop\FRST-OlderVersion
2014-02-08 18:12 - 2014-02-08 18:12 - 00003916 _____ () C:\Users\Tony\Desktop\sc-cleaner.txt
2014-02-08 18:10 - 2014-02-08 18:10 - 00003916 _____ () C:\sc-cleaner.txt
2014-02-08 18:08 - 2014-02-08 18:08 - 00000000 ____D () C:\ProgramData\boost_interprocess
2014-02-08 18:04 - 2014-02-08 18:04 - 00406264 _____ (Bleeping Computer, LLC) C:\Users\Tony\Downloads\sc-cleaner.exe
2014-02-05 20:47 - 2014-02-04 19:28 - 01166132 _____ () C:\Users\Tony\Desktop\adwcleaner.exe
2014-02-05 20:46 - 2014-02-08 18:04 - 00000000 ____D () C:\AdwCleaner
2014-02-04 19:43 - 2014-02-08 18:13 - 00019664 _____ () C:\Users\Tony\Desktop\FRST.txt
2014-02-04 19:43 - 2014-02-08 18:13 - 00000000 ____D () C:\FRST
2014-02-04 19:42 - 2014-02-08 18:13 - 02079744 _____ (Farbar) C:\Users\Tony\Desktop\FRST64.exe
2014-02-04 19:28 - 2014-02-04 19:28 - 01166132 _____ () C:\Users\Tony\Downloads\adwcleaner.exe
2014-02-04 18:56 - 2014-02-04 18:56 - 00001121 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-02-04 18:56 - 2014-02-04 18:56 - 00000000 ____D () C:\Users\Tony\AppData\Roaming\Malwarebytes
2014-02-04 18:56 - 2014-02-04 18:56 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-02-04 18:56 - 2014-02-04 18:56 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-02-04 18:56 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-02-04 18:55 - 2014-02-04 18:56 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Tony\Downloads\mbam-setup-1.75.0.1300.exe
2014-02-03 21:41 - 2014-02-03 23:46 - 00000000 ____D () C:\WINDOWS\1F7E4FF9D2E542589AE1E16E6CB3252A.TMP
2014-02-03 21:41 - 2014-02-03 21:41 - 00000000 ____D () C:\Users\Tony\AppData\Roaming\LavasoftStatistics
2014-02-03 21:41 - 2014-02-03 21:41 - 00000000 ____D () C:\Users\Tony\AppData\Roaming\Lavasoft
2014-02-03 21:25 - 2014-02-08 18:07 - 00002329 _____ () C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
2014-02-03 21:25 - 2014-02-03 23:46 - 00000000 ____D () C:\Users\Tony\AppData\Roaming\SecureSearch
2014-02-03 21:25 - 2014-02-03 23:46 - 00000000 ____D () C:\ProgramData\Ad-Aware Browsing Protection
2014-02-03 21:25 - 2014-02-03 21:52 - 00000000 ____D () C:\Users\Tony\AppData\Local\adawarebp
2014-02-03 21:25 - 2014-02-03 21:25 - 00000000 ____D () C:\Program Files\Lavasoft
2014-02-03 21:24 - 2014-02-03 21:24 - 00000000 ____D () C:\Program Files (x86)\Lavasoft
2014-02-03 21:23 - 2014-02-03 21:23 - 01727624 _____ () C:\Users\Tony\Downloads\Adaware_Installer.exe
2014-02-03 21:23 - 2014-02-03 21:23 - 00000000 ____D () C:\ProgramData\Lavasoft
2014-02-03 21:23 - 2014-02-03 21:23 - 00000000 ____D () C:\Program Files\Common Files\Lavasoft
2014-02-03 20:49 - 2014-02-03 20:49 - 00000000 _____ () C:\autoexec.bat
2014-02-03 20:48 - 2014-02-03 20:48 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-02-03 20:21 - 2014-02-03 20:21 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Tony\Downloads\SpyHunter-Installer.exe
2014-02-03 20:07 - 2014-02-04 19:26 - 00000000 ____D () C:\Users\Tony\AppData\Local\genienext
2014-02-03 20:07 - 2014-02-03 20:07 - 00000000 ____D () C:\Users\Tony\Documents\Mobogenie
2014-02-03 20:07 - 2014-02-03 20:07 - 00000000 ____D () C:\Users\Tony\AppData\Local\Mobogenie
2014-02-03 20:07 - 2014-02-03 20:07 - 00000000 ____D () C:\Users\Tony\AppData\Local\cache
2014-02-03 20:07 - 2014-02-03 20:07 - 00000000 ____D () C:\Users\Tony\.android
2014-02-03 20:07 - 2014-02-03 20:07 - 00000000 _____ () C:\Users\Tony\daemonprocess.txt
2014-02-03 20:06 - 2014-02-03 23:46 - 00000000 ____D () C:\Program Files (x86)\Mobogenie
2014-02-03 20:03 - 2014-02-04 19:30 - 00000000 ____D () C:\ProgramData\WPM
2014-02-03 20:00 - 2014-02-03 20:00 - 00000000 ____D () C:\Users\Tony\Documents\Homefront.2013.720p.HDRip.h264.AAC-RARBG
2014-01-24 15:18 - 2014-02-03 23:05 - 00000000 ____D () C:\WINDOWS\Minidump
2014-01-24 15:18 - 2014-01-24 15:18 - 00721136 _____ () C:\WINDOWS\Minidump\012414-59671-01.dmp
2014-01-23 17:53 - 2014-02-03 23:05 - 00000000 ___RD () C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2014-01-22 21:26 - 2014-02-03 23:05 - 00000000 ____D () C:\Users\Tony\Desktop\Spotify Recorder
2014-01-22 20:54 - 2014-01-22 20:54 - 00000000 ____D () C:\Users\Tony\AppData\Roaming\Freecorder 8 Video
2014-01-22 20:54 - 2014-01-22 20:54 - 00000000 ____D () C:\Users\Tony\AppData\Local\Freecorder 8 Video
2014-01-22 20:53 - 2014-01-22 20:53 - 00000000 ____D () C:\Users\Tony\AppData\Roaming\Freecorder 8 Converter
2014-01-22 20:52 - 2014-01-22 20:54 - 00000000 ____D () C:\Users\Tony\Documents\Freecorder
2014-01-22 20:52 - 2014-01-22 20:52 - 00000000 ____D () C:\Users\Tony\AppData\Roaming\Freecorder 8 Audio
2014-01-22 20:51 - 2014-02-03 23:05 - 00000000 ____D () C:\Users\Tony\AppData\Local\Jaksta_Technologies_Pty_L
2014-01-22 20:47 - 2014-02-03 23:05 - 00000000 ____D () C:\Program Files\Freecorder extension x64
2014-01-22 20:47 - 2014-01-22 20:48 - 00000000 ____D () C:\Program Files (x86)\Applian Technologies
2014-01-22 20:47 - 2014-01-22 20:47 - 00000000 ____D () C:\WINDOWS\Jaksta
2014-01-22 20:38 - 2014-01-22 20:38 - 00000000 ____D () C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Downtube
2014-01-19 12:55 - 2013-12-09 01:15 - 00787968 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll
2014-01-19 12:55 - 2013-11-27 16:36 - 03395920 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSService.dll
2014-01-19 12:55 - 2013-11-27 12:41 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSCollect.exe
2014-01-19 12:55 - 2013-11-27 11:34 - 00138240 _____ () C:\WINDOWS\system32\OEMLicense.dll
2014-01-19 12:55 - 2013-11-27 10:54 - 00103936 _____ () C:\WINDOWS\SysWOW64\OEMLicense.dll
2014-01-19 12:55 - 2013-11-27 09:48 - 00249856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-01-19 12:55 - 2013-11-27 09:45 - 00206336 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSClient.dll
2014-01-19 12:55 - 2013-11-27 09:40 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-01-19 12:55 - 2013-11-27 09:38 - 00174592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSClient.dll
2014-01-19 12:55 - 2013-11-27 09:17 - 00695808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2014-01-19 12:55 - 2013-11-27 09:12 - 00848384 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2014-01-19 12:49 - 2014-01-19 12:49 - 00000000 ____D () C:\Users\Tony\Documents\NFS Carbon

==================== One Month Modified Files and Folders =======

2014-02-08 18:13 - 2014-02-08 18:13 - 00000000 ____D () C:\Users\Tony\Desktop\Virus
2014-02-08 18:13 - 2014-02-08 18:13 - 00000000 ____D () C:\Users\Tony\Desktop\FRST-OlderVersion
2014-02-08 18:13 - 2014-02-04 19:43 - 00019664 _____ () C:\Users\Tony\Desktop\FRST.txt
2014-02-08 18:13 - 2014-02-04 19:43 - 00000000 ____D () C:\FRST
2014-02-08 18:13 - 2014-02-04 19:42 - 02079744 _____ (Farbar) C:\Users\Tony\Desktop\FRST64.exe
2014-02-08 18:12 - 2014-02-08 18:12 - 00003916 _____ () C:\Users\Tony\Desktop\sc-cleaner.txt
2014-02-08 18:12 - 2013-07-12 14:34 - 00003596 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2315020279-1530564925-723535831-1001
2014-02-08 18:10 - 2014-02-08 18:10 - 00003916 _____ () C:\sc-cleaner.txt
2014-02-08 18:10 - 2013-11-12 19:55 - 00001446 _____ () C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-02-08 18:10 - 2013-03-19 09:08 - 00000000 ____D () C:\ProgramData\WinClon
2014-02-08 18:08 - 2014-02-08 18:08 - 00000000 ____D () C:\ProgramData\boost_interprocess
2014-02-08 18:08 - 2013-11-12 20:01 - 00000000 __RDO () C:\Users\Tony\SkyDrive
2014-02-08 18:07 - 2014-02-03 21:25 - 00002329 _____ () C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
2014-02-08 18:06 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-02-08 18:05 - 2013-08-22 14:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI
2014-02-08 18:04 - 2014-02-08 18:04 - 00406264 _____ (Bleeping Computer, LLC) C:\Users\Tony\Downloads\sc-cleaner.exe
2014-02-08 18:04 - 2014-02-05 20:46 - 00000000 ____D () C:\AdwCleaner
2014-02-08 18:00 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-02-08 17:56 - 2013-07-13 12:55 - 00000000 ____D () C:\Users\Tony\AppData\Roaming\Spotify
2014-02-08 17:54 - 2013-09-14 19:34 - 00000000 ____D () C:\ProgramData\MFAData
2014-02-08 17:21 - 2013-07-12 15:58 - 00000868 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-02-08 16:29 - 2013-11-12 19:41 - 01455474 _____ () C:\WINDOWS\WindowsUpdate.log
2014-02-08 12:41 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2014-02-07 18:10 - 2013-07-17 13:08 - 00000000 ____D () C:\Filmer
2014-02-07 18:00 - 2013-07-13 12:56 - 00000000 ____D () C:\Users\Tony\AppData\Local\Spotify
2014-02-06 17:04 - 2013-09-30 05:14 - 01740478 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-02-06 17:04 - 2013-09-30 04:57 - 00733830 _____ () C:\WINDOWS\system32\perfh01D.dat
2014-02-06 17:04 - 2013-09-30 04:57 - 00152166 _____ () C:\WINDOWS\system32\perfc01D.dat
2014-02-05 20:02 - 2013-07-12 14:27 - 00000000 ____D () C:\Users\Tony\AppData\Local\Adobe
2014-02-05 20:02 - 2013-07-12 14:26 - 00000000 ____D () C:\Users\Tony\AppData\Roaming\Adobe
2014-02-05 17:40 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-02-04 20:21 - 2013-07-12 15:58 - 00003756 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2014-02-04 19:30 - 2014-02-03 20:03 - 00000000 ____D () C:\ProgramData\WPM
2014-02-04 19:30 - 2013-09-29 20:05 - 00145000 _____ () C:\WINDOWS\PFRO.log
2014-02-04 19:28 - 2014-02-05 20:47 - 01166132 _____ () C:\Users\Tony\Desktop\adwcleaner.exe
2014-02-04 19:28 - 2014-02-04 19:28 - 01166132 _____ () C:\Users\Tony\Downloads\adwcleaner.exe
2014-02-04 19:26 - 2014-02-03 20:07 - 00000000 ____D () C:\Users\Tony\AppData\Local\genienext
2014-02-04 18:56 - 2014-02-04 18:56 - 00001121 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-02-04 18:56 - 2014-02-04 18:56 - 00000000 ____D () C:\Users\Tony\AppData\Roaming\Malwarebytes
2014-02-04 18:56 - 2014-02-04 18:56 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-02-04 18:56 - 2014-02-04 18:56 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-02-04 18:56 - 2014-02-04 18:55 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Tony\Downloads\mbam-setup-1.75.0.1300.exe
2014-02-03 23:46 - 2014-02-03 21:41 - 00000000 ____D () C:\WINDOWS\1F7E4FF9D2E542589AE1E16E6CB3252A.TMP
2014-02-03 23:46 - 2014-02-03 21:25 - 00000000 ____D () C:\Users\Tony\AppData\Roaming\SecureSearch
2014-02-03 23:46 - 2014-02-03 21:25 - 00000000 ____D () C:\ProgramData\Ad-Aware Browsing Protection
2014-02-03 23:46 - 2014-02-03 20:06 - 00000000 ____D () C:\Program Files (x86)\Mobogenie
2014-02-03 23:46 - 2013-12-22 20:00 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-03 23:46 - 2013-08-23 19:31 - 00000000 ____D () C:\Users\Tony\AppData\Roaming\uTorrent
2014-02-03 23:46 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\WinStore
2014-02-03 23:46 - 2013-08-22 14:36 - 00000000 ____D () C:\WINDOWS\system32\Sysprep
2014-02-03 23:46 - 2013-08-22 14:36 - 00000000 ____D () C:\WINDOWS\servicing
2014-02-03 23:46 - 2013-08-11 14:37 - 00000000 ____D () C:\Users\Tony\AppData\Roaming\vlc
2014-02-03 23:46 - 2013-07-12 15:58 - 00000000 ____D () C:\ProgramData\McAfee Security Scan
2014-02-03 23:38 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\registration
2014-02-03 23:05 - 2014-01-24 15:18 - 00000000 ____D () C:\WINDOWS\Minidump
2014-02-03 23:05 - 2014-01-23 17:53 - 00000000 ___RD () C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2014-02-03 23:05 - 2014-01-22 21:26 - 00000000 ____D () C:\Users\Tony\Desktop\Spotify Recorder
2014-02-03 23:05 - 2014-01-22 20:51 - 00000000 ____D () C:\Users\Tony\AppData\Local\Jaksta_Technologies_Pty_L
2014-02-03 23:05 - 2014-01-22 20:47 - 00000000 ____D () C:\Program Files\Freecorder extension x64
2014-02-03 21:52 - 2014-02-03 21:25 - 00000000 ____D () C:\Users\Tony\AppData\Local\adawarebp
2014-02-03 21:41 - 2014-02-03 21:41 - 00000000 ____D () C:\Users\Tony\AppData\Roaming\LavasoftStatistics
2014-02-03 21:41 - 2014-02-03 21:41 - 00000000 ____D () C:\Users\Tony\AppData\Roaming\Lavasoft
2014-02-03 21:25 - 2014-02-03 21:25 - 00000000 ____D () C:\Program Files\Lavasoft
2014-02-03 21:24 - 2014-02-03 21:24 - 00000000 ____D () C:\Program Files (x86)\Lavasoft
2014-02-03 21:23 - 2014-02-03 21:23 - 01727624 _____ () C:\Users\Tony\Downloads\Adaware_Installer.exe
2014-02-03 21:23 - 2014-02-03 21:23 - 00000000 ____D () C:\ProgramData\Lavasoft
2014-02-03 21:23 - 2014-02-03 21:23 - 00000000 ____D () C:\Program Files\Common Files\Lavasoft
2014-02-03 20:49 - 2014-02-03 20:49 - 00000000 _____ () C:\autoexec.bat
2014-02-03 20:48 - 2014-02-03 20:48 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-02-03 20:21 - 2014-02-03 20:21 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Tony\Downloads\SpyHunter-Installer.exe
2014-02-03 20:07 - 2014-02-03 20:07 - 00000000 ____D () C:\Users\Tony\Documents\Mobogenie
2014-02-03 20:07 - 2014-02-03 20:07 - 00000000 ____D () C:\Users\Tony\AppData\Local\Mobogenie
2014-02-03 20:07 - 2014-02-03 20:07 - 00000000 ____D () C:\Users\Tony\AppData\Local\cache
2014-02-03 20:07 - 2014-02-03 20:07 - 00000000 ____D () C:\Users\Tony\.android
2014-02-03 20:07 - 2014-02-03 20:07 - 00000000 _____ () C:\Users\Tony\daemonprocess.txt
2014-02-03 20:07 - 2013-11-12 19:18 - 00000000 ____D () C:\Users\Tony
2014-02-03 20:03 - 2012-12-21 09:19 - 00773680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr100.dll
2014-02-03 20:03 - 2012-12-21 09:19 - 00420912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcp100.dll
2014-02-03 20:00 - 2014-02-03 20:00 - 00000000 ____D () C:\Users\Tony\Documents\Homefront.2013.720p.HDRip.h264.AAC-RARBG
2014-01-30 21:47 - 2013-08-22 16:38 - 00693240 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-01-30 21:47 - 2013-08-22 16:38 - 00105464 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2014-01-26 21:47 - 2013-07-12 14:23 - 00000000 ____D () C:\Users\Tony\AppData\Local\VirtualStore
2014-01-26 20:36 - 2013-09-29 20:49 - 00001208 _____ () C:\Users\Tony\Desktop\Tony o Suzette Ekonomi.txt
2014-01-24 15:18 - 2014-01-24 15:18 - 00721136 _____ () C:\WINDOWS\Minidump\012414-59671-01.dmp
2014-01-24 15:18 - 2013-09-08 17:52 - 488319198 _____ () C:\WINDOWS\MEMORY.DMP
2014-01-22 23:05 - 2013-08-20 20:18 - 00000000 ____D () C:\Users\Tony\Desktop\Ny skiva
2014-01-22 21:01 - 2013-07-12 14:23 - 00000000 ____D () C:\Users\Tony\AppData\Local\Packages
2014-01-22 20:54 - 2014-01-22 20:54 - 00000000 ____D () C:\Users\Tony\AppData\Roaming\Freecorder 8 Video
2014-01-22 20:54 - 2014-01-22 20:54 - 00000000 ____D () C:\Users\Tony\AppData\Local\Freecorder 8 Video
2014-01-22 20:54 - 2014-01-22 20:52 - 00000000 ____D () C:\Users\Tony\Documents\Freecorder
2014-01-22 20:53 - 2014-01-22 20:53 - 00000000 ____D () C:\Users\Tony\AppData\Roaming\Freecorder 8 Converter
2014-01-22 20:52 - 2014-01-22 20:52 - 00000000 ____D () C:\Users\Tony\AppData\Roaming\Freecorder 8 Audio
2014-01-22 20:48 - 2014-01-22 20:47 - 00000000 ____D () C:\Program Files (x86)\Applian Technologies
2014-01-22 20:47 - 2014-01-22 20:47 - 00000000 ____D () C:\WINDOWS\Jaksta
2014-01-22 20:38 - 2014-01-22 20:38 - 00000000 ____D () C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Downtube
2014-01-22 18:15 - 2013-08-17 10:41 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-01-22 18:13 - 2013-07-14 13:53 - 86054176 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-01-22 17:30 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-01-22 16:50 - 2013-07-12 14:47 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-01-22 16:48 - 2013-08-22 16:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2014-01-22 16:48 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\MediaViewer
2014-01-22 16:48 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\FileManager
2014-01-22 16:48 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\Camera
2014-01-19 12:49 - 2014-01-19 12:49 - 00000000 ____D () C:\Users\Tony\Documents\NFS Carbon
2014-01-19 12:45 - 2013-07-12 15:49 - 00000000 ____D () C:\Users\Tony\Desktop\Spel
2014-01-19 12:34 - 2013-09-08 10:22 - 00000000 ____D () C:\Program Files (x86)\Electronic Arts
2014-01-19 12:33 - 2013-03-19 09:19 - 00442880 _____ () C:\WINDOWS\DirectX.log
2014-01-19 12:31 - 2013-10-12 19:12 - 00000000 ____D () C:\ProgramData\AVG2014
2014-01-19 12:28 - 2013-07-12 14:42 - 00000000 ____D () C:\Spel

Files to move or delete:
====================
C:\ProgramData\MakeMarkerFile.exe
C:\Users\EasySurvey\EasySurvey.exe


Some content of TEMP:
====================
C:\Users\Tony\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-11-23 11:30

==================== End Of Log ============================

sc-cleaner.txt

Dela detta inlägg


Länk till inlägg
Dela på andra webbplatser
Cecilia

1. Att hålla på med torrents och annan fildelning har sina risker.

 

2. Stäng alla program, inklusive webbläsare.

Dubbelklicka på AdwCleaner för att starta programmet.

 

Klicka på Scan-knappen.

Vänta tills sökningen är klar.

 

Klicka på Clean-knappen.

Tryck på OK.

Tryck på OK fler gånger om det kommer upp meddelanden.

 

Datorn kommer att startas om.

En rapport kommer upp, kopiera innehållet och klistra in i ditt svar.

Om rapporten inte kommer upp, så finns den även som C:\AdwCleaner[s0].txt

 

3. Starta Anteckningar.

Kopiera alla rader i rutan:

HKLM-x32\...\Run: [mobilegeni daemon] - C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.awesomehp..._S2RQJ9DD316234
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.awesomehp...q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.awesomehp..._S2RQJ9DD316234
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.awesomehp..._S2RQJ9DD316234
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.awesomehp...q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.awesomehp...q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.awesomehp..._S2RQJ9DD316234
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.awesomehp..._S2RQJ9DD316234
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.awesomehp...q={searchTerms}
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe http://www.awesomehp..._S2RQJ9DD316234
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
BHO: Torntv V6.0 - {11111111-1111-1111-1111-110411591160} - C:\Program Files (x86)\Torntv V6.0\Torntv V6.0-bho64.dll No File
Task: {C4AF3CC1-3BDB-4E40-9FB9-248A1890537E} - System32\Tasks\Desk 365 RunAsStdUser => C:\Program Files (x86)\Desk 365\desk365.exe <==== ATTENTION
FF Extension: Torntv V6.0 - C:\Users\Tony\AppData\Roaming\Mozilla\Firefox\Profiles\e1f5p2p9.default\Extensions\e2fd07a6-e282-4f2e-8965-85565fcb6384@b69158e6-3c3b-476c-9d98-ae5838c5b707.com [2014-02-03]
FF Extension: GrabRez - C:\Users\Tony\AppData\Roaming\Mozilla\Firefox\Profiles\e1f5p2p9.default\Extensions\{0602868e-3e6e-4d93-81e8-5b2290f620ba}.xpi [2014-02-01]
FF StartMenuInternet: FIREFOX.EXE - C:\Program Files (x86)\Mozilla Firefox\firefox.exe http://www.awesomehp..._S2RQJ9DD316234
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
2014-02-03 20:48 - 2014-02-03 20:48 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-02-03 20:21 - 2014-02-03 20:21 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Tony\Downloads\SpyHunter-Installer.exe
2014-02-03 20:07 - 2014-02-04 19:26 - 00000000 ____D () C:\Users\Tony\AppData\Local\genienext
2014-02-03 20:07 - 2014-02-03 20:07 - 00000000 ____D () C:\Users\Tony\Documents\Mobogenie
2014-02-03 20:07 - 2014-02-03 20:07 - 00000000 ____D () C:\Users\Tony\AppData\Local\Mobogenie
2014-02-03 20:06 - 2014-02-03 23:46 - 00000000 ____D () C:\Program Files (x86)\Mobogenie
2014-02-03 20:03 - 2014-02-04 19:30 - 00000000 ____D () C:\ProgramData\WPM

och klistra in i Anteckningar. Kontrollera att inga filer har delats upp på två rader.

Spara filen på skrivbordet med namnet fixlist.txt.

 

Starta FRST som finns på skrivbordet.

Klicka på knappen Fix.

Vänta tills programmet är klart.

 

Programmet skapar en logg Fixlog.txt på skrivbordet.

Klistra in innehållet i den i ditt svar.

 

4. Skanna datorn online på http://www.eset.com/onlinescan/

För att inte skannern ska ta för lång tid på sig stäng av ditt antivirusprogram under tiden.

 

Avbocka alternativet Remove found threats

Bocka för Scan Archives

 

Klicka på Advanced Settings

Bocka för:

Scan for potentially unwanted applications

Scan for potentially unsafe applications

Enable Anti-Stealth Technology

 

Klicka på Scan

 

När skanningen är klar klicka på List of threats found, följt av Export to a text file. Spara till en fil på skrivbordet, öppna filen, kopiera resultatet och klistra sedan in det i ditt svar.

Dela detta inlägg


Länk till inlägg
Dela på andra webbplatser
Toonky

# AdwCleaner v3.018 - Report created 09/02/2014 at 12:20:35
# Updated 28/01/2014 by Xplode
# Operating System : Windows 8.1  (64 bits)
# Username : Tony - TL-SAMSUNG
# Running from : C:\Users\Tony\Desktop\adwcleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\boost_interprocess

***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16384


-\\ Mozilla Firefox v26.0 (sv-SE)

[ File : C:\Users\Tony\AppData\Roaming\Mozilla\Firefox\Profiles\e1f5p2p9.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [8287 octets] - [08/02/2014 17:51:08]
AdwCleaner[R1].txt - [8347 octets] - [08/02/2014 17:56:06]
AdwCleaner[R2].txt - [973 octets] - [09/02/2014 12:19:21]
AdwCleaner[s0].txt - [8344 octets] - [08/02/2014 18:04:27]
AdwCleaner[s1].txt - [899 octets] - [09/02/2014 12:20:35]

########## EOF - C:\AdwCleaner\AdwCleaner[s1].txt - [958 octets] ##########
 

Dela detta inlägg


Länk till inlägg
Dela på andra webbplatser
Toonky

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 09-02-2014
Ran by Tony at 2014-02-09 12:30:35 Run:1
Running from C:\Users\Tony\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKLM-x32\...\Run: [mobilegeni daemon] - C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.awesomehp..._S2RQJ9DD316234'>http://www.awesomehp..._S2RQJ9DD316234'>http://www.awesomehp..._S2RQJ9DD316234'>http://www.awesomehp..._S2RQJ9DD316234'>http://www.awesomehp..._S2RQJ9DD316234'>http://www.awesomehp..._S2RQJ9DD316234'>http://www.awesomehp..._S2RQJ9DD316234
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.awesomehp...q={searchTerms}'>http://www.awesomehp...q={searchTerms}'>http://www.awesomehp...q={searchTerms}'>http://www.awesomehp...q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.awesomehp..._S2RQJ9DD316234
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.awesomehp..._S2RQJ9DD316234
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.awesomehp...q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.awesomehp...q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.awesomehp..._S2RQJ9DD316234
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.awesomehp..._S2RQJ9DD316234
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.awesomehp...q={searchTerms}
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe http://www.awesomehp..._S2RQJ9DD316234
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
BHO: Torntv V6.0 - {11111111-1111-1111-1111-110411591160} - C:\Program Files (x86)\Torntv V6.0\Torntv V6.0-bho64.dll No File
Task: {C4AF3CC1-3BDB-4E40-9FB9-248A1890537E} - System32\Tasks\Desk 365 RunAsStdUser => C:\Program Files (x86)\Desk 365\desk365.exe <==== ATTENTION
FF Extension: Torntv V6.0 - C:\Users\Tony\AppData\Roaming\Mozilla\Firefox\Profiles\e1f5p2p9.default\Extensions\e2fd07a6-e282-4f2e-8965-85565fcb6384@b69158e6-3c3b-476c-9d98-ae5838c5b707.com [2014-02-03]
FF Extension: GrabRez - C:\Users\Tony\AppData\Roaming\Mozilla\Firefox\Profiles\e1f5p2p9.default\Extensions\{0602868e-3e6e-4d93-81e8-5b2290f620ba}.xpi [2014-02-01]
FF StartMenuInternet: FIREFOX.EXE - C:\Program Files (x86)\Mozilla Firefox\firefox.exe http://www.awesomehp..._S2RQJ9DD316234
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
2014-02-03 20:48 - 2014-02-03 20:48 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-02-03 20:21 - 2014-02-03 20:21 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Tony\Downloads\SpyHunter-Installer.exe
2014-02-03 20:07 - 2014-02-04 19:26 - 00000000 ____D () C:\Users\Tony\AppData\Local\genienext
2014-02-03 20:07 - 2014-02-03 20:07 - 00000000 ____D () C:\Users\Tony\Documents\Mobogenie
2014-02-03 20:07 - 2014-02-03 20:07 - 00000000 ____D () C:\Users\Tony\AppData\Local\Mobogenie
2014-02-03 20:06 - 2014-02-03 23:46 - 00000000 ____D () C:\Program Files (x86)\Mobogenie
2014-02-03 20:03 - 2014-02-04 19:30 - 00000000 ____D () C:\ProgramData\WPM

*****************

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\mobilegeni daemon => Value deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.
HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\\Default => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110411591160} => Key deleted successfully.
HKCR\CLSID\{11111111-1111-1111-1111-110411591160} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C4AF3CC1-3BDB-4E40-9FB9-248A1890537E} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C4AF3CC1-3BDB-4E40-9FB9-248A1890537E} => Key deleted successfully.
C:\Windows\System32\Tasks\Desk 365 RunAsStdUser not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Desk 365 RunAsStdUser => Key deleted successfully.
C:\Users\Tony\AppData\Roaming\Mozilla\Firefox\Profiles\e1f5p2p9.default\Extensions\e2fd07a6-e282-4f2e-8965-85565fcb6384@b69158e6-3c3b-476c-9d98-ae5838c5b707.com => Moved successfully.
C:\Users\Tony\AppData\Roaming\Mozilla\Firefox\Profiles\e1f5p2p9.default\Extensions\{0602868e-3e6e-4d93-81e8-5b2290f620ba}.xpi => Moved successfully.
HKLM\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command\\Default => Value was restored successfully.
esgiguard => Service deleted successfully.
C:\Program Files\Enigma Software Group => Moved successfully.
C:\Users\Tony\Downloads\SpyHunter-Installer.exe => Moved successfully.
C:\Users\Tony\AppData\Local\genienext => Moved successfully.
C:\Users\Tony\Documents\Mobogenie => Moved successfully.
C:\Users\Tony\AppData\Local\Mobogenie => Moved successfully.
C:\Program Files (x86)\Mobogenie => Moved successfully.
C:\ProgramData\WPM => Moved successfully.

==== End of Fixlog ====

Dela detta inlägg


Länk till inlägg
Dela på andra webbplatser
Toonky

C:\FRST\Quarantine\{0602868e-3e6e-4d93-81e8-5b2290f620ba}.xpi09-02-2014_12-30-35    Win32/BrowseFox.B potentially unwanted application
C:\FRST\Quarantine\Mobogenie09-02-2014_12-30-36\Mobogenie\Mobogenie\nengine.dll    Win32/NextLive.A potentially unwanted application
C:\Installationsfiler\DTLite4471-0335.exe    Win32/DownWare.L potentially unwanted application
C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\adawareDx.dll    a variant of Win32/Toolbar.Visicom.B potentially unwanted application
C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\adawaretb.dll    a variant of Win32/Toolbar.Visicom.A potentially unwanted application
C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\dtUser.exe    a variant of Win32/Toolbar.Visicom.C potentially unwanted application
C:\Spel\Cheat Engine 6.3\cheatengine-i386.exe    a variant of Win32/HackTool.CheatEngine.AB potentially unsafe application
C:\Spel\Cheat Engine 6.3\standalonephase1.dat    a variant of Win32/HackTool.CheatEngine.AF potentially unsafe application
C:\Spel\The Sims 3\The Sims 3 - Razor1911 MAXSPEED www.torentz.3xforum.ro.iso    a variant of Win32/Keygen.GU potentially unsafe application
C:\Users\Tony\AppData\Local\Microsoft\Windows\INetCache\IE\51NF4USE\Setup[1].exe    Win32/BrowseFox.B potentially unwanted application
C:\Users\Tony\AppData\Local\Microsoft\Windows\INetCache\IE\HQX6C6GD\Mobogenie_Setup_2.1.35_590[1].exe    Win32/Mobogenie.A potentially unwanted application
 

Dela detta inlägg


Länk till inlägg
Dela på andra webbplatser
Cecilia

1. Det är riskabelt att installera illegala program. Avgör själv om du vill ta bort dessa tre filer, jag kan inte avgöra om de gör något skadligt förutom att det är fusk resp. crack:

C:\Spel\Cheat Engine 6.3\cheatengine-i386.exe    a variant of Win32/HackTool.CheatEngine.AB potentially unsafe application
C:\Spel\Cheat Engine 6.3\standalonephase1.dat    a variant of Win32/HackTool.CheatEngine.AF potentially unsafe application
C:\Spel\The Sims 3\The Sims 3 - Razor1911 MAXSPEED www.torentz.3xforum.ro.iso    a variant of Win32/Keygen.GU potentially unsafe application

 

2. De två sista filerna som Esets skanner hittade kan du ta bort så här:

 

Starta Anteckningar.
Kopiera alla rader i rutan:

C:\Users\Tony\AppData\Local\Microsoft\Windows\INetCache\IE\51NF4USE\Setup[1].exe
C:\Users\Tony\AppData\Local\Microsoft\Windows\INetCache\IE\HQX6C6GD\Mobogenie_Setup_2.1.35_590[1].exe
 
och klistra in i Anteckningar. Kontrollera att inga filer har delats upp på två rader.
Spara filen på skrivbordet med namnet fixlist.txt.

Starta FRST som finns på skrivbordet.
Klicka på knappen Fix.
Vänta tills programmet är klart.

Programmet skapar en logg Fixlog.txt på skrivbordet.
Klistra in innehållet i den i ditt svar.

 

3. De två första som Esets skanner hittade ligger i FRST:s karantän och är därmed redan oskadliggjorda, sedan kommer installationsfilen för Daemon Tools Lite som också vill installera onödiga program/tillägg. När det gäller Ad-Aware så är det dess toolbar som Esets skanner påpekar är ett onödigt tillägg till webbläsare.

 

4. Några fler frågor innan det är dags för instruktionerna för hur specialprogrammen ska avinstalleras?

Dela detta inlägg


Länk till inlägg
Dela på andra webbplatser
Toonky

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 12-02-2014
Ran by Tony at 2014-02-12 20:40:30 Run:2
Running from C:\Users\Tony\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
C:\Users\Tony\AppData\Local\Microsoft\Windows\INetCache\IE\51NF4USE\Setup[1].exe
C:\Users\Tony\AppData\Local\Microsoft\Windows\INetCache\IE\HQX6C6GD\Mobogenie_Setup_2.1.35_590[1].exe
*****************

C:\Users\Tony\AppData\Local\Microsoft\Windows\INetCache\IE\51NF4USE\Setup[1].exe => Moved successfully.
C:\Users\Tony\AppData\Local\Microsoft\Windows\INetCache\IE\HQX6C6GD\Mobogenie_Setup_2.1.35_590[1].exe => Moved successfully.

==== End of Fixlog ====

Dela detta inlägg


Länk till inlägg
Dela på andra webbplatser
Toonky

Nej det har jag inte. Men skiten är borta nu iaf :) Du är guld värd. Sparade mig massa timmar i onödan. Hade det inte vart för dig så hade jag gjort om hela datorn..

Dela detta inlägg


Länk till inlägg
Dela på andra webbplatser
Cecilia

Tack för fina ord :)


1. Stäng alla program, inklusive webbläsare.
Dubbelklicka på AdwCleaner för att starta programmet.
Klicka på Uninstall-knappen.

2. Ladda ner avinstallationsprogrammet OTC till Skrivbordet: http://oldtimer.geekstogo.com/OTC.exe
Dubbelklicka på filen för att starta programmet.
Tryck på knappen CleanUp! och FRST kommer att avinstalleras efter en omstart av datorn. Ta bort (släng i papperskorgen) ShortcutCleaner och eventuella loggar.

3. Förbättra skyddet i datorn, se mina Råd för en säkrare dator: http://ceciliasec.wordpress.com/rad/
Det är mycket viktigt att hålla alla småprogram i datorn uppdaterade, gamla versioner av t ex Flash, Java och Adobe Reader innehåller kända säkerhetshål, vilka kan användas av en webbsida för att infektera datorn. Jag tycker att Secunias program (länk på min webbsida) är en bra hjälp för att kontrollera hur det står till med säkerhetshål i datorn och ange vad som behöver åtgärdas.

Dela detta inlägg


Länk till inlägg
Dela på andra webbplatser

Skapa ett konto eller logga in för att kommentera

Du måste vara medlem för att kunna kommentera

Skapa ett konto

Skapa ett nytt konto på vårt forum. Det är lätt!

Registrera ett nytt konto

Logga in

Redan medlem? Logga in här.

Logga in nu



×
×
  • Skapa nytt...