Just nu i M3-nätverket
Gå till innehåll
Ultra

Hjälp med rensning...

Rekommendera Poster

Hej,

 

Så var det dags igen, chefen verkar ha "klickat snett" på sin dator som har dragit på sig något skit. Den är seg och vill inte öppna program, websidor mm som den ska. Här kommer de första loggarna:

 

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-01-2015
Ran by Tomas (administrator) on TOMASNYHP on 08-01-2015 12:42:50
Running from C:\Users\Tomas\Desktop
Loaded Profiles: Tomas & UpdatusUser (Available profiles: Tomas & UpdatusUser)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: Svenska (Sverige)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Norman Safeground AS) C:\Program Files\Norman\Npm\Bin\nfservice.exe
(Norman Safeground AS) C:\Program Files\Norman\Nse\bin\nseupdatesvc.exe
(Norman Safeground AS) C:\Program Files\Norman\nvc\bin\nvcsvc.exe
(Norman AS) C:\Program Files\Norman\Npm\Bin\nvoy.exe
(Norman Safeground AS) C:\Program Files\Norman\Ngs\bin\nnf.exe
(Norman Safeground AS) C:\Program Files\Norman\Ngs\bin\nprosec.exe
(Norman Safeground AS) C:\Program Files\Norman\Npm\Bin\nwscmon.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Norman Safeground AS) C:\Program Files\Norman\Npm\Bin\Zanda.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Autodesk, Inc.) C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 7520 series\Bin\ScanToPCActivationApp.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
(Hewlett-Packard Company) C:\hp\support\hpsysdrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(OsdMaestro) C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD64.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Dassault Systèmes SolidWorks Corp.) C:\Program Files\SolidWorks Corp\SolidWorks\sldworks_fs.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe
(SafeNet Inc.) C:\Windows\System32\hasplms.exe
(Dassault Systèmes SolidWorks Corp.) C:\Program Files (x86)\Common Files\SolidWorks Installation Manager\BackgroundDownloading\sldBgDwld.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
(Norman Safeground AS) C:\Program Files\Norman\Npm\Bin\Zlh.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
(Norman Safeground AS) C:\Program Files\Norman\Npm\Bin\zlhh.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 7520 series\Bin\HPNetworkCommunicator.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
() C:\hp\HPEZBTN\HPBtnSrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
(SafeNet, Inc.) C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
(SafeNet, Inc) C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
(SafeNet, Inc.) C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Security Runtime\sntlsrtsrvr.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe
() C:\Program Files\Norman\Npm\Bin\njeeves2.exe
(Norman Safeground AS) C:\Program Files\Norman\Npm\Bin\scheduler.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Hewlett-Packard Company) C:\hp\KBD\kbd.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Service.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Google Inc.) C:\Users\Tomas\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Tomas\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Tomas\AppData\Local\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [iAAnotif] => C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [178712 2008-06-11] (Intel Corporation)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe [39792 2008-01-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HP Health Check Scheduler] => c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [75008 2008-06-02] (Hewlett-Packard)
HKLM-x32\...\Run: [hpsysdrv] => c:\hp\support\hpsysdrv.exe [65536 2007-04-18] (Hewlett-Packard Company)
HKLM-x32\...\Run: [KBD] => C:\HP\KBD\KbdStub.EXE [65536 2006-12-08] ()
HKLM-x32\...\Run: [OsdMaestro] => c:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD64.exe [119296 2007-02-15] (OsdMaestro)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [indexSearch] => C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe [46368 2010-03-08] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PaperPort PTD] => C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe [29984 2010-03-08] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PPort12reminder] => C:\Program Files (x86)\Nuance\PaperPort\Ereg\Ereg.exe [328992 2010-02-09] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDFHook] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe [636192 2010-03-05] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDF5 Registry Controller] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe [62752 2010-03-05] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [143360 2012-09-06] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [brStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [3076096 2012-06-06] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [Norman ZANDA] => C:\Program Files\Norman\Npm\Bin\ZLH.EXE [88536 2014-08-21] (Norman Safeground AS)
HKU\S-1-5-21-63412372-1427995199-370361792-1000\...\Run: [Google Update] => C:\Users\Tomas\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2011-10-28] (Google Inc.)
HKU\S-1-5-21-63412372-1427995199-370361792-1000\...\Run: [HP Photosmart 7520 series (NET)] => C:\Program Files\HP\HP Photosmart 7520 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-63412372-1427995199-370361792-1000\...\Run: [iSUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation)
HKU\S-1-5-21-63412372-1427995199-370361792-1000\...\Run: [bitTorrent] => C:\Users\Tomas\AppData\Roaming\BitTorrent\BitTorrent.exe [1388888 2014-11-26] (BitTorrent Inc.)
HKU\S-1-5-21-63412372-1427995199-370361792-1000\...\RunOnce: [Application Restart #4] => C:\Users\Tomas\AppData\Local\Google\Chrome\Application\chrome.exe [854344 2014-10-10] (Google Inc.)
HKU\S-1-5-21-63412372-1427995199-370361792-1000\...\Policies\Explorer: [] 
HKU\S-1-5-21-63412372-1427995199-370361792-1000\...\MountPoints2: {5fc4e9cc-110c-11e2-9fa8-00221558bc48} - K:\LaunchU3.exe -a
HKU\S-1-5-21-63412372-1427995199-370361792-1000\...\MountPoints2: {5fc4e9d5-110c-11e2-9fa8-00221558bc48} - K:\LaunchU3.exe -a
HKU\S-1-5-21-63412372-1427995199-370361792-1001\...\Run: [Google Update] => C:\Users\Tomas\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2011-10-28] (Google Inc.)
HKU\S-1-5-21-63412372-1427995199-370361792-1001\...\Run: [HP Photosmart 7520 series (NET)] => C:\Program Files\HP\HP Photosmart 7520 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-63412372-1427995199-370361792-1001\...\Run: [Messenger (Yahoo!)] => "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet
HKU\S-1-5-21-63412372-1427995199-370361792-1001\...\Run: [iSUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation)
HKU\S-1-5-21-63412372-1427995199-370361792-1001\...\Policies\Explorer: [] 
HKU\S-1-5-21-63412372-1427995199-370361792-1001\...\MountPoints2: {0a479bf6-962b-11dd-a3b2-806e6f6e6963} - F:\start.exe
HKU\S-1-5-21-63412372-1427995199-370361792-1001\...\MountPoints2: {5fc4e9cc-110c-11e2-9fa8-00221558bc48} - K:\LaunchU3.exe -a
HKU\S-1-5-21-63412372-1427995199-370361792-1001\...\MountPoints2: {5fc4e9d5-110c-11e2-9fa8-00221558bc48} - K:\LaunchU3.exe -a
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk
ShortcutTarget: Adobe Gamma Loader.exe.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SolidWorks 2013 Fast Start.lnk
ShortcutTarget: SolidWorks 2013 Fast Start.lnk -> C:\Windows\Installer\{B6B5EA7E-B91F-443D-A958-B0062FB53804}\NewShortcut2_87EDF6C81D0A4B7B84F42FE0C6A9D608.exe (Flexera Software, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SolidWorks Background Downloader.lnk
ShortcutTarget: SolidWorks Background Downloader.lnk -> C:\Program Files (x86)\Common Files\SolidWorks Installation Manager\BackgroundDownloading\sldBgDwld.exe (Dassault Systèmes SolidWorks Corp.)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-63412372-1427995199-370361792-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-63412372-1427995199-370361792-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM -> DefaultScope {05AF6264-0648-49B6-A810-61CF18884F1E} URL = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1222&query={searchTerms}&invocationType=tb50hpcndtie7-sv-se
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
SearchScopes: HKLM-x32 -> DefaultScope {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.searchfix.info/?unqvl=63&idate=2014/12/29&l=1&q={searchTerms}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
SearchScopes: HKLM-x32 -> {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.searchfix.info/?unqvl=63&idate=2014/12/29&l=1&q={searchTerms}
SearchScopes: HKU\S-1-5-21-63412372-1427995199-370361792-1000 -> DefaultScope {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.searchfix.info/?unqvl=63&idate=2014/12/29&l=1&q={searchTerms}
SearchScopes: HKU\S-1-5-21-63412372-1427995199-370361792-1000 -> {05AF6264-0648-49B6-A810-61CF18884F1E} URL = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1222&query={searchTerms}&invocationType=tb50hpcndtie7-sv-se
SearchScopes: HKU\S-1-5-21-63412372-1427995199-370361792-1000 -> {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.searchfix.info/?unqvl=63&idate=2014/12/29&l=1&q={searchTerms}
SearchScopes: HKU\S-1-5-21-63412372-1427995199-370361792-1000 -> {D291EE29-CE80-4F52-B62B-585DDB3C9F89} URL = http://se.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913934
SearchScopes: HKU\S-1-5-21-63412372-1427995199-370361792-1000 -> {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = http://search.yahoo.com/search?p={searchTerms}&fr=mkg028
SearchScopes: HKU\S-1-5-21-63412372-1427995199-370361792-1001 -> DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = 
SearchScopes: HKU\S-1-5-21-63412372-1427995199-370361792-1001 -> {05AF6264-0648-49B6-A810-61CF18884F1E} URL = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1222&query={searchTerms}&invocationType=tb50hpcndtie7-sv-se
SearchScopes: HKU\S-1-5-21-63412372-1427995199-370361792-1001 -> {D291EE29-CE80-4F52-B62B-585DDB3C9F89} URL = http://se.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913934
SearchScopes: HKU\S-1-5-21-63412372-1427995199-370361792-1001 -> {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = http://search.yahoo.com/search?p={searchTerms}&fr=mkg028
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} ->  No File
BHO-x32: Länkhjälp till Adobe PDF Reader -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO-x32: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll (Zeon Corporation)
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: AOL Toolbar BHO -> {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} -> C:\Program Files (x86)\AOL\AOL Verktygsfält 5.0\aoltb.dll (AOL LLC)
BHO-x32: Inloggningshjälp för Microsoft-konto -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files (x86)\AOL\AOL Verktygsfält 5.0\aoltb.dll (AOL LLC)
Toolbar: HKU\S-1-5-21-63412372-1427995199-370361792-1000 -> AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} -  No File
Toolbar: HKU\S-1-5-21-63412372-1427995199-370361792-1001 -> AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} -  No File
DPF: HKLM-x32 {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.7.cab
Tcpip\Parameters: [DhcpNameServer] 217.27.161.40 217.27.161.3
 
FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @bankid.com/BankID säkerhetsprogram,version=5.0.2.10 -> C:\Program Files (x86)\BankID\npBispBrowser.dll (Finansiell ID-Teknik BID AB)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 -> C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin HKU\S-1-5-21-63412372-1427995199-370361792-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Tomas\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-63412372-1427995199-370361792-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Tomas\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2010-09-03]
 
Chrome: 
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\Tomas\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Wallet) - C:\Users\Tomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR Extension: (uNisalles) - C:\ProgramData\fggnmmjhficagbcgpgpkkonpjeehmgoa\ [2013-08-22]
CHR StartMenuInternet: Google Chrome - C:\Users\Tomas\AppData\Local\Google\Chrome\Application\chrome.exe
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [19232 2012-01-31] (Autodesk, Inc.)
R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [266240 2012-06-05] (Brother Industries, Ltd.) [File not signed]
R2 hasplms; C:\Windows\system32\hasplms.exe [4609928 2013-08-01] (SafeNet Inc.)
R2 HP Health Check Service; c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe [94208 2008-06-02] (Hewlett-Packard) [File not signed]
R2 HPBtnSrv; c:\hp\HPEZBTN\HPBtnSrv.exe [198240 2007-05-29] ()
R2 LightScribeService; c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2008-06-09] (Hewlett-Packard Company) [File not signed]
R2 nfservice; C:\Program Files\Norman\Npm\Bin\nfservice.exe [194536 2014-11-03] (Norman Safeground AS)
R3 NJeeves2; C:\Program Files\Norman\Npm\Bin\Njeeves2.exe [179080 2014-11-27] ()
R2 NNFSVC; C:\Program Files\Norman\Ngs\Bin\Nnf.exe [281128 2014-06-30] (Norman Safeground AS)
R2 Norman ZANDA; C:\Program Files\Norman\Npm\Bin\Zanda.exe [456664 2014-06-30] (Norman Safeground AS)
R2 NPROSECSVC; C:\Program Files\Norman\Ngs\Bin\Nprosec.exe [140032 2014-10-15] (Norman Safeground AS)
R2 nseupdatesvc; C:\Program Files\Norman\nse\bin\nseupdatesvc.exe [261456 2014-12-03] (Norman Safeground AS)
R2 nvcsvc; C:\Program Files\Norman\nvc\bin\nvcsvc.exe [401560 2014-11-27] (Norman Safeground AS)
R2 nvoy; C:\Program Files\Norman\Npm\Bin\nvoy.exe [246560 2013-06-27] (Norman AS)
R2 NWSCMON; C:\Program Files\Norman\Npm\Bin\nwscmon.exe [231008 2014-08-05] (Norman Safeground AS)
R2 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [144672 2010-03-08] (Nuance Communications, Inc.)
R3 Scheduler; C:\Program Files\Norman\Npm\Bin\scheduler.exe [199680 2014-06-30] (Norman Safeground AS)
R2 SentinelKeysServer; C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe [374304 2011-09-22] (SafeNet, Inc.)
R2 SentinelProtectionServer; C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe [1259040 2011-09-22] (SafeNet, Inc)
R2 SentinelSecurityRuntime; C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Security Runtime\sntlsrtsrvr.exe [292384 2011-09-22] (SafeNet, Inc.)
S3 SolidWorks Licensing Service; C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe [79360 2013-03-18] (SolidWorks) [File not signed]
S3 Norman NJeeves; "C:\Program Files\Norman\Npm\Bin\Njeeves.exe" [X]
S3 WPFFontCache_v0400; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 akshasp; C:\Windows\System32\DRIVERS\akshasp.sys [60488 2013-08-01] (SafeNet Inc.)
S3 akshhl; C:\Windows\System32\DRIVERS\akshhl.sys [63944 2013-08-01] (SafeNet Inc.)
S3 aksusb; C:\Windows\System32\DRIVERS\aksusb.sys [303624 2013-08-01] (SafeNet Inc.)
R3 gzflt; C:\Program Files\Norman\nvc\bin\gzflt.sys [138232 2014-06-04] (BitDefender LLC)
R2 hardlock; C:\Windows\system32\drivers\hardlock.sys [331328 2013-08-01] (SafeNet Inc.)
R1 NGS; c:\program files\norman\ngs\bin\ngs64.sys [23488 2014-06-27] (Norman Safeground AS)
R1 NPROSEC; C:\Program Files\Norman\Ngs\Bin\nprosec64.sys [41536 2014-08-27] (Norman Safeground AS)
R2 nregsec; C:\Program Files\Norman\Ngs\Bin\nregsec64.sys [68792 2014-10-15] (Norman Safeground AS)
R2 Sentinel64; C:\Windows\System32\Drivers\Sentinel64.sys [145448 2009-09-17] (SafeNet, Inc.)
S3 TdsNordecr; C:\Windows\System32\DRIVERS\nordecr.sys [28672 2007-10-30] (Todos Data System AB)
R3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [389240 2014-06-26] (BitDefender S.R.L.)
R0 vsock; C:\Windows\System32\drivers\vsock.sys [73296 2013-10-08] (VMware, Inc.)
R2 {22D78859-9CE9-4B77-BF18-AC83E81A9263}; C:\Program Files (x86)\HP\DVDPlay\000.fcl [32240 2008-06-11] (Cyberlink Corp.)
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-08 12:35 - 2015-01-08 12:36 - 02124288 _____ (Farbar) C:\Users\Tomas\Desktop\FRST64.exe
2015-01-01 13:25 - 2015-01-04 18:09 - 00000000 ____D () C:\Users\Tomas\Downloads\Digital Tutors - Creating a Parametric Multi Bodied CAD Model in Solidworks[AKD]
2014-12-31 18:14 - 2014-12-31 18:14 - 00000000 ____D () C:\Users\Tomas\Documents\MATLAB
2014-12-31 17:55 - 2014-12-31 19:01 - 00000000 ____D () C:\Program Files\Ricardo
2014-12-31 17:03 - 2014-12-31 17:03 - 00002892 _____ () C:\Windows\System32\Tasks\{39821805-2F8F-4E0A-93FE-7D510B5007B6}
2014-12-31 13:11 - 2014-12-31 13:11 - 00001224 _____ () C:\Windows\SysWOW64\hdd32.log
2014-12-31 13:06 - 2006-12-20 10:00 - 02511360 _____ (Aladdin Knowledge Systems Ltd.) C:\Windows\SysWOW64\haspds_windows.dll
2014-12-31 13:06 - 2005-06-21 11:10 - 00024576 _____ () C:\Windows\SysWOW64\hdsuinst.exe
2014-12-31 13:06 - 2002-07-26 17:02 - 00153088 _____ () C:\Windows\SysWOW64\UNWISE.EXE
2014-12-31 13:05 - 2014-12-31 13:05 - 00001527 _____ () C:\Users\Public\Desktop\Dynomation-5.lnk
2014-12-31 13:05 - 2014-12-31 13:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Motion Software Simulations
2014-12-31 13:03 - 2015-01-05 12:02 - 00000000 ____D () C:\Dynomation5
2014-12-31 12:51 - 2014-12-31 12:51 - 00003034 _____ () C:\Windows\System32\Tasks\{85286B8D-AD13-4A3D-A567-56CC47D0957D}
2014-12-30 22:17 - 2014-12-30 22:17 - 00001040 _____ () C:\Users\Public\Desktop\Norman Security Suite.lnk
2014-12-30 22:17 - 2014-11-27 09:59 - 00205336 _____ () C:\Windows\system32\nscrnsav.scr
2014-12-30 22:17 - 2014-06-30 12:42 - 00461120 _____ (Norman Safeground AS) C:\Windows\system32\Drivers\tdi_nf.sys
2014-12-30 22:17 - 2014-06-30 12:42 - 00133152 _____ (Norman Safeground AS) C:\Windows\system32\Drivers\ale7_nf64.sys
2014-12-30 22:17 - 2014-06-30 12:42 - 00130080 _____ (Norman Safeground AS) C:\Windows\system32\Drivers\ale_nf64.sys
2014-12-30 22:17 - 2014-06-30 12:42 - 00123888 _____ (Norman Safeground AS) C:\Windows\system32\Drivers\ale7_nf.sys
2014-12-30 22:17 - 2014-06-30 12:41 - 00120792 _____ (Norman Safeground AS) C:\Windows\system32\Drivers\ale_nf.sys
2014-12-30 22:17 - 2014-06-26 12:49 - 00389240 _____ (BitDefender S.R.L.) C:\Windows\system32\Drivers\Trufos.sys
2014-12-30 22:17 - 2011-08-26 10:03 - 00053928 _____ (Norman ASA) C:\Windows\system32\Drivers\nnetsec.sys
2014-12-30 22:17 - 2011-08-11 13:52 - 00034440 _____ (Norman ASA) C:\Windows\system32\Drivers\nnetsecl64.sys
2014-12-30 22:17 - 2011-08-11 13:52 - 00030856 _____ (Norman ASA) C:\Windows\system32\Drivers\nnetsecl.sys
2014-12-30 21:56 - 2014-12-30 21:56 - 00000000 ____D () C:\Program Files\Windows Live
2014-12-30 21:52 - 2014-12-30 21:52 - 01650048 _____ (Norman Safeground AS ) C:\Users\Tomas\Downloads\NormanSecuritySuite_1100x64 (4).exe
2014-12-30 20:35 - 2015-01-08 12:42 - 00024676 _____ () C:\Users\Tomas\Desktop\FRST.txt
2014-12-30 20:35 - 2014-12-30 20:35 - 00000000 ____D () C:\Users\Tomas\Desktop\FRST-OlderVersion
2014-12-30 17:37 - 2014-12-30 17:37 - 00000106 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.64.bc
2014-12-30 17:37 - 2014-12-30 17:37 - 00000000 ____D () C:\Users\Tomas\AppData\Roaming\Gibbs
2014-12-30 17:37 - 2014-12-30 17:37 - 00000000 ____D () C:\Users\Tomas\AppData\Local\Gibbs
2014-12-30 17:25 - 2014-12-30 17:25 - 00000000 ____D () C:\ProgramData\Gibbs
2014-12-30 17:22 - 2013-08-01 15:11 - 04609928 _____ (SafeNet Inc.) C:\Windows\system32\hasplms.exe
2014-12-30 17:22 - 2013-08-01 15:11 - 04609928 _____ (SafeNet Inc.) C:\Windows\system32\aksllmtp.exe
2014-12-30 17:22 - 2013-08-01 15:11 - 00140736 _____ (SafeNet Inc.) C:\Windows\system32\Drivers\aksfridge.sys
2014-12-30 17:21 - 2013-08-01 15:11 - 00331328 _____ (SafeNet Inc.) C:\Windows\system32\Drivers\hardlock.sys
2014-12-30 17:21 - 2013-08-01 15:11 - 00303624 _____ (SafeNet Inc.) C:\Windows\system32\Drivers\aksusb.sys
2014-12-30 17:21 - 2013-08-01 15:11 - 00198088 _____ (Aladdin Knowledge Systems Ltd.) C:\Windows\SysWOW64\hlvdd.dll
2014-12-30 17:21 - 2013-08-01 15:11 - 00091784 _____ (SafeNet Inc.) C:\Windows\system32\Drivers\aksdf.sys
2014-12-30 17:21 - 2013-08-01 15:11 - 00077768 _____ (Aladdin Knowledge Systems Ltd.) C:\Windows\system32\aksusb4.dll
2014-12-30 17:21 - 2013-08-01 15:11 - 00070088 _____ (SafeNet Inc.) C:\Windows\system32\akshhl30.dll
2014-12-30 17:21 - 2013-08-01 15:11 - 00063944 _____ (SafeNet Inc.) C:\Windows\system32\Drivers\akshhl.sys
2014-12-30 17:21 - 2013-08-01 15:11 - 00060488 _____ (SafeNet Inc.) C:\Windows\system32\Drivers\akshasp.sys
2014-12-30 17:21 - 2013-08-01 15:11 - 00021448 _____ (SafeNet Inc.) C:\Windows\system32\Drivers\aksclass.sys
2014-12-30 17:21 - 2013-08-01 15:11 - 00018376 _____ (Aladdin Knowledge Systems Ltd.) C:\Windows\system32\akshsp52.dll
2014-12-30 17:20 - 2014-12-31 13:10 - 00019350 _____ () C:\Windows\aksdrvsetup.log
2014-12-30 17:20 - 2014-12-30 17:20 - 00000000 ____D () C:\ProgramData\SafeNet Sentinel
2014-12-30 17:20 - 2014-12-30 17:20 - 00000000 ____D () C:\Program Files (x86)\SafeNet Sentinel
2014-12-30 17:20 - 2009-09-17 07:05 - 00145448 _____ (SafeNet, Inc.) C:\Windows\system32\Drivers\sentinel64.sys
2014-12-30 17:19 - 2014-12-30 17:19 - 00000000 ____D () C:\Users\Tomas\Documents\Downloaded Installations
2014-12-29 20:28 - 2014-12-29 20:28 - 00000000 ____D () C:\Users\Tomas\Desktop\Ny mapp
2014-12-29 19:36 - 2015-01-04 18:10 - 00000000 ____D () C:\Users\Tomas\Downloads\InfiniteSkills – Learning SolidWorks 2015
2014-12-29 19:32 - 2014-12-29 19:36 - 07342075 _____ () C:\Users\Tomas\Downloads\Engineering Analysis with SolidWorks Simulation 2014 book.zip
2014-12-29 19:32 - 2014-12-29 19:34 - 45322957 _____ () C:\Users\Tomas\Downloads\Mechanics of Materials Labs With Solidworks Simulation 2014.zip
2014-12-29 19:18 - 2014-12-29 19:19 - 00000000 ____D () C:\Users\Tomas\Desktop\_SolidSQUAD_
2014-12-29 19:14 - 2014-06-22 07:17 - 00000000 ____D () C:\Users\Tomas\Desktop\Windows
2014-12-29 19:07 - 2014-09-28 14:59 - 00000000 ____D () C:\Users\Tomas\Desktop\Lynda – Modeling a Motorcycle Engine with SolidWorks
2014-12-29 19:06 - 2014-12-29 19:06 - 00000000 ____D () C:\Users\Tomas\Ny Mapp
2014-12-29 19:04 - 2014-12-29 19:04 - 00000000 ____D () C:\Users\Tomas\AppData\Roaming\WinRAR
2014-12-29 19:03 - 2014-12-29 19:03 - 01987488 _____ () C:\Users\Tomas\Downloads\winrar-x64-520sw.exe
2014-12-29 19:03 - 2014-12-29 19:03 - 00000000 ____D () C:\Program Files\WinRAR
2014-12-29 19:02 - 2014-12-29 19:02 - 01766152 _____ () C:\Users\Tomas\Downloads\wrar520 (1).exe
2014-12-29 19:00 - 2014-12-29 19:00 - 01766152 _____ () C:\Users\Tomas\Downloads\wrar520.exe
2014-12-29 18:38 - 2014-12-29 18:44 - 244373633 _____ () C:\Users\Tomas\Downloads\Ricardo Wave v71.rar
2014-12-29 18:28 - 2015-01-04 18:11 - 00000000 ____D () C:\Users\Tomas\Downloads\Lynda – Modeling a Motorcycle Engine with SolidWorks
2014-12-29 18:08 - 2014-12-31 01:10 - 00000000 ____D () C:\Program Files (x86)\DeltaFix
2014-12-29 18:08 - 2014-12-29 18:08 - 00000000 ____D () C:\Program Files (x86)\Shareaholic for Pinterest
2014-12-29 18:07 - 2014-12-31 01:22 - 00000000 ____D () C:\Program Files (x86)\youtubeadblocker
2014-12-29 18:07 - 2014-12-31 01:22 - 00000000 ____D () C:\Program Files (x86)\unisAleis
2014-12-29 18:06 - 2014-12-29 18:06 - 00000000 ____D () C:\ProgramData\fggnmmjhficagbcgpgpkkonpjeehmgoa
2014-12-29 18:06 - 2014-12-29 18:06 - 00000000 ____D () C:\ProgramData\15457971234326063082
2014-12-29 18:06 - 2014-12-29 18:06 - 00000000 ____D () C:\Program Files (x86)\uNisalles
2014-12-29 17:45 - 2015-01-04 17:50 - 00000000 ____D () C:\Users\Tomas\Downloads\Ricardo Suite 2014.1 x86 & x64
2014-12-29 13:47 - 2014-12-29 13:47 - 00000000 ____D () C:\Users\Tomas\Downloads\Avl Suite 2013 Workspace Suite v2013.1 With Fire v2013.1 (x86x64)
2014-12-28 12:25 - 2014-12-28 12:25 - 00000000 ____D () C:\Users\Tomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PipeMax v3.98
2014-12-28 12:25 - 2014-12-28 12:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PipeMax v3.98
2014-12-28 12:24 - 2014-12-28 12:24 - 00249856 ____N (Microsoft Corporation) C:\Windows\Setup1.exe
2014-12-28 12:23 - 2014-12-28 18:46 - 00000000 ____D () C:\PIPE398
2014-12-28 12:23 - 2014-12-28 12:23 - 00073216 _____ (Microsoft Corporation) C:\Windows\ST6UNST.EXE
2014-12-27 17:25 - 2014-12-27 17:25 - 00000000 ____D () C:\Users\Tomas\Downloads\SolidProfessor Solidworks 2013
2014-12-27 17:14 - 2015-01-04 18:07 - 00000000 ____D () C:\Users\Tomas\Downloads\AVL Suite 2014.0 (Workspace Suite 2014.0) x86 & x64
2014-12-20 17:24 - 2014-12-20 17:24 - 12101910 _____ () C:\Users\Tomas\Downloads\freeware_software.exe
2014-12-20 14:36 - 2014-12-20 14:37 - 60018700 _____ (Isoplex, Inc. ) C:\Users\Tomas\Downloads\isoplex-setup-1.0.4.exe
2014-12-20 14:32 - 2015-01-01 13:56 - 00000000 ____D () C:\Users\Tomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lotus Engineering Software
2014-12-20 14:32 - 2015-01-01 13:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lotus Engineering Software
2014-12-20 14:31 - 2015-01-01 13:56 - 00000000 ____D () C:\lesoft
2014-12-20 14:21 - 2014-12-20 14:21 - 06510590 _____ () C:\Users\Tomas\Downloads\freeware_documentation.exe
2014-12-20 14:20 - 2014-12-20 14:21 - 35421980 _____ () C:\Users\Tomas\Downloads\install_engine 2.exe
2014-12-18 14:10 - 2014-12-13 06:09 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-18 14:10 - 2014-12-13 04:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-12-11 03:28 - 2014-12-11 03:28 - 00000000 ____D () C:\Windows\system32\appraiser
2014-12-11 03:03 - 2014-10-18 03:05 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-12-11 03:03 - 2014-10-18 02:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2014-12-11 03:03 - 2014-07-07 03:06 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2014-12-11 03:03 - 2014-07-07 03:06 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2014-12-11 03:03 - 2014-07-07 03:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2014-12-11 03:03 - 2014-07-07 03:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2014-12-11 03:03 - 2014-07-07 02:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2014-12-11 03:03 - 2014-07-07 02:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2014-12-11 03:03 - 2014-07-07 02:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2014-12-11 03:03 - 2014-07-07 02:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2014-12-10 09:30 - 2014-12-04 03:50 - 00830976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2014-12-10 09:30 - 2014-12-04 03:50 - 00741376 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2014-12-10 09:30 - 2014-12-04 03:50 - 00413184 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-12-10 09:30 - 2014-12-04 03:50 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2014-12-10 09:30 - 2014-12-04 03:50 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-12-10 09:30 - 2014-12-04 03:50 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2014-12-10 09:30 - 2014-12-04 03:44 - 01083392 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-12-10 09:30 - 2014-12-02 00:28 - 01232040 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2014-12-10 09:30 - 2014-11-27 02:43 - 00389296 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-12-10 09:30 - 2014-11-27 02:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-12-10 09:30 - 2014-11-22 04:13 - 25059840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-10 09:30 - 2014-11-22 04:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-12-10 09:30 - 2014-11-22 04:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-12-10 09:30 - 2014-11-22 03:50 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-10 09:30 - 2014-11-22 03:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-12-10 09:30 - 2014-11-22 03:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-10 09:30 - 2014-11-22 03:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-12-10 09:30 - 2014-11-22 03:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-12-10 09:30 - 2014-11-22 03:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-12-10 09:30 - 2014-11-22 03:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-12-10 09:30 - 2014-11-22 03:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-12-10 09:30 - 2014-11-22 03:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-12-10 09:30 - 2014-11-22 03:34 - 06039552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-10 09:30 - 2014-11-22 03:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-12-10 09:30 - 2014-11-22 03:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-12-10 09:30 - 2014-11-22 03:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-12-10 09:30 - 2014-11-22 03:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-12-10 09:30 - 2014-11-22 03:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-12-10 09:30 - 2014-11-22 03:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-12-10 09:30 - 2014-11-22 03:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-12-10 09:30 - 2014-11-22 03:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-10 09:30 - 2014-11-22 03:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-12-10 09:30 - 2014-11-22 03:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-12-10 09:30 - 2014-11-22 03:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-12-10 09:30 - 2014-11-22 03:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-10 09:30 - 2014-11-22 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-12-10 09:30 - 2014-11-22 03:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-12-10 09:30 - 2014-11-22 02:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-12-10 09:30 - 2014-11-22 02:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-12-10 09:30 - 2014-11-22 02:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-12-10 09:30 - 2014-11-22 02:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-12-10 09:30 - 2014-11-22 02:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-10 09:30 - 2014-11-22 02:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-12-10 09:30 - 2014-11-22 02:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-12-10 09:30 - 2014-11-22 02:46 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-10 09:30 - 2014-11-22 02:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-12-10 09:30 - 2014-11-22 02:43 - 14412800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-10 09:30 - 2014-11-22 02:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-12-10 09:30 - 2014-11-22 02:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-12-10 09:30 - 2014-11-22 02:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-12-10 09:30 - 2014-11-22 02:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-12-10 09:30 - 2014-11-22 02:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-12-10 09:30 - 2014-11-22 02:28 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-10 09:30 - 2014-11-22 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-12-10 09:30 - 2014-11-22 02:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-12-10 09:30 - 2014-11-22 02:21 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-12-10 09:30 - 2014-11-22 02:15 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-10 09:30 - 2014-11-22 02:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-12-10 09:30 - 2014-11-22 02:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-12-10 09:30 - 2014-11-22 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-12-10 09:30 - 2014-11-22 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-12-10 09:30 - 2014-11-22 01:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-12-10 09:30 - 2014-11-11 04:09 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-10 09:30 - 2014-11-11 03:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-12-10 09:30 - 2014-11-11 02:46 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2014-12-10 09:29 - 2014-11-08 04:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-12-10 09:29 - 2014-11-08 03:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-12-10 09:29 - 2014-10-30 03:03 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe
2014-12-10 09:29 - 2014-10-30 02:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe
2014-12-10 09:29 - 2014-10-03 03:12 - 02020352 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2014-12-10 09:29 - 2014-10-03 03:12 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2014-12-10 09:29 - 2014-10-03 03:12 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2014-12-10 09:29 - 2014-10-03 03:12 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2014-12-10 09:29 - 2014-10-03 03:11 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2014-12-10 09:29 - 2014-10-03 02:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2014-12-10 09:29 - 2014-10-03 02:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll
2014-12-10 09:29 - 2014-10-03 02:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
2014-12-10 09:29 - 2014-10-03 02:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll
2014-12-10 09:29 - 2014-10-03 02:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-08 12:42 - 2014-11-27 13:19 - 00000000 ____D () C:\FRST
2015-01-08 12:41 - 2011-10-28 13:10 - 00001004 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-63412372-1427995199-370361792-1000UA.job
2015-01-08 12:40 - 2011-04-08 13:58 - 00017456 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-08 12:40 - 2011-04-08 13:58 - 00017456 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-08 12:34 - 2013-03-25 12:16 - 00000868 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-08 12:31 - 2011-04-08 14:28 - 01430986 _____ () C:\Windows\WindowsUpdate.log
2015-01-08 12:29 - 2013-03-11 09:45 - 00000000 ____D () C:\Users\Tomas\AppData\Roaming\BitTorrent
2015-01-08 12:29 - 2008-09-15 18:28 - 00003666 _____ () C:\Windows\System32\Tasks\HP Health Check
2015-01-08 12:26 - 2014-05-27 13:36 - 00000000 ____D () C:\ProgramData\VMware
2015-01-08 12:24 - 2010-09-07 13:37 - 00000000 ____D () C:\Program Files\Norman
2015-01-08 12:24 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-08 12:24 - 2009-07-14 05:51 - 02838677 _____ () C:\Windows\setupact.log
2015-01-08 12:24 - 2008-09-15 17:58 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-01-07 10:29 - 2009-09-28 17:44 - 00000000 ____D () C:\Users\Tomas\Desktop\Kolvar
2015-01-07 08:10 - 2013-03-06 08:25 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2015-01-07 07:41 - 2011-10-28 13:10 - 00000952 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-63412372-1427995199-370361792-1000Core.job
2015-01-06 18:52 - 2011-04-08 15:56 - 00691864 _____ () C:\Windows\system32\perfh007.dat
2015-01-06 18:52 - 2011-04-08 15:56 - 00150362 _____ () C:\Windows\system32\perfc007.dat
2015-01-06 18:52 - 2010-11-21 12:38 - 00666540 _____ () C:\Windows\system32\perfh01D.dat
2015-01-06 18:52 - 2010-11-21 12:38 - 00143866 _____ () C:\Windows\system32\perfc01D.dat
2015-01-06 18:52 - 2009-07-14 06:13 - 02431052 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-05 10:52 - 2014-05-27 13:42 - 00000000 ____D () C:\Users\Tomas\AppData\Roaming\VMware
2015-01-05 10:52 - 2014-05-27 13:42 - 00000000 ____D () C:\Users\Tomas\AppData\Local\VMware
2015-01-04 17:11 - 2011-04-08 14:00 - 00000000 ____D () C:\Users\Tomas
2015-01-04 17:10 - 2010-11-21 04:47 - 00361730 _____ () C:\Windows\PFRO.log
2015-01-02 18:44 - 2013-05-10 09:35 - 00000000 ____D () C:\ProgramData\Yahoo!
2015-01-02 18:37 - 2013-07-26 18:21 - 00000000 ____D () C:\Program Files\Autodesk
2015-01-02 18:10 - 2013-03-14 11:58 - 00000000 ____D () C:\ProgramData\Autodesk
2015-01-02 18:09 - 2013-07-26 18:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk
2015-01-02 16:50 - 2014-06-28 11:27 - 00000000 ____D () C:\Users\Tomas\Desktop\ULTRA_EngineProjekt
2015-01-01 13:20 - 2013-11-26 16:30 - 00000000 ____D () C:\Users\Tomas\Capri
2014-12-31 13:07 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\Setup
2014-12-31 13:06 - 2008-09-15 18:17 - 00049217 _____ () C:\Windows\DirectX.log
2014-12-30 22:17 - 2010-09-07 13:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norman Security Suite
2014-12-30 21:57 - 2013-03-05 13:05 - 00001537 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
2014-12-30 21:57 - 2013-03-05 13:05 - 00000000 ____D () C:\Program Files (x86)\Windows Live
2014-12-30 19:44 - 2012-10-11 18:20 - 00000000 ____D () C:\Windows\system32\appmgmt
2014-12-30 18:20 - 2011-04-08 14:38 - 00118168 _____ () C:\Users\Tomas\AppData\Local\GDIPFONTCACHEV1.DAT
2014-12-30 18:19 - 2009-07-14 05:45 - 00408464 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-12-30 18:01 - 2013-03-14 11:58 - 00000000 ____D () C:\Users\Tomas\AppData\Roaming\Autodesk
2014-12-30 17:26 - 2013-03-18 17:16 - 00000000 ____D () C:\Program Files\Common Files\SolidWorks Shared
2014-12-26 11:01 - 2013-06-12 18:00 - 00000000 ____D () C:\Users\Tomas\Desktop\Ultra-Thundercars
2014-12-19 18:56 - 2011-11-02 13:14 - 00000000 ____D () C:\Users\Tomas\AppData\Roaming\vlc
2014-12-17 10:49 - 2013-07-17 17:42 - 00000000 ____D () C:\Users\Tomas\Desktop\Bilder
2014-12-12 04:10 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-12-11 06:34 - 2013-03-25 12:16 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-12-11 06:34 - 2013-03-25 12:16 - 00003806 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-12-11 06:34 - 2011-11-01 13:21 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-12-11 03:28 - 2014-05-07 02:02 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-12-11 03:28 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-12-11 03:28 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\AppCompat
2014-12-11 03:12 - 2013-07-27 02:00 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-11 03:06 - 2012-10-11 19:01 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-12-11 03:06 - 2011-10-28 09:24 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
 
Files to move or delete:
====================
C:\Users\Tomas\install_flashplayer11x32_chra_aaa_aih.exe
 
 
Some content of TEMP:
====================
C:\Users\Tomas\AppData\Local\Temp\AcDeltree.exe
C:\Users\Tomas\AppData\Local\Temp\FNP_ACT_InstallerCA.dll
C:\Users\Tomas\AppData\Local\Temp\jre-6u29-windows-i586-iftw-rv.exe
C:\Users\Tomas\AppData\Local\Temp\jre-6u35-windows-i586-iftw.exe
C:\Users\Tomas\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe
C:\Users\Tomas\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
C:\Users\Tomas\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Tomas\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Tomas\AppData\Local\Temp\Runner2.exe
C:\Users\Tomas\AppData\Local\Temp\Runner4.exe
C:\Users\Tomas\AppData\Local\Temp\ttv.exe
C:\Users\Tomas\AppData\Local\Temp\uttB9B1.tmp.exe
C:\Users\Tomas\AppData\Local\Temp\_is2606.exe
C:\Users\Tomas\AppData\Local\Temp\_is8461.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-01-04 22:42
 
==================== End Of Log ============================

 

Addition.txt

Dela detta inlägg


Länk till inlägg
Dela på andra webbplatser

Klickat snett det tror jag inte riktigt på efter att ha sett den loggen.

 

Företagsdatorer bör installeras om så att man är säker på att företagshemligheter inte flyger iväg till någon annan.

 

1. Avinstallera:

Manuals Finder eftersom det är ett annonsprogram

youtubeadblocker eftersom det är ett annonsprogram

Malwarebytes Anti-Malware för gratisversionen är inte tillåten i företagsdatorer

BitTorrent för sådana program ska inte finnas i företagsdatorer och det blir färre problem utan illegal nerladdning

Java 7 Update 45

Java™ SE Runtime Environment 6 Update 1

eftersom det är gamla versioner av Java med kända säkerhetshål som gör det lätt att infektera datorn från en webbsida och de flesta behöver inte ha Java installerat.

Starta om datorn.

 

 

2. Spara AdwCleaner av Xplode på Skrivbordet: https://toolslib.net/downloads/viewdownload/1-adwcleaner/

 

Stäng alla program, inklusive webbläsare.

Dubbelklicka på AdwCleaner för att starta programmet.

 

Klicka på Scan-knappen.

Vänta tills sökningen är klar.

Klicka på Report-knappen.

En rapport kommer upp, kopiera innehållet och klistra in i ditt svar.

Om rapporten inte kommer upp, så finns den även som C:\AdwCleaner\AdwCleaner[R0].txt

 

 

3. Starta FRST.

Bocka för Addition.txt.

Skanna och bifoga de två loggarna.

Dela detta inlägg


Länk till inlägg
Dela på andra webbplatser

Ha ha, även om jag inte direkt är någon expert så köpte jag inte heller "klicka-snett-teorin" ;-)

 

 

 

 

 

# AdwCleaner v4.107 - Report created 08/01/2015 at 16:06:52
# Updated 07/01/2015 by Xplode
# Database : 2015-01-03.1 [Live]
# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)
# Username : Tomas - TOMASNYHP
# Running from : C:\Users\Tomas\Desktop\adwcleaner_4.107.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Found : C:\Program Files (x86)\DeltaFix
Folder Found : C:\ProgramData\15457971234326063082
Folder Found : C:\Windows\SysWOW64\SearchProtect
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Found : HKCU\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
Key Found : HKCU\Software\AppDataLow\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{05AF6264-0648-49B6-A810-61CF18884F1E}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D291EE29-CE80-4F52-B62B-585DDB3C9F89}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : [x64] HKCU\Software\Conduit
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{05AF6264-0648-49B6-A810-61CF18884F1E}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D291EE29-CE80-4F52-B62B-585DDB3C9F89}
Key Found : HKLM\SOFTWARE\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
Key Found : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Found : HKLM\SOFTWARE\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Found : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Found : HKLM\SOFTWARE\Classes\S
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{05AF6264-0648-49B6-A810-61CF18884F1E}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D291EE29-CE80-4F52-B62B-585DDB3C9F89}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4820778D-AB0D-6D18-C316-52A6A0E1D507}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4CEE92A3-9F0C-51AB-ADC0-34EC24AD7B7E}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{05AF6264-0648-49B6-A810-61CF18884F1E}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D291EE29-CE80-4F52-B62B-585DDB3C9F89}
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17496
 
 
-\\ Google Chrome v
 
[C:\Users\Tomas\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [search Provider] : hxxp://se.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913934
[C:\Users\Tomas\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [search Provider] : hxxp://slirsredirect.search.aol.com/slirs_hxxp/sredir?sredir=1222&query={searchTerms}&invocationType=tb50hpcndtie7-sv-se
[C:\Users\Tomas\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [search Provider] : hxxp://search.conduit.com/Results.aspx?ctid=CT3319614&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SPAE5EC031-09C0-40A1-8858-2FCB7C52047C&q={searchTerms}&SSPV=
[C:\Users\Tomas\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [search Provider] : hxxp://search.conduit.com/Results.aspx?ctid=CT3319614&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SPAE5EC031-09C0-40A1-8858-2FCB7C52047C&q={searchTerms}&SSPV=
[C:\Users\Tomas\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [search Provider] : hxxp://websearch.searchfix.info/?unqvl=63&idate=2014/12/29&l=1&q={searchTerms}
[C:\Users\Tomas\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [search Provider] : hxxp://websearch.searchfix.info/?unqvl=63&idate=2014/12/29&l=1&q={searchTerms}
[C:\Users\Tomas\AppData\Local\Google\Chrome\User Data\Default\preferences] - Found [Extension] : booedmolknjekdopkepjjeckmjkdpfgl
[C:\Users\Tomas\AppData\Local\Google\Chrome\User Data\Default\preferences] - Found [Extension] : flpcjncodpafbgdpnkljologafpionhb
[C:\Users\Tomas\AppData\Local\Google\Chrome\User Data\Default\preferences] - Found [Homepage] : hxxp://websearch.searchfix.info/?unqvl=63&idate=2014/12/29
[C:\Users\Tomas\AppData\Local\Google\Chrome\User Data\Default\preferences] - Found [Homepage] : hxxp://websearch.searchfix.info/?unqvl=63&idate=2014/12/29
 
*************************
 
AdwCleaner[R0].txt - [6021 octets] - [08/01/2015 16:06:52]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [6081 octets] ##########

Dela detta inlägg


Länk till inlägg
Dela på andra webbplatser
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-01-2015

Ran by Tomas (administrator) on TOMASNYHP on 08-01-2015 16:13:47

Running from C:\Users\Tomas\Desktop

Loaded Profiles: Tomas & UpdatusUser (Available profiles: Tomas & UpdatusUser)

Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: Svenska (Sverige)

Internet Explorer Version 11 (Default browser: Chrome)

Boot Mode: Normal


 

==================== Processes (Whitelisted) =================

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

(Norman Safeground AS) C:\Program Files\Norman\Npm\Bin\nfservice.exe

(Norman Safeground AS) C:\Program Files\Norman\Nse\bin\nseupdatesvc.exe

(Norman Safeground AS) C:\Program Files\Norman\nvc\bin\nvcsvc.exe

(Norman AS) C:\Program Files\Norman\Npm\Bin\nvoy.exe

(Norman Safeground AS) C:\Program Files\Norman\Ngs\bin\nnf.exe

(Norman Safeground AS) C:\Program Files\Norman\Ngs\bin\nprosec.exe

(Norman Safeground AS) C:\Program Files\Norman\Npm\Bin\nwscmon.exe

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(Norman Safeground AS) C:\Program Files\Norman\Npm\Bin\Zanda.exe

(Autodesk, Inc.) C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe

(Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 7520 series\Bin\ScanToPCActivationApp.exe

(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

(Hewlett-Packard Company) C:\hp\support\hpsysdrv.exe

(OsdMaestro) C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD64.exe

(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe

(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe

(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe

(Norman Safeground AS) C:\Program Files\Norman\Npm\Bin\Zlh.exe

(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe

(Dassault Systèmes SolidWorks Corp.) C:\Program Files\SolidWorks Corp\SolidWorks\sldworks_fs.exe

(Dassault Systèmes SolidWorks Corp.) C:\Program Files (x86)\Common Files\SolidWorks Installation Manager\BackgroundDownloading\sldBgDwld.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(Norman Safeground AS) C:\Program Files\Norman\Npm\Bin\zlhh.exe

(SafeNet Inc.) C:\Windows\System32\hasplms.exe

() C:\hp\HPEZBTN\HPBtnSrv.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe

(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe

(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe

(SafeNet, Inc.) C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe

(SafeNet, Inc) C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe

(SafeNet, Inc.) C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Security Runtime\sntlsrtsrvr.exe

(Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 7520 series\Bin\HPNetworkCommunicator.exe

(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

(VMware, Inc.) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE

(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe

(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe

(Norman Safeground AS) C:\Program Files\Norman\Npm\Bin\scheduler.exe

() C:\Program Files\Norman\Npm\Bin\njeeves2.exe

(Hewlett-Packard Company) C:\hp\KBD\kbd.exe

(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Service.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

 

 

==================== Registry (Whitelisted) ==================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

HKLM\...\Run: [iAAnotif] => C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [178712 2008-06-11] (Intel Corporation)

HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe [39792 2008-01-11] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [HP Health Check Scheduler] => c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [75008 2008-06-02] (Hewlett-Packard)

HKLM-x32\...\Run: [hpsysdrv] => c:\hp\support\hpsysdrv.exe [65536 2007-04-18] (Hewlett-Packard Company)

HKLM-x32\...\Run: [KBD] => C:\HP\KBD\KbdStub.EXE [65536 2006-12-08] ()

HKLM-x32\...\Run: [OsdMaestro] => c:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD64.exe [119296 2007-02-15] (OsdMaestro)

HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)

HKLM-x32\...\Run: [] => [X]

HKLM-x32\...\Run: [indexSearch] => C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe [46368 2010-03-08] (Nuance Communications, Inc.)

HKLM-x32\...\Run: [PaperPort PTD] => C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe [29984 2010-03-08] (Nuance Communications, Inc.)

HKLM-x32\...\Run: [PPort12reminder] => C:\Program Files (x86)\Nuance\PaperPort\Ereg\Ereg.exe [328992 2010-02-09] (Nuance Communications, Inc.)

HKLM-x32\...\Run: [PDFHook] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe [636192 2010-03-05] (Nuance Communications, Inc.)

HKLM-x32\...\Run: [PDF5 Registry Controller] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe [62752 2010-03-05] (Nuance Communications, Inc.)

HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [143360 2012-09-06] (Brother Industries, Ltd.)

HKLM-x32\...\Run: [brStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [3076096 2012-06-06] (Brother Industries, Ltd.)

HKLM-x32\...\Run: [Norman ZANDA] => C:\Program Files\Norman\Npm\Bin\ZLH.EXE [88536 2014-08-21] (Norman Safeground AS)

HKLM-x32\...\Run: [sunJavaUpdateReg] => C:\Windows\SysWOW64\jureg.exe [54936 2007-04-07] (Sun Microsystems, Inc.)

HKU\S-1-5-21-63412372-1427995199-370361792-1000\...\Run: [Google Update] => C:\Users\Tomas\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2011-10-28] (Google Inc.)

HKU\S-1-5-21-63412372-1427995199-370361792-1000\...\Run: [HP Photosmart 7520 series (NET)] => C:\Program Files\HP\HP Photosmart 7520 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)

HKU\S-1-5-21-63412372-1427995199-370361792-1000\...\Run: [iSUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation)

HKU\S-1-5-21-63412372-1427995199-370361792-1000\...\RunOnce: [Application Restart #4] => C:\Users\Tomas\AppData\Local\Google\Chrome\Application\chrome.exe [854344 2014-10-10] (Google Inc.)

HKU\S-1-5-21-63412372-1427995199-370361792-1000\...\Policies\Explorer: [] 

HKU\S-1-5-21-63412372-1427995199-370361792-1000\...\MountPoints2: {5fc4e9cc-110c-11e2-9fa8-00221558bc48} - K:\LaunchU3.exe -a

HKU\S-1-5-21-63412372-1427995199-370361792-1000\...\MountPoints2: {5fc4e9d5-110c-11e2-9fa8-00221558bc48} - K:\LaunchU3.exe -a

HKU\S-1-5-21-63412372-1427995199-370361792-1001\...\Run: [Google Update] => C:\Users\Tomas\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2011-10-28] (Google Inc.)

HKU\S-1-5-21-63412372-1427995199-370361792-1001\...\Run: [HP Photosmart 7520 series (NET)] => C:\Program Files\HP\HP Photosmart 7520 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)

HKU\S-1-5-21-63412372-1427995199-370361792-1001\...\Run: [Messenger (Yahoo!)] => "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet

HKU\S-1-5-21-63412372-1427995199-370361792-1001\...\Run: [iSUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation)

HKU\S-1-5-21-63412372-1427995199-370361792-1001\...\Policies\Explorer: [] 

HKU\S-1-5-21-63412372-1427995199-370361792-1001\...\MountPoints2: {0a479bf6-962b-11dd-a3b2-806e6f6e6963} - F:\start.exe

HKU\S-1-5-21-63412372-1427995199-370361792-1001\...\MountPoints2: {5fc4e9cc-110c-11e2-9fa8-00221558bc48} - K:\LaunchU3.exe -a

HKU\S-1-5-21-63412372-1427995199-370361792-1001\...\MountPoints2: {5fc4e9d5-110c-11e2-9fa8-00221558bc48} - K:\LaunchU3.exe -a

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk

ShortcutTarget: Adobe Gamma Loader.exe.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SolidWorks 2013 Fast Start.lnk

ShortcutTarget: SolidWorks 2013 Fast Start.lnk -> C:\Windows\Installer\{B6B5EA7E-B91F-443D-A958-B0062FB53804}\NewShortcut2_87EDF6C81D0A4B7B84F42FE0C6A9D608.exe (Flexera Software, Inc.)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SolidWorks Background Downloader.lnk

ShortcutTarget: SolidWorks Background Downloader.lnk -> C:\Program Files (x86)\Common Files\SolidWorks Installation Manager\BackgroundDownloading\sldBgDwld.exe (Dassault Systèmes SolidWorks Corp.)

CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

 

==================== Internet (Whitelisted) ====================

 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

 

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 

HKU\S-1-5-21-63412372-1427995199-370361792-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

HKU\S-1-5-21-63412372-1427995199-370361792-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

SearchScopes: HKLM -> DefaultScope {05AF6264-0648-49B6-A810-61CF18884F1E} URL = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1222&query={searchTerms}&invocationType=tb50hpcndtie7-sv-se


SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}


SearchScopes: HKLM-x32 -> DefaultScope {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.searchfix.info/?unqvl=63&idate=2014/12/29&l=1&q={searchTerms}


SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

SearchScopes: HKLM-x32 -> {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.searchfix.info/?unqvl=63&idate=2014/12/29&l=1&q={searchTerms}


SearchScopes: HKU\S-1-5-21-63412372-1427995199-370361792-1000 -> DefaultScope {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.searchfix.info/?unqvl=63&idate=2014/12/29&l=1&q={searchTerms}

SearchScopes: HKU\S-1-5-21-63412372-1427995199-370361792-1000 -> {05AF6264-0648-49B6-A810-61CF18884F1E} URL = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1222&query={searchTerms}&invocationType=tb50hpcndtie7-sv-se

SearchScopes: HKU\S-1-5-21-63412372-1427995199-370361792-1000 -> {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.searchfix.info/?unqvl=63&idate=2014/12/29&l=1&q={searchTerms}

SearchScopes: HKU\S-1-5-21-63412372-1427995199-370361792-1000 -> {D291EE29-CE80-4F52-B62B-585DDB3C9F89} URL = http://se.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913934

SearchScopes: HKU\S-1-5-21-63412372-1427995199-370361792-1000 -> {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = http://search.yahoo.com/search?p={searchTerms}&fr=mkg028

SearchScopes: HKU\S-1-5-21-63412372-1427995199-370361792-1001 -> DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = 

SearchScopes: HKU\S-1-5-21-63412372-1427995199-370361792-1001 -> {05AF6264-0648-49B6-A810-61CF18884F1E} URL = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1222&query={searchTerms}&invocationType=tb50hpcndtie7-sv-se

SearchScopes: HKU\S-1-5-21-63412372-1427995199-370361792-1001 -> {D291EE29-CE80-4F52-B62B-585DDB3C9F89} URL = http://se.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913934

SearchScopes: HKU\S-1-5-21-63412372-1427995199-370361792-1001 -> {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = http://search.yahoo.com/search?p={searchTerms}&fr=mkg028

BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} ->  No File

BHO-x32: Länkhjälp till Adobe PDF Reader -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

BHO-x32: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll (Zeon Corporation)

BHO-x32: AOL Toolbar BHO -> {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} -> C:\Program Files (x86)\AOL\AOL Verktygsfält 5.0\aoltb.dll (AOL LLC)

BHO-x32: Inloggningshjälp för Microsoft-konto -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.6.0_01\bin\jp2ssv.dll No File

Toolbar: HKLM-x32 - AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files (x86)\AOL\AOL Verktygsfält 5.0\aoltb.dll (AOL LLC)

Toolbar: HKU\S-1-5-21-63412372-1427995199-370361792-1000 -> AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} -  No File

Toolbar: HKU\S-1-5-21-63412372-1427995199-370361792-1001 -> AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} -  No File


DPF: HKLM-x32 {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.7.cab

Tcpip\Parameters: [DhcpNameServer] 217.27.161.40 217.27.161.3

 

FireFox:

========

FF Plugin: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF Plugin-x32: @bankid.com/BankID säkerhetsprogram,version=5.0.2.10 -> C:\Program Files (x86)\BankID\npBispBrowser.dll (Finansiell ID-Teknik BID AB)

FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 -> C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)

FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

FF Plugin HKU\S-1-5-21-63412372-1427995199-370361792-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Tomas\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

FF Plugin HKU\S-1-5-21-63412372-1427995199-370361792-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Tomas\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2010-09-03]

 

Chrome: 

=======

CHR dev: Chrome dev build detected! <======= ATTENTION

CHR Profile: C:\Users\Tomas\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Google Wallet) - C:\Users\Tomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]

CHR Extension: (uNisalles) - C:\ProgramData\fggnmmjhficagbcgpgpkkonpjeehmgoa\ [2013-08-22]

CHR StartMenuInternet: Google Chrome - C:\Users\Tomas\AppData\Local\Google\Chrome\Application\chrome.exe

 

==================== Services (Whitelisted) =================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

R2 Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [19232 2012-01-31] (Autodesk, Inc.)

R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [266240 2012-06-05] (Brother Industries, Ltd.) [File not signed]

R2 hasplms; C:\Windows\system32\hasplms.exe [4609928 2013-08-01] (SafeNet Inc.)

R2 HP Health Check Service; c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe [94208 2008-06-02] (Hewlett-Packard) [File not signed]

R2 HPBtnSrv; c:\hp\HPEZBTN\HPBtnSrv.exe [198240 2007-05-29] ()

R2 LightScribeService; c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2008-06-09] (Hewlett-Packard Company) [File not signed]

R2 nfservice; C:\Program Files\Norman\Npm\Bin\nfservice.exe [194536 2014-11-03] (Norman Safeground AS)

R3 NJeeves2; C:\Program Files\Norman\Npm\Bin\Njeeves2.exe [179080 2014-11-27] ()

R2 NNFSVC; C:\Program Files\Norman\Ngs\Bin\Nnf.exe [281128 2014-06-30] (Norman Safeground AS)

R2 Norman ZANDA; C:\Program Files\Norman\Npm\Bin\Zanda.exe [456664 2014-06-30] (Norman Safeground AS)

R2 NPROSECSVC; C:\Program Files\Norman\Ngs\Bin\Nprosec.exe [140032 2014-10-15] (Norman Safeground AS)

R2 nseupdatesvc; C:\Program Files\Norman\nse\bin\nseupdatesvc.exe [261456 2014-12-03] (Norman Safeground AS)

R2 nvcsvc; C:\Program Files\Norman\nvc\bin\nvcsvc.exe [401560 2014-11-27] (Norman Safeground AS)

R2 nvoy; C:\Program Files\Norman\Npm\Bin\nvoy.exe [246560 2013-06-27] (Norman AS)

R2 NWSCMON; C:\Program Files\Norman\Npm\Bin\nwscmon.exe [231008 2014-08-05] (Norman Safeground AS)

R2 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [144672 2010-03-08] (Nuance Communications, Inc.)

R3 Scheduler; C:\Program Files\Norman\Npm\Bin\scheduler.exe [199680 2014-06-30] (Norman Safeground AS)

R2 SentinelKeysServer; C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe [374304 2011-09-22] (SafeNet, Inc.)

R2 SentinelProtectionServer; C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe [1259040 2011-09-22] (SafeNet, Inc)

R2 SentinelSecurityRuntime; C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Security Runtime\sntlsrtsrvr.exe [292384 2011-09-22] (SafeNet, Inc.)

S3 SolidWorks Licensing Service; C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe [79360 2013-03-18] (SolidWorks) [File not signed]

S3 Norman NJeeves; "C:\Program Files\Norman\Npm\Bin\Njeeves.exe" [X]

S3 WPFFontCache_v0400; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [X]

 

==================== Drivers (Whitelisted) ====================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

S3 akshasp; C:\Windows\System32\DRIVERS\akshasp.sys [60488 2013-08-01] (SafeNet Inc.)

S3 akshhl; C:\Windows\System32\DRIVERS\akshhl.sys [63944 2013-08-01] (SafeNet Inc.)

S3 aksusb; C:\Windows\System32\DRIVERS\aksusb.sys [303624 2013-08-01] (SafeNet Inc.)

R3 gzflt; C:\Program Files\Norman\nvc\bin\gzflt.sys [138232 2014-06-04] (BitDefender LLC)

R2 hardlock; C:\Windows\system32\drivers\hardlock.sys [331328 2013-08-01] (SafeNet Inc.)

R1 NGS; c:\program files\norman\ngs\bin\ngs64.sys [23488 2014-06-27] (Norman Safeground AS)

R1 NPROSEC; C:\Program Files\Norman\Ngs\Bin\nprosec64.sys [41536 2014-08-27] (Norman Safeground AS)

R2 nregsec; C:\Program Files\Norman\Ngs\Bin\nregsec64.sys [68792 2014-10-15] (Norman Safeground AS)

R2 Sentinel64; C:\Windows\System32\Drivers\Sentinel64.sys [145448 2009-09-17] (SafeNet, Inc.)

S3 TdsNordecr; C:\Windows\System32\DRIVERS\nordecr.sys [28672 2007-10-30] (Todos Data System AB)

R3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [389240 2014-06-26] (BitDefender S.R.L.)

R0 vsock; C:\Windows\System32\drivers\vsock.sys [73296 2013-10-08] (VMware, Inc.)

R2 {22D78859-9CE9-4B77-BF18-AC83E81A9263}; C:\Program Files (x86)\HP\DVDPlay\000.fcl [32240 2008-06-11] (Cyberlink Corp.)

S3 VGPU; System32\drivers\rdvgkmd.sys [X]

 

==================== NetSvcs (Whitelisted) ===================

 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

 

 

==================== One Month Created Files and Folders ========

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2015-01-08 16:13 - 2015-01-08 16:14 - 00023888 _____ () C:\Users\Tomas\Desktop\FRST.txt

2015-01-08 16:06 - 2015-01-08 16:08 - 00000000 ____D () C:\AdwCleaner

2015-01-08 16:02 - 2015-01-08 16:02 - 02191360 _____ () C:\Users\Tomas\Desktop\adwcleaner_4.107.exe

2015-01-08 12:35 - 2015-01-08 12:36 - 02124288 _____ (Farbar) C:\Users\Tomas\Desktop\FRST64.exe

2015-01-01 13:25 - 2015-01-04 18:09 - 00000000 ____D () C:\Users\Tomas\Downloads\Digital Tutors - Creating a Parametric Multi Bodied CAD Model in Solidworks[AKD]

2014-12-31 18:14 - 2014-12-31 18:14 - 00000000 ____D () C:\Users\Tomas\Documents\MATLAB

2014-12-31 17:55 - 2014-12-31 19:01 - 00000000 ____D () C:\Program Files\Ricardo

2014-12-31 17:03 - 2014-12-31 17:03 - 00002892 _____ () C:\Windows\System32\Tasks\{39821805-2F8F-4E0A-93FE-7D510B5007B6}

2014-12-31 13:11 - 2014-12-31 13:11 - 00001224 _____ () C:\Windows\SysWOW64\hdd32.log

2014-12-31 13:06 - 2006-12-20 10:00 - 02511360 _____ (Aladdin Knowledge Systems Ltd.) C:\Windows\SysWOW64\haspds_windows.dll

2014-12-31 13:06 - 2005-06-21 11:10 - 00024576 _____ () C:\Windows\SysWOW64\hdsuinst.exe

2014-12-31 13:06 - 2002-07-26 17:02 - 00153088 _____ () C:\Windows\SysWOW64\UNWISE.EXE

2014-12-31 13:05 - 2014-12-31 13:05 - 00001527 _____ () C:\Users\Public\Desktop\Dynomation-5.lnk

2014-12-31 13:05 - 2014-12-31 13:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Motion Software Simulations

2014-12-31 13:03 - 2015-01-05 12:02 - 00000000 ____D () C:\Dynomation5

2014-12-31 12:51 - 2014-12-31 12:51 - 00003034 _____ () C:\Windows\System32\Tasks\{85286B8D-AD13-4A3D-A567-56CC47D0957D}

2014-12-30 22:17 - 2014-11-27 09:59 - 00205336 _____ () C:\Windows\system32\nscrnsav.scr

2014-12-30 22:17 - 2014-06-30 12:42 - 00461120 _____ (Norman Safeground AS) C:\Windows\system32\Drivers\tdi_nf.sys

2014-12-30 22:17 - 2014-06-30 12:42 - 00133152 _____ (Norman Safeground AS) C:\Windows\system32\Drivers\ale7_nf64.sys

2014-12-30 22:17 - 2014-06-30 12:42 - 00130080 _____ (Norman Safeground AS) C:\Windows\system32\Drivers\ale_nf64.sys

2014-12-30 22:17 - 2014-06-30 12:42 - 00123888 _____ (Norman Safeground AS) C:\Windows\system32\Drivers\ale7_nf.sys

2014-12-30 22:17 - 2014-06-30 12:41 - 00120792 _____ (Norman Safeground AS) C:\Windows\system32\Drivers\ale_nf.sys

2014-12-30 22:17 - 2014-06-26 12:49 - 00389240 _____ (BitDefender S.R.L.) C:\Windows\system32\Drivers\Trufos.sys

2014-12-30 22:17 - 2011-08-26 10:03 - 00053928 _____ (Norman ASA) C:\Windows\system32\Drivers\nnetsec.sys

2014-12-30 22:17 - 2011-08-11 13:52 - 00034440 _____ (Norman ASA) C:\Windows\system32\Drivers\nnetsecl64.sys

2014-12-30 22:17 - 2011-08-11 13:52 - 00030856 _____ (Norman ASA) C:\Windows\system32\Drivers\nnetsecl.sys

2014-12-30 21:56 - 2014-12-30 21:56 - 00000000 ____D () C:\Program Files\Windows Live

2014-12-30 21:52 - 2014-12-30 21:52 - 01650048 _____ (Norman Safeground AS ) C:\Users\Tomas\Downloads\NormanSecuritySuite_1100x64 (4).exe

2014-12-30 20:35 - 2014-12-30 20:35 - 00000000 ____D () C:\Users\Tomas\Desktop\FRST-OlderVersion

2014-12-30 17:37 - 2014-12-30 17:37 - 00000106 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.64.bc

2014-12-30 17:37 - 2014-12-30 17:37 - 00000000 ____D () C:\Users\Tomas\AppData\Roaming\Gibbs

2014-12-30 17:37 - 2014-12-30 17:37 - 00000000 ____D () C:\Users\Tomas\AppData\Local\Gibbs

2014-12-30 17:25 - 2014-12-30 17:25 - 00000000 ____D () C:\ProgramData\Gibbs

2014-12-30 17:22 - 2013-08-01 15:11 - 04609928 _____ (SafeNet Inc.) C:\Windows\system32\hasplms.exe

2014-12-30 17:22 - 2013-08-01 15:11 - 04609928 _____ (SafeNet Inc.) C:\Windows\system32\aksllmtp.exe

2014-12-30 17:22 - 2013-08-01 15:11 - 00140736 _____ (SafeNet Inc.) C:\Windows\system32\Drivers\aksfridge.sys

2014-12-30 17:21 - 2013-08-01 15:11 - 00331328 _____ (SafeNet Inc.) C:\Windows\system32\Drivers\hardlock.sys

2014-12-30 17:21 - 2013-08-01 15:11 - 00303624 _____ (SafeNet Inc.) C:\Windows\system32\Drivers\aksusb.sys

2014-12-30 17:21 - 2013-08-01 15:11 - 00198088 _____ (Aladdin Knowledge Systems Ltd.) C:\Windows\SysWOW64\hlvdd.dll

2014-12-30 17:21 - 2013-08-01 15:11 - 00091784 _____ (SafeNet Inc.) C:\Windows\system32\Drivers\aksdf.sys

2014-12-30 17:21 - 2013-08-01 15:11 - 00077768 _____ (Aladdin Knowledge Systems Ltd.) C:\Windows\system32\aksusb4.dll

2014-12-30 17:21 - 2013-08-01 15:11 - 00070088 _____ (SafeNet Inc.) C:\Windows\system32\akshhl30.dll

2014-12-30 17:21 - 2013-08-01 15:11 - 00063944 _____ (SafeNet Inc.) C:\Windows\system32\Drivers\akshhl.sys

2014-12-30 17:21 - 2013-08-01 15:11 - 00060488 _____ (SafeNet Inc.) C:\Windows\system32\Drivers\akshasp.sys

2014-12-30 17:21 - 2013-08-01 15:11 - 00021448 _____ (SafeNet Inc.) C:\Windows\system32\Drivers\aksclass.sys

2014-12-30 17:21 - 2013-08-01 15:11 - 00018376 _____ (Aladdin Knowledge Systems Ltd.) C:\Windows\system32\akshsp52.dll

2014-12-30 17:20 - 2014-12-31 13:10 - 00019350 _____ () C:\Windows\aksdrvsetup.log

2014-12-30 17:20 - 2014-12-30 17:20 - 00000000 ____D () C:\ProgramData\SafeNet Sentinel

2014-12-30 17:20 - 2014-12-30 17:20 - 00000000 ____D () C:\Program Files (x86)\SafeNet Sentinel

2014-12-30 17:20 - 2009-09-17 07:05 - 00145448 _____ (SafeNet, Inc.) C:\Windows\system32\Drivers\sentinel64.sys

2014-12-30 17:19 - 2014-12-30 17:19 - 00000000 ____D () C:\Users\Tomas\Documents\Downloaded Installations

2014-12-29 20:28 - 2014-12-29 20:28 - 00000000 ____D () C:\Users\Tomas\Desktop\Ny mapp

2014-12-29 19:36 - 2015-01-04 18:10 - 00000000 ____D () C:\Users\Tomas\Downloads\InfiniteSkills – Learning SolidWorks 2015

2014-12-29 19:32 - 2014-12-29 19:36 - 07342075 _____ () C:\Users\Tomas\Downloads\Engineering Analysis with SolidWorks Simulation 2014 book.zip

2014-12-29 19:32 - 2014-12-29 19:34 - 45322957 _____ () C:\Users\Tomas\Downloads\Mechanics of Materials Labs With Solidworks Simulation 2014.zip

2014-12-29 19:18 - 2014-12-29 19:19 - 00000000 ____D () C:\Users\Tomas\Desktop\_SolidSQUAD_

2014-12-29 19:14 - 2014-06-22 07:17 - 00000000 ____D () C:\Users\Tomas\Desktop\Windows

2014-12-29 19:07 - 2014-09-28 14:59 - 00000000 ____D () C:\Users\Tomas\Desktop\Lynda – Modeling a Motorcycle Engine with SolidWorks

2014-12-29 19:06 - 2014-12-29 19:06 - 00000000 ____D () C:\Users\Tomas\Ny Mapp

2014-12-29 19:04 - 2014-12-29 19:04 - 00000000 ____D () C:\Users\Tomas\AppData\Roaming\WinRAR

2014-12-29 19:03 - 2014-12-29 19:03 - 01987488 _____ () C:\Users\Tomas\Downloads\winrar-x64-520sw.exe

2014-12-29 19:03 - 2014-12-29 19:03 - 00000000 ____D () C:\Program Files\WinRAR

2014-12-29 19:02 - 2014-12-29 19:02 - 01766152 _____ () C:\Users\Tomas\Downloads\wrar520 (1).exe

2014-12-29 19:00 - 2014-12-29 19:00 - 01766152 _____ () C:\Users\Tomas\Downloads\wrar520.exe

2014-12-29 18:38 - 2014-12-29 18:44 - 244373633 _____ () C:\Users\Tomas\Downloads\Ricardo Wave v71.rar

2014-12-29 18:28 - 2015-01-04 18:11 - 00000000 ____D () C:\Users\Tomas\Downloads\Lynda – Modeling a Motorcycle Engine with SolidWorks

2014-12-29 18:08 - 2014-12-31 01:10 - 00000000 ____D () C:\Program Files (x86)\DeltaFix

2014-12-29 18:08 - 2014-12-29 18:08 - 00000000 ____D () C:\Program Files (x86)\Shareaholic for Pinterest

2014-12-29 18:07 - 2014-12-31 01:22 - 00000000 ____D () C:\Program Files (x86)\unisAleis

2014-12-29 18:06 - 2014-12-29 18:06 - 00000000 ____D () C:\ProgramData\fggnmmjhficagbcgpgpkkonpjeehmgoa

2014-12-29 18:06 - 2014-12-29 18:06 - 00000000 ____D () C:\ProgramData\15457971234326063082

2014-12-29 18:06 - 2014-12-29 18:06 - 00000000 ____D () C:\Program Files (x86)\uNisalles

2014-12-29 17:45 - 2015-01-04 17:50 - 00000000 ____D () C:\Users\Tomas\Downloads\Ricardo Suite 2014.1 x86 & x64

2014-12-29 13:47 - 2014-12-29 13:47 - 00000000 ____D () C:\Users\Tomas\Downloads\Avl Suite 2013 Workspace Suite v2013.1 With Fire v2013.1 (x86x64)

2014-12-28 12:25 - 2014-12-28 12:25 - 00000000 ____D () C:\Users\Tomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PipeMax v3.98

2014-12-28 12:25 - 2014-12-28 12:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PipeMax v3.98

2014-12-28 12:24 - 2014-12-28 12:24 - 00249856 ____N (Microsoft Corporation) C:\Windows\Setup1.exe

2014-12-28 12:23 - 2014-12-28 18:46 - 00000000 ____D () C:\PIPE398

2014-12-28 12:23 - 2014-12-28 12:23 - 00073216 _____ (Microsoft Corporation) C:\Windows\ST6UNST.EXE

2014-12-27 17:25 - 2014-12-27 17:25 - 00000000 ____D () C:\Users\Tomas\Downloads\SolidProfessor Solidworks 2013

2014-12-27 17:14 - 2015-01-04 18:07 - 00000000 ____D () C:\Users\Tomas\Downloads\AVL Suite 2014.0 (Workspace Suite 2014.0) x86 & x64

2014-12-20 17:24 - 2014-12-20 17:24 - 12101910 _____ () C:\Users\Tomas\Downloads\freeware_software.exe

2014-12-20 14:36 - 2014-12-20 14:37 - 60018700 _____ (Isoplex, Inc. ) C:\Users\Tomas\Downloads\isoplex-setup-1.0.4.exe

2014-12-20 14:32 - 2015-01-01 13:56 - 00000000 ____D () C:\Users\Tomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lotus Engineering Software

2014-12-20 14:32 - 2015-01-01 13:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lotus Engineering Software

2014-12-20 14:31 - 2015-01-01 13:56 - 00000000 ____D () C:\lesoft

2014-12-20 14:21 - 2014-12-20 14:21 - 06510590 _____ () C:\Users\Tomas\Downloads\freeware_documentation.exe

2014-12-20 14:20 - 2014-12-20 14:21 - 35421980 _____ () C:\Users\Tomas\Downloads\install_engine 2.exe

2014-12-18 14:10 - 2014-12-13 06:09 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2014-12-18 14:10 - 2014-12-13 04:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2014-12-11 03:28 - 2014-12-11 03:28 - 00000000 ____D () C:\Windows\system32\appraiser

2014-12-11 03:03 - 2014-10-18 03:05 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll

2014-12-11 03:03 - 2014-10-18 02:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll

2014-12-11 03:03 - 2014-07-07 03:06 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll

2014-12-11 03:03 - 2014-07-07 03:06 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe

2014-12-11 03:03 - 2014-07-07 03:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe

2014-12-11 03:03 - 2014-07-07 03:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll

2014-12-11 03:03 - 2014-07-07 02:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll

2014-12-11 03:03 - 2014-07-07 02:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe

2014-12-11 03:03 - 2014-07-07 02:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe

2014-12-11 03:03 - 2014-07-07 02:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll

2014-12-10 09:30 - 2014-12-04 03:50 - 00830976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll

2014-12-10 09:30 - 2014-12-04 03:50 - 00741376 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll

2014-12-10 09:30 - 2014-12-04 03:50 - 00413184 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll

2014-12-10 09:30 - 2014-12-04 03:50 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll

2014-12-10 09:30 - 2014-12-04 03:50 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll

2014-12-10 09:30 - 2014-12-04 03:50 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll

2014-12-10 09:30 - 2014-12-04 03:44 - 01083392 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll

2014-12-10 09:30 - 2014-12-02 00:28 - 01232040 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe

2014-12-10 09:30 - 2014-11-27 02:43 - 00389296 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll

2014-12-10 09:30 - 2014-11-27 02:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll

2014-12-10 09:30 - 2014-11-22 04:13 - 25059840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2014-12-10 09:30 - 2014-11-22 04:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2014-12-10 09:30 - 2014-11-22 04:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll

2014-12-10 09:30 - 2014-11-22 03:50 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2014-12-10 09:30 - 2014-11-22 03:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2014-12-10 09:30 - 2014-11-22 03:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2014-12-10 09:30 - 2014-11-22 03:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll

2014-12-10 09:30 - 2014-11-22 03:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll

2014-12-10 09:30 - 2014-11-22 03:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2014-12-10 09:30 - 2014-11-22 03:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2014-12-10 09:30 - 2014-11-22 03:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2014-12-10 09:30 - 2014-11-22 03:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe

2014-12-10 09:30 - 2014-11-22 03:34 - 06039552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2014-12-10 09:30 - 2014-11-22 03:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll

2014-12-10 09:30 - 2014-11-22 03:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe

2014-12-10 09:30 - 2014-11-22 03:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2014-12-10 09:30 - 2014-11-22 03:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll

2014-12-10 09:30 - 2014-11-22 03:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2014-12-10 09:30 - 2014-11-22 03:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll

2014-12-10 09:30 - 2014-11-22 03:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll

2014-12-10 09:30 - 2014-11-22 03:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2014-12-10 09:30 - 2014-11-22 03:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2014-12-10 09:30 - 2014-11-22 03:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2014-12-10 09:30 - 2014-11-22 03:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll

2014-12-10 09:30 - 2014-11-22 03:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll

2014-12-10 09:30 - 2014-11-22 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll

2014-12-10 09:30 - 2014-11-22 03:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2014-12-10 09:30 - 2014-11-22 02:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2014-12-10 09:30 - 2014-11-22 02:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2014-12-10 09:30 - 2014-11-22 02:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2014-12-10 09:30 - 2014-11-22 02:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll

2014-12-10 09:30 - 2014-11-22 02:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2014-12-10 09:30 - 2014-11-22 02:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2014-12-10 09:30 - 2014-11-22 02:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll

2014-12-10 09:30 - 2014-11-22 02:46 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2014-12-10 09:30 - 2014-11-22 02:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll

2014-12-10 09:30 - 2014-11-22 02:43 - 14412800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2014-12-10 09:30 - 2014-11-22 02:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll

2014-12-10 09:30 - 2014-11-22 02:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll

2014-12-10 09:30 - 2014-11-22 02:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2014-12-10 09:30 - 2014-11-22 02:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll

2014-12-10 09:30 - 2014-11-22 02:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2014-12-10 09:30 - 2014-11-22 02:28 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2014-12-10 09:30 - 2014-11-22 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2014-12-10 09:30 - 2014-11-22 02:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2014-12-10 09:30 - 2014-11-22 02:21 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll

2014-12-10 09:30 - 2014-11-22 02:15 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2014-12-10 09:30 - 2014-11-22 02:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2014-12-10 09:30 - 2014-11-22 02:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

2014-12-10 09:30 - 2014-11-22 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2014-12-10 09:30 - 2014-11-22 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2014-12-10 09:30 - 2014-11-22 01:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

2014-12-10 09:30 - 2014-11-11 04:09 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll

2014-12-10 09:30 - 2014-11-11 03:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll

2014-12-10 09:30 - 2014-11-11 02:46 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys

2014-12-10 09:29 - 2014-11-08 04:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll

2014-12-10 09:29 - 2014-11-08 03:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll

2014-12-10 09:29 - 2014-10-30 03:03 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe

2014-12-10 09:29 - 2014-10-30 02:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe

2014-12-10 09:29 - 2014-10-03 03:12 - 02020352 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll

2014-12-10 09:29 - 2014-10-03 03:12 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll

2014-12-10 09:29 - 2014-10-03 03:12 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll

2014-12-10 09:29 - 2014-10-03 03:12 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll

2014-12-10 09:29 - 2014-10-03 03:11 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe

2014-12-10 09:29 - 2014-10-03 02:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll

2014-12-10 09:29 - 2014-10-03 02:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll

2014-12-10 09:29 - 2014-10-03 02:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll

2014-12-10 09:29 - 2014-10-03 02:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll

2014-12-10 09:29 - 2014-10-03 02:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe

 

==================== One Month Modified Files and Folders =======

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2015-01-08 16:13 - 2014-11-27 13:19 - 00000000 ____D () C:\FRST

2015-01-08 16:01 - 2011-04-08 13:58 - 00017456 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2015-01-08 16:01 - 2011-04-08 13:58 - 00017456 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2015-01-08 15:58 - 2011-04-08 14:28 - 01441880 _____ () C:\Windows\WindowsUpdate.log

2015-01-08 15:53 - 2014-05-27 13:36 - 00000000 ____D () C:\ProgramData\VMware

2015-01-08 15:52 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2015-01-08 15:52 - 2009-07-14 05:51 - 02850515 _____ () C:\Windows\setupact.log

2015-01-08 15:51 - 2010-09-07 13:37 - 00000000 ____D () C:\Program Files\Norman

2015-01-08 15:51 - 2008-09-15 17:58 - 00000000 ____D () C:\ProgramData\NVIDIA

2015-01-08 15:49 - 2008-09-15 18:09 - 00000000 ____D () C:\Program Files (x86)\Java

2015-01-08 15:47 - 2013-03-11 09:45 - 00000000 ____D () C:\Users\Tomas\AppData\Roaming\BitTorrent

2015-01-08 15:41 - 2011-10-28 13:10 - 00001004 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-63412372-1427995199-370361792-1000UA.job

2015-01-08 15:34 - 2013-03-25 12:16 - 00000868 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2015-01-08 14:14 - 2011-04-08 15:56 - 00691864 _____ () C:\Windows\system32\perfh007.dat

2015-01-08 14:14 - 2011-04-08 15:56 - 00150362 _____ () C:\Windows\system32\perfc007.dat

2015-01-08 14:14 - 2010-11-21 12:38 - 00666540 _____ () C:\Windows\system32\perfh01D.dat

2015-01-08 14:14 - 2010-11-21 12:38 - 00143866 _____ () C:\Windows\system32\perfc01D.dat

2015-01-08 14:14 - 2009-07-14 06:13 - 02431052 _____ () C:\Windows\system32\PerfStringBackup.INI

2015-01-08 12:51 - 2014-11-27 13:27 - 00000000 ____D () C:\Users\Tomas\Desktop\Virus 14

2015-01-08 12:29 - 2008-09-15 18:28 - 00003666 _____ () C:\Windows\System32\Tasks\HP Health Check

2015-01-07 10:29 - 2009-09-28 17:44 - 00000000 ____D () C:\Users\Tomas\Desktop\Kolvar

2015-01-07 08:10 - 2013-03-06 08:25 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log

2015-01-07 07:41 - 2011-10-28 13:10 - 00000952 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-63412372-1427995199-370361792-1000Core.job

2015-01-05 10:52 - 2014-05-27 13:42 - 00000000 ____D () C:\Users\Tomas\AppData\Roaming\VMware

2015-01-05 10:52 - 2014-05-27 13:42 - 00000000 ____D () C:\Users\Tomas\AppData\Local\VMware

2015-01-04 17:11 - 2011-04-08 14:00 - 00000000 ____D () C:\Users\Tomas

2015-01-04 17:10 - 2010-11-21 04:47 - 00361730 _____ () C:\Windows\PFRO.log

2015-01-02 18:44 - 2013-05-10 09:35 - 00000000 ____D () C:\ProgramData\Yahoo!

2015-01-02 18:37 - 2013-07-26 18:21 - 00000000 ____D () C:\Program Files\Autodesk

2015-01-02 18:10 - 2013-03-14 11:58 - 00000000 ____D () C:\ProgramData\Autodesk

2015-01-02 18:09 - 2013-07-26 18:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk

2015-01-02 16:50 - 2014-06-28 11:27 - 00000000 ____D () C:\Users\Tomas\Desktop\ULTRA_EngineProjekt

2015-01-01 13:20 - 2013-11-26 16:30 - 00000000 ____D () C:\Users\Tomas\Capri

2014-12-31 13:07 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\Setup

2014-12-31 13:06 - 2008-09-15 18:17 - 00049217 _____ () C:\Windows\DirectX.log

2014-12-30 22:17 - 2010-09-07 13:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norman Security Suite

2014-12-30 21:57 - 2013-03-05 13:05 - 00001537 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk

2014-12-30 21:57 - 2013-03-05 13:05 - 00000000 ____D () C:\Program Files (x86)\Windows Live

2014-12-30 19:44 - 2012-10-11 18:20 - 00000000 ____D () C:\Windows\system32\appmgmt

2014-12-30 18:20 - 2011-04-08 14:38 - 00118168 _____ () C:\Users\Tomas\AppData\Local\GDIPFONTCACHEV1.DAT

2014-12-30 18:19 - 2009-07-14 05:45 - 00408464 _____ () C:\Windows\system32\FNTCACHE.DAT

2014-12-30 18:01 - 2013-03-14 11:58 - 00000000 ____D () C:\Users\Tomas\AppData\Roaming\Autodesk

2014-12-30 17:26 - 2013-03-18 17:16 - 00000000 ____D () C:\Program Files\Common Files\SolidWorks Shared

2014-12-26 11:01 - 2013-06-12 18:00 - 00000000 ____D () C:\Users\Tomas\Desktop\Ultra-Thundercars

2014-12-19 18:56 - 2011-11-02 13:14 - 00000000 ____D () C:\Users\Tomas\AppData\Roaming\vlc

2014-12-17 10:49 - 2013-07-17 17:42 - 00000000 ____D () C:\Users\Tomas\Desktop\Bilder

2014-12-12 04:10 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache

2014-12-11 06:34 - 2013-03-25 12:16 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2014-12-11 06:34 - 2013-03-25 12:16 - 00003806 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater

2014-12-11 06:34 - 2011-11-01 13:21 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2014-12-11 03:28 - 2014-05-07 02:02 - 00000000 ___SD () C:\Windows\system32\CompatTel

2014-12-11 03:28 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PolicyDefinitions

2014-12-11 03:28 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\AppCompat

2014-12-11 03:12 - 2013-07-27 02:00 - 00000000 ____D () C:\Windows\system32\MRT

2014-12-11 03:06 - 2012-10-11 19:01 - 00000000 ____D () C:\ProgramData\Microsoft Help

2014-12-11 03:06 - 2011-10-28 09:24 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

 

Files to move or delete:

====================

C:\Users\Tomas\install_flashplayer11x32_chra_aaa_aih.exe

 

 

Some content of TEMP:

====================

C:\Users\Tomas\AppData\Local\Temp\AcDeltree.exe

C:\Users\Tomas\AppData\Local\Temp\FNP_ACT_InstallerCA.dll

C:\Users\Tomas\AppData\Local\Temp\jre-6u29-windows-i586-iftw-rv.exe

C:\Users\Tomas\AppData\Local\Temp\jre-6u35-windows-i586-iftw.exe

C:\Users\Tomas\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe

C:\Users\Tomas\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe

C:\Users\Tomas\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe

C:\Users\Tomas\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe

C:\Users\Tomas\AppData\Local\Temp\Runner2.exe

C:\Users\Tomas\AppData\Local\Temp\Runner4.exe

C:\Users\Tomas\AppData\Local\Temp\ttv.exe

C:\Users\Tomas\AppData\Local\Temp\uttB9B1.tmp.exe

C:\Users\Tomas\AppData\Local\Temp\_is2606.exe

C:\Users\Tomas\AppData\Local\Temp\_is8461.exe

 

 

==================== Bamital & volsnap Check =================

 

(There is no automatic fix for files that do not pass verification.)

 

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

 

 

LastRegBack: 2015-01-04 22:42

 

==================== End Of Log ============================

Addition.txt

FRST.txt

Dela detta inlägg


Länk till inlägg
Dela på andra webbplatser

1. Stäng alla program, inklusive webbläsare.

Dubbelklicka på AdwCleaner för att starta programmet.

 

Klicka på Scan-knappen.

Vänta tills sökningen är klar.

 

Klicka på Clean-knappen.

Tryck på OK.

Tryck på OK fler gånger om det kommer upp meddelanden.

 

Datorn kommer att startas om, om den inte gör det automatiskt får du göra det själv.

En rapport kommer upp, kopiera innehållet och klistra in i ditt svar.

Om rapporten inte kommer upp, så finns den även som C:\AdwCleaner\AdwCleaner[s0].txt

 

 

2. Starta FRST.

Ta bort bocken framför Addition.txt.

Skanna med FRST och klistra in den nya FRST.txt så får vi se vad som återstår efter att AdwCleaner rensat.

Dela detta inlägg


Länk till inlägg
Dela på andra webbplatser
# AdwCleaner v4.107 - Report created 08/01/2015 at 17:17:46

# Updated 07/01/2015 by Xplode

# Database : 2015-01-03.1 [Live]

# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)

# Username : Tomas - TOMASNYHP

# Running from : C:\Users\Tomas\Desktop\adwcleaner_4.107.exe

# Option : Clean

 

***** [ Services ] *****

 

 

***** [ Files / Folders ] *****

 

Folder Deleted : C:\ProgramData\15457971234326063082

Folder Deleted : C:\Program Files (x86)\DeltaFix

Folder Deleted : C:\Windows\SysWOW64\SearchProtect

 

***** [ Scheduled Tasks ] *****

 

 

***** [ Shortcuts ] *****

 

 

***** [ Registry ] *****

 

Key Deleted : HKLM\SOFTWARE\Classes\S

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}

Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{05AF6264-0648-49B6-A810-61CF18884F1E}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D291EE29-CE80-4F52-B62B-585DDB3C9F89}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{05AF6264-0648-49B6-A810-61CF18884F1E}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D291EE29-CE80-4F52-B62B-585DDB3C9F89}

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{05AF6264-0648-49B6-A810-61CF18884F1E}

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D291EE29-CE80-4F52-B62B-585DDB3C9F89}

Key Deleted : HKCU\Software\Conduit

Key Deleted : HKCU\Software\AppDataLow\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}

Key Deleted : HKCU\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}

Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}

Key Deleted : HKLM\SOFTWARE\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}

Key Deleted : HKLM\SOFTWARE\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4820778D-AB0D-6D18-C316-52A6A0E1D507}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4CEE92A3-9F0C-51AB-ADC0-34EC24AD7B7E}

 

***** [ Browsers ] *****

 

-\\ Internet Explorer v11.0.9600.17496

 

 

-\\ Google Chrome v

 

[C:\Users\Tomas\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [search Provider] : hxxp://se.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913934

[C:\Users\Tomas\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [search Provider] : hxxp://slirsredirect.search.aol.com/slirs_hxxp/sredir?sredir=1222&query={searchTerms}&invocationType=tb50hpcndtie7-sv-se

[C:\Users\Tomas\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [search Provider] : hxxp://search.conduit.com/Results.aspx?ctid=CT3319614&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SPAE5EC031-09C0-40A1-8858-2FCB7C52047C&q={searchTerms}&SSPV=

[C:\Users\Tomas\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [search Provider] : hxxp://search.conduit.com/Results.aspx?ctid=CT3319614&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SPAE5EC031-09C0-40A1-8858-2FCB7C52047C&q={searchTerms}&SSPV=

[C:\Users\Tomas\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [search Provider] : hxxp://websearch.searchfix.info/?unqvl=63&idate=2014/12/29&l=1&q={searchTerms}

[C:\Users\Tomas\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [search Provider] : hxxp://websearch.searchfix.info/?unqvl=63&idate=2014/12/29&l=1&q={searchTerms}

[C:\Users\Tomas\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : booedmolknjekdopkepjjeckmjkdpfgl

[C:\Users\Tomas\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : flpcjncodpafbgdpnkljologafpionhb

[C:\Users\Tomas\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Homepage] : hxxp://websearch.searchfix.info/?unqvl=63&idate=2014/12/29

[C:\Users\Tomas\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Homepage] : hxxp://websearch.searchfix.info/?unqvl=63&idate=2014/12/29

 

*************************

 

AdwCleaner[R0].txt - [6193 octets] - [08/01/2015 16:06:52]

AdwCleaner[R1].txt - [6253 octets] - [08/01/2015 17:05:04]

AdwCleaner[R2].txt - [6313 octets] - [08/01/2015 17:10:03]

AdwCleaner[s0].txt - [5655 octets] - [08/01/2015 17:17:46]

 

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [5715 octets] ##########

Dela detta inlägg


Länk till inlägg
Dela på andra webbplatser
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-01-2015

Ran by Tomas (administrator) on TOMASNYHP on 08-01-2015 17:22:19

Running from C:\Users\Tomas\Desktop

Loaded Profiles: Tomas & UpdatusUser (Available profiles: Tomas & UpdatusUser)

Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: Svenska (Sverige)

Internet Explorer Version 11 (Default browser: Chrome)

Boot Mode: Normal


 

==================== Processes (Whitelisted) =================

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

(Norman Safeground AS) C:\Program Files\Norman\Npm\Bin\nfservice.exe

(Norman Safeground AS) C:\Program Files\Norman\Nse\bin\nseupdatesvc.exe

(Norman Safeground AS) C:\Program Files\Norman\nvc\bin\nvcsvc.exe

(Norman AS) C:\Program Files\Norman\Npm\Bin\nvoy.exe

(Norman Safeground AS) C:\Program Files\Norman\Ngs\bin\nnf.exe

(Norman Safeground AS) C:\Program Files\Norman\Ngs\bin\nprosec.exe

(Norman Safeground AS) C:\Program Files\Norman\Npm\Bin\nwscmon.exe

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(Norman Safeground AS) C:\Program Files\Norman\Npm\Bin\Zanda.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe

(Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 7520 series\Bin\ScanToPCActivationApp.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe

(Autodesk, Inc.) C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(SafeNet Inc.) C:\Windows\System32\hasplms.exe

(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 8.0\Reader\reader_sl.exe

(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

() C:\hp\HPEZBTN\HPBtnSrv.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe

(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe

(SafeNet, Inc.) C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe

(SafeNet, Inc) C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe

(SafeNet, Inc.) C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Security Runtime\sntlsrtsrvr.exe

(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

(VMware, Inc.) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE

(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe

(Hewlett-Packard Company) C:\hp\support\hpsysdrv.exe

(OsdMaestro) C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD64.exe

(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe

(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe

(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe

(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe

(Norman Safeground AS) C:\Program Files\Norman\Npm\Bin\Zlh.exe

(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe

(Dassault Systèmes SolidWorks Corp.) C:\Program Files\SolidWorks Corp\SolidWorks\sldworks_fs.exe

(Dassault Systèmes SolidWorks Corp.) C:\Program Files (x86)\Common Files\SolidWorks Installation Manager\BackgroundDownloading\sldBgDwld.exe

(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe

(Norman Safeground AS) C:\Program Files\Norman\Npm\Bin\zlhh.exe

(Norman Safeground AS) C:\Program Files\Norman\Npm\Bin\scheduler.exe

() C:\Program Files\Norman\Npm\Bin\njeeves2.exe

(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe

(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Service.exe

(Hewlett-Packard Company) C:\hp\KBD\kbd.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

 

 

==================== Registry (Whitelisted) ==================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

HKLM\...\Run: [iAAnotif] => C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [178712 2008-06-11] (Intel Corporation)

HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe [39792 2008-01-11] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [HP Health Check Scheduler] => c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [75008 2008-06-02] (Hewlett-Packard)

HKLM-x32\...\Run: [hpsysdrv] => c:\hp\support\hpsysdrv.exe [65536 2007-04-18] (Hewlett-Packard Company)

HKLM-x32\...\Run: [KBD] => C:\HP\KBD\KbdStub.EXE [65536 2006-12-08] ()

HKLM-x32\...\Run: [OsdMaestro] => c:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD64.exe [119296 2007-02-15] (OsdMaestro)

HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)

HKLM-x32\...\Run: [] => [X]

HKLM-x32\...\Run: [indexSearch] => C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe [46368 2010-03-08] (Nuance Communications, Inc.)

HKLM-x32\...\Run: [PaperPort PTD] => C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe [29984 2010-03-08] (Nuance Communications, Inc.)

HKLM-x32\...\Run: [PPort12reminder] => C:\Program Files (x86)\Nuance\PaperPort\Ereg\Ereg.exe [328992 2010-02-09] (Nuance Communications, Inc.)

HKLM-x32\...\Run: [PDFHook] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe [636192 2010-03-05] (Nuance Communications, Inc.)

HKLM-x32\...\Run: [PDF5 Registry Controller] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe [62752 2010-03-05] (Nuance Communications, Inc.)

HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [143360 2012-09-06] (Brother Industries, Ltd.)

HKLM-x32\...\Run: [brStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [3076096 2012-06-06] (Brother Industries, Ltd.)

HKLM-x32\...\Run: [Norman ZANDA] => C:\Program Files\Norman\Npm\Bin\ZLH.EXE [88536 2014-08-21] (Norman Safeground AS)

HKLM-x32\...\Run: [sunJavaUpdateReg] => C:\Windows\SysWOW64\jureg.exe [54936 2007-04-07] (Sun Microsystems, Inc.)

HKU\S-1-5-21-63412372-1427995199-370361792-1000\...\Run: [Google Update] => C:\Users\Tomas\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2011-10-28] (Google Inc.)

HKU\S-1-5-21-63412372-1427995199-370361792-1000\...\Run: [HP Photosmart 7520 series (NET)] => C:\Program Files\HP\HP Photosmart 7520 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)

HKU\S-1-5-21-63412372-1427995199-370361792-1000\...\Run: [iSUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation)

HKU\S-1-5-21-63412372-1427995199-370361792-1000\...\RunOnce: [Application Restart #4] => C:\Users\Tomas\AppData\Local\Google\Chrome\Application\chrome.exe [854344 2014-10-10] (Google Inc.)

HKU\S-1-5-21-63412372-1427995199-370361792-1000\...\Policies\Explorer: [] 

HKU\S-1-5-21-63412372-1427995199-370361792-1000\...\MountPoints2: {5fc4e9cc-110c-11e2-9fa8-00221558bc48} - K:\LaunchU3.exe -a

HKU\S-1-5-21-63412372-1427995199-370361792-1000\...\MountPoints2: {5fc4e9d5-110c-11e2-9fa8-00221558bc48} - K:\LaunchU3.exe -a

HKU\S-1-5-21-63412372-1427995199-370361792-1001\...\Run: [Google Update] => C:\Users\Tomas\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2011-10-28] (Google Inc.)

HKU\S-1-5-21-63412372-1427995199-370361792-1001\...\Run: [HP Photosmart 7520 series (NET)] => C:\Program Files\HP\HP Photosmart 7520 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)

HKU\S-1-5-21-63412372-1427995199-370361792-1001\...\Run: [Messenger (Yahoo!)] => "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet

HKU\S-1-5-21-63412372-1427995199-370361792-1001\...\Run: [iSUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation)

HKU\S-1-5-21-63412372-1427995199-370361792-1001\...\Policies\Explorer: [] 

HKU\S-1-5-21-63412372-1427995199-370361792-1001\...\MountPoints2: {0a479bf6-962b-11dd-a3b2-806e6f6e6963} - F:\start.exe

HKU\S-1-5-21-63412372-1427995199-370361792-1001\...\MountPoints2: {5fc4e9cc-110c-11e2-9fa8-00221558bc48} - K:\LaunchU3.exe -a

HKU\S-1-5-21-63412372-1427995199-370361792-1001\...\MountPoints2: {5fc4e9d5-110c-11e2-9fa8-00221558bc48} - K:\LaunchU3.exe -a

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk

ShortcutTarget: Adobe Gamma Loader.exe.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SolidWorks 2013 Fast Start.lnk

ShortcutTarget: SolidWorks 2013 Fast Start.lnk -> C:\Windows\Installer\{B6B5EA7E-B91F-443D-A958-B0062FB53804}\NewShortcut2_87EDF6C81D0A4B7B84F42FE0C6A9D608.exe (Flexera Software, Inc.)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SolidWorks Background Downloader.lnk

ShortcutTarget: SolidWorks Background Downloader.lnk -> C:\Program Files (x86)\Common Files\SolidWorks Installation Manager\BackgroundDownloading\sldBgDwld.exe (Dassault Systèmes SolidWorks Corp.)

CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

 

==================== Internet (Whitelisted) ====================

 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

 

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 

HKU\S-1-5-21-63412372-1427995199-370361792-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

HKU\S-1-5-21-63412372-1427995199-370361792-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKU\S-1-5-21-63412372-1427995199-370361792-1000 -> {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = http://search.yahoo.com/search?p={searchTerms}&fr=mkg028

SearchScopes: HKU\S-1-5-21-63412372-1427995199-370361792-1001 -> {05AF6264-0648-49B6-A810-61CF18884F1E} URL = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1222&query={searchTerms}&invocationType=tb50hpcndtie7-sv-se

SearchScopes: HKU\S-1-5-21-63412372-1427995199-370361792-1001 -> {D291EE29-CE80-4F52-B62B-585DDB3C9F89} URL = http://se.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913934

SearchScopes: HKU\S-1-5-21-63412372-1427995199-370361792-1001 -> {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = http://search.yahoo.com/search?p={searchTerms}&fr=mkg028

BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO-x32: Länkhjälp till Adobe PDF Reader -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

BHO-x32: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll (Zeon Corporation)

BHO-x32: AOL Toolbar BHO -> {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} -> C:\Program Files (x86)\AOL\AOL Verktygsfält 5.0\aoltb.dll (AOL LLC)

BHO-x32: Inloggningshjälp för Microsoft-konto -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.6.0_01\bin\jp2ssv.dll No File

Toolbar: HKLM-x32 - AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files (x86)\AOL\AOL Verktygsfält 5.0\aoltb.dll (AOL LLC)

Toolbar: HKU\S-1-5-21-63412372-1427995199-370361792-1000 -> AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} -  No File

Toolbar: HKU\S-1-5-21-63412372-1427995199-370361792-1001 -> AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} -  No File


DPF: HKLM-x32 {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.7.cab

Tcpip\Parameters: [DhcpNameServer] 217.27.161.40 217.27.161.3

 

FireFox:

========

FF Plugin: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF Plugin-x32: @bankid.com/BankID säkerhetsprogram,version=5.0.2.10 -> C:\Program Files (x86)\BankID\npBispBrowser.dll (Finansiell ID-Teknik BID AB)

FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 -> C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)

FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

FF Plugin HKU\S-1-5-21-63412372-1427995199-370361792-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Tomas\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

FF Plugin HKU\S-1-5-21-63412372-1427995199-370361792-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Tomas\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2010-09-03]

 

Chrome: 

=======

CHR dev: Chrome dev build detected! <======= ATTENTION

CHR Profile: C:\Users\Tomas\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Google Wallet) - C:\Users\Tomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]

CHR Extension: (uNisalles) - C:\ProgramData\fggnmmjhficagbcgpgpkkonpjeehmgoa\ [2013-08-22]

CHR StartMenuInternet: Google Chrome - C:\Users\Tomas\AppData\Local\Google\Chrome\Application\chrome.exe

 

==================== Services (Whitelisted) =================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

R2 Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [19232 2012-01-31] (Autodesk, Inc.)

R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [266240 2012-06-05] (Brother Industries, Ltd.) [File not signed]

R2 hasplms; C:\Windows\system32\hasplms.exe [4609928 2013-08-01] (SafeNet Inc.)

R2 HP Health Check Service; c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe [94208 2008-06-02] (Hewlett-Packard) [File not signed]

R2 HPBtnSrv; c:\hp\HPEZBTN\HPBtnSrv.exe [198240 2007-05-29] ()

R2 LightScribeService; c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2008-06-09] (Hewlett-Packard Company) [File not signed]

R2 nfservice; C:\Program Files\Norman\Npm\Bin\nfservice.exe [194536 2014-11-03] (Norman Safeground AS)

R3 NJeeves2; C:\Program Files\Norman\Npm\Bin\Njeeves2.exe [179080 2014-11-27] ()

R2 NNFSVC; C:\Program Files\Norman\Ngs\Bin\Nnf.exe [281128 2014-06-30] (Norman Safeground AS)

R2 Norman ZANDA; C:\Program Files\Norman\Npm\Bin\Zanda.exe [456664 2014-06-30] (Norman Safeground AS)

R2 NPROSECSVC; C:\Program Files\Norman\Ngs\Bin\Nprosec.exe [140032 2014-10-15] (Norman Safeground AS)

R2 nseupdatesvc; C:\Program Files\Norman\nse\bin\nseupdatesvc.exe [261456 2014-12-03] (Norman Safeground AS)

R2 nvcsvc; C:\Program Files\Norman\nvc\bin\nvcsvc.exe [401560 2014-11-27] (Norman Safeground AS)

R2 nvoy; C:\Program Files\Norman\Npm\Bin\nvoy.exe [246560 2013-06-27] (Norman AS)

R2 NWSCMON; C:\Program Files\Norman\Npm\Bin\nwscmon.exe [231008 2014-08-05] (Norman Safeground AS)

R2 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [144672 2010-03-08] (Nuance Communications, Inc.)

R3 Scheduler; C:\Program Files\Norman\Npm\Bin\scheduler.exe [199680 2014-06-30] (Norman Safeground AS)

R2 SentinelKeysServer; C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe [374304 2011-09-22] (SafeNet, Inc.)

R2 SentinelProtectionServer; C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe [1259040 2011-09-22] (SafeNet, Inc)

R2 SentinelSecurityRuntime; C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Security Runtime\sntlsrtsrvr.exe [292384 2011-09-22] (SafeNet, Inc.)

S3 SolidWorks Licensing Service; C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe [79360 2013-03-18] (SolidWorks) [File not signed]

S3 Norman NJeeves; "C:\Program Files\Norman\Npm\Bin\Njeeves.exe" [X]

S3 WPFFontCache_v0400; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [X]

 

==================== Drivers (Whitelisted) ====================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

S3 akshasp; C:\Windows\System32\DRIVERS\akshasp.sys [60488 2013-08-01] (SafeNet Inc.)

S3 akshhl; C:\Windows\System32\DRIVERS\akshhl.sys [63944 2013-08-01] (SafeNet Inc.)

S3 aksusb; C:\Windows\System32\DRIVERS\aksusb.sys [303624 2013-08-01] (SafeNet Inc.)

R3 gzflt; C:\Program Files\Norman\nvc\bin\gzflt.sys [138232 2014-06-04] (BitDefender LLC)

R2 hardlock; C:\Windows\system32\drivers\hardlock.sys [331328 2013-08-01] (SafeNet Inc.)

R1 NGS; c:\program files\norman\ngs\bin\ngs64.sys [23488 2014-06-27] (Norman Safeground AS)

R1 NPROSEC; C:\Program Files\Norman\Ngs\Bin\nprosec64.sys [41536 2014-08-27] (Norman Safeground AS)

R2 nregsec; C:\Program Files\Norman\Ngs\Bin\nregsec64.sys [68792 2014-10-15] (Norman Safeground AS)

R2 Sentinel64; C:\Windows\System32\Drivers\Sentinel64.sys [145448 2009-09-17] (SafeNet, Inc.)

S3 TdsNordecr; C:\Windows\System32\DRIVERS\nordecr.sys [28672 2007-10-30] (Todos Data System AB)

R3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [389240 2014-06-26] (BitDefender S.R.L.)

R0 vsock; C:\Windows\System32\drivers\vsock.sys [73296 2013-10-08] (VMware, Inc.)

R2 {22D78859-9CE9-4B77-BF18-AC83E81A9263}; C:\Program Files (x86)\HP\DVDPlay\000.fcl [32240 2008-06-11] (Cyberlink Corp.)

S3 VGPU; System32\drivers\rdvgkmd.sys [X]

 

==================== NetSvcs (Whitelisted) ===================

 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

 

 

==================== One Month Created Files and Folders ========

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2015-01-08 16:15 - 2015-01-08 16:15 - 00034018 _____ () C:\Users\Tomas\Desktop\Addition.txt

2015-01-08 16:13 - 2015-01-08 17:22 - 00021669 _____ () C:\Users\Tomas\Desktop\FRST.txt

2015-01-08 16:06 - 2015-01-08 17:17 - 00000000 ____D () C:\AdwCleaner

2015-01-08 16:02 - 2015-01-08 16:02 - 02191360 _____ () C:\Users\Tomas\Desktop\adwcleaner_4.107.exe

2015-01-08 12:35 - 2015-01-08 12:36 - 02124288 _____ (Farbar) C:\Users\Tomas\Desktop\FRST64.exe

2015-01-01 13:25 - 2015-01-04 18:09 - 00000000 ____D () C:\Users\Tomas\Downloads\Digital Tutors - Creating a Parametric Multi Bodied CAD Model in Solidworks[AKD]

2014-12-31 18:14 - 2014-12-31 18:14 - 00000000 ____D () C:\Users\Tomas\Documents\MATLAB

2014-12-31 17:55 - 2014-12-31 19:01 - 00000000 ____D () C:\Program Files\Ricardo

2014-12-31 17:03 - 2014-12-31 17:03 - 00002892 _____ () C:\Windows\System32\Tasks\{39821805-2F8F-4E0A-93FE-7D510B5007B6}

2014-12-31 13:11 - 2014-12-31 13:11 - 00001224 _____ () C:\Windows\SysWOW64\hdd32.log

2014-12-31 13:06 - 2006-12-20 10:00 - 02511360 _____ (Aladdin Knowledge Systems Ltd.) C:\Windows\SysWOW64\haspds_windows.dll

2014-12-31 13:06 - 2005-06-21 11:10 - 00024576 _____ () C:\Windows\SysWOW64\hdsuinst.exe

2014-12-31 13:06 - 2002-07-26 17:02 - 00153088 _____ () C:\Windows\SysWOW64\UNWISE.EXE

2014-12-31 13:05 - 2014-12-31 13:05 - 00001527 _____ () C:\Users\Public\Desktop\Dynomation-5.lnk

2014-12-31 13:05 - 2014-12-31 13:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Motion Software Simulations

2014-12-31 13:03 - 2015-01-05 12:02 - 00000000 ____D () C:\Dynomation5

2014-12-31 12:51 - 2014-12-31 12:51 - 00003034 _____ () C:\Windows\System32\Tasks\{85286B8D-AD13-4A3D-A567-56CC47D0957D}

2014-12-30 22:17 - 2014-11-27 09:59 - 00205336 _____ () C:\Windows\system32\nscrnsav.scr

2014-12-30 22:17 - 2014-06-30 12:42 - 00461120 _____ (Norman Safeground AS) C:\Windows\system32\Drivers\tdi_nf.sys

2014-12-30 22:17 - 2014-06-30 12:42 - 00133152 _____ (Norman Safeground AS) C:\Windows\system32\Drivers\ale7_nf64.sys

2014-12-30 22:17 - 2014-06-30 12:42 - 00130080 _____ (Norman Safeground AS) C:\Windows\system32\Drivers\ale_nf64.sys

2014-12-30 22:17 - 2014-06-30 12:42 - 00123888 _____ (Norman Safeground AS) C:\Windows\system32\Drivers\ale7_nf.sys

2014-12-30 22:17 - 2014-06-30 12:41 - 00120792 _____ (Norman Safeground AS) C:\Windows\system32\Drivers\ale_nf.sys

2014-12-30 22:17 - 2014-06-26 12:49 - 00389240 _____ (BitDefender S.R.L.) C:\Windows\system32\Drivers\Trufos.sys

2014-12-30 22:17 - 2011-08-26 10:03 - 00053928 _____ (Norman ASA) C:\Windows\system32\Drivers\nnetsec.sys

2014-12-30 22:17 - 2011-08-11 13:52 - 00034440 _____ (Norman ASA) C:\Windows\system32\Drivers\nnetsecl64.sys

2014-12-30 22:17 - 2011-08-11 13:52 - 00030856 _____ (Norman ASA) C:\Windows\system32\Drivers\nnetsecl.sys

2014-12-30 21:56 - 2014-12-30 21:56 - 00000000 ____D () C:\Program Files\Windows Live

2014-12-30 21:52 - 2014-12-30 21:52 - 01650048 _____ (Norman Safeground AS ) C:\Users\Tomas\Downloads\NormanSecuritySuite_1100x64 (4).exe

2014-12-30 17:37 - 2014-12-30 17:37 - 00000106 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.64.bc

2014-12-30 17:37 - 2014-12-30 17:37 - 00000000 ____D () C:\Users\Tomas\AppData\Roaming\Gibbs

2014-12-30 17:37 - 2014-12-30 17:37 - 00000000 ____D () C:\Users\Tomas\AppData\Local\Gibbs

2014-12-30 17:25 - 2014-12-30 17:25 - 00000000 ____D () C:\ProgramData\Gibbs

2014-12-30 17:22 - 2013-08-01 15:11 - 04609928 _____ (SafeNet Inc.) C:\Windows\system32\hasplms.exe

2014-12-30 17:22 - 2013-08-01 15:11 - 04609928 _____ (SafeNet Inc.) C:\Windows\system32\aksllmtp.exe

2014-12-30 17:22 - 2013-08-01 15:11 - 00140736 _____ (SafeNet Inc.) C:\Windows\system32\Drivers\aksfridge.sys

2014-12-30 17:21 - 2013-08-01 15:11 - 00331328 _____ (SafeNet Inc.) C:\Windows\system32\Drivers\hardlock.sys

2014-12-30 17:21 - 2013-08-01 15:11 - 00303624 _____ (SafeNet Inc.) C:\Windows\system32\Drivers\aksusb.sys

2014-12-30 17:21 - 2013-08-01 15:11 - 00198088 _____ (Aladdin Knowledge Systems Ltd.) C:\Windows\SysWOW64\hlvdd.dll

2014-12-30 17:21 - 2013-08-01 15:11 - 00091784 _____ (SafeNet Inc.) C:\Windows\system32\Drivers\aksdf.sys

2014-12-30 17:21 - 2013-08-01 15:11 - 00077768 _____ (Aladdin Knowledge Systems Ltd.) C:\Windows\system32\aksusb4.dll

2014-12-30 17:21 - 2013-08-01 15:11 - 00070088 _____ (SafeNet Inc.) C:\Windows\system32\akshhl30.dll

2014-12-30 17:21 - 2013-08-01 15:11 - 00063944 _____ (SafeNet Inc.) C:\Windows\system32\Drivers\akshhl.sys

2014-12-30 17:21 - 2013-08-01 15:11 - 00060488 _____ (SafeNet Inc.) C:\Windows\system32\Drivers\akshasp.sys

2014-12-30 17:21 - 2013-08-01 15:11 - 00021448 _____ (SafeNet Inc.) C:\Windows\system32\Drivers\aksclass.sys

2014-12-30 17:21 - 2013-08-01 15:11 - 00018376 _____ (Aladdin Knowledge Systems Ltd.) C:\Windows\system32\akshsp52.dll

2014-12-30 17:20 - 2014-12-31 13:10 - 00019350 _____ () C:\Windows\aksdrvsetup.log

2014-12-30 17:20 - 2014-12-30 17:20 - 00000000 ____D () C:\ProgramData\SafeNet Sentinel

2014-12-30 17:20 - 2014-12-30 17:20 - 00000000 ____D () C:\Program Files (x86)\SafeNet Sentinel

2014-12-30 17:20 - 2009-09-17 07:05 - 00145448 _____ (SafeNet, Inc.) C:\Windows\system32\Drivers\sentinel64.sys

2014-12-30 17:19 - 2014-12-30 17:19 - 00000000 ____D () C:\Users\Tomas\Documents\Downloaded Installations

2014-12-29 20:28 - 2014-12-29 20:28 - 00000000 ____D () C:\Users\Tomas\Desktop\Ny mapp

2014-12-29 19:36 - 2015-01-04 18:10 - 00000000 ____D () C:\Users\Tomas\Downloads\InfiniteSkills – Learning SolidWorks 2015

2014-12-29 19:32 - 2014-12-29 19:36 - 07342075 _____ () C:\Users\Tomas\Downloads\Engineering Analysis with SolidWorks Simulation 2014 book.zip

2014-12-29 19:32 - 2014-12-29 19:34 - 45322957 _____ () C:\Users\Tomas\Downloads\Mechanics of Materials Labs With Solidworks Simulation 2014.zip

2014-12-29 19:18 - 2014-12-29 19:19 - 00000000 ____D () C:\Users\Tomas\Desktop\_SolidSQUAD_

2014-12-29 19:14 - 2014-06-22 07:17 - 00000000 ____D () C:\Users\Tomas\Desktop\Windows

2014-12-29 19:07 - 2014-09-28 14:59 - 00000000 ____D () C:\Users\Tomas\Desktop\Lynda – Modeling a Motorcycle Engine with SolidWorks

2014-12-29 19:06 - 2014-12-29 19:06 - 00000000 ____D () C:\Users\Tomas\Ny Mapp

2014-12-29 19:04 - 2014-12-29 19:04 - 00000000 ____D () C:\Users\Tomas\AppData\Roaming\WinRAR

2014-12-29 19:03 - 2014-12-29 19:03 - 01987488 _____ () C:\Users\Tomas\Downloads\winrar-x64-520sw.exe

2014-12-29 19:03 - 2014-12-29 19:03 - 00000000 ____D () C:\Program Files\WinRAR

2014-12-29 19:02 - 2014-12-29 19:02 - 01766152 _____ () C:\Users\Tomas\Downloads\wrar520 (1).exe

2014-12-29 19:00 - 2014-12-29 19:00 - 01766152 _____ () C:\Users\Tomas\Downloads\wrar520.exe

2014-12-29 18:38 - 2014-12-29 18:44 - 244373633 _____ () C:\Users\Tomas\Downloads\Ricardo Wave v71.rar

2014-12-29 18:28 - 2015-01-04 18:11 - 00000000 ____D () C:\Users\Tomas\Downloads\Lynda – Modeling a Motorcycle Engine with SolidWorks

2014-12-29 18:08 - 2014-12-29 18:08 - 00000000 ____D () C:\Program Files (x86)\Shareaholic for Pinterest

2014-12-29 18:07 - 2014-12-31 01:22 - 00000000 ____D () C:\Program Files (x86)\unisAleis

2014-12-29 18:06 - 2014-12-29 18:06 - 00000000 ____D () C:\ProgramData\fggnmmjhficagbcgpgpkkonpjeehmgoa

2014-12-29 18:06 - 2014-12-29 18:06 - 00000000 ____D () C:\Program Files (x86)\uNisalles

2014-12-29 17:45 - 2015-01-04 17:50 - 00000000 ____D () C:\Users\Tomas\Downloads\Ricardo Suite 2014.1 x86 & x64

2014-12-29 13:47 - 2014-12-29 13:47 - 00000000 ____D () C:\Users\Tomas\Downloads\Avl Suite 2013 Workspace Suite v2013.1 With Fire v2013.1 (x86x64)

2014-12-28 12:25 - 2014-12-28 12:25 - 00000000 ____D () C:\Users\Tomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PipeMax v3.98

2014-12-28 12:25 - 2014-12-28 12:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PipeMax v3.98

2014-12-28 12:24 - 2014-12-28 12:24 - 00249856 ____N (Microsoft Corporation) C:\Windows\Setup1.exe

2014-12-28 12:23 - 2014-12-28 18:46 - 00000000 ____D () C:\PIPE398

2014-12-28 12:23 - 2014-12-28 12:23 - 00073216 _____ (Microsoft Corporation) C:\Windows\ST6UNST.EXE

2014-12-27 17:25 - 2014-12-27 17:25 - 00000000 ____D () C:\Users\Tomas\Downloads\SolidProfessor Solidworks 2013

2014-12-27 17:14 - 2015-01-04 18:07 - 00000000 ____D () C:\Users\Tomas\Downloads\AVL Suite 2014.0 (Workspace Suite 2014.0) x86 & x64

2014-12-20 17:24 - 2014-12-20 17:24 - 12101910 _____ () C:\Users\Tomas\Downloads\freeware_software.exe

2014-12-20 14:36 - 2014-12-20 14:37 - 60018700 _____ (Isoplex, Inc. ) C:\Users\Tomas\Downloads\isoplex-setup-1.0.4.exe

2014-12-20 14:32 - 2015-01-01 13:56 - 00000000 ____D () C:\Users\Tomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lotus Engineering Software

2014-12-20 14:32 - 2015-01-01 13:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lotus Engineering Software

2014-12-20 14:31 - 2015-01-01 13:56 - 00000000 ____D () C:\lesoft

2014-12-20 14:21 - 2014-12-20 14:21 - 06510590 _____ () C:\Users\Tomas\Downloads\freeware_documentation.exe

2014-12-20 14:20 - 2014-12-20 14:21 - 35421980 _____ () C:\Users\Tomas\Downloads\install_engine 2.exe

2014-12-18 14:10 - 2014-12-13 06:09 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2014-12-18 14:10 - 2014-12-13 04:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2014-12-11 03:28 - 2014-12-11 03:28 - 00000000 ____D () C:\Windows\system32\appraiser

2014-12-11 03:03 - 2014-10-18 03:05 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll

2014-12-11 03:03 - 2014-10-18 02:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll

2014-12-11 03:03 - 2014-07-07 03:06 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll

2014-12-11 03:03 - 2014-07-07 03:06 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe

2014-12-11 03:03 - 2014-07-07 03:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe

2014-12-11 03:03 - 2014-07-07 03:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll

2014-12-11 03:03 - 2014-07-07 02:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll

2014-12-11 03:03 - 2014-07-07 02:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe

2014-12-11 03:03 - 2014-07-07 02:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe

2014-12-11 03:03 - 2014-07-07 02:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll

2014-12-10 09:30 - 2014-12-04 03:50 - 00830976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll

2014-12-10 09:30 - 2014-12-04 03:50 - 00741376 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll

2014-12-10 09:30 - 2014-12-04 03:50 - 00413184 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll

2014-12-10 09:30 - 2014-12-04 03:50 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll

2014-12-10 09:30 - 2014-12-04 03:50 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll

2014-12-10 09:30 - 2014-12-04 03:50 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll

2014-12-10 09:30 - 2014-12-04 03:44 - 01083392 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll

2014-12-10 09:30 - 2014-12-02 00:28 - 01232040 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe

2014-12-10 09:30 - 2014-11-27 02:43 - 00389296 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll

2014-12-10 09:30 - 2014-11-27 02:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll

2014-12-10 09:30 - 2014-11-22 04:13 - 25059840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2014-12-10 09:30 - 2014-11-22 04:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2014-12-10 09:30 - 2014-11-22 04:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll

2014-12-10 09:30 - 2014-11-22 03:50 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2014-12-10 09:30 - 2014-11-22 03:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2014-12-10 09:30 - 2014-11-22 03:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2014-12-10 09:30 - 2014-11-22 03:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll

2014-12-10 09:30 - 2014-11-22 03:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll

2014-12-10 09:30 - 2014-11-22 03:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2014-12-10 09:30 - 2014-11-22 03:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2014-12-10 09:30 - 2014-11-22 03:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2014-12-10 09:30 - 2014-11-22 03:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe

2014-12-10 09:30 - 2014-11-22 03:34 - 06039552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2014-12-10 09:30 - 2014-11-22 03:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll

2014-12-10 09:30 - 2014-11-22 03:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe

2014-12-10 09:30 - 2014-11-22 03:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2014-12-10 09:30 - 2014-11-22 03:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll

2014-12-10 09:30 - 2014-11-22 03:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2014-12-10 09:30 - 2014-11-22 03:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll

2014-12-10 09:30 - 2014-11-22 03:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll

2014-12-10 09:30 - 2014-11-22 03:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2014-12-10 09:30 - 2014-11-22 03:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2014-12-10 09:30 - 2014-11-22 03:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2014-12-10 09:30 - 2014-11-22 03:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll

2014-12-10 09:30 - 2014-11-22 03:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll

2014-12-10 09:30 - 2014-11-22 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll

2014-12-10 09:30 - 2014-11-22 03:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2014-12-10 09:30 - 2014-11-22 02:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2014-12-10 09:30 - 2014-11-22 02:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2014-12-10 09:30 - 2014-11-22 02:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2014-12-10 09:30 - 2014-11-22 02:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll

2014-12-10 09:30 - 2014-11-22 02:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2014-12-10 09:30 - 2014-11-22 02:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2014-12-10 09:30 - 2014-11-22 02:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll

2014-12-10 09:30 - 2014-11-22 02:46 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2014-12-10 09:30 - 2014-11-22 02:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll

2014-12-10 09:30 - 2014-11-22 02:43 - 14412800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2014-12-10 09:30 - 2014-11-22 02:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll

2014-12-10 09:30 - 2014-11-22 02:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll

2014-12-10 09:30 - 2014-11-22 02:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2014-12-10 09:30 - 2014-11-22 02:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll

2014-12-10 09:30 - 2014-11-22 02:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2014-12-10 09:30 - 2014-11-22 02:28 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2014-12-10 09:30 - 2014-11-22 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2014-12-10 09:30 - 2014-11-22 02:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2014-12-10 09:30 - 2014-11-22 02:21 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll

2014-12-10 09:30 - 2014-11-22 02:15 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2014-12-10 09:30 - 2014-11-22 02:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2014-12-10 09:30 - 2014-11-22 02:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

2014-12-10 09:30 - 2014-11-22 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2014-12-10 09:30 - 2014-11-22 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2014-12-10 09:30 - 2014-11-22 01:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

2014-12-10 09:30 - 2014-11-11 04:09 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll

2014-12-10 09:30 - 2014-11-11 03:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll

2014-12-10 09:30 - 2014-11-11 02:46 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys

2014-12-10 09:29 - 2014-11-08 04:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll

2014-12-10 09:29 - 2014-11-08 03:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll

2014-12-10 09:29 - 2014-10-30 03:03 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe

2014-12-10 09:29 - 2014-10-30 02:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe

2014-12-10 09:29 - 2014-10-03 03:12 - 02020352 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll

2014-12-10 09:29 - 2014-10-03 03:12 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll

2014-12-10 09:29 - 2014-10-03 03:12 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll

2014-12-10 09:29 - 2014-10-03 03:12 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll

2014-12-10 09:29 - 2014-10-03 03:11 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe

2014-12-10 09:29 - 2014-10-03 02:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll

2014-12-10 09:29 - 2014-10-03 02:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll

2014-12-10 09:29 - 2014-10-03 02:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll

2014-12-10 09:29 - 2014-10-03 02:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll

2014-12-10 09:29 - 2014-10-03 02:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe

 

==================== One Month Modified Files and Folders =======

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2015-01-08 17:22 - 2014-11-27 13:19 - 00000000 ____D () C:\FRST

2015-01-08 17:22 - 2008-09-15 18:28 - 00003666 _____ () C:\Windows\System32\Tasks\HP Health Check

2015-01-08 17:19 - 2014-05-27 13:36 - 00000000 ____D () C:\ProgramData\VMware

2015-01-08 17:19 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2015-01-08 17:19 - 2009-07-14 05:51 - 02862353 _____ () C:\Windows\setupact.log

2015-01-08 17:19 - 2008-09-15 17:58 - 00000000 ____D () C:\ProgramData\NVIDIA

2015-01-08 17:18 - 2010-11-21 04:47 - 00362040 _____ () C:\Windows\PFRO.log

2015-01-08 17:17 - 2011-04-08 14:28 - 01447012 _____ () C:\Windows\WindowsUpdate.log

2015-01-08 16:41 - 2011-10-28 13:10 - 00001004 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-63412372-1427995199-370361792-1000UA.job

2015-01-08 16:34 - 2013-03-25 12:16 - 00000868 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2015-01-08 16:01 - 2011-04-08 13:58 - 00017456 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2015-01-08 16:01 - 2011-04-08 13:58 - 00017456 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2015-01-08 15:51 - 2010-09-07 13:37 - 00000000 ____D () C:\Program Files\Norman

2015-01-08 15:49 - 2008-09-15 18:09 - 00000000 ____D () C:\Program Files (x86)\Java

2015-01-08 15:47 - 2013-03-11 09:45 - 00000000 ____D () C:\Users\Tomas\AppData\Roaming\BitTorrent

2015-01-08 14:14 - 2011-04-08 15:56 - 00691864 _____ () C:\Windows\system32\perfh007.dat

2015-01-08 14:14 - 2011-04-08 15:56 - 00150362 _____ () C:\Windows\system32\perfc007.dat

2015-01-08 14:14 - 2010-11-21 12:38 - 00666540 _____ () C:\Windows\system32\perfh01D.dat

2015-01-08 14:14 - 2010-11-21 12:38 - 00143866 _____ () C:\Windows\system32\perfc01D.dat

2015-01-08 14:14 - 2009-07-14 06:13 - 02431052 _____ () C:\Windows\system32\PerfStringBackup.INI

2015-01-08 12:51 - 2014-11-27 13:27 - 00000000 ____D () C:\Users\Tomas\Desktop\Virus 14

2015-01-07 10:29 - 2009-09-28 17:44 - 00000000 ____D () C:\Users\Tomas\Desktop\Kolvar

2015-01-07 08:10 - 2013-03-06 08:25 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log

2015-01-07 07:41 - 2011-10-28 13:10 - 00000952 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-63412372-1427995199-370361792-1000Core.job

2015-01-05 10:52 - 2014-05-27 13:42 - 00000000 ____D () C:\Users\Tomas\AppData\Roaming\VMware

2015-01-05 10:52 - 2014-05-27 13:42 - 00000000 ____D () C:\Users\Tomas\AppData\Local\VMware

2015-01-04 17:11 - 2011-04-08 14:00 - 00000000 ____D () C:\Users\Tomas

2015-01-02 18:44 - 2013-05-10 09:35 - 00000000 ____D () C:\ProgramData\Yahoo!

2015-01-02 18:37 - 2013-07-26 18:21 - 00000000 ____D () C:\Program Files\Autodesk

2015-01-02 18:10 - 2013-03-14 11:58 - 00000000 ____D () C:\ProgramData\Autodesk

2015-01-02 18:09 - 2013-07-26 18:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk

2015-01-02 16:50 - 2014-06-28 11:27 - 00000000 ____D () C:\Users\Tomas\Desktop\ULTRA_EngineProjekt

2015-01-01 13:20 - 2013-11-26 16:30 - 00000000 ____D () C:\Users\Tomas\Capri

2014-12-31 13:07 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\Setup

2014-12-31 13:06 - 2008-09-15 18:17 - 00049217 _____ () C:\Windows\DirectX.log

2014-12-30 22:17 - 2010-09-07 13:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norman Security Suite

2014-12-30 21:57 - 2013-03-05 13:05 - 00001537 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk

2014-12-30 21:57 - 2013-03-05 13:05 - 00000000 ____D () C:\Program Files (x86)\Windows Live

2014-12-30 19:44 - 2012-10-11 18:20 - 00000000 ____D () C:\Windows\system32\appmgmt

2014-12-30 18:20 - 2011-04-08 14:38 - 00118168 _____ () C:\Users\Tomas\AppData\Local\GDIPFONTCACHEV1.DAT

2014-12-30 18:19 - 2009-07-14 05:45 - 00408464 _____ () C:\Windows\system32\FNTCACHE.DAT

2014-12-30 18:01 - 2013-03-14 11:58 - 00000000 ____D () C:\Users\Tomas\AppData\Roaming\Autodesk

2014-12-30 17:26 - 2013-03-18 17:16 - 00000000 ____D () C:\Program Files\Common Files\SolidWorks Shared

2014-12-26 11:01 - 2013-06-12 18:00 - 00000000 ____D () C:\Users\Tomas\Desktop\Ultra-Thundercars

2014-12-19 18:56 - 2011-11-02 13:14 - 00000000 ____D () C:\Users\Tomas\AppData\Roaming\vlc

2014-12-17 10:49 - 2013-07-17 17:42 - 00000000 ____D () C:\Users\Tomas\Desktop\Bilder

2014-12-12 04:10 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache

2014-12-11 06:34 - 2013-03-25 12:16 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2014-12-11 06:34 - 2013-03-25 12:16 - 00003806 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater

2014-12-11 06:34 - 2011-11-01 13:21 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2014-12-11 03:28 - 2014-05-07 02:02 - 00000000 ___SD () C:\Windows\system32\CompatTel

2014-12-11 03:28 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PolicyDefinitions

2014-12-11 03:28 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\AppCompat

2014-12-11 03:12 - 2013-07-27 02:00 - 00000000 ____D () C:\Windows\system32\MRT

2014-12-11 03:06 - 2012-10-11 19:01 - 00000000 ____D () C:\ProgramData\Microsoft Help

2014-12-11 03:06 - 2011-10-28 09:24 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

 

Files to move or delete:

====================

C:\Users\Tomas\install_flashplayer11x32_chra_aaa_aih.exe

 

 

Some content of TEMP:

====================

C:\Users\Tomas\AppData\Local\Temp\AcDeltree.exe

C:\Users\Tomas\AppData\Local\Temp\FNP_ACT_InstallerCA.dll

C:\Users\Tomas\AppData\Local\Temp\jre-6u29-windows-i586-iftw-rv.exe

C:\Users\Tomas\AppData\Local\Temp\jre-6u35-windows-i586-iftw.exe

C:\Users\Tomas\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe

C:\Users\Tomas\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe

C:\Users\Tomas\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe

C:\Users\Tomas\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe

C:\Users\Tomas\AppData\Local\Temp\Quarantine.exe

C:\Users\Tomas\AppData\Local\Temp\Runner2.exe

C:\Users\Tomas\AppData\Local\Temp\Runner4.exe

C:\Users\Tomas\AppData\Local\Temp\sqlite3.dll

C:\Users\Tomas\AppData\Local\Temp\ttv.exe

C:\Users\Tomas\AppData\Local\Temp\uttB9B1.tmp.exe

C:\Users\Tomas\AppData\Local\Temp\_is2606.exe

C:\Users\Tomas\AppData\Local\Temp\_is8461.exe

 

 

==================== Bamital & volsnap Check =================

 

(There is no automatic fix for files that do not pass verification.)

 

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

 

 

LastRegBack: 2015-01-04 22:42

 

==================== End Of Log ============================

Dela detta inlägg


Länk till inlägg
Dela på andra webbplatser

1. Starta programmet Anteckningar.

Kopiera alla rader i rutan:

HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SunJavaUpdateReg] => C:\Windows\SysWOW64\jureg.exe [54936 2007-04-07] (Sun Microsystems, Inc.)
HKU\S-1-5-21-63412372-1427995199-370361792-1000\...\Policies\Explorer: [] 
HKU\S-1-5-21-63412372-1427995199-370361792-1001\...\Policies\Explorer: [] 
HKU\S-1-5-21-63412372-1427995199-370361792-1001\...\MountPoints2: {0a479bf6-962b-11dd-a3b2-806e6f6e6963} - F:\start.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.6.0_01\bin\jp2ssv.dll No File
Toolbar: HKU\S-1-5-21-63412372-1427995199-370361792-1000 -> AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} -  No File
Toolbar: HKU\S-1-5-21-63412372-1427995199-370361792-1001 -> AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} -  No File
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Extension: (uNisalles) - C:\ProgramData\fggnmmjhficagbcgpgpkkonpjeehmgoa\ [2013-08-22]
2014-12-29 18:07 - 2014-12-31 01:22 - 00000000 ____D () C:\Program Files (x86)\unisAleis
2014-12-29 18:06 - 2014-12-29 18:06 - 00000000 ____D () C:\ProgramData\fggnmmjhficagbcgpgpkkonpjeehmgoa
2014-12-29 18:06 - 2014-12-29 18:06 - 00000000 ____D () C:\Program Files (x86)\uNisalles
2015-01-08 15:47 - 2013-03-11 09:45 - 00000000 ____D () C:\Users\Tomas\AppData\Roaming\BitTorrent
Task: {895E0CD0-9DA0-456B-A605-55574A667BDB} - System32\Tasks\{85286B8D-AD13-4A3D-A567-56CC47D0957D} => pcalua.exe -a F:\setup.exe -d F:\
Task: {E0D9B1D2-57A9-4347-8673-54C54D1DE307} - System32\Tasks\{98F0081B-895B-46F7-B838-B4FB4378D932} => pcalua.exe -a "C:\Users\Tomas\Downloads\NCR1_install (2).exe" -d C:\Users\Tomas\Downloads
Task: {FA0D3926-9CA2-4ED1-9863-9543B27BA4CD} - System32\Tasks\{39821805-2F8F-4E0A-93FE-7D510B5007B6} => F:\Setup.exe
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`26hfm

EmptyTemp:
och klistra in i Anteckningar. Kontrollera att inga filer har delats upp på två rader.

Spara filen på skrivbordet med namnet fixlist.txt.

 

Stäng av alla program.

Starta FRST som finns på skrivbordet.

Klicka på knappen Fix.

Vänta tills programmet är klart.

Om datorn inte startas om automatiskt så gör det själv.

 

Programmet skapar en logg Fixlog.txt på skrivbordet.

Klistra in innehållet i den i ditt svar.

 

 

2. Skanna datorn online på http://www.eset.com/onlinescan/ och använd helst Internet Explorer till det.

För att inte skannern ska ta för lång tid på sig stäng av ditt antivirusprogram under tiden.

 

Välj alternativet Enable detection of potentially unwanted applications.

 

Klicka på Advanced Settings.

Ta bort bocken framför Remove found threats.

Bocka för:

Scan Archives

Scan for potentially unsafe applications

Enable Anti-Stealth Technology

 

Klicka på Start

 

När skanningen är klar klicka på List of found threats, följt av Export to a text file. Spara till en fil på skrivbordet, öppna filen, kopiera resultatet och klistra sedan in det i ditt svar.

Dela detta inlägg


Länk till inlägg
Dela på andra webbplatser
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 07-01-2015

Ran by Tomas at 2015-01-09 09:03:40 Run:1

Running from C:\Users\Tomas\Desktop

Loaded Profiles: Tomas & UpdatusUser (Available profiles: Tomas & UpdatusUser)

Boot Mode: Normal

==============================================

 

Content of fixlist:

*****************

HKLM-x32\...\Run: [] => [X]

HKLM-x32\...\Run: [sunJavaUpdateReg] => C:\Windows\SysWOW64\jureg.exe [54936 2007-04-07] (Sun Microsystems, Inc.)

HKU\S-1-5-21-63412372-1427995199-370361792-1000\...\Policies\Explorer: [] 

HKU\S-1-5-21-63412372-1427995199-370361792-1001\...\Policies\Explorer: [] 

HKU\S-1-5-21-63412372-1427995199-370361792-1001\...\MountPoints2: {0a479bf6-962b-11dd-a3b2-806e6f6e6963} - F:\start.exe

CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.6.0_01\bin\jp2ssv.dll No File

Toolbar: HKU\S-1-5-21-63412372-1427995199-370361792-1000 -> AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} -  No File

Toolbar: HKU\S-1-5-21-63412372-1427995199-370361792-1001 -> AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} -  No File

CHR dev: Chrome dev build detected! <======= ATTENTION

CHR Extension: (uNisalles) - C:\ProgramData\fggnmmjhficagbcgpgpkkonpjeehmgoa\ [2013-08-22]

2014-12-29 18:07 - 2014-12-31 01:22 - 00000000 ____D () C:\Program Files (x86)\unisAleis

2014-12-29 18:06 - 2014-12-29 18:06 - 00000000 ____D () C:\ProgramData\fggnmmjhficagbcgpgpkkonpjeehmgoa

2014-12-29 18:06 - 2014-12-29 18:06 - 00000000 ____D () C:\Program Files (x86)\uNisalles

2015-01-08 15:47 - 2013-03-11 09:45 - 00000000 ____D () C:\Users\Tomas\AppData\Roaming\BitTorrent

Task: {895E0CD0-9DA0-456B-A605-55574A667BDB} - System32\Tasks\{85286B8D-AD13-4A3D-A567-56CC47D0957D} => pcalua.exe -a F:\setup.exe -d F:\

Task: {E0D9B1D2-57A9-4347-8673-54C54D1DE307} - System32\Tasks\{98F0081B-895B-46F7-B838-B4FB4378D932} => pcalua.exe -a "C:\Users\Tomas\Downloads\NCR1_install (2).exe" -d C:\Users\Tomas\Downloads

Task: {FA0D3926-9CA2-4ED1-9863-9543B27BA4CD} - System32\Tasks\{39821805-2F8F-4E0A-93FE-7D510B5007B6} => F:\Setup.exe

AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`26hfm

 

EmptyTemp:

*****************

 

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateReg => value deleted successfully.

HKU\S-1-5-21-63412372-1427995199-370361792-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\ => value deleted successfully.

HKU\S-1-5-21-63412372-1427995199-370361792-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\ => value deleted successfully.

"HKU\S-1-5-21-63412372-1427995199-370361792-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0a479bf6-962b-11dd-a3b2-806e6f6e6963}" => Key deleted successfully.

HKCR\CLSID\{0a479bf6-962b-11dd-a3b2-806e6f6e6963} => Key not found. 

"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.

HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.

HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.

HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.

"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => Key deleted successfully.

"HKCR\Wow6432Node\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => Key deleted successfully.

HKU\S-1-5-21-63412372-1427995199-370361792-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{DE9C389F-3316-41A7-809B-AA305ED9D922} => value deleted successfully.

"HKCR\CLSID\{DE9C389F-3316-41A7-809B-AA305ED9D922}" => Key deleted successfully.

HKU\S-1-5-21-63412372-1427995199-370361792-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{DE9C389F-3316-41A7-809B-AA305ED9D922} => value deleted successfully.

HKCR\CLSID\{DE9C389F-3316-41A7-809B-AA305ED9D922} => Key not found. 

CHR dev: Chrome dev build detected! <======= ATTENTION => Error: No automatic fix found for this entry.

C:\ProgramData\fggnmmjhficagbcgpgpkkonpjeehmgoa\ => Moved successfully.

C:\Program Files (x86)\unisAleis => Moved successfully.

"C:\ProgramData\fggnmmjhficagbcgpgpkkonpjeehmgoa" => File/Directory not found.

C:\Program Files (x86)\uNisalles => Moved successfully.

C:\Users\Tomas\AppData\Roaming\BitTorrent => Moved successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{895E0CD0-9DA0-456B-A605-55574A667BDB}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{895E0CD0-9DA0-456B-A605-55574A667BDB}" => Key deleted successfully.

C:\Windows\System32\Tasks\{85286B8D-AD13-4A3D-A567-56CC47D0957D} => Moved successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{85286B8D-AD13-4A3D-A567-56CC47D0957D}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E0D9B1D2-57A9-4347-8673-54C54D1DE307}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E0D9B1D2-57A9-4347-8673-54C54D1DE307}" => Key deleted successfully.

C:\Windows\System32\Tasks\{98F0081B-895B-46F7-B838-B4FB4378D932} => Moved successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{98F0081B-895B-46F7-B838-B4FB4378D932}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FA0D3926-9CA2-4ED1-9863-9543B27BA4CD}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FA0D3926-9CA2-4ED1-9863-9543B27BA4CD}" => Key deleted successfully.

C:\Windows\System32\Tasks\{39821805-2F8F-4E0A-93FE-7D510B5007B6} => Moved successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{39821805-2F8F-4E0A-93FE-7D510B5007B6}" => Key deleted successfully.

C:\ProgramData\Reprise => ":wupeogjxldtlfudivq`qsp`26hfm" ADS removed successfully.

EmptyTemp: => Removed 10.8 GB temporary data.

 

 

The system needed a reboot. 

 

==== End of Fixlog 09:23:48 ====

Dela detta inlägg


Länk till inlägg
Dela på andra webbplatser

Av någon anledning är Chrome inställd på att få tidiga testversioner avsedda för de som utvecklar tillägg. Det är ett säkerhetsproblem eftersom testversionerna innehåller mindre skydd mot skadliga och olämpliga tillägg. Du bör följa anvisningarna på http://www.pcworld.com/article/2463916/how-to-switch-chrome-channels-to-test-new-features-before-theyre-cool.html för att gå tillbaks till färdiga versioner (stable versions).

Dela detta inlägg


Länk till inlägg
Dela på andra webbplatser

Hej,

 

Eset verkar ha hängt sig på 31% så jag avslutade och tänkte börja om. Det här hittade den hittills:

 

C:\FRST\Quarantine\C\ProgramData\fggnmmjhficagbcgpgpkkonpjeehmgoa\fggnmmjhficagbcgpgpkkonpjeehmgoa\content.js JS/Chromex.Agent.L trojan
C:\FRST\Quarantine\C\ProgramData\fggnmmjhficagbcgpgpkkonpjeehmgoa\fggnmmjhficagbcgpgpkkonpjeehmgoa\Qi62.js JS/Kryptik.ATB trojan
 

post-46787-0-27230000-1420803159_thumb.jpg

Dela detta inlägg


Länk till inlägg
Dela på andra webbplatser

De där två ligger i FRST:s karantän så de är redan oskadliggjorda.

 

Esets skanner kan ta lång tid på sig och periodvis se ut som det inte händer något, men sen kommer den igång igen. I bilden ser den ut att hålla på med en ISO-fil och det tar tid att packa upp en sådan och kontrollera varje fil som finns inuti. Du kan ju kolla om det går att rensa en del i mappen "Hämtade filer" som är det svenska namnet på mappen "Downloads".

Dela detta inlägg


Länk till inlägg
Dela på andra webbplatser

Skapa ett konto eller logga in för att kommentera

Du måste vara medlem för att kunna kommentera

Skapa ett konto

Skapa ett nytt konto på vårt forum. Det är lätt!

Registrera ett nytt konto

Logga in

Redan medlem? Logga in här.

Logga in nu



×
×
  • Skapa nytt...