Jump to content

Tagara

Honorary Members
  • Posts

    81
  • Joined

  • Last visited

Everything posted by Tagara

  1. As I were booting up the computer today to remove these programs, and get them from the internet again I noticed something very strange. No pop-ups, no sponsored ads in Google (From WebeXP,) and if I searched for something in the adress bar I did not get redirected to SnapDo, but to the normal Google page. (Bing in IE.) I have not done anything at all. I know that SnapDo is a bit hard to get rid of, but now it is gone. WebeXP is a legit program, that displays ads so people can earn money, if not more than they already do. The program itself isn't malicous, but it used malicious methods for showing ads and things like that. it is gone. I know that there were a uninstall option for it if Iook in the Control Panel. It is now gone. Even the wierd ''earn money!'' thingy that pops up at Malwarebytes.org is gone. Everything is restored to normal. I am not the one that are using this computer, it is someone else, in my familiy. He does not know that much about viruses and computers like I and you do. He have not done anything as far as I know. I could double check. WebeXP should be uninstalled if I do it from the Control Panel, but sometimes it might not work. Then you will have to use the Revo Uninstaller, that is atleast what I have read. And SnapDo should not be registered in the Control Panel, as far as I know. Everything is gone. It could not have been Norton, because when I turned on the computer it told me that I should do a scan, the computer might be at risk; because it haven't been scanned by Norton in a while. The computer looks perfectly clean now, almost. I checked Control Panel to make sure that it was gone. Then I saw a program simply called Move Maker (or something like that.) It was version 1.1 and had no image nor publisher. Should I uninstall it from the Control Panel? There is no presence of it on the computer. There is not any wierd processes in task manger either. I think we are clean. I guess we are finished? I checked Malwarebytes, no extra logs there. Same with the other tools that give me logs. They have not been checked out by the owner. Are we clean now?
  2. What do you mean with manually remove them? Shall I use the uninstallers, or should I delete their folders located in the C: drive even if some of the programs have it's own uninstaller? Oh, and what do I do to those programs that launch themselves instantly? Are there any files for them? If not, shall I delete them and re-download, ur just run a new scan?
  3. Whoops, forgot to give you the link to the removal proccess of SnapDo, here it is: http://www.youtube.com/watch?v=IcBoU2uO3Lk
  4. I think Mobogenie was the name of the malware that is telling me about money etc. Should I follow this video to remove SnapDo? I don't want to do the registry keys though, is it possible to scan the registry so you can see everything in it, and make a custom fix for that part? Also, how is it going? Are we able to remove the remaining crap? Thank you for the help so far, Borislav!
  5. (Sorry for all these posts!) There is one more thing, the advert that pops up when I visit Malwarebytes. org. It tells me how I can earn money if I do something. I have not seen it pop up on any other site, so far. But we will have to remove this one aswell.
  6. I think that some reading about this malware should be done. I do believe that SnapDo drops a few reg. keys, I am not sure about WebXP. Remember that we have to clean IE aswell. Also, one of the earlier logs that I posted I saw something called Pepper Flash Player, or something like that. Could this be removed aswell, I do believe that this is a PUP aswell. I do not recall to have installed this.
  7. Yes it is. Also, I did some research on the added ads whenever you search for something in Google or something else. This comes from WebXP, so I guess that it is the hijacker and WebXP that are left at the moment.
  8. All processes killed ========== OTL ========== Use Chrome's Settings page to remove the default_search_provider items. ========== FILES ========== < ipconfig /flushdns /c > Windows IP Configuration Successfully flushed the DNS Resolver Cache. C:\Users\Peter\Desktop\MAGNUS - IKKJE SLETT\OTL\cmd.bat deleted successfully. C:\Users\Peter\Desktop\MAGNUS - IKKJE SLETT\OTL\cmd.txt deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Java cache emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Java cache emptied: 0 bytes User: Peter ->Temp folder emptied: 5572 bytes ->Temporary Internet Files folder emptied: 1508232 bytes ->Java cache emptied: 1157473 bytes ->Google Chrome cache emptied: 374117848 bytes ->Flash cache emptied: 4218 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 29255685 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 387,00 mb OTL by OldTimer - Version 3.2.69.0 log created on 01112014_153735 Files\Folders moved on Reboot... C:\Users\Peter\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully. PendingFileRenameOperations files... Registry entries deleted on Reboot...
  9. SnapDo is still there. So is WebXP Enhanced V1, which is the one that keeps popping up ads when you browse. The sponsored search that pop up in Google whenever you search for something is there aswell. I think that it is connected to WebXP too, but I am not sure. Log is below:
  10. I have saved the .exe file in a custom folder that are located at the desktop. Do it get saved in the same folder, or in the C: drive? I forgot to check. Also, there is now two desktop.ini files on the desktop.
  11. A few seconds after it had started a window popped up, it told me that something had went wrong, and that the computer would reboot in one minute. I had no option to stop this. So I thought that it was OTL doing this. It was not, and the fix did not finish. Shall I try again? NOTE: I did not close Google Chrome when I started the fix, but OTL closed it when it started. Was this the reason, or is it something that is stopping OTL from running?
  12. Extras log: OTL Extras logfile created on: 10.01.2014 23:52:05 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Peter\Desktop\MAGNUS - IKKJE SLETT 64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16750) Locale: 00000414 | Country: Norge | Language: NOR | Date Format: dd.MM.yyyy 7,86 Gb Total Physical Memory | 6,47 Gb Available Physical Memory | 82,36% Memory free 9,05 Gb Paging File | 7,59 Gb Available in Paging File | 83,93% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 922,21 Gb Total Space | 834,33 Gb Free Space | 90,47% Space Free | Partition Type: NTFS Computer Name: LIAVAAG | User Name: Peter | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) .url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation) .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) [HKEY_USERS\S-1-5-21-2179294692-925929481-4060802572-1001\SOFTWARE\Classes\<extension>] .html [@ = ChromeHTML] -- Reg Error: Key error. File not found ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error. ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = CE 37 E6 AF FF 6A CD 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{03BB7199-2D0E-4C25-A900-B9300C2BD9B9}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{063E6B0A-7E03-46E3-AC9A-413C9A4140F2}" = lport=139 | protocol=6 | dir=in | app=system | "{0877D262-0B96-402F-B66D-5967FBCE0730}" = lport=1542 | protocol=17 | dir=in | name=realtek wps udp prot | "{09303CC2-03BE-4B0E-9393-EBBE9785BE24}" = lport=1542 | protocol=17 | dir=in | name=realtek wps udp prot | "{192D4335-01DA-4940-90A5-32AA8123AD14}" = lport=2869 | protocol=6 | dir=in | app=system | "{19AB878D-D3C7-4D46-AB19-2359F10EE6D1}" = lport=53 | protocol=17 | dir=in | name=realtek ap udp prot | "{1A71FE52-C780-4F46-893D-2207AF9840C1}" = rport=10243 | protocol=6 | dir=out | app=system | "{1A962E21-ABAF-4881-9C51-51443876E234}" = lport=53 | protocol=17 | dir=in | name=realtek ap udp prot | "{1BBADB01-A80C-44A4-97E6-B655908DA56A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{1E9080B2-FB85-4813-B897-AA619AC7294E}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{2987A752-14B6-47E1-A1C3-AFB8BD698EE7}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{3223BDD5-EF07-4C7E-9AE3-9BDE73393283}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{385DDD46-ABED-465E-9EEC-DBBCD80DD64C}" = lport=138 | protocol=17 | dir=in | app=system | "{3A26222D-2A0A-4434-A9E3-200BF483CC55}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{4668FEC6-11DA-48CB-9AC5-331A993B80D0}" = lport=1542 | protocol=6 | dir=in | name=realtek wps tcp prot | "{488DA9D1-9260-43E3-942D-672579E7F018}" = lport=1542 | protocol=6 | dir=in | name=realtek wps tcp prot | "{4F4A0F1F-3892-4630-89FB-7891D74E6208}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{54FE15C9-87FB-422F-8410-C993C392144F}" = rport=139 | protocol=6 | dir=out | app=system | "{68DBBC67-EAF6-4BB4-A738-3D1BB640EC08}" = lport=445 | protocol=6 | dir=in | app=system | "{79F5F066-DF43-457C-833D-F64E33B7D250}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{7CD8C17D-9F9D-46E7-8CEC-602DFF4D1CC2}" = rport=137 | protocol=17 | dir=out | app=system | "{8B52762B-D752-466B-9D77-4D5C23335D3D}" = lport=137 | protocol=17 | dir=in | app=system | "{8E507BB7-3F86-48DC-83E3-FB21319301A2}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{A91A2C4C-79EE-405A-9655-FBCCF600F63E}" = rport=445 | protocol=6 | dir=out | app=system | "{BC1E78DE-E4CE-4B5C-B40F-975AEDDDC4D6}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{C694873F-9703-4B35-B67D-FD3089CDB87D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{D5D6B608-5C8A-4A79-8329-67DA0946152C}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{E1ABF382-0D96-48C4-837B-2EA357D26C4B}" = rport=138 | protocol=17 | dir=out | app=system | "{EEA129A0-8209-4A5D-8CED-AE33EB9C55BA}" = lport=10243 | protocol=6 | dir=in | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{053C5942-EE06-4A2D-BF5F-A65B776164F7}" = protocol=17 | dir=in | app=c:\program files (x86)\asus\usb-n13 wlan card utilities\rtwlan.exe | "{08DDFA54-86C7-41AF-B8DD-47742D4DC1A1}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | "{0D112478-F589-4BBF-96DC-BC076CA41C02}" = protocol=6 | dir=out | app=system | "{126148EE-CDB0-442E-B237-E25774381797}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1737\agent.exe | "{127C03AC-1855-4490-A8CC-426F2219DFFC}" = protocol=6 | dir=in | app=c:\program files (x86)\asus\usb-n13 wlan card utilities\rtwlan.exe | "{12E74777-9E33-4211-9516-7B88B9182E7F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{150C58FE-8F13-47B5-B3B8-714352B465D0}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{1910E772-85EC-4B02-A4A3-A75E6D025EE2}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{19390F33-E748-4D54-A4E2-51F9A1BBFD51}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{1BEA73DD-63B1-4548-B585-F09C0A24CE7B}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{2248EFCE-410C-49B4-9EDD-7AD9801D714D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{226DA6E0-1185-4C64-BEDD-41CAB9AD2458}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{22FC1881-9915-44CA-9111-15490184AE39}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{2939BFCC-9C1B-4FD4-BE32-623E6BB927C8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{2D2A0766-86BC-47EF-B55B-BE420C869794}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{2EC91E70-36C8-407A-B1BD-BEE888A612BE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{3BE656CE-38FB-4685-ABDB-71DBEAA057D1}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe | "{41669948-FF87-418D-8569-57EB26484B12}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{43AFF11C-E8E4-4D92-9809-C5172EAF11B7}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{45A2DA80-0E24-4F18-AAB4-977BCE861C47}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | "{4BED45D4-2CB3-4942-A8F8-D4A4D0B5403B}" = protocol=6 | dir=in | app=c:\program files (x86)\asus\usb-n13 wlan card utilities\rtwlan.exe | "{5F221F01-6DA8-4F0F-B264-0F76569925F2}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | "{63294DA7-A4BA-4AFC-8E3E-940449E83660}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{690B0374-A3BD-42E1-895C-D9F408B7B8DA}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{71287E7A-BFFB-4970-B0F5-9A429008E4B0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{73A21230-7560-457C-A33D-A2F02B239AD4}" = protocol=17 | dir=in | app=c:\users\peter\appdata\local\temp\epson px730 series_home\network\epsonnetsetup\epsonnetsetup3_4_1_fc_1_0_ww_direct\eneasyapp.exe | "{76FB497F-6D39-40EC-8CBB-87F74F6C2B76}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{7C37AB71-28D6-429F-A035-61A4DDCBC23F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{90B69B62-C37B-4761-84B0-E05CA7010FF5}" = dir=out | name=windows_ie_ac_001 | "{981D5556-6C58-4BF4-85C6-1117ADD57BC0}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | "{99F13CCA-2015-4C44-852E-50A86D42309A}" = protocol=6 | dir=in | app=d:\network\epsonnetsetup\eneasyapp.exe | "{9CB96073-7FBA-41C6-873B-7DEFA6CE9552}" = dir=in | app=c:\users\administrator\appdata\local\microsoft\skydrive\skydrive.exe | "{A8074542-BC7F-4064-972E-8D83BDB9DA6A}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe | "{AA7DB25B-827F-4314-96D7-A14013F1DD8C}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | "{BC15BA5E-DED7-4FE5-86ED-BB4CE162BA20}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | "{C4546F7E-D2D0-4014-A303-5BF44836B933}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.2380\agent.exe | "{CA88E945-632B-46F1-8AAE-5AA4948FF6CF}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{CDAE1839-48D3-4AA6-BED9-E188590A5DF8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{D9AABF15-DCA5-4C78-AB2D-DCB192BE7D60}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{DAF4782D-E995-4753-B613-47218A963641}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | "{DBCD7608-CBCA-484A-ADE1-5520CB63A9C1}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.2380\agent.exe | "{DD340CAE-C278-4C8C-A288-6D6C34CAD244}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1737\agent.exe | "{E14DCD25-280F-41DD-9345-52D058185BFE}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{E48DE895-3D45-4C13-8483-A8F25723EA8C}" = protocol=17 | dir=in | app=d:\network\epsonnetsetup\eneasyapp.exe | "{E5894EF7-5311-4C8D-B9F0-06684823D974}" = protocol=17 | dir=in | app=c:\program files (x86)\asus\usb-n13 wlan card utilities\rtwlan.exe | "{EDECD5B1-BA3B-4402-98A3-53D4415005F9}" = protocol=6 | dir=in | app=c:\users\peter\appdata\local\temp\epson px730 series_home\network\epsonnetsetup\epsonnetsetup3_4_1_fc_1_0_ww_direct\eneasyapp.exe | "TCP Query User{A5979162-4F92-4165-A487-AAFEA5873098}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe | "UDP Query User{45C29326-5F56-48D0-B686-90AEED058045}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0225AD21-F3E2-4916-BFF3-65D3F9052582}" = iTunes "{26A24AE4-039D-4CA4-87B4-2F86417009FF}" = Java 7 Update 9 (64-bit) "{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010 "{90140000-002A-0414-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Norwegian (Bokmål)) 2010 "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64 "4A5EF81C80190F479C6FB16BC8CF595275AAC778" = Windows Driver Package - Realtek Semiconductor Corp. HD Audio Driver (06/19/2012 6.0.1.6662) "64A62163FE43328D13305746CB8BCC93F2DF6545" = Windows Driver Package - Intel (iaStor) hdc (11/29/2011 11.0.0.1032) "6CBF275A27BB7C00C18E97EF3F2180EF5A6BD92E" = Windows Driver Package - Realtek (RTL8168) Net (09/07/2012 8.004.0907.2012) "97EE1802A0385A37DE6323FA39EC76BEB2D73E41" = Windows Driver Package - Intel USB (08/26/2011 9.3.0.1011) "9BC1D406C7F459937934ABBF1D718304962F15C8" = Windows Driver Package - Intel System (03/10/2011 9.2.0.1026) "9D7CD466F7FC8B18FF1B84943B7BB8648D17FCE8" = Windows Driver Package - Intel System (08/26/2011 9.3.0.1011) "A7E82C89A6D6643325B95A4FEDAB3DB18640208F" = Windows Driver Package - Intel hdc (08/26/2011 9.3.0.1011) "C8CA88388A58C08FD1318BB111CC8BDC79A3B577" = Windows Driver Package - Intel (ISCT) System (05/04/2012 1.0.7.0) "E439B1D292FF1A0DA518129C45F2B8E69DD7D97D" = Windows Driver Package - Intel (MEIx64) System (07/02/2012 8.1.0.1263) "EPSON PX730 Series" = EPSON PX730 Series Printer Uninstall "FD46FC8B82707DFC86508A0368CBC6E6EBDAD7ED" = Windows Driver Package - Intel Corporation (igfx) Display (10/17/2012 9.17.10.2875) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0454BB9A-2A7A-4214-BDFF-937F7A711A44}" = Windows Live Communications Platform "{0E1BB4B4-00FF-45B1-914B-AB8D8B9862B3}" = Windows Live UX Platform Language Pack "{10F63395-157F-4B93-AB4D-702A2FF11942}" = Epson Download Navigator "{18272881-CFC0-434D-A975-E5BE44206AA0}" = Windows Live UX Platform Language Pack "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{306C7AEF-16C7-428D-93AA-99D4A4090243}" = Movie Maker "{30F99474-EBE3-4134-A02B-F6CD38CFE243}" = Photo Gallery "{36BEC461-B58A-414D-993E-E2BDD1F1A14B}" = Movie Maker "{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print "{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}" = Apple-programsupport "{49F068F2-4323-417B-AFC8-1E43F479D46C}" = Windows Live Essentials "{4CCBD1F4-CEEC-452A-9CB8-46564B501315}" = Windows Live UX Platform "{5078CEC3-A56F-4080-8CD4-ED7BCBE5686B}" = Photo Common "{537B16E0-A39F-47CB-9C1E-50978862B108}" = Windows Live UX Platform Language Pack "{5BABDA39-61CF-41EE-992D-4054B6649A9B}" = Movie Maker "{6A8DB215-7BCD-4377-B015-2E4541A3E7C6}" = Windows Live PIMT Platform "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{7E63F102-A9E9-4F4C-8004-BC62974736BF}" = Movie Maker "{88809C3E-8C92-4454-AEB7-B26166E3D6CD}" = Windows Live UX Platform Language Pack "{8A642ACD-CE3A-4A23-A8B1-A0F7EB12B214}" = Windows Live SOXE Definitions "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110 "{8ED43F7E-A8F6-4898-AF11-B6158F2EDF94}" = Epson Event Manager "{90140000-0015-0414-0000-0000000FF1CE}" = Microsoft Office Access MUI (Norwegian (Bokmål)) 2010 "{90140000-0015-0414-0000-0000000FF1CE}_Office14.SingleImage_{709415CB-DE43-4F15-96F5-148545F8EDE5}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0016-0414-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Norwegian (Bokmål)) 2010 "{90140000-0016-0414-0000-0000000FF1CE}_Office14.SingleImage_{709415CB-DE43-4F15-96F5-148545F8EDE5}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0018-0414-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Norwegian (Bokmål)) 2010 "{90140000-0018-0414-0000-0000000FF1CE}_Office14.SingleImage_{709415CB-DE43-4F15-96F5-148545F8EDE5}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0019-0414-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Norwegian (Bokmål)) 2010 "{90140000-0019-0414-0000-0000000FF1CE}_Office14.SingleImage_{709415CB-DE43-4F15-96F5-148545F8EDE5}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001A-0414-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Norwegian (Bokmål)) 2010 "{90140000-001A-0414-0000-0000000FF1CE}_Office14.SingleImage_{709415CB-DE43-4F15-96F5-148545F8EDE5}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001B-0414-0000-0000000FF1CE}" = Microsoft Office Word MUI (Norwegian (Bokmål)) 2010 "{90140000-001B-0414-0000-0000000FF1CE}_Office14.SingleImage_{709415CB-DE43-4F15-96F5-148545F8EDE5}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010 "{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 "{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0414-0000-0000000FF1CE}" = Microsoft Office Proof (Norwegian (Bokmål)) 2010 "{90140000-001F-0414-0000-0000000FF1CE}_Office14.SingleImage_{F3137115-1D72-46BE-9D42-B5DE61971F2A}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0814-0000-0000000FF1CE}" = Microsoft Office Proof (Norwegian (Nynorsk)) 2010 "{90140000-001F-0814-0000-0000000FF1CE}_Office14.SingleImage_{751049E8-D99F-4DE1-9FC2-71DE06655678}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002A-0414-1000-0000000FF1CE}_Office14.SingleImage_{BBFE07A3-B32C-4D6E-B5CA-9F420106EC9D}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002C-0414-0000-0000000FF1CE}" = Microsoft Office Proofing (Norwegian (Bokmål)) 2010 "{90140000-002C-0414-0000-0000000FF1CE}_Office14.SingleImage_{66FC3637-893A-4837-A32C-0DD98E7F8444}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010 "{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-006E-0414-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Norwegian (Bokmål)) 2010 "{90140000-006E-0414-0000-0000000FF1CE}_Office14.SingleImage_{C166254D-5FB6-4D3F-8509-3575387141B9}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00A1-0414-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Norwegian (Bokmål)) 2010 "{90140000-00A1-0414-0000-0000000FF1CE}_Office14.SingleImage_{709415CB-DE43-4F15-96F5-148545F8EDE5}" = Microsoft Office 2010 Service Pack 1 (SP1) "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9F470E17-4FC3-4091-A508-D5347A16A2B9}" = Fotogalleriet "{A37F2060-813A-4325-9456-272B10EE75EF}" = Windows Live Essentials "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC76BA86-7AD7-FFFF-7B44-AB0000000001}" = Adobe Reader XI MUI "{B2D55EB8-32C5-4B43-9006-9E97DECBA178}" = Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) "{C034A6F9-6569-491B-B3BF-F5D15221A708}" = Windows Live Essentials "{C424CD5E-EA05-4D3E-B5DA-F9F149E1D3AC}" = Windows Live Installer "{C7929038-EDFB-416D-A2C9-CC65416DA0DF}" = Photo Common "{C9B6EFD0-4F01-4BBA-8374-39AD99A3ED72}" = Windows Live Photo Common "{D16A31F9-276D-4968-A753-FFEAC56995D0}" = Epson Print CD "{D888F114-7537-4D48-AF03-5DA9C82D7540}" = Photo Common "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E0E0FB88-D570-463E-A98E-733B7B656867}" = Photo Gallery "{E354D495-5DA4-4CCF-AB39-080F6A4141BE}" = Fotogalleri "{EC33D375-5164-4374-9061-43F5C6073219}" = Photo Common "{ED6C77F9-4D7E-447C-9EC0-9A212D075535}" = Movie Maker "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F1CA7DAE-F998-499C-8CA5-FC58CA2416EC}" = Windows Live Essentials "{F9000000-0018-0000-0000-074957833700}" = ABBYY FineReader 9.0 Sprint "{FC6C7107-7D72-41A1-A031-3CE751159BAB}" = Photo Gallery "{FE7C0B3D-50B9-4951-BE78-A321CBF86552}" = Windows Live SOXE "{FFF841F3-9A15-4F61-BD16-C19F132E5A27}" = Epson Easy Photo Print 2 "ABBYY FineReader 9.0 Sprint" = ABBYY FineReader 9.0 Sprint "Age of Conan_is1" = Age of Conan: Unchained "EPSON Scanner" = EPSON Scan "Google Chrome" = Google Chrome "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware versjon 1.75.0.1300 "NIS" = Norton Internet Security "Office14.SingleImage" = Microsoft Office Home and Student 2010 "Video Player" = Video Player "WinLiveSuite" = Windows Live Essentials "World of Warcraft" = World of Warcraft ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-2179294692-925929481-4060802572-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "SkyDriveSetup.exe" = Microsoft SkyDrive "Spotify" = Spotify "UnityWebPlayer" = Unity Web Player ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 25.07.2013 08:43:02 | Computer Name = Liavaag | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 25.07.2013 08:43:02 | Computer Name = Liavaag | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 1172 Error - 25.07.2013 08:43:02 | Computer Name = Liavaag | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 1172 Error - 12.09.2013 15:04:05 | Computer Name = Liavaag | Source = Application Hang | ID = 1002 Description = Programmet IEXPLORE.EXE versjon 10.0.9200.16660 sluttet å samhandle med Windows og ble lukket. Hvis du vil se om det finnes mer informasjon tilgjengelig om problemet, åpner du problemloggen i kontrollpanelet for Handlingssenter. Prosess-ID: 8c0 Starttidspunkt: 01ceafead5e8e184 Avslutningstidspunkt: 16 Programbane: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE Rapport-ID: 1544bd6d-1bde-11e3-be99-d43d7e323d24 Fullstendig navn på feilpakke: Relativ program-ID for feilpakke: Error - 21.09.2013 16:46:30 | Computer Name = Liavaag | Source = Application Error | ID = 1000 Description = Programnavn med feil: spoolsv.exe, versjon: 6.2.9200.16384, tidsangivelse: 0x501080ef Modulnavn med feil: ntdll.dll, versjon: 6.2.9200.16579, tidsangivelse: 0x51637f77 Unntakskode: 0xc0000374 Feilforskyvning: 0x00000000000ebd59 Feil prosess-ID: 0x1960 Feil starttid for program: 0x01ceb70b2b1b9f5d Feil programbane: C:\windows\System32\spoolsv.exe Feil modulbane: C:\windows\SYSTEM32\ntdll.dll Rapport-ID: e44398c9-22fe-11e3-be9a-d43d7e323d24 Fullstendig navn på feilpakke: Relativ program-ID for feilpakke: Error - 09.10.2013 16:19:23 | Computer Name = Liavaag | Source = MsiInstaller | ID = 11500 Description = Error - 19.11.2013 03:59:17 | Computer Name = Liavaag | Source = Desktop Window Manager | ID = 9020 Description = Desktop Window Manager oppdaget en alvorlig feil (0x8898008d) Error - 28.12.2013 17:39:45 | Computer Name = Liavaag | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 28.12.2013 17:39:45 | Computer Name = Liavaag | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 1156 Error - 28.12.2013 17:39:45 | Computer Name = Liavaag | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 1156 [ System Events ] Error - 27.05.2013 17:15:01 | Computer Name = Liavaag | Source = EventLog | ID = 6008 Description = Forrige avslutning av systemet klokken 22:36:10 den ?27.?05.?2013 var uventet. Error - 12.07.2013 01:40:37 | Computer Name = Liavaag | Source = DCOM | ID = 10010 Description = Error - 19.08.2013 15:40:03 | Computer Name = Liavaag | Source = Service Control Manager | ID = 7034 Description = Tjenesten Bonjour-tjeneste avsluttet uventet. Det har den gjort 1 gang(er). Error - 21.09.2013 16:46:38 | Computer Name = Liavaag | Source = Service Control Manager | ID = 7031 Description = Tjenesten Print Spooler ble uventet avbrutt. Det har den blitt 1 gang(er). Følgende korrigerende handling blir utført om 5000 millisekunder: Start tjenesten på nytt. Error - 22.09.2013 03:46:42 | Computer Name = Liavaag | Source = Microsoft-Windows-Kernel-Boot | ID = 29 Description = Error - 22.09.2013 03:47:11 | Computer Name = Liavaag | Source = EventLog | ID = 6008 Description = Forrige avslutning av systemet klokken 22:49:03 den ?21.?09.?2013 var uventet. Error - 11.10.2013 17:21:33 | Computer Name = Liavaag | Source = Tcpip | ID = 4199 Description = Systemet fant en adressekonflikt for IP-adresse 192.168.0.11 og maskinvareadressen for systemet 30-10-E4-1A-B8-C9. Nettverksoperasjonen på dette systemet kan være skadet som et resultat av dette. Error - 29.10.2013 18:16:43 | Computer Name = Liavaag | Source = EventLog | ID = 6008 Description = Forrige avslutning av systemet klokken 22:24:20 den ?29.?10.?2013 var uventet. Error - 06.12.2013 11:49:58 | Computer Name = Liavaag | Source = EventLog | ID = 6008 Description = Forrige avslutning av systemet klokken 07:27:55 den ?06.?12.?2013 var uventet. Error - 17.12.2013 18:16:55 | Computer Name = Liavaag | Source = Service Control Manager | ID = 7031 Description = Tjenesten Update albrechto ble uventet avbrutt. Det har den blitt 1 gang(er). Følgende korrigerende handling blir utført om 5000 millisekunder: Start tjenesten på nytt. < End of report >
  13. OTL: OTL logfile created on: 10.01.2014 23:52:05 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Peter\Desktop\MAGNUS - IKKJE SLETT 64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16750) Locale: 00000414 | Country: Norge | Language: NOR | Date Format: dd.MM.yyyy 7,86 Gb Total Physical Memory | 6,47 Gb Available Physical Memory | 82,36% Memory free 9,05 Gb Paging File | 7,59 Gb Available in Paging File | 83,93% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 922,21 Gb Total Space | 834,33 Gb Free Space | 90,47% Space Free | Partition Type: NTFS Computer Name: LIAVAAG | User Name: Peter | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2014.01.10 23:50:29 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Peter\Desktop\MAGNUS - IKKJE SLETT\OTL.exe PRC - [2013.12.04 03:48:06 | 000,863,184 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe PRC - [2013.05.21 05:44:22 | 000,144,368 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe PRC - [2012.09.24 05:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- c:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2010.10.12 13:56:40 | 000,979,328 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe PRC - [2009.05.14 17:07:14 | 000,759,048 | ---- | M] (ABBYY) -- C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe ========== Modules (No Company Name) ========== MOD - [2013.12.04 03:48:04 | 000,399,312 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll MOD - [2013.12.04 03:48:03 | 013,586,896 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll MOD - [2013.12.04 03:48:02 | 004,055,504 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll MOD - [2013.12.04 03:47:11 | 000,702,416 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\libglesv2.dll MOD - [2013.12.04 03:47:11 | 000,099,792 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\libegl.dll MOD - [2013.12.04 03:47:08 | 001,619,408 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ffmpegsumo.dll MOD - [2012.05.30 07:51:08 | 000,699,280 | R--- | M] () -- C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\20.4.0.40\wincfi39.dll ========== Services (SafeList) ========== SRV:64bit: - [2013.08.16 06:39:26 | 002,371,728 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\WSService.dll -- (WSService) SRV:64bit: - [2013.07.02 01:44:21 | 000,016,048 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend) SRV:64bit: - [2013.06.24 23:54:45 | 000,263,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc) SRV:64bit: - [2013.06.01 10:19:58 | 000,207,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc) SRV:64bit: - [2013.05.04 07:58:02 | 000,470,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm) SRV:64bit: - [2013.05.04 07:57:05 | 000,179,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure) SRV:64bit: - [2013.04.09 05:48:42 | 000,169,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder) SRV:64bit: - [2013.03.02 03:45:07 | 000,171,008 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker) SRV:64bit: - [2013.03.02 03:45:05 | 000,180,224 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker) SRV:64bit: - [2013.01.10 00:23:16 | 001,964,544 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc) SRV:64bit: - [2013.01.10 00:22:35 | 000,438,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM) SRV:64bit: - [2012.11.06 05:36:55 | 002,675,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify) SRV:64bit: - [2012.09.20 07:31:18 | 000,116,736 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc) SRV:64bit: - [2012.07.26 04:07:47 | 000,065,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc) SRV:64bit: - [2012.07.26 04:07:40 | 000,283,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc) SRV:64bit: - [2012.07.26 04:07:25 | 000,012,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc) SRV:64bit: - [2012.07.26 04:06:34 | 000,743,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon) SRV:64bit: - [2012.07.26 04:06:33 | 000,161,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc) SRV:64bit: - [2012.07.26 04:06:33 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup) SRV:64bit: - [2012.07.26 04:05:55 | 000,059,904 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso) SRV:64bit: - [2012.07.26 04:05:34 | 000,037,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS) SRV:64bit: - [2012.07.26 04:05:24 | 000,342,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService) SRV:64bit: - [2012.07.26 04:05:08 | 000,122,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AUInstallAgent.dll -- (AllUserInstallAgent) SRV:64bit: - [2012.07.26 01:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss) SRV:64bit: - [2012.07.26 01:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync) SRV:64bit: - [2012.07.26 01:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown) SRV:64bit: - [2012.07.26 01:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv) SRV:64bit: - [2012.07.26 01:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange) SRV:64bit: - [2012.07.26 01:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat) SRV - [2013.05.21 05:44:22 | 000,144,368 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe -- (NIS) SRV - [2012.11.06 05:36:55 | 002,675,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll -- (PrintNotify) SRV - [2012.10.22 17:40:30 | 000,277,024 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs) SRV - [2012.09.24 05:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- c:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.07.26 04:20:04 | 000,018,432 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc) SRV - [2009.05.14 17:07:14 | 000,759,048 | ---- | M] (ABBYY) [Auto | Running] -- C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe -- (ABBYY.Licensing.FineReader.Sprint.9.0) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013.10.10 12:53:35 | 000,096,600 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\wfplwfs.sys -- (WFPLWFS) DRV:64bit: - [2013.10.05 07:10:20 | 000,285,016 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\spaceport.sys -- (spaceport) DRV:64bit: - [2013.10.02 03:50:07 | 000,447,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\USBHUB3.SYS -- (USBHUB3) DRV:64bit: - [2013.08.16 06:41:13 | 000,058,200 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\Drivers\dam.sys -- (dam) DRV:64bit: - [2013.08.10 07:30:22 | 000,151,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\tpm.sys -- (TPM) DRV:64bit: - [2013.07.09 09:04:07 | 000,120,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpioclx.sys -- (GPIOClx0101) DRV:64bit: - [2013.07.02 02:41:47 | 000,337,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\USBXHCI.SYS -- (USBXHCI) DRV:64bit: - [2013.07.02 02:41:47 | 000,213,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\UCX01000.SYS -- (UCX01000) DRV:64bit: - [2013.07.02 01:44:14 | 000,036,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdBoot.sys -- (WdBoot) DRV:64bit: - [2013.07.01 23:08:49 | 000,247,216 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdFilter.sys -- (WdFilter) DRV:64bit: - [2013.06.29 07:15:54 | 000,195,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdbus.sys -- (sdbus) DRV:64bit: - [2013.06.19 06:43:00 | 000,177,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\SYMEVENT64x86.SYS -- (SymEvent) DRV:64bit: - [2013.06.01 04:08:57 | 000,037,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthAvrcpTg.sys -- (BthAvrcpTg) DRV:64bit: - [2013.05.23 06:25:28 | 001,139,800 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\Drivers\NISx64\1404000.028\symefa64.sys -- (SymEFA) DRV:64bit: - [2013.05.21 06:02:00 | 000,493,656 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\NISx64\1404000.028\symds64.sys -- (SymDS) DRV:64bit: - [2013.05.16 06:02:14 | 000,796,760 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\Drivers\NISx64\1404000.028\srtsp64.sys -- (SRTSP) DRV:64bit: - [2013.04.25 01:43:56 | 000,433,752 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\NISx64\1404000.028\symnets.sys -- (SymNetS) DRV:64bit: - [2013.04.16 03:41:14 | 000,169,048 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\NISx64\1404000.028\ccsetx64.sys -- (ccSet_NIS) DRV:64bit: - [2013.03.05 02:40:08 | 000,224,416 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\NISx64\1404000.028\ironx64.sys -- (SymIRON) DRV:64bit: - [2013.03.05 02:21:35 | 000,036,952 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\NISx64\1404000.028\srtspx64.sys -- (SRTSPX) DRV:64bit: - [2013.03.02 11:57:46 | 000,077,544 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\storahci.sys -- (storahci) DRV:64bit: - [2013.03.02 11:39:38 | 000,069,864 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\pdc.sys -- (pdc) DRV:64bit: - [2013.01.10 02:53:32 | 000,028,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpiowin32.sys -- (msgpiowin32) DRV:64bit: - [2012.12.13 12:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2012.11.27 04:55:44 | 000,029,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthhfHid.sys -- (bthhfhid) DRV:64bit: - [2012.11.20 05:54:31 | 000,039,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hidi2c.sys -- (hidi2c) DRV:64bit: - [2012.11.06 04:55:44 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\fxppm.sys -- (FxPPM) DRV:64bit: - [2012.10.22 17:40:12 | 005,332,896 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2012.10.12 09:08:01 | 000,027,880 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2012.10.11 08:25:48 | 000,056,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdstor.sys -- (sdstor) DRV:64bit: - [2012.10.11 06:19:44 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WSDScan.sys -- (WSDScan) DRV:64bit: - [2012.09.20 08:55:27 | 003,265,256 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2012.09.20 08:55:24 | 000,533,224 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2012.09.07 01:25:26 | 000,719,504 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\Rt630x64.sys -- (RTL8168) DRV:64bit: - [2012.08.21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2012.07.26 06:26:46 | 000,025,328 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.07.26 06:26:45 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\condrv.sys -- (condrv) DRV:64bit: - [2012.07.26 06:00:58 | 000,322,800 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\VSTXRAID.SYS -- (VSTXRAID) DRV:64bit: - [2012.07.26 06:00:58 | 000,106,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\VerifierExt.sys -- (VerifierExt) DRV:64bit: - [2012.07.26 06:00:58 | 000,097,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\uaspstor.sys -- (UASPStor) DRV:64bit: - [2012.07.26 06:00:57 | 000,077,040 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\acpiex.sys -- (acpiex) DRV:64bit: - [2012.07.26 06:00:55 | 000,064,240 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\mvumis.sys -- (mvumis) DRV:64bit: - [2012.07.26 06:00:55 | 000,030,960 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2012.07.26 06:00:52 | 000,092,400 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2012.07.26 06:00:52 | 000,081,136 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sss.sys -- (LSI_SSS) DRV:64bit: - [2012.07.26 06:00:52 | 000,064,752 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2012.07.26 06:00:51 | 000,113,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv) DRV:64bit: - [2012.07.26 06:00:51 | 000,081,136 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\EhStorClass.sys -- (EhStorClass) DRV:64bit: - [2012.07.26 06:00:49 | 000,258,288 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2012.07.26 06:00:49 | 000,106,736 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\3ware.sys -- (3ware) DRV:64bit: - [2012.07.26 06:00:49 | 000,076,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2012.07.26 06:00:48 | 000,026,352 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2012.07.26 05:57:54 | 000,361,200 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\clfs.sys -- (CLFS) DRV:64bit: - [2012.07.26 05:53:16 | 000,067,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vpci.sys -- (vpci) DRV:64bit: - [2012.07.26 04:17:38 | 000,036,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\terminpt.sys -- (terminpt) DRV:64bit: - [2012.07.26 03:29:47 | 000,021,504 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WSDPrint.sys -- (WSDPrintDevice) DRV:64bit: - [2012.07.26 03:29:14 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mshidumdf.sys -- (mshidumdf) DRV:64bit: - [2012.07.26 03:29:08 | 000,048,640 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicDisplay.sys -- (BasicDisplay) DRV:64bit: - [2012.07.26 03:29:03 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\HyperVideo.sys -- (HyperVideo) DRV:64bit: - [2012.07.26 03:28:52 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicRender.sys -- (BasicRender) DRV:64bit: - [2012.07.26 03:27:58 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vmgencounter.sys -- (gencounter) DRV:64bit: - [2012.07.26 03:27:41 | 000,018,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\kdnic.sys -- (kdnic) DRV:64bit: - [2012.07.26 03:27:37 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpitime.sys -- (acpitime) DRV:64bit: - [2012.07.26 03:27:33 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\npsvctrig.sys -- (npsvctrig) DRV:64bit: - [2012.07.26 03:27:29 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WpdUpFltr.sys -- (WpdUpFltr) DRV:64bit: - [2012.07.26 03:27:16 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpipagr.sys -- (acpipagr) DRV:64bit: - [2012.07.26 03:27:01 | 000,011,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hyperkbd.sys -- (hyperkbd) DRV:64bit: - [2012.07.26 03:26:46 | 000,062,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SerCx.sys -- (SerCx) DRV:64bit: - [2012.07.26 03:26:43 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SpbCx.sys -- (SpbCx) DRV:64bit: - [2012.07.26 03:26:34 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2012.07.26 03:26:13 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\bthhfenum.sys -- (BthHFEnum) DRV:64bit: - [2012.07.26 03:25:57 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\dmvsc.sys -- (dmvsc) DRV:64bit: - [2012.07.26 03:25:56 | 000,057,344 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2012.07.26 03:25:13 | 000,045,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\wpcfltr.sys -- (wpcfltr) DRV:64bit: - [2012.07.26 03:25:01 | 000,126,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\NdisImPlatform.sys -- (NdisImPlatform) DRV:64bit: - [2012.07.26 03:23:53 | 000,068,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mslldp.sys -- (MsLldp) DRV:64bit: - [2012.07.26 03:23:42 | 000,097,792 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\Ndu.sys -- (Ndu) DRV:64bit: - [2012.07.24 09:37:56 | 000,046,016 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\ISCTD64.sys -- (ISCT) DRV:64bit: - [2012.07.02 23:16:02 | 000,062,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\HECIx64.sys -- (MEIx64) DRV:64bit: - [2012.06.20 19:45:12 | 000,023,448 | R--- | M] (Symantec Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\NISx64\1404000.028\symelam.sys -- (SymELAM) DRV:64bit: - [2012.02.16 12:42:00 | 000,676,968 | ---- | M] (Realtek ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2011.11.29 19:40:32 | 000,568,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2008.07.26 15:26:34 | 000,050,072 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\LVUSBS64.sys -- (LVUSBS64) DRV:64bit: - [2008.07.26 15:22:34 | 002,624,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\LV302V64.SYS -- (PID_PEPI) DRV - [2013.12.18 01:32:10 | 001,526,488 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\BASHDefs\20131218.001\BHDrvx64.sys -- (BHDrvx64) DRV - [2013.12.13 07:29:03 | 000,521,944 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\IPSDefs\20140109.001\IDSviA64.sys -- (IDSVia64) DRV - [2013.11.21 07:05:58 | 000,484,952 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl) DRV - [2013.11.21 07:05:58 | 000,137,648 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv) DRV - [2013.08.29 06:15:33 | 002,099,288 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\VirusDefs\20140109.018\ex64.sys -- (NAVEX15) DRV - [2013.08.29 06:15:32 | 000,126,040 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\VirusDefs\20140109.018\eng64.sys -- (NAVENG) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-2179294692-925929481-4060802572-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com IE - HKU\S-1-5-21-2179294692-925929481-4060802572-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com IE - HKU\S-1-5-21-2179294692-925929481-4060802572-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.no/ IE - HKU\S-1-5-21-2179294692-925929481-4060802572-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://no.msn.com/?ocid=iehp IE - HKU\S-1-5-21-2179294692-925929481-4060802572-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = nb-NO IE - HKU\S-1-5-21-2179294692-925929481-4060802572-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C2 C3 3C 92 59 E4 CD 01 [binary data] IE - HKU\S-1-5-21-2179294692-925929481-4060802572-1001\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com IE - HKU\S-1-5-21-2179294692-925929481-4060802572-1001\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com IE - HKU\S-1-5-21-2179294692-925929481-4060802572-1001\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-2179294692-925929481-4060802572-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR IE - HKU\S-1-5-21-2179294692-925929481-4060802572-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2179294692-925929481-4060802572-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.40.2: C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: c:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Peter\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\coFFPlgn\ [2014.01.10 14:59:22 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\IPSFF [2013.10.09 20:32:39 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ext@WebexpEnhancedV1alpha811.net: C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha811\ff FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ext@VideoPlayerV3beta783.net: C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta783\ff [2014.01.10 07:19:12 | 000,000,000 | ---D | M] [2014.01.10 07:19:12 | 000,000,000 | ---D | M] (Video Player) -- C:\PROGRAM FILES (X86)\VIDEOPLAYERV3\VIDEOPLAYERV3BETA783\FF File not found (No name found) -- C:\PROGRAM FILES (X86)\WEBEXPENHANCEDV1\WEBEXPENHANCEDV1ALPHA811\FF ========== Chrome ========== CHR - default_search_provider: Web (Enabled) CHR - default_search_provider: search_url = http://feed.snapdo.com/?publisher=TightropeYB&dpid=TightropeYB&co=NO&userid=92c6f4b4-5228-1732-3dbe-c4695b7f518b&searchtype=ds&q={searchTerms}&installDate=17/12/2013 CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}, CHR - homepage: http://www.google.com CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll CHR - plugin: Norton Identity Safe (Enabled) = C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.1.0.32_0\npcoplgn.dll CHR - plugin: Adobe Acrobat (Enabled) = c:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll CHR - plugin: Java Platform SE 7 U9 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll CHR - plugin: Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: Java Deployment Toolkit 7.0.90.5 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll CHR - Extension: Google Drive = C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\ CHR - Extension: YouTube = C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\ CHR - Extension: Google Search = C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\ CHR - Extension: Video Player = C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\hokmjecidondokiglcmdodmifnopckeh\1.1_0\ CHR - Extension: Norton Identity Protection = C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.4.5.2_0\ CHR - Extension: Google Wallet = C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\ CHR - Extension: Gmail = C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2012.07.26 06:26:49 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\Drivers\etc\hosts O2:64bit: - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation) O2:64bit: - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation) O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\IPS\IPSBHO.DLL (Symantec Corporation) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Video Player) - {bb30cfa1-ade9-4c2d-aa3f-1dc917cfa047} - C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta783\ie\VideoPlayerV3beta783.dll () O3:64bit: - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION) O4 - HKU\S-1-5-21-2179294692-925929481-4060802572-1001..\Run: [spotify] C:\Users\Peter\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd) O4 - HKU\S-1-5-21-2179294692-925929481-4060802572-1001..\Run: [spotify Web Helper] C:\Users\Peter\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\S-1-5-21-2179294692-925929481-4060802572-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B0743606-5239-4AEC-BD5D-A51D895858EC}: DhcpNameServer = 192.168.0.1 O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O30 - LSA: Security Packages - (livessp) - File not found O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{43e0f585-92ba-11e2-be88-d43d7e323d24}\Shell - "" = AutoRun O33 - MountPoints2\{43e0f585-92ba-11e2-be88-d43d7e323d24}\Shell\AutoRun\command - "" = "E:\iLinker.exe" O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2014.01.10 14:51:03 | 000,000,000 | ---D | C] -- C:\Users\Peter\AppData\Roaming\Malwarebytes [2014.01.10 14:50:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2014.01.10 14:50:54 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys [2014.01.10 14:50:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2014.01.10 14:46:40 | 000,000,000 | ---D | C] -- C:\AdwCleaner [2014.01.10 14:41:49 | 000,000,000 | ---D | C] -- C:\windows\ERUNT [2014.01.10 07:19:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoPlayerV3 [2014.01.09 16:12:10 | 000,000,000 | ---D | C] -- C:\Users\Peter\Desktop\MAGNUS - IKKJE SLETT [2013.12.17 23:09:06 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP [2013.12.17 23:05:05 | 000,000,000 | ---D | C] -- C:\Users\Peter\.android [2013.12.17 23:05:04 | 000,000,000 | ---D | C] -- C:\Users\Peter\AppData\Local\genienext [2013.12.17 23:05:04 | 000,000,000 | ---D | C] -- C:\Users\Peter\AppData\Local\cache [2013.12.17 23:03:59 | 000,000,000 | ---D | C] -- C:\Users\Peter\AppData\Local\Programs [1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2014.01.10 23:48:30 | 000,001,002 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job [2014.01.10 23:48:23 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2014.01.10 15:03:28 | 001,362,464 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI [2014.01.10 15:03:28 | 000,710,046 | ---- | M] () -- C:\windows\SysNative\perfh009.dat [2014.01.10 15:03:28 | 000,448,670 | ---- | M] () -- C:\windows\SysNative\perfh014.dat [2014.01.10 15:03:28 | 000,132,416 | ---- | M] () -- C:\windows\SysNative\perfc009.dat [2014.01.10 15:03:28 | 000,076,846 | ---- | M] () -- C:\windows\SysNative\perfc014.dat [2014.01.10 14:58:46 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys [2014.01.10 14:58:45 | 2455,220,223 | -HS- | M] () -- C:\hiberfil.sys [2014.01.10 07:19:57 | 000,000,170 | ---- | M] () -- C:\extensions.ini [2014.01.10 01:14:00 | 000,001,006 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job [2014.01.02 00:10:03 | 000,356,288 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT [2013.12.21 21:27:43 | 000,000,000 | ---- | M] () -- C:\extensions.sqlite [1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2014.01.02 22:37:25 | 000,002,720 | ---- | C] () -- C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton Internet Security.lnk [2014.01.02 00:09:57 | 000,356,288 | ---- | C] () -- C:\windows\SysNative\FNTCACHE.DAT [2013.12.21 21:27:43 | 000,000,170 | ---- | C] () -- C:\extensions.ini [2013.12.21 21:27:43 | 000,000,000 | ---- | C] () -- C:\extensions.sqlite [2013.12.12 07:17:21 | 000,385,528 | ---- | C] () -- C:\windows\SysNative\ApnDatabase.xml [2013.09.11 16:12:10 | 000,083,968 | ---- | C] () -- C:\windows\SysWow64\OEMLicense.dll [2012.12.27 17:19:04 | 000,451,072 | ---- | C] () -- C:\windows\SysWow64\ISSRemoveSP.exe [2012.12.20 01:46:23 | 000,272,928 | ---- | C] () -- C:\windows\SysWow64\igvpkrng600.bin [2012.12.20 01:46:18 | 000,064,512 | ---- | C] () -- C:\windows\SysWow64\igdde32.dll [2012.12.20 01:46:17 | 000,963,452 | ---- | C] () -- C:\windows\SysWow64\igcodeckrng600.bin [2012.07.26 09:13:10 | 000,215,943 | ---- | C] () -- C:\windows\SysWow64\dssec.dat [2012.07.26 09:13:09 | 000,000,741 | ---- | C] () -- C:\windows\SysWow64\NOISE.DAT [2012.07.26 08:21:26 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat [2012.07.26 02:17:42 | 000,043,520 | ---- | C] () -- C:\windows\SysWow64\BWContextHandler.dll [2012.07.25 21:37:29 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin [2012.07.25 21:28:31 | 000,364,544 | ---- | C] () -- C:\windows\SysWow64\msjetoledb40.dll [2012.06.02 15:31:19 | 000,673,088 | ---- | C] () -- C:\windows\SysWow64\mlang.dat ========== ZeroAccess Check ========== [2013.10.29 21:18:03 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013.08.02 07:28:20 | 019,758,080 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.08.02 06:08:10 | 017,561,088 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012.07.26 04:05:38 | 001,004,544 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2012.07.26 04:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012.07.26 04:07:41 | 000,455,680 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2013.09.21 21:53:37 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\Epson [2014.01.09 23:41:06 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\Spotify [2013.07.01 21:04:11 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\Unity ========== Purity Check ========== < End of report >
  14. Still random pop-ups and an extra search tab in Google like before. (If I search for Malwarebytes it gives links that go to other pages, not a good thing to have there.) I don't know if that pop-up that I told you about earlier is there. (The one that tells me about a way to earn money etc. When I visit the Malwarebytes page.) So, what do you think? Can we get rid of these things? Logs below:
  15. MBAM: Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Databaseversjon: v2014.01.10.04 Windows 8 x64 NTFS Internet Explorer 10.0.9200.16750 Peter :: LIAVAAG [administrator] 10.01.2014 14:52:49 mbam-log-2014-01-10 (14-52-49).txt Skanntype: Hurtigsøk Aktiverte skanningsinnstillinger: Minne | Oppstart | Register | Filsystem | Heuristikk/Ekstra | Heuristikk/Shuriken | PUP | PUM Deaktiverte skanninnstillinger: P2P Objekter skannet: 212943 Tid tilbakelagt: 3 minutt(er), 17 sekund(er) Minneprosesser oppdaget: 0 (Ingen skadelige objekter funnet) Minnemoduler oppdaget: 0 (Ingen skadelige objekter funnet) Registernøkler oppdaget: 1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Webexp Enhanced (PUP.Optional.Webexp) -> Satt i karantene og slettet vellykket. Registerverdier oppdaget: 0 (Ingen skadelige objekter funnet) Registerfiler oppdaget: 0 (Ingen skadelige objekter funnet) Mapper oppdaget: 11 C:\Users\Peter\AppData\Roaming\newnext.me (PUP.Optional.NextLive.A) -> Satt i karantene og slettet vellykket. C:\Users\Peter\AppData\Roaming\newnext.me\cache (PUP.Optional.NextLive.A) -> Satt i karantene og slettet vellykket. C:\Program Files (x86)\WebexpEnhancedV1 (PUP.Optional.Webexp) -> Satt i karantene og slettet vellykket. C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha811 (PUP.Optional.Webexp) -> Satt i karantene og slettet vellykket. C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha811\ch (PUP.Optional.Webexp) -> Satt i karantene og slettet vellykket. C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha811\ff (PUP.Optional.Webexp) -> Satt i karantene og slettet vellykket. C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha811\ff\chrome (PUP.Optional.Webexp) -> Satt i karantene og slettet vellykket. C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha811\ff\chrome\content (PUP.Optional.Webexp) -> Satt i karantene og slettet vellykket. C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha811\ff\chrome\content\icons (PUP.Optional.Webexp) -> Satt i karantene og slettet vellykket. C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha811\ff\chrome\content\icons\default (PUP.Optional.Webexp) -> Satt i karantene og slettet vellykket. C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha811\ie (PUP.Optional.Webexp) -> Satt i karantene og slettet vellykket. Filer oppdaget 18 C:\Users\Peter\AppData\Local\Temp\awh4440.tmp (PUP.Optional.Amonetize) -> Satt i karantene og slettet vellykket. C:\Users\Peter\AppData\Local\Temp\awhF2A5.tmp (PUP.Optional.AdLyrics) -> Satt i karantene og slettet vellykket. C:\Users\Peter\AppData\Local\Temp\setup__4216.exe (PUP.Optional.InstallMonetizer) -> Satt i karantene og slettet vellykket. C:\Users\Peter\AppData\Local\Temp\Updater.exe (PUP.Optional.Amonetize) -> Satt i karantene og slettet vellykket. C:\Users\Peter\Downloads\FlashPlayer__4369_i157741291_il14.exe (PUP.Optional.InstallMonetizer) -> Satt i karantene og slettet vellykket. C:\Users\Peter\Downloads\FlashPlayer__4369_i157741428_il14.exe (PUP.Optional.InstallMonetizer) -> Satt i karantene og slettet vellykket. C:\Users\Peter\AppData\Roaming\newnext.me\nengine.cookie (PUP.Optional.NextLive.A) -> Satt i karantene og slettet vellykket. C:\Users\Peter\AppData\Roaming\newnext.me\nengine.dll (PUP.Optional.NextLive.A) -> Satt i karantene og slettet vellykket. C:\Users\Peter\AppData\Roaming\newnext.me\cache\spark.bin (PUP.Optional.NextLive.A) -> Satt i karantene og slettet vellykket. C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha811\uninstall.exe (PUP.Optional.Webexp) -> Satt i karantene og slettet vellykket. C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha811\ch\WebexpEnhancedV1alpha811.crx (PUP.Optional.Webexp) -> Satt i karantene og slettet vellykket. C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha811\ff\chrome.manifest (PUP.Optional.Webexp) -> Satt i karantene og slettet vellykket. C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha811\ff\install.rdf (PUP.Optional.Webexp) -> Satt i karantene og slettet vellykket. C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha811\ff\chrome\content\ffWebexpEnhancedV1alpha811.js (PUP.Optional.Webexp) -> Satt i karantene og slettet vellykket. C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha811\ff\chrome\content\ffWebexpEnhancedV1alpha811ffaction.js (PUP.Optional.Webexp) -> Satt i karantene og slettet vellykket. C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha811\ff\chrome\content\overlay.xul (PUP.Optional.Webexp) -> Satt i karantene og slettet vellykket. C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha811\ff\chrome\content\icons\Thumbs.db (PUP.Optional.Webexp) -> Satt i karantene og slettet vellykket. C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha811\ff\chrome\content\icons\default\WebexpEnhancedV1alpha811_32.png (PUP.Optional.Webexp) -> Satt i karantene og slettet vellykket. (klar)
  16. AdwCleaner: # AdwCleaner v3.016 - Report created 10/01/2014 at 14:47:41 # Updated 23/12/2013 by Xplode # Operating System : Windows 8 (64 bits) # Username : Peter - LIAVAAG # Running from : C:\Users\Peter\Desktop\MAGNUS - IKKJE SLETT\AdwCleaner.exe # Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** Folder Deleted : C:\Program Files (x86)\Mobogenie Folder Deleted : C:\Users\Peter\AppData\Local\Mobogenie Folder Deleted : C:\Users\Peter\Documents\Mobogenie File Deleted : C:\windows\Tasks\AmiUpdXp.job File Deleted : C:\windows\System32\Tasks\AmiUpdXp ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [NextLive] Key Deleted : HKLM\SOFTWARE\Classes\Updater.AmiUpd Key Deleted : HKLM\SOFTWARE\Classes\Updater.AmiUpd.1 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\optimizerpro_rasapi32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\optprostart_rasapi32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [mobilegeni daemon] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{67BD9EEB-AA06-4329-A940-D250019300C9} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A0EE0278-2986-4E5A-884E-A3BF0357E476} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5} Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67} Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}] Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F} Key Deleted : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F} Key Deleted : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0} Key Deleted : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96} ***** [ Browsers ] ***** -\\ Internet Explorer v10.0.9200.16537 Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl [Default] -\\ Google Chrome v31.0.1650.63 [ File : C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\preferences ] Deleted : homepage Deleted : icon_url Deleted : search_url Deleted : keyword ************************* AdwCleaner[R0].txt - [3429 octets] - [10/01/2014 14:46:49] AdwCleaner[s0].txt - [3251 octets] - [10/01/2014 14:47:41] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [3311 octets] ##########
  17. JRT: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.1.0 (01.07.2014:1) OS: Windows 8 x64 Ran by Peter on 10.01.2014 at 14:41:52,34 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values Failed to delete: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{ae07101b-46d4-4a98-af68-0333ea26e113} Failed to delete: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{ae07101b-46d4-4a98-af68-0333ea26e113} Failed to delete: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{ae07101b-46d4-4a98-af68-0333ea26e113} Failed to delete: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{ae07101b-46d4-4a98-af68-0333ea26e113} Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Search Bar Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Search Page Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\\Default_Search_URL Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL\\Default Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\searchURL\\Default Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\searchURL\\Default Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\\SearchAssistant Suspicious HKCU\..\Run entries found. Trojan:JS/Medfos.B? Value Name Type Value Data ======================================================================================== NextLive REG_SZ C:\windows\SysWOW64\rundll32.exe "C:\Users\Peter\AppData\Roaming\newnext.me\nengine.dll",EntryPoint -m l ~~~ Registry Keys Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3} Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{67BD9EEB-AA06-4329-A940-D250019300C9} Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67} Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{A0EE0278-2986-4E5A-884E-A3BF0357E476} Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3} Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{67BD9EEB-AA06-4329-A940-D250019300C9} Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67} Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{A0EE0278-2986-4E5A-884E-A3BF0357E476} Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\smartbar Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\updater.amiupd Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\updater.amiupd.1 Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3} Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{67BD9EEB-AA06-4329-A940-D250019300C9} Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67} Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\TypeLib\{A0EE0278-2986-4E5A-884E-A3BF0357E476} Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3} Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{67BD9EEB-AA06-4329-A940-D250019300C9} Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67} Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\TypeLib\{A0EE0278-2986-4E5A-884E-A3BF0357E476} Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\au__rasapi32 Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\optimizerpro_rasapi32 Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\optprostart_rasapi32 Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\snapdo_rasapi32 Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\snapdo_rasmancs Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{99c91fc5-db5b-4aa0-bb70-5d89c5a4df96} Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{99c91fc5-db5b-4aa0-bb70-5d89c5a4df96} Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\au__rasapi32 Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\optimizerpro_rasapi32 Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\optprostart_rasapi32 Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\snapdo_rasapi32 Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\snapdo_rasmancs Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5} Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5} Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5} Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5} ~~~ Files Failed to delete: [File] C:\windows\Tasks\amiupdxp.job ~~~ Folders Successfully deleted: [Folder] "C:\Users\Peter\appdata\local\swvupdater" Successfully deleted: [Folder] "C:\Users\Peter\documents\optimizer pro" ~~~ Chrome Successfully deleted: [Folder] C:\Users\Peter\appdata\local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 10.01.2014 at 14:45:17,68 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  18. A few notes before I post the logs: -The computer is used for things like Facebook, reading the news and a few purchases online. So if you see anything that have to do with movie making (like I saw in the log above) it is something we want removed. -After the scans (see logs below) SnapDo is still there. Not as a homepage, but when I use the adress bar to search for something it redirects me to SnapDo's search instead of Google. -When borwsing the internet to check the post I used Google. When I search for something there is a little window at the top, with URL's that is being sponsed by whatever is on the computer somewhere. It did not go away after these scans either. -When I was going to download Malwarebytes I went to the official site to get it, of course. When I got there an addon, or something like that, popped up. I think it was called MoboWallet, and was telling me about money, and how I could earn it. It did only pop up at that site. -Random popups sometimes, mostly adds in them, when using Google Chrome. (I am not sure if they are gone after the scans that I just did.)
  19. Sorry for the delay. As I said, there is some dodgy files in the downloads folder, do I delete these, upload them somewhere or do I keep them, for now? Also, about the SnapDo homepage in IE.. It does not set the homepage back to SnapDo, but it is still there. When I was using Google Chrome I used the adress bar to search for something, it then redirected me to SnapDo's malicious searchengine. If I do not want to be directed to it I will have to enter Google.com and then search for something. So SnapDo is still on the computer. Let's home we can get rid if this, the items in the downloads folder and the other itmes that might be hiding somewhere on the computer.
  20. Attach log: . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 8 Boot Device: \Device\HarddiskVolume2 Install Date: 27.12.2012 17:04:13 System Uptime: 02.01.2014 23:16:11 (161 hours ago) . Motherboard: MSI | | B75MA-S01 (MS-7798) Processor: Intel® Core i3-2130 CPU @ 3.40GHz | SOCKET 0 | 3400/100mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 922 GiB total, 834,672 GiB free. D: is CDROM () . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP51: 15.12.2013 23:20:38 - Windows Update RP52: 24.12.2013 14:23:29 - Planlagt kontrollpunkt RP54: 03.01.2014 00:06:54 - Planlagt kontrollpunkt . ==== Installed Programs ====================== . ABBYY FineReader 9.0 Sprint Adobe Reader XI MUI Age of Conan: Unchained Apple-programsupport Apple Mobile Device Support Apple Software Update Bonjour D3DX10 Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition Epson Download Navigator Epson Easy Photo Print 2 Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) Epson Event Manager Epson Print CD EPSON PX730 Series Printer Uninstall EPSON Scan EpsonNet Print Fotogalleri Fotogalleriet Google Chrome Google Update Helper Intel® Processor Graphics iTunes Java 7 Update 9 (64-bit) Microsoft Application Error Reporting Microsoft Office 2010 Service Pack 1 (SP1) Microsoft Office Access MUI (Norwegian (Bokmål)) 2010 Microsoft Office Excel MUI (Norwegian (Bokmål)) 2010 Microsoft Office Home and Student 2010 Microsoft Office Office 64-bit Components 2010 Microsoft Office OneNote MUI (Norwegian (Bokmål)) 2010 Microsoft Office Outlook MUI (Norwegian (Bokmål)) 2010 Microsoft Office PowerPoint MUI (Norwegian (Bokmål)) 2010 Microsoft Office Proof (English) 2010 Microsoft Office Proof (German) 2010 Microsoft Office Proof (Norwegian (Bokmål)) 2010 Microsoft Office Proof (Norwegian (Nynorsk)) 2010 Microsoft Office Proofing (Norwegian (Bokmål)) 2010 Microsoft Office Publisher MUI (Norwegian (Bokmål)) 2010 Microsoft Office Shared 64-bit MUI (Norwegian (Bokmål)) 2010 Microsoft Office Shared MUI (Norwegian (Bokmål)) 2010 Microsoft Office Single Image 2010 Microsoft Office Word MUI (Norwegian (Bokmål)) 2010 Microsoft Silverlight Microsoft SkyDrive Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Movie Maker MSVCRT MSVCRT110 MSVCRT110_amd64 Norton Internet Security Photo Common Photo Gallery Realtek High Definition Audio Driver Security Update for Microsoft Excel 2010 (KB2826033) 32-Bit Edition Security Update for Microsoft InfoPath 2010 (KB2760406) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2553284) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2687276) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2687423) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2760781) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2826023) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2826035) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2850016) 32-Bit Edition Security Update for Microsoft Outlook 2010 (KB2837597) 32-Bit Edition Security Update for Microsoft Publisher 2010 (KB2553147) 32-Bit Edition Security Update for Microsoft Visio 2010 (KB2810068) 32-Bit Edition Software Version Updater Spotify Unity Web Player Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition Update for Microsoft Office 2010 (KB2553065) Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition Update for Microsoft Office 2010 (KB2566458) Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition Update for Microsoft Word 2010 (KB2837593) 32-Bit Edition Webexp Enhanced Windows Driver Package - Intel (iaStor) hdc (11/29/2011 11.0.0.1032) Windows Driver Package - Intel (ISCT) System (05/04/2012 1.0.7.0) Windows Driver Package - Intel (MEIx64) System (07/02/2012 8.1.0.1263) Windows Driver Package - Intel Corporation (igfx) Display (10/17/2012 9.17.10.2875) Windows Driver Package - Intel hdc (08/26/2011 9.3.0.1011) Windows Driver Package - Intel System (03/10/2011 9.2.0.1026) Windows Driver Package - Intel System (08/26/2011 9.3.0.1011) Windows Driver Package - Intel USB (08/26/2011 9.3.0.1011) Windows Driver Package - Realtek (RTL8168) Net (09/07/2012 8.004.0907.2012) Windows Driver Package - Realtek Semiconductor Corp. HD Audio Driver (06/19/2012 6.0.1.6662) Windows Live Communications Platform Windows Live Essentials Windows Live Installer Windows Live Photo Common Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack World of Warcraft . ==== End Of File ===========================
  21. DDS: DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 10.0.9200.16537 Run by Peter at 16:16:37 on 2014-01-09 Microsoft Windows 8 6.2.9200.0.1252.47.1044.18.8047.6338 [GMT 1:00] . AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202} FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} . ============== Running Processes =============== . C:\windows\system32\svchost.exe -k DcomLaunch C:\windows\system32\svchost.exe -k RPCSS C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\windows\system32\svchost.exe -k netsvcs C:\windows\system32\svchost.exe -k LocalService C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\windows\system32\svchost.exe -k NetworkService C:\windows\System32\spoolsv.exe C:\windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe c:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\windows\system32\dashost.exe C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe C:\windows\system32\svchost.exe -k imgsvc C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\windows\system32\SearchIndexer.exe C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files\Windows Media Player\wmpnetwk.exe C:\windows\System32\dwm.exe C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe C:\windows\system32\taskhostex.exe C:\windows\Explorer.EXE C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Windows\SysWOW64\rundll32.exe C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\windows\system32\taskeng.exe C:\windows\system32\SearchProtocolHost.exe C:\windows\system32\SearchFilterHost.exe C:\windows\system32\wbem\wmiprvse.exe C:\windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . mWinlogon: Userinit = userinit.exe BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coieplg.dll BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ips\ipsbho.dll BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL TB: <No Name>: {ae07101b-46d4-4a98-af68-0333ea26e113} - LocalServer32 - <no file> uRun: [spotify] "C:\Users\Peter\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart uRun: [spotify Web Helper] "C:\Users\Peter\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" uRun: [NextLive] C:\windows\SysWOW64\rundll32.exe "C:\Users\Peter\AppData\Roaming\newnext.me\nengine.dll",EntryPoint -m l mRun: [Adobe ARM] "c:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe" mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun: [mobilegeni daemon] C:\Program Files (x86)\Mobogenie\DaemonProcess.exe uPolicies-Explorer: NoDriveTypeAutoRun = dword:145 IE: E&ksporter til Microsoft Excel - C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000 IE: Se&nd til OneNote - C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105 IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll TCP: NameServer = 192.168.0.1 TCP: Interfaces\{B0743606-5239-4AEC-BD5D-A51D895858EC} : DHCPNameServer = 192.168.0.1 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll AppInit_DLLs= SSODL: WebCheck - <orphaned> mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome mASetup: {A6EADE66-0000-0000-484E-7E8A45000000} - "c:\Windows\SysWOW64\Rundll32.exe" "c:\Program Files (x86)\Adobe\Reader 11.0\Esl\AiodLite.dll",CreateReaderUserSettings x64-BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll x64-BHO: Easy Photo Print: {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll x64-TB: Easy Photo Print: {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll x64-TB: <No Name>: {ae07101b-46d4-4a98-af68-0333ea26e113} - LocalServer32 - <no file> x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s x64-Run: [igfxTray] C:\windows\System32\igfxtray.exe x64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exe x64-Run: [Persistence] C:\windows\System32\igfxpers.exe x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned> x64-Notify: igfxcui - igfxdev.dll x64-SSODL: WebCheck - <orphaned> . ============= SERVICES / DRIVERS =============== . R0 SymDS;Symantec Data Store;C:\windows\System32\Drivers\NISx64\1404000.028\symds64.sys [2013-6-15 493656] R0 SymEFA;Symantec Extended File Attributes;C:\windows\System32\Drivers\NISx64\1404000.028\symefa64.sys [2013-6-15 1139800] R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\BASHDefs\20131218.001\BHDrvx64.sys [2013-12-18 1526488] R1 ccSet_NIS;Norton Internet Security Settings Manager;C:\windows\System32\Drivers\NISx64\1404000.028\ccsetx64.sys [2013-6-15 169048] R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\IPSDefs\20140108.001\IDSviA64.sys [2014-1-9 521944] R1 SymIRON;Symantec Iron Driver;C:\windows\System32\Drivers\NISx64\1404000.028\ironx64.sys [2013-6-15 224416] R1 SymNetS;Symantec Network Security WFP Driver;C:\windows\System32\Drivers\NISx64\1404000.028\symnets.sys [2013-6-15 433752] R2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [2009-5-14 759048] R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccsvchst.exe [2013-6-15 144368] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2013-12-5 137648] R3 ISCT;Intel® Smart Connect Technology Device Driver;C:\windows\System32\Drivers\ISCTD64.sys [2012-12-20 46016] R3 RTL8168;Realtek 8168 NT Driver;C:\windows\System32\Drivers\Rt630x64.sys [2012-12-20 719504] S0 SymELAM;Symantec ELAM Driver;C:\windows\System32\Drivers\NISx64\1404000.028\symelam.sys [2013-6-15 23448] S3 LVUSBS64;Logitech USB Monitor Filter;C:\windows\System32\Drivers\LVUSBS64.sys [2008-7-26 50072] S3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\Drivers\Rt64win7.sys [2012-12-7 676968] S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\System32\Drivers\usbaapl64.sys [2012-12-13 54784] S3 WSDScan;WSD Scan Support;C:\windows\System32\Drivers\WSDScan.sys [2012-12-7 23552] S3 WUDFWpdMtp;WUDFWpdMtp;C:\windows\System32\Drivers\WUDFRd.sys [2012-7-26 198656] . =============== Created Last 30 ================ . 2013-12-27 23:14:02 236208 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10229.bin 2013-12-21 20:26:57 -------- d-----w- C:\Program Files (x86)\WebexpEnhancedV1 2013-12-17 22:05:05 -------- d-----w- C:\Users\Peter\.android 2013-12-17 22:05:04 -------- d-----w- C:\Users\Peter\AppData\Roaming\newnext.me 2013-12-17 22:05:04 -------- d-----w- C:\Users\Peter\AppData\Local\Mobogenie 2013-12-17 22:05:04 -------- d-----w- C:\Users\Peter\AppData\Local\genienext 2013-12-17 22:05:04 -------- d-----w- C:\Users\Peter\AppData\Local\cache 2013-12-17 22:04:30 -------- d-----w- C:\Program Files (x86)\Mobogenie 2013-12-17 22:03:59 -------- d-----w- C:\Users\Peter\AppData\Local\Programs 2013-12-15 14:07:01 23350272 ----a-w- C:\Program Files\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll 2013-12-15 14:07:00 22615040 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll 2013-12-10 19:38:41 -------- d-----w- C:\Users\Peter\AppData\Local\Blizzard Entertainment . ==================== Find3M ==================== . 2013-12-04 00:53:54 78304 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-12-04 00:53:54 694240 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe 2013-11-23 06:43:58 420864 ----a-w- C:\windows\System32\WMPhoto.dll 2013-11-23 05:05:01 368640 ----a-w- C:\windows\SysWow64\WMPhoto.dll 2013-11-06 23:18:57 4036608 ----a-w- C:\windows\System32\win32k.sys 2013-11-01 05:38:21 312320 ----a-w- C:\windows\System32\msieftp.dll 2013-11-01 03:49:24 273408 ----a-w- C:\windows\SysWow64\msieftp.dll 2013-10-25 06:19:22 2241536 ----a-w- C:\windows\System32\wininet.dll 2013-10-25 06:19:12 915968 ----a-w- C:\windows\System32\uxtheme.dll 2013-10-25 06:17:57 3959808 ----a-w- C:\windows\System32\jscript9.dll 2013-10-25 04:45:11 1767936 ----a-w- C:\windows\SysWow64\wininet.dll 2013-10-25 04:43:42 2877952 ----a-w- C:\windows\SysWow64\jscript9.dll 2013-10-19 05:45:45 62976 ----a-w- C:\windows\System32\imagehlp.dll 2013-10-19 04:04:07 59392 ----a-w- C:\windows\SysWow64\imagehlp.dll . ============= FINISH: 16:17:02,23 ===============
  22. I have been a little busy for the last days. I will get the files for you by tommorow!
  23. Hello there. So we have a few computers in our home. One day when I was using one of them I noticed that Internet Explorer had the SnapDo hijacker, I think. I were able to change the homepage to Google. After a reboot the homepage were still Google. I also know that the AV we have on the computer, that is Norton, have blocked a few files in the past. It might have removed the hijacker, but did not do anything to the homepage. Afterwards I checked the downloades folder. In it were a few dodgy downloaders / files. (As I said; Norton have blocked something, it might have been them. But I am still not sure if it blocked it all.) Some of the files was named Outlook, it was zipped too. I do believe it comes as an installer, if it is from Microsoft? There was also an Windows updater from Oracle. And the last some kind of an installer from some random guy.
  24. Okay. I managed to delete everything but ComboFix, I think. When I typed the command it told me that it could not find ComboFix. I tried once more, checking if I had space between the X and the /. It still did not work. I copied and pasted what you wrote, it did not work. After those failed tries I noticed that the ComboFix-files were gone, is this supposed to happen, I am not sure.
  25. It looks like everything is gone now. I have two questions though; After the scans I cannot play any YouTube videos (only a few.) Did the scans damage my Comodo Dragon browser, or is this just random. I tried YouTube on IE, and everything works there. The second thing, were there any malware or anything else to be found at all?
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.