chrisbc

Members

View Profile See their activity

Posts
11
Joined
November 3, 2013
Last visited
May 13, 2014

Content Type

All Activity

Events

Profiles

Forums

Topics
Posts

Everything posted by chrisbc

Avast detects web threat without page visit

chrisbc posted a topic in Resolved Malware Removal Logs

Hi, Avast Web Shield detects threats without me going to a web page. Last happened while I was reading the UK daily newspaper "Daily Mail", which couldn't have caused this. This is from the Avast WebShield Log file: 2014-04-29 12:05:07 http://5.104.108.248/request_content.php?s=31706608817411897&a=ccb380f9 [L] URL:Mal (0) 2014-04-29 12:05:07 http://5.104.108.248/request_content.php?s=31702108815411897&a=adee0ccd [L] URL:Mal (0) 2014-05-12 16:58:06 http://5.104.107.76/request_content.php?s=78190132811413196&a=b2e7c90c [L] URL:Mal (0) These addresses all originate from a host called Myloc in Germany. There is no reason they should be trying to access my computer through these php-files. I am using MBam Pro 1.75. FRST.txt Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-05-2014 01 Ran by Chris (administrator) on CHRIS-HOME on 12-05-2014 17:37:10 Running from C:\Users\Chris\Downloads Platform: Windows 8 (X64) OS Language: Swedish Internet Explorer Version 10 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe (Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe () C:\Windows\System32\DptfParticipantProcessorService.exe (Diskeeper Corporation) C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe (Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel Corporation) C:\Windows\SysWOW64\irstrtsv.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe (Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe (ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnWMI.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe (AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe (AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\viaaud.exe (Qualcomm Atheros) C:\Program Files (x86)\Bluetooth Suite\BtTray.exe (Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe (CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE (ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Foundation) C:\Users\Chris\AppData\Roaming\http;gauth.apps.gbraad.nl\GAuth Authenticator.exe (Don HO don.h@free.fr) C:\Program Files (x86)\Notepad++\notepad++.exe (OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\scalc.exe (OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin ==================== Registry (Whitelisted) ================== HKLM\...\Run: [DptfPolicyLpmServiceHelper] => C:\Windows\system32\DptfPolicyLpmServiceHelper.exe [21888 2012-07-30] () HKLM\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [5292664 2012-09-24] (VIA) HKLM\...\Run: [VIAAUD] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\viaaud.exe [2538616 2012-09-24] (VIA) HKLM\...\Run: [btTray] => C:\Program Files (x86)\Bluetooth Suite\BtTray.exe [764032 2012-08-10] (Qualcomm Atheros) HKLM\...\Run: [btvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [127616 2012-08-10] (Atheros Communications) HKLM\...\Run: [ACMON] => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [107192 2012-08-24] (ASUS) HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2779024 2011-03-14] (CANON INC.) HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" HKLM-x32\...\Run: [Adobe Photo Downloader] => C:\Program Files (x86)\Adobe\Photoshop Elements 5.0\apdproxy.exe [67752 2006-12-22] (Adobe Systems Incorporated) HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3873704 2014-04-18] (AVAST Software) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AsusVibeLauncher.lnk ShortcutTarget: AsusVibeLauncher.lnk -> C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe (ASUSTeK Computer Inc.) Startup: C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () Startup: C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Övervaka bläckvarningar - HP Deskjet 2050 J510 series.lnk ShortcutTarget: Övervaka bläckvarningar - HP Deskjet 2050 J510 series.lnk -> C:\Program Files\HP\HP Deskjet 2050 J510 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://asus13.msn.com/ HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus13.msn.com SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=ASU2JS SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=ASU2JS SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexbho.dll (CANON INC.) BHO: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations) BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) BHO-x32: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.) BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexhlp.dll (CANON INC.) Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.) Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) Toolbar: HKCU - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexhlp.dll (CANON INC.) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 195.67.199.27 195.67.199.28 FireFox: ======== FF ProfilePath: C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\of9j2mi2.default FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_206.dll () FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_206.dll () FF Plugin-x32: @canon.com/EPPEX - C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3522.0110 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.1.3 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\allaannonser-sv-SE.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\prisjakt-sv-SE.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\tyda-sv-SE.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\wikipedia-sv-SE.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-sv-SE.xml FF Extension: Firebug - C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\of9j2mi2.default\Extensions\firebug@software.joehewitt.com.xpi [2013-01-22] FF Extension: Old Default Image Style - C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\of9j2mi2.default\Extensions\olddefaultimagestyle@dagger2-addons.mozilla.org.xpi [2013-12-22] FF Extension: HttpFox - C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\of9j2mi2.default\Extensions\{4093c4de-454a-4329-8aff-c6b0b123c386}.xpi [2013-12-25] FF Extension: View Cookies - C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\of9j2mi2.default\Extensions\{8F6A6FD9-0619-459f-B9D0-81DE065D4E21}.xpi [2013-02-25] FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-01-19] FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK Chrome: ======= CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\PepperFlash\pepflashplayer.dll () CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\pdf.dll () CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) CHR Plugin: (McAfee SecurityCenter) - c:\progra~2\mcafee\msc\npmcsn~1.dll No File CHR Extension: (Google Dokument) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-01-19] CHR Extension: (Google Drive) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-01-19] CHR Extension: (YouTube) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-01-19] CHR Extension: (Firebug Lite for Google Chrome™) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmagokdooijbeehmkpknfglimnifench [2013-03-08] CHR Extension: (Sök på Google) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-01-19] CHR Extension: (Google Wallet) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-20] CHR Extension: (Gmail) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-01-19] ==================== Services (Whitelisted) ================= S4 AdobeActiveFileMonitor5.0; C:\Program Files (x86)\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe [108712 2006-12-22] () R2 ASUS InstantOn; C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe [277120 2012-04-13] (ASUS) R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [211584 2012-08-10] (Qualcomm Atheros Commnucations) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-04-18] (AVAST Software) R2 DptfParticipantProcessorService; C:\Windows\system32\DptfParticipantProcessorService.exe [29056 2012-07-30] () S2 DptfPolicyLpmService; C:\Windows\system32\DptfPolicyLpmService.exe [36224 2012-07-30] () R2 ExpressCache; C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe [79664 2012-03-30] (Diskeeper Corporation) R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation) R2 irstrtsv; C:\Windows\SysWOW64\irstrtsv.exe [193576 2012-07-30] (Intel Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation) R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation) R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27792 2012-09-14] (VIA Technologies, Inc.) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-10-25] (Microsoft Corporation) R2 ZAtheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2012-08-10] (Atheros) S2 ADExchange; C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe [X] ==================== Drivers (Whitelisted) ==================== S2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-04-18] () R1 aswKbd; C:\Windows\System32\Drivers\aswKbd.sys [21136 2012-10-31] (AVAST Software) R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-04-18] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-04-18] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-04-18] () R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1039096 2014-04-18] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423240 2014-04-18] (AVAST Software) R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [85328 2014-04-18] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [208416 2014-04-18] () R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [61824 2012-10-31] (ASUS Corporation) R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [76952 2012-08-10] (Qualcomm Atheros) R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation) R3 DptfDevDram; C:\Windows\system32\DRIVERS\DptfDevDram.sys [107328 2012-07-13] (Intel Corporation) R3 DptfDevFan; C:\Windows\system32\DRIVERS\DptfDevFan.sys [42816 2012-07-13] (Intel Corporation) R3 DptfDevGen; C:\Windows\system32\DRIVERS\DptfDevGen.sys [64832 2012-07-13] (Intel Corporation) R3 DptfDevPch; C:\Windows\system32\DRIVERS\DptfDevPch.sys [96064 2012-07-13] (Intel Corporation) R3 DptfDevProc; C:\Windows\system32\DRIVERS\DptfDevProc.sys [228672 2012-07-13] (Intel Corporation) R3 DptfManager; C:\Windows\system32\DRIVERS\DptfManager.sys [361792 2012-07-13] (Intel Corporation) R1 excfs; C:\Windows\System32\DRIVERS\excfs.sys [23344 2012-03-30] (Diskeeper Corporation) R0 excsd; C:\Windows\System32\DRIVERS\excsd.sys [95024 2012-03-30] (Diskeeper Corporation) R3 irstrtdv; C:\Windows\System32\drivers\irstrtdv.sys [43800 2012-07-30] (Intel Corporation) R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [14992 2012-08-02] ( ) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation) U0 msahci; ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-05-12 17:37 - 2014-05-12 17:37 - 00019289 _____ () C:\Users\Chris\Downloads\FRST.txt 2014-05-12 17:37 - 2014-05-12 17:37 - 00000000 ___SH () C:\DkHyperbootSync 2014-05-12 17:36 - 2014-05-12 17:37 - 00000000 ____D () C:\FRST 2014-05-12 17:35 - 2014-05-12 17:35 - 02066944 _____ (Farbar) C:\Users\Chris\Downloads\FRST64.exe 2014-05-12 16:27 - 2014-05-12 16:27 - 00009033 _____ () C:\Users\Chris\Downloads\sv_SE.po 2014-05-12 16:20 - 2014-05-12 16:20 - 00041315 _____ () C:\Users\Chris\Downloads\wpuf(3).pot 2014-05-12 16:14 - 2014-05-12 16:14 - 00041300 _____ () C:\Users\Chris\Downloads\wpuf(2).pot 2014-05-12 16:10 - 2014-05-12 16:10 - 00041300 _____ () C:\Users\Chris\Downloads\wpuf(1).pot 2014-05-12 16:09 - 2014-05-12 16:09 - 00000554 _____ () C:\Users\Chris\Downloads\wpuf.mo 2014-05-12 16:06 - 2014-05-12 16:09 - 00041315 _____ () C:\Users\Chris\Downloads\wpuf.pot 2014-05-12 16:06 - 2014-05-12 16:06 - 00000174 _____ () C:\Users\Chris\Downloads\readme.txt 2014-05-12 15:36 - 2014-05-12 15:36 - 00015971 _____ () C:\Users\Chris\Downloads\frontend-form.js 2014-05-11 22:15 - 2014-05-11 22:15 - 00972734 _____ () C:\Users\Chris\Downloads\medborga_mnet(30).sql.gz 2014-05-11 21:46 - 2014-05-11 21:46 - 00213816 _____ () C:\Users\Chris\Downloads\wp-user-frontend-pro.zip 2014-05-11 12:37 - 2014-05-11 12:37 - 00132860 _____ () C:\Users\Chris\Downloads\safe-report-comments.0.3.2.zip 2014-05-10 12:14 - 2014-05-10 12:14 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-05-09 14:14 - 2014-05-09 14:14 - 00016878 _____ () C:\Users\Chris\Downloads\waypoints.js 2014-05-09 13:51 - 2014-05-09 13:51 - 00177453 _____ () C:\Users\Chris\Downloads\wp-ajaxify-comments(1)(1).zip 2014-05-09 00:20 - 2014-05-09 00:20 - 00177790 _____ () C:\Users\Chris\Downloads\wp-ajaxify-comments(2).zip 2014-05-08 20:02 - 2014-05-08 20:02 - 00003388 _____ () C:\Users\Chris\Downloads\taxonomy-worldtag-syrien(3).php 2014-05-08 20:00 - 2014-05-08 20:00 - 00003537 _____ () C:\Users\Chris\Downloads\taxonomy-sweden-ardalsberget.php 2014-05-07 19:40 - 2014-05-07 19:40 - 00374179 _____ () C:\Users\Chris\Downloads\wp-user-frontend(4).zip 2014-05-07 17:17 - 2014-05-07 17:17 - 00023489 _____ () C:\Users\Chris\Downloads\wpuf-functions(1).php 2014-05-07 17:17 - 2014-05-07 17:17 - 00014187 _____ () C:\Users\Chris\Downloads\settings-options.php 2014-05-07 17:17 - 2014-05-07 17:17 - 00011967 _____ () C:\Users\Chris\Downloads\class.settings-api.php 2014-05-07 17:17 - 2014-05-07 17:17 - 00006778 _____ () C:\Users\Chris\Downloads\attachment(2).php 2014-05-07 17:17 - 2014-05-07 17:17 - 00004746 _____ () C:\Users\Chris\Downloads\wpuf(4).php 2014-05-07 17:17 - 2014-05-07 17:17 - 00001665 _____ () C:\Users\Chris\Downloads\settings(2).php 2014-05-07 16:34 - 2014-05-07 16:34 - 00007925 _____ () C:\Users\Chris\Downloads\wp-content.css 2014-05-07 16:26 - 2014-05-07 16:26 - 00285561 _____ () C:\Users\Chris\Downloads\tinymce.min.js 2014-05-07 16:26 - 2014-05-07 16:26 - 00005768 _____ () C:\Users\Chris\Downloads\form_utils.js 2014-05-07 16:22 - 2014-05-07 16:22 - 00001827 _____ () C:\Users\Chris\Downloads\header-user(4).php 2014-05-07 15:59 - 2014-05-07 15:59 - 00012387 _____ () C:\Users\Chris\Downloads\functions(10).php 2014-05-07 14:49 - 2014-05-07 14:49 - 00000805 _____ () C:\Users\Chris\Downloads\user_editpost(3).php 2014-05-07 14:46 - 2014-05-07 14:46 - 00047884 _____ () C:\Users\Chris\Downloads\mnet-home(7).css 2014-05-07 14:46 - 2014-05-07 14:46 - 00007547 _____ () C:\Users\Chris\Downloads\wpuf.css 2014-05-07 14:42 - 2014-05-07 14:42 - 00014059 _____ () C:\Users\Chris\Downloads\wpuf-edit-post(3).php 2014-05-07 12:25 - 2014-05-07 12:25 - 00060912 _____ () C:\Users\Chris\Downloads\foundation-5-2-1-box-sizing-scss-mixin-not-working.htm 2014-05-07 11:46 - 2014-05-07 11:46 - 00107760 _____ () C:\Users\Chris\Downloads\foundation.min(1).css 2014-05-07 11:42 - 2014-05-07 11:42 - 00021062 _____ () C:\Users\Chris\Downloads\foundation.min.css 2014-05-07 11:28 - 2014-05-07 11:28 - 00014059 _____ () C:\Users\Chris\Downloads\wpuf-edit-post(2).php 2014-05-07 11:28 - 2014-05-07 11:28 - 00013902 _____ () C:\Users\Chris\Downloads\wpuf-add-post(3).php 2014-05-06 23:41 - 2014-05-06 23:41 - 00374179 _____ () C:\Users\Chris\Downloads\wp-user-frontend(3).zip 2014-05-06 23:41 - 2014-05-06 23:41 - 00000000 ____D () C:\Users\Chris\Downloads\wp-user-frontend(3) 2014-05-06 23:37 - 2014-05-06 23:37 - 00014951 _____ () C:\Users\Chris\Downloads\wpuf-edit-post(1).php 2014-05-06 23:30 - 2014-05-06 23:30 - 00001693 _____ () C:\Users\Chris\Downloads\user_editpost(2).php 2014-05-06 20:08 - 2014-05-06 20:08 - 00000755 _____ () C:\Users\Chris\Downloads\user_dashboard(3).php 2014-05-06 20:03 - 2014-05-06 20:03 - 00002131 _____ () C:\Users\Chris\Downloads\pageheader.php 2014-05-06 19:42 - 2014-05-06 19:42 - 00016697 _____ () C:\Users\Chris\Downloads\htaccess(15) 2014-05-06 18:27 - 2014-05-06 18:27 - 00011742 _____ () C:\Users\Chris\Downloads\functions(9).php 2014-05-06 18:17 - 2014-05-06 18:17 - 00023489 _____ () C:\Users\Chris\Downloads\wpuf-functions.php 2014-05-06 18:17 - 2014-05-06 18:17 - 00004746 _____ () C:\Users\Chris\Downloads\wpuf(3).php 2014-05-06 15:52 - 2014-05-06 15:52 - 00040001 _____ () C:\Users\Chris\Downloads\frontend-uploader.php 2014-05-06 15:35 - 2014-05-06 15:35 - 00410365 _____ () C:\Users\Chris\Downloads\frontend-uploader.0.7.5.zip 2014-05-06 15:04 - 2014-05-06 15:04 - 00054961 _____ () C:\Users\Chris\Downloads\multiple-featured-images.0.3.zip 2014-05-06 14:21 - 2014-05-06 14:21 - 00374179 _____ () C:\Users\Chris\Downloads\wp-user-frontend(2).zip 2014-05-06 13:07 - 2014-05-06 13:07 - 00001719 _____ () C:\Users\Chris\Downloads\header-user(3).php 2014-05-06 12:49 - 2014-05-06 12:49 - 00002028 _____ () C:\Users\Chris\Downloads\user_addpost(3).php 2014-05-06 12:48 - 2014-05-06 12:48 - 00001579 _____ () C:\Users\Chris\Downloads\user_dashboard(2).php 2014-05-05 22:25 - 2014-05-05 22:25 - 00004223 _____ () C:\Users\Chris\Downloads\user_replies.php 2014-05-05 22:12 - 2014-05-05 22:12 - 00008697 _____ () C:\Users\Chris\Downloads\user_profile(1).php 2014-05-05 22:12 - 2014-05-05 22:12 - 00002812 _____ () C:\Users\Chris\Downloads\user_comments(1).php 2014-05-05 22:12 - 2014-05-05 22:12 - 00002028 _____ () C:\Users\Chris\Downloads\user_addpost(2).php 2014-05-05 22:12 - 2014-05-05 22:12 - 00001693 _____ () C:\Users\Chris\Downloads\user_editpost(1).php 2014-05-05 22:12 - 2014-05-05 22:12 - 00001579 _____ () C:\Users\Chris\Downloads\user_dashboard(1).php 2014-05-05 22:12 - 2014-05-05 22:12 - 00001499 _____ () C:\Users\Chris\Downloads\user_editprofile(1).php 2014-05-05 18:31 - 2014-05-05 18:31 - 00223227 _____ () C:\Users\Chris\Downloads\jetpack-sharing.2.9.3.zip 2014-05-05 18:24 - 2014-05-05 18:24 - 00696917 _____ () C:\Users\Chris\Downloads\so-jetpack-stats-only.2014.04.16a.zip 2014-05-05 18:11 - 2014-05-05 18:11 - 00183047 _____ () C:\Users\Chris\Downloads\p3-profiler.1.5.0.zip 2014-05-05 17:45 - 2014-05-05 17:45 - 00153734 _____ () C:\Users\Chris\Downloads\htaccess(14) 2014-05-05 16:35 - 2014-05-05 16:35 - 00002232 _____ () C:\Users\Chris\Downloads\header-user(2).php 2014-05-05 16:34 - 2014-05-05 16:34 - 00005385 _____ () C:\Users\Chris\Downloads\user_comments.php 2014-05-05 14:24 - 2014-04-29 16:14 - 19275264 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-05-05 14:24 - 2014-04-29 14:47 - 14357504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-05-05 14:24 - 2014-04-29 14:36 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-05-05 14:24 - 2014-04-29 14:25 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-05-05 10:54 - 2014-05-05 10:54 - 00007748 _____ () C:\Users\Chris\Downloads\news_champshortcode(1).php 2014-05-05 10:53 - 2014-05-05 10:53 - 00007715 _____ () C:\Users\Chris\Downloads\news_champ.php 2014-05-05 10:46 - 2014-05-05 10:46 - 00004554 _____ () C:\Users\Chris\Downloads\mbnet-user-comments(3).php 2014-05-05 10:46 - 2014-05-05 10:46 - 00004298 _____ () C:\Users\Chris\Downloads\article-comments(2).php 2014-05-05 09:58 - 2014-05-05 09:58 - 00047811 _____ () C:\Users\Chris\Downloads\mnet-home(6).css 2014-05-04 20:47 - 2014-05-04 20:47 - 00006005 _____ () C:\Users\Chris\Downloads\display-posts-shortcode-2a45059dbbe96f901aec24cba3e9e5607c7995e4.zip 2014-05-04 20:42 - 2014-05-04 20:42 - 00005347 _____ () C:\Users\Chris\Downloads\display-posts-shortcode.zip 2014-05-04 20:42 - 2014-05-04 20:42 - 00000000 ____D () C:\Users\Chris\Downloads\display-posts-shortcode 2014-05-04 19:50 - 2014-05-04 19:50 - 00000000 ____D () C:\Users\Chris\Downloads\display-posts-shortcode.2.3 2014-05-04 18:58 - 2014-05-04 18:58 - 00001256 _____ () C:\Users\Chris\Downloads\single-katswe(12).php 2014-05-04 18:55 - 2014-05-04 18:55 - 00005351 _____ () C:\Users\Chris\Downloads\display-posts-shortcode.2.3.zip 2014-05-04 18:48 - 2014-05-04 18:48 - 00000000 ____D () C:\Users\Chris\Downloads\be-stats.1.1 2014-05-04 18:46 - 2014-05-04 18:46 - 00003201 _____ () C:\Users\Chris\Downloads\be-stats.1.1.zip 2014-05-03 17:08 - 2014-05-03 17:08 - 00000000 ____D () C:\Users\Chris\Downloads\wp-ajaxify-comments(1) 2014-05-03 17:07 - 2014-05-03 17:07 - 00177453 _____ () C:\Users\Chris\Downloads\wp-ajaxify-comments(1).zip 2014-05-02 12:20 - 2014-05-02 12:20 - 00057194 _____ () C:\Users\Chris\Downloads\mnet-home(5).css 2014-05-02 12:12 - 2014-05-02 12:12 - 00002011 _____ () C:\Users\Chris\Downloads\navigation-mnet.php 2014-05-02 12:11 - 2014-05-02 12:11 - 00012995 _____ () C:\Users\Chris\Downloads\news_home(4).php 2014-05-02 12:11 - 2014-05-02 12:11 - 00001748 _____ () C:\Users\Chris\Downloads\header-home.php 2014-05-02 12:10 - 2014-05-02 12:10 - 00002238 _____ () C:\Users\Chris\Downloads\header-main(5).php 2014-05-01 18:55 - 2014-05-01 18:55 - 00963663 _____ () C:\Users\Chris\Downloads\medborga_mnet(29).sql.gz 2014-05-01 18:54 - 2014-05-01 18:54 - 00095786 _____ () C:\Users\Chris\Downloads\wp-user-avatar.1.9.11.zip 2014-05-01 18:03 - 2014-05-01 18:03 - 00057275 _____ () C:\Users\Chris\Downloads\mnet-home(4).css 2014-05-01 17:44 - 2014-05-01 17:44 - 00002014 _____ () C:\Users\Chris\Downloads\navigation-main(13).php 2014-05-01 17:43 - 2014-05-01 17:43 - 00002132 _____ () C:\Users\Chris\Downloads\header-single(3).php 2014-05-01 17:42 - 2014-05-01 17:42 - 00001256 _____ () C:\Users\Chris\Downloads\single-katswe(11).php 2014-05-01 12:26 - 2014-05-01 12:26 - 00057275 _____ () C:\Users\Chris\Downloads\mnet-home(3).css 2014-04-30 23:45 - 2014-04-30 23:45 - 00000000 ____D () C:\Users\Chris\Downloads\wp-ajaxify-comments 2014-04-30 23:38 - 2014-04-30 23:38 - 00177362 _____ () C:\Users\Chris\Downloads\wp-ajaxify-comments.zip 2014-04-30 12:13 - 2014-04-30 12:13 - 00001158 _____ () C:\Users\Chris\Downloads\single-katmiljo(1).php 2014-04-30 11:55 - 2014-04-30 11:55 - 00002146 _____ () C:\Users\Chris\Downloads\single-blogg.php 2014-04-29 15:46 - 2014-05-07 02:49 - 00000000 ____D () C:\Users\Chris\Desktop\globe images 2014-04-29 11:19 - 2014-04-29 11:19 - 00008447 _____ () C:\Users\Chris\Downloads\reportcomments.1.2.3.zip 2014-04-28 18:13 - 2014-04-28 18:13 - 00010023 _____ () C:\Users\Chris\Downloads\content-article(4).php 2014-04-28 18:10 - 2014-04-28 18:10 - 00057092 _____ () C:\Users\Chris\Downloads\mnet-home(2).css 2014-04-28 16:56 - 2014-04-28 16:56 - 00004554 _____ () C:\Users\Chris\Downloads\mbnet-user-comments(2).php 2014-04-28 16:09 - 2014-04-28 16:09 - 00001734 _____ () C:\Users\Chris\Downloads\single-katswe(10).php 2014-04-28 16:08 - 2014-04-28 16:08 - 00001722 _____ () C:\Users\Chris\Downloads\single-katvarlden(5).php 2014-04-28 14:19 - 2014-04-28 14:19 - 00004295 _____ () C:\Users\Chris\Downloads\article-comments(1).php 2014-04-27 21:12 - 2014-04-27 21:12 - 00000243 _____ () C:\Users\Chris\Desktop\ajaxify callback.txt 2014-04-27 20:39 - 2014-04-27 20:39 - 00153734 _____ () C:\Users\Chris\Downloads\htaccess(13) 2014-04-27 20:23 - 2014-04-27 20:23 - 00076272 _____ () C:\Users\Chris\Downloads\comment-template.php 2014-04-27 20:06 - 2014-04-27 20:06 - 00004500 _____ () C:\Users\Chris\Downloads\mbnet-user-comments(1).php 2014-04-27 19:03 - 2014-04-27 19:03 - 00001227 _____ () C:\Users\Chris\Downloads\comment-reply.js 2014-04-27 18:50 - 2014-04-27 18:50 - 00002367 _____ () C:\Users\Chris\Downloads\navigation-main(12).php 2014-04-27 18:32 - 2014-04-27 18:32 - 00000521 _____ () C:\Users\Chris\Downloads\footermain(2).php 2014-04-27 18:27 - 2014-04-27 18:27 - 00004295 _____ () C:\Users\Chris\Downloads\article-comments.php 2014-04-27 18:25 - 2014-04-27 18:25 - 00011742 _____ () C:\Users\Chris\Downloads\functions(8).php 2014-04-27 18:06 - 2014-04-27 18:06 - 00004500 _____ () C:\Users\Chris\Downloads\mbnet-user-comments.php 2014-04-27 17:31 - 2014-04-27 17:31 - 00063575 _____ () C:\Users\Chris\Downloads\user.php 2014-04-27 12:45 - 2014-04-27 12:45 - 00002227 _____ () C:\Users\Chris\Downloads\single-katvarlden(4).php 2014-04-27 12:43 - 2014-04-27 12:43 - 00032742 _____ () C:\Users\Chris\Downloads\wp-ajaxify-comments.php 2014-04-27 12:42 - 2014-04-27 12:42 - 00175652 _____ () C:\Users\Chris\Downloads\wp-ajaxify-comments-0.21.0.zip 2014-04-27 12:42 - 2014-04-27 12:42 - 00000000 ____D () C:\Users\Chris\Downloads\wp-ajaxify-comments-0.21.0 2014-04-26 10:38 - 2014-04-26 10:38 - 00009976 _____ () C:\Users\Chris\Downloads\content-article(3).php 2014-04-25 15:46 - 2014-04-25 15:46 - 00005693 _____ () C:\Users\Chris\Downloads\order-bender(1).php 2014-04-25 11:26 - 2014-04-25 11:26 - 00001729 _____ () C:\Users\Chris\Downloads\single-katswe(9).php 2014-04-25 11:13 - 2014-04-25 11:13 - 00012919 _____ () C:\Users\Chris\Downloads\news_home(3).php 2014-04-25 10:58 - 2014-04-25 10:58 - 00005693 _____ () C:\Users\Chris\Downloads\order-bender.php 2014-04-18 18:34 - 2014-04-18 18:34 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr 2014-04-18 18:34 - 2014-04-18 18:34 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys 2014-04-18 01:46 - 2014-04-18 01:46 - 00012126 _____ () C:\Users\Chris\Downloads\content-article(2).php 2014-04-17 18:25 - 2014-04-17 18:25 - 00002620 _____ () C:\Users\Chris\Downloads\header-single(2).php 2014-04-17 18:20 - 2014-04-17 18:20 - 00056260 _____ () C:\Users\Chris\Downloads\mnet-home(1).css 2014-04-17 12:29 - 2014-04-17 12:29 - 00000867 _____ () C:\Users\Chris\Downloads\content-article(1).php 2014-04-17 12:14 - 2014-04-17 12:14 - 00011082 _____ () C:\Users\Chris\Downloads\related-katswe(5).php 2014-04-17 11:15 - 2014-04-17 11:15 - 00009756 _____ () C:\Users\Chris\Downloads\article-related(3).php 2014-04-17 11:09 - 2014-04-17 11:09 - 00001225 _____ () C:\Users\Chris\Downloads\content-single.php 2014-04-17 11:00 - 2014-04-17 11:00 - 00031909 _____ () C:\Users\Chris\Downloads\wp-login(1).php 2014-04-17 11:00 - 2014-04-17 11:00 - 00025665 _____ () C:\Users\Chris\Downloads\wp-signup(1).php 2014-04-17 11:00 - 2014-04-17 11:00 - 00010880 _____ () C:\Users\Chris\Downloads\wp-settings(1).php 2014-04-17 11:00 - 2014-04-17 11:00 - 00008235 _____ () C:\Users\Chris\Downloads\wp-mail(1).php 2014-04-17 11:00 - 2014-04-17 11:00 - 00004026 _____ () C:\Users\Chris\Downloads\wp-trackback.php 2014-04-17 11:00 - 2014-04-17 11:00 - 00003685 _____ () C:\Users\Chris\Downloads\wp-config(9).php 2014-04-17 11:00 - 2014-04-17 11:00 - 00003015 _____ () C:\Users\Chris\Downloads\xmlrpc.php 2014-04-17 11:00 - 2014-04-17 11:00 - 00002932 _____ () C:\Users\Chris\Downloads\wp-cron(1).php 2014-04-17 11:00 - 2014-04-17 11:00 - 00002380 _____ () C:\Users\Chris\Downloads\wp-links-opml(1).php 2014-04-17 11:00 - 2014-04-17 11:00 - 00002359 _____ () C:\Users\Chris\Downloads\wp-load(1).php 2014-04-17 10:59 - 2014-04-17 10:59 - 00153734 _____ () C:\Users\Chris\Downloads\htaccess(12) 2014-04-17 10:59 - 2014-04-17 10:59 - 00108673 _____ () C:\Users\Chris\Downloads\php_errorlog(1) 2014-04-17 10:59 - 2014-04-17 10:59 - 00105772 _____ () C:\Users\Chris\Downloads\search(1).php 2014-04-17 10:59 - 2014-04-17 10:59 - 00019929 _____ () C:\Users\Chris\Downloads\license(1).txt 2014-04-17 10:59 - 2014-04-17 10:59 - 00014280 _____ () C:\Users\Chris\Downloads\licens-sv_SE(1).txt 2014-04-17 10:59 - 2014-04-17 10:59 - 00009882 _____ () C:\Users\Chris\Downloads\readme(1).html 2014-04-17 10:59 - 2014-04-17 10:59 - 00004892 _____ () C:\Users\Chris\Downloads\wp-activate(1).php 2014-04-17 10:59 - 2014-04-17 10:59 - 00004795 _____ () C:\Users\Chris\Downloads\wp-comments-post(1).php 2014-04-17 10:59 - 2014-04-17 10:59 - 00004002 _____ () C:\Users\Chris\Downloads\settings(1).php 2014-04-17 10:59 - 2014-04-17 10:59 - 00003140 _____ () C:\Users\Chris\Downloads\wp-config-sample(1).php 2014-04-17 10:59 - 2014-04-17 10:59 - 00002392 _____ () C:\Users\Chris\Downloads\search_template(1).html 2014-04-17 10:59 - 2014-04-17 10:59 - 00000418 _____ () C:\Users\Chris\Downloads\index(2).php 2014-04-17 10:59 - 2014-04-17 10:59 - 00000358 _____ () C:\Users\Chris\Downloads\robots(1).txt 2014-04-17 10:59 - 2014-04-17 10:59 - 00000271 _____ () C:\Users\Chris\Downloads\wp-blog-header(1).php 2014-04-17 10:59 - 2014-04-17 10:59 - 00000219 _____ () C:\Users\Chris\Downloads\php(1).ini 2014-04-17 10:59 - 2014-04-17 10:59 - 00000053 _____ () C:\Users\Chris\Downloads\google9b43be63ea8e6a2d(1).html 2014-04-17 10:59 - 2014-04-17 10:59 - 00000021 _____ () C:\Users\Chris\Downloads\index(1).html 2014-04-17 10:57 - 2014-04-17 10:57 - 00959242 _____ () C:\Users\Chris\Downloads\medborga_mnet(28).sql.gz 2014-04-17 02:10 - 2014-04-17 02:10 - 00005905 _____ () C:\Users\Chris\Downloads\navigation-katvarlden.php 2014-04-17 02:00 - 2014-04-17 02:00 - 00002193 _____ () C:\Users\Chris\Downloads\single-katswe(8).php 2014-04-17 02:00 - 2014-04-17 02:00 - 00001160 _____ () C:\Users\Chris\Downloads\single-katvarlden(3).php 2014-04-16 12:38 - 2014-04-16 12:38 - 00011199 _____ () C:\Users\Chris\Downloads\news_home(2).php 2014-04-16 12:38 - 2014-04-16 12:38 - 00004776 _____ () C:\Users\Chris\Downloads\news_miljo(4).php 2014-04-15 16:40 - 2014-04-15 16:40 - 00056219 _____ () C:\Users\Chris\Downloads\mnet-home.css 2014-04-15 15:52 - 2014-04-15 15:52 - 00011450 _____ () C:\Users\Chris\Downloads\news_home(1).php 2014-04-15 12:15 - 2014-04-15 12:15 - 00986428 _____ () C:\Users\Chris\Downloads\medborga_mnet(27).sql.gz 2014-04-15 12:15 - 2014-04-15 12:15 - 00153734 _____ () C:\Users\Chris\Downloads\htaccess(11) 2014-04-15 12:15 - 2014-04-15 12:15 - 00003685 _____ () C:\Users\Chris\Downloads\wp-config(8).php 2014-04-14 21:20 - 2014-03-07 02:48 - 01766400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-04-14 21:20 - 2014-03-07 02:48 - 01140736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-04-14 21:20 - 2014-03-07 02:47 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-04-14 21:20 - 2014-03-07 02:47 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-04-14 21:20 - 2014-03-07 02:47 - 02049536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-04-14 21:20 - 2014-03-07 02:47 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2014-04-14 21:20 - 2014-03-07 02:47 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-04-14 21:20 - 2014-03-07 02:47 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-04-14 21:20 - 2014-03-07 02:08 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-04-14 21:20 - 2014-03-07 02:08 - 03959808 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-04-14 21:20 - 2014-03-07 02:08 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-04-14 21:20 - 2014-03-07 02:08 - 02240000 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-04-14 21:20 - 2014-03-07 02:08 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-04-14 21:20 - 2014-03-07 02:08 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll 2014-04-14 21:20 - 2014-03-07 02:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2014-04-14 21:20 - 2014-03-07 02:08 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-04-14 21:20 - 2014-03-07 02:08 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-04-14 21:20 - 2013-05-16 00:37 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll 2014-04-14 21:20 - 2013-05-16 00:35 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll 2014-04-14 21:20 - 2013-02-21 12:29 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2014-04-14 21:20 - 2013-02-21 12:29 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-04-14 21:20 - 2013-02-21 12:29 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-04-14 21:20 - 2013-02-21 12:29 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-04-14 21:20 - 2013-02-21 12:14 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll 2014-04-14 21:20 - 2013-02-21 12:14 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-04-14 21:20 - 2013-02-19 11:53 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll 2014-04-14 21:20 - 2012-11-08 06:20 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-04-14 21:20 - 2012-11-08 06:20 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-04-14 21:20 - 2012-07-26 05:06 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-04-14 21:19 - 2014-02-04 01:56 - 00332632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys 2014-04-14 21:19 - 2014-02-04 01:56 - 00278872 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys 2014-04-14 21:19 - 2014-01-31 05:55 - 00209712 _____ (Microsoft Corporation) C:\Windows\system32\NotificationUI.exe 2014-04-14 21:19 - 2014-01-31 02:48 - 00564736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll 2014-04-14 21:19 - 2014-01-31 02:48 - 00485888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSDApi.dll 2014-04-14 21:19 - 2014-01-31 02:48 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.dll 2014-04-14 21:19 - 2014-01-31 02:48 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll 2014-04-14 21:19 - 2014-01-31 02:06 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll 2014-04-14 21:19 - 2014-01-31 02:06 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\WSDApi.dll 2014-04-14 21:19 - 2014-01-31 02:06 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll 2014-04-14 21:19 - 2014-01-27 05:42 - 02232664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys 2014-04-14 21:19 - 2014-01-27 05:39 - 01939288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys 2014-04-14 21:19 - 2014-01-27 02:52 - 17561088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2014-04-14 21:19 - 2014-01-27 02:31 - 19752448 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2014-04-14 21:19 - 2014-01-27 01:17 - 00386722 _____ () C:\Windows\system32\ApnDatabase.xml 2014-04-14 21:19 - 2014-01-16 01:42 - 00118784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys 2014-04-14 21:19 - 2014-01-11 08:48 - 05979648 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll 2014-04-14 21:19 - 2014-01-11 07:06 - 05092352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll 2014-04-14 21:19 - 2014-01-03 01:35 - 00365568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll 2014-04-14 21:19 - 2014-01-03 01:32 - 00523264 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll 2014-04-14 21:15 - 2014-02-06 01:41 - 01257984 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll 2014-04-14 21:15 - 2014-02-06 01:41 - 00978432 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll 2014-04-14 21:15 - 2014-02-06 01:26 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll 2014-04-14 21:15 - 2014-02-06 01:19 - 00974848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll 2014-04-14 12:54 - 2014-04-14 12:54 - 00605840 _____ () C:\Users\Chris\Downloads\super-socializer.2.5.0.zip 2014-04-12 14:24 - 2014-04-12 14:24 - 00011686 _____ () C:\Users\Chris\Downloads\news_home.php ==================== One Month Modified Files and Folders ======= 2014-05-12 17:37 - 2014-05-12 17:37 - 00019289 _____ () C:\Users\Chris\Downloads\FRST.txt 2014-05-12 17:37 - 2014-05-12 17:37 - 00000000 ___SH () C:\DkHyperbootSync 2014-05-12 17:37 - 2014-05-12 17:36 - 00000000 ____D () C:\FRST 2014-05-12 17:35 - 2014-05-12 17:35 - 02066944 _____ (Farbar) C:\Users\Chris\Downloads\FRST64.exe 2014-05-12 17:00 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\system32\sru 2014-05-12 16:44 - 2013-01-19 22:30 - 00001026 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-05-12 16:27 - 2014-05-12 16:27 - 00009033 _____ () C:\Users\Chris\Downloads\sv_SE.po 2014-05-12 16:20 - 2014-05-12 16:20 - 00041315 _____ () C:\Users\Chris\Downloads\wpuf(3).pot 2014-05-12 16:14 - 2014-05-12 16:14 - 00041300 _____ () C:\Users\Chris\Downloads\wpuf(2).pot 2014-05-12 16:10 - 2014-05-12 16:10 - 00041300 _____ () C:\Users\Chris\Downloads\wpuf(1).pot 2014-05-12 16:09 - 2014-05-12 16:09 - 00000554 _____ () C:\Users\Chris\Downloads\wpuf.mo 2014-05-12 16:09 - 2014-05-12 16:06 - 00041315 _____ () C:\Users\Chris\Downloads\wpuf.pot 2014-05-12 16:06 - 2014-05-12 16:06 - 00000174 _____ () C:\Users\Chris\Downloads\readme.txt 2014-05-12 15:36 - 2014-05-12 15:36 - 00015971 _____ () C:\Users\Chris\Downloads\frontend-form.js 2014-05-12 13:44 - 2013-01-19 22:30 - 00001022 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-05-12 12:25 - 2012-11-29 03:21 - 01766905 _____ () C:\Windows\WindowsUpdate.log 2014-05-12 11:25 - 2013-01-19 17:20 - 00000401 _____ () C:\Users\Chris\AppData\Roaming\sp_data.sys 2014-05-11 22:15 - 2014-05-11 22:15 - 00972734 _____ () C:\Users\Chris\Downloads\medborga_mnet(30).sql.gz 2014-05-11 21:46 - 2014-05-11 21:46 - 00213816 _____ () C:\Users\Chris\Downloads\wp-user-frontend-pro.zip 2014-05-11 15:23 - 2014-03-05 18:40 - 00000000 ____D () C:\Users\Chris\AppData\Roaming\vlc 2014-05-11 15:07 - 2012-08-02 18:45 - 00729102 _____ () C:\Windows\system32\perfh01D.dat 2014-05-11 15:07 - 2012-08-02 18:45 - 00151986 _____ () C:\Windows\system32\perfc01D.dat 2014-05-11 15:07 - 2012-07-26 09:28 - 01709686 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-05-11 12:55 - 2013-09-07 22:17 - 00000000 ____D () C:\Users\Chris\AppData\Roaming\http;gauth.apps.gbraad.nl 2014-05-11 12:37 - 2014-05-11 12:37 - 00132860 _____ () C:\Users\Chris\Downloads\safe-report-comments.0.3.2.zip 2014-05-10 16:59 - 2013-01-20 22:26 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-05-10 12:14 - 2014-05-10 12:14 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-05-09 14:14 - 2014-05-09 14:14 - 00016878 _____ () C:\Users\Chris\Downloads\waypoints.js 2014-05-09 13:51 - 2014-05-09 13:51 - 00177453 _____ () C:\Users\Chris\Downloads\wp-ajaxify-comments(1)(1).zip 2014-05-09 13:39 - 2013-01-19 22:30 - 00003998 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2014-05-09 13:39 - 2013-01-19 22:30 - 00003762 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2014-05-09 00:20 - 2014-05-09 00:20 - 00177790 _____ () C:\Users\Chris\Downloads\wp-ajaxify-comments(2).zip 2014-05-08 20:02 - 2014-05-08 20:02 - 00003388 _____ () C:\Users\Chris\Downloads\taxonomy-worldtag-syrien(3).php 2014-05-08 20:00 - 2014-05-08 20:00 - 00003537 _____ () C:\Users\Chris\Downloads\taxonomy-sweden-ardalsberget.php 2014-05-07 19:40 - 2014-05-07 19:40 - 00374179 _____ () C:\Users\Chris\Downloads\wp-user-frontend(4).zip 2014-05-07 17:17 - 2014-05-07 17:17 - 00023489 _____ () C:\Users\Chris\Downloads\wpuf-functions(1).php 2014-05-07 17:17 - 2014-05-07 17:17 - 00014187 _____ () C:\Users\Chris\Downloads\settings-options.php 2014-05-07 17:17 - 2014-05-07 17:17 - 00011967 _____ () C:\Users\Chris\Downloads\class.settings-api.php 2014-05-07 17:17 - 2014-05-07 17:17 - 00006778 _____ () C:\Users\Chris\Downloads\attachment(2).php 2014-05-07 17:17 - 2014-05-07 17:17 - 00004746 _____ () C:\Users\Chris\Downloads\wpuf(4).php 2014-05-07 17:17 - 2014-05-07 17:17 - 00001665 _____ () C:\Users\Chris\Downloads\settings(2).php 2014-05-07 16:34 - 2014-05-07 16:34 - 00007925 _____ () C:\Users\Chris\Downloads\wp-content.css 2014-05-07 16:26 - 2014-05-07 16:26 - 00285561 _____ () C:\Users\Chris\Downloads\tinymce.min.js 2014-05-07 16:26 - 2014-05-07 16:26 - 00005768 _____ () C:\Users\Chris\Downloads\form_utils.js 2014-05-07 16:22 - 2014-05-07 16:22 - 00001827 _____ () C:\Users\Chris\Downloads\header-user(4).php 2014-05-07 15:59 - 2014-05-07 15:59 - 00012387 _____ () C:\Users\Chris\Downloads\functions(10).php 2014-05-07 14:49 - 2014-05-07 14:49 - 00000805 _____ () C:\Users\Chris\Downloads\user_editpost(3).php 2014-05-07 14:46 - 2014-05-07 14:46 - 00047884 _____ () C:\Users\Chris\Downloads\mnet-home(7).css 2014-05-07 14:46 - 2014-05-07 14:46 - 00007547 _____ () C:\Users\Chris\Downloads\wpuf.css 2014-05-07 14:42 - 2014-05-07 14:42 - 00014059 _____ () C:\Users\Chris\Downloads\wpuf-edit-post(3).php 2014-05-07 12:25 - 2014-05-07 12:25 - 00060912 _____ () C:\Users\Chris\Downloads\foundation-5-2-1-box-sizing-scss-mixin-not-working.htm 2014-05-07 11:46 - 2014-05-07 11:46 - 00107760 _____ () C:\Users\Chris\Downloads\foundation.min(1).css 2014-05-07 11:42 - 2014-05-07 11:42 - 00021062 _____ () C:\Users\Chris\Downloads\foundation.min.css 2014-05-07 11:28 - 2014-05-07 11:28 - 00014059 _____ () C:\Users\Chris\Downloads\wpuf-edit-post(2).php 2014-05-07 11:28 - 2014-05-07 11:28 - 00013902 _____ () C:\Users\Chris\Downloads\wpuf-add-post(3).php 2014-05-07 02:49 - 2014-04-29 15:46 - 00000000 ____D () C:\Users\Chris\Desktop\globe images 2014-05-07 02:45 - 2012-07-26 09:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-05-06 23:41 - 2014-05-06 23:41 - 00374179 _____ () C:\Users\Chris\Downloads\wp-user-frontend(3).zip 2014-05-06 23:41 - 2014-05-06 23:41 - 00000000 ____D () C:\Users\Chris\Downloads\wp-user-frontend(3) 2014-05-06 23:37 - 2014-05-06 23:37 - 00014951 _____ () C:\Users\Chris\Downloads\wpuf-edit-post(1).php 2014-05-06 23:30 - 2014-05-06 23:30 - 00001693 _____ () C:\Users\Chris\Downloads\user_editpost(2).php 2014-05-06 20:08 - 2014-05-06 20:08 - 00000755 _____ () C:\Users\Chris\Downloads\user_dashboard(3).php 2014-05-06 20:03 - 2014-05-06 20:03 - 00002131 _____ () C:\Users\Chris\Downloads\pageheader.php 2014-05-06 19:42 - 2014-05-06 19:42 - 00016697 _____ () C:\Users\Chris\Downloads\htaccess(15) 2014-05-06 18:27 - 2014-05-06 18:27 - 00011742 _____ () C:\Users\Chris\Downloads\functions(9).php 2014-05-06 18:17 - 2014-05-06 18:17 - 00023489 _____ () C:\Users\Chris\Downloads\wpuf-functions.php 2014-05-06 18:17 - 2014-05-06 18:17 - 00004746 _____ () C:\Users\Chris\Downloads\wpuf(3).php 2014-05-06 15:52 - 2014-05-06 15:52 - 00040001 _____ () C:\Users\Chris\Downloads\frontend-uploader.php 2014-05-06 15:35 - 2014-05-06 15:35 - 00410365 _____ () C:\Users\Chris\Downloads\frontend-uploader.0.7.5.zip 2014-05-06 15:04 - 2014-05-06 15:04 - 00054961 _____ () C:\Users\Chris\Downloads\multiple-featured-images.0.3.zip 2014-05-06 14:21 - 2014-05-06 14:21 - 00374179 _____ () C:\Users\Chris\Downloads\wp-user-frontend(2).zip 2014-05-06 13:07 - 2014-05-06 13:07 - 00001719 _____ () C:\Users\Chris\Downloads\header-user(3).php 2014-05-06 12:49 - 2014-05-06 12:49 - 00002028 _____ () C:\Users\Chris\Downloads\user_addpost(3).php 2014-05-06 12:48 - 2014-05-06 12:48 - 00001579 _____ () C:\Users\Chris\Downloads\user_dashboard(2).php 2014-05-05 22:25 - 2014-05-05 22:25 - 00004223 _____ () C:\Users\Chris\Downloads\user_replies.php 2014-05-05 22:12 - 2014-05-05 22:12 - 00008697 _____ () C:\Users\Chris\Downloads\user_profile(1).php 2014-05-05 22:12 - 2014-05-05 22:12 - 00002812 _____ () C:\Users\Chris\Downloads\user_comments(1).php 2014-05-05 22:12 - 2014-05-05 22:12 - 00002028 _____ () C:\Users\Chris\Downloads\user_addpost(2).php 2014-05-05 22:12 - 2014-05-05 22:12 - 00001693 _____ () C:\Users\Chris\Downloads\user_editpost(1).php 2014-05-05 22:12 - 2014-05-05 22:12 - 00001579 _____ () C:\Users\Chris\Downloads\user_dashboard(1).php 2014-05-05 22:12 - 2014-05-05 22:12 - 00001499 _____ () C:\Users\Chris\Downloads\user_editprofile(1).php 2014-05-05 18:31 - 2014-05-05 18:31 - 00223227 _____ () C:\Users\Chris\Downloads\jetpack-sharing.2.9.3.zip 2014-05-05 18:24 - 2014-05-05 18:24 - 00696917 _____ () C:\Users\Chris\Downloads\so-jetpack-stats-only.2014.04.16a.zip 2014-05-05 18:11 - 2014-05-05 18:11 - 00183047 _____ () C:\Users\Chris\Downloads\p3-profiler.1.5.0.zip 2014-05-05 17:45 - 2014-05-05 17:45 - 00153734 _____ () C:\Users\Chris\Downloads\htaccess(14) 2014-05-05 16:35 - 2014-05-05 16:35 - 00002232 _____ () C:\Users\Chris\Downloads\header-user(2).php 2014-05-05 16:34 - 2014-05-05 16:34 - 00005385 _____ () C:\Users\Chris\Downloads\user_comments.php 2014-05-05 10:54 - 2014-05-05 10:54 - 00007748 _____ () C:\Users\Chris\Downloads\news_champshortcode(1).php 2014-05-05 10:53 - 2014-05-05 10:53 - 00007715 _____ () C:\Users\Chris\Downloads\news_champ.php 2014-05-05 10:46 - 2014-05-05 10:46 - 00004554 _____ () C:\Users\Chris\Downloads\mbnet-user-comments(3).php 2014-05-05 10:46 - 2014-05-05 10:46 - 00004298 _____ () C:\Users\Chris\Downloads\article-comments(2).php 2014-05-05 09:58 - 2014-05-05 09:58 - 00047811 _____ () C:\Users\Chris\Downloads\mnet-home(6).css 2014-05-04 20:47 - 2014-05-04 20:47 - 00006005 _____ () C:\Users\Chris\Downloads\display-posts-shortcode-2a45059dbbe96f901aec24cba3e9e5607c7995e4.zip 2014-05-04 20:42 - 2014-05-04 20:42 - 00005347 _____ () C:\Users\Chris\Downloads\display-posts-shortcode.zip 2014-05-04 20:42 - 2014-05-04 20:42 - 00000000 ____D () C:\Users\Chris\Downloads\display-posts-shortcode 2014-05-04 19:50 - 2014-05-04 19:50 - 00000000 ____D () C:\Users\Chris\Downloads\display-posts-shortcode.2.3 2014-05-04 18:58 - 2014-05-04 18:58 - 00001256 _____ () C:\Users\Chris\Downloads\single-katswe(12).php 2014-05-04 18:55 - 2014-05-04 18:55 - 00005351 _____ () C:\Users\Chris\Downloads\display-posts-shortcode.2.3.zip 2014-05-04 18:48 - 2014-05-04 18:48 - 00000000 ____D () C:\Users\Chris\Downloads\be-stats.1.1 2014-05-04 18:46 - 2014-05-04 18:46 - 00003201 _____ () C:\Users\Chris\Downloads\be-stats.1.1.zip 2014-05-03 17:08 - 2014-05-03 17:08 - 00000000 ____D () C:\Users\Chris\Downloads\wp-ajaxify-comments(1) 2014-05-03 17:07 - 2014-05-03 17:07 - 00177453 _____ () C:\Users\Chris\Downloads\wp-ajaxify-comments(1).zip 2014-05-03 16:37 - 2014-03-06 00:48 - 00000000 ____D () C:\Users\Chris\Desktop\Film 2014-05-02 12:20 - 2014-05-02 12:20 - 00057194 _____ () C:\Users\Chris\Downloads\mnet-home(5).css 2014-05-02 12:12 - 2014-05-02 12:12 - 00002011 _____ () C:\Users\Chris\Downloads\navigation-mnet.php 2014-05-02 12:11 - 2014-05-02 12:11 - 00012995 _____ () C:\Users\Chris\Downloads\news_home(4).php 2014-05-02 12:11 - 2014-05-02 12:11 - 00001748 _____ () C:\Users\Chris\Downloads\header-home.php 2014-05-02 12:10 - 2014-05-02 12:10 - 00002238 _____ () C:\Users\Chris\Downloads\header-main(5).php 2014-05-01 18:55 - 2014-05-01 18:55 - 00963663 _____ () C:\Users\Chris\Downloads\medborga_mnet(29).sql.gz 2014-05-01 18:54 - 2014-05-01 18:54 - 00095786 _____ () C:\Users\Chris\Downloads\wp-user-avatar.1.9.11.zip 2014-05-01 18:03 - 2014-05-01 18:03 - 00057275 _____ () C:\Users\Chris\Downloads\mnet-home(4).css 2014-05-01 17:44 - 2014-05-01 17:44 - 00002014 _____ () C:\Users\Chris\Downloads\navigation-main(13).php 2014-05-01 17:43 - 2014-05-01 17:43 - 00002132 _____ () C:\Users\Chris\Downloads\header-single(3).php 2014-05-01 17:42 - 2014-05-01 17:42 - 00001256 _____ () C:\Users\Chris\Downloads\single-katswe(11).php 2014-05-01 12:26 - 2014-05-01 12:26 - 00057275 _____ () C:\Users\Chris\Downloads\mnet-home(3).css 2014-04-30 23:45 - 2014-04-30 23:45 - 00000000 ____D () C:\Users\Chris\Downloads\wp-ajaxify-comments 2014-04-30 23:38 - 2014-04-30 23:38 - 00177362 _____ () C:\Users\Chris\Downloads\wp-ajaxify-comments.zip 2014-04-30 12:13 - 2014-04-30 12:13 - 00001158 _____ () C:\Users\Chris\Downloads\single-katmiljo(1).php 2014-04-30 11:55 - 2014-04-30 11:55 - 00002146 _____ () C:\Users\Chris\Downloads\single-blogg.php 2014-04-29 16:14 - 2014-05-05 14:24 - 19275264 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-04-29 16:01 - 2013-01-19 17:19 - 00000000 ____D () C:\Users\Chris\AppData\Roaming\Adobe 2014-04-29 14:47 - 2014-05-05 14:24 - 14357504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-04-29 14:36 - 2014-05-05 14:24 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-04-29 14:25 - 2014-05-05 14:24 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-04-29 11:19 - 2014-04-29 11:19 - 00008447 _____ () C:\Users\Chris\Downloads\reportcomments.1.2.3.zip 2014-04-29 11:08 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\AUInstallAgent 2014-04-28 21:59 - 2014-03-18 15:23 - 00000000 ____D () C:\Users\Chris\Documents\TV 2014-04-28 18:13 - 2014-04-28 18:13 - 00010023 _____ () C:\Users\Chris\Downloads\content-article(4).php 2014-04-28 18:10 - 2014-04-28 18:10 - 00057092 _____ () C:\Users\Chris\Downloads\mnet-home(2).css 2014-04-28 16:56 - 2014-04-28 16:56 - 00004554 _____ () C:\Users\Chris\Downloads\mbnet-user-comments(2).php 2014-04-28 16:09 - 2014-04-28 16:09 - 00001734 _____ () C:\Users\Chris\Downloads\single-katswe(10).php 2014-04-28 16:08 - 2014-04-28 16:08 - 00001722 _____ () C:\Users\Chris\Downloads\single-katvarlden(5).php 2014-04-28 14:19 - 2014-04-28 14:19 - 00004295 _____ () C:\Users\Chris\Downloads\article-comments(1).php 2014-04-27 22:43 - 2013-01-19 22:34 - 00002181 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2014-04-27 21:12 - 2014-04-27 21:12 - 00000243 _____ () C:\Users\Chris\Desktop\ajaxify callback.txt 2014-04-27 20:39 - 2014-04-27 20:39 - 00153734 _____ () C:\Users\Chris\Downloads\htaccess(13) 2014-04-27 20:23 - 2014-04-27 20:23 - 00076272 _____ () C:\Users\Chris\Downloads\comment-template.php 2014-04-27 20:06 - 2014-04-27 20:06 - 00004500 _____ () C:\Users\Chris\Downloads\mbnet-user-comments(1).php 2014-04-27 19:03 - 2014-04-27 19:03 - 00001227 _____ () C:\Users\Chris\Downloads\comment-reply.js 2014-04-27 18:50 - 2014-04-27 18:50 - 00002367 _____ () C:\Users\Chris\Downloads\navigation-main(12).php 2014-04-27 18:32 - 2014-04-27 18:32 - 00000521 _____ () C:\Users\Chris\Downloads\footermain(2).php 2014-04-27 18:27 - 2014-04-27 18:27 - 00004295 _____ () C:\Users\Chris\Downloads\article-comments.php 2014-04-27 18:25 - 2014-04-27 18:25 - 00011742 _____ () C:\Users\Chris\Downloads\functions(8).php 2014-04-27 18:06 - 2014-04-27 18:06 - 00004500 _____ () C:\Users\Chris\Downloads\mbnet-user-comments.php 2014-04-27 17:31 - 2014-04-27 17:31 - 00063575 _____ () C:\Users\Chris\Downloads\user.php 2014-04-27 12:45 - 2014-04-27 12:45 - 00002227 _____ () C:\Users\Chris\Downloads\single-katvarlden(4).php 2014-04-27 12:43 - 2014-04-27 12:43 - 00032742 _____ () C:\Users\Chris\Downloads\wp-ajaxify-comments.php 2014-04-27 12:42 - 2014-04-27 12:42 - 00175652 _____ () C:\Users\Chris\Downloads\wp-ajaxify-comments-0.21.0.zip 2014-04-27 12:42 - 2014-04-27 12:42 - 00000000 ____D () C:\Users\Chris\Downloads\wp-ajaxify-comments-0.21.0 2014-04-26 10:38 - 2014-04-26 10:38 - 00009976 _____ () C:\Users\Chris\Downloads\content-article(3).php 2014-04-25 18:37 - 2013-01-19 22:30 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update 2014-04-25 15:46 - 2014-04-25 15:46 - 00005693 _____ () C:\Users\Chris\Downloads\order-bender(1).php 2014-04-25 11:26 - 2014-04-25 11:26 - 00001729 _____ () C:\Users\Chris\Downloads\single-katswe(9).php 2014-04-25 11:13 - 2014-04-25 11:13 - 00012919 _____ () C:\Users\Chris\Downloads\news_home(3).php 2014-04-25 10:58 - 2014-04-25 10:58 - 00005693 _____ () C:\Users\Chris\Downloads\order-bender.php 2014-04-24 16:40 - 2013-01-26 00:20 - 00000000 ____D () C:\Users\Chris\AppData\Local\Adobe 2014-04-24 15:33 - 2013-01-19 22:30 - 00000000 ____D () C:\Users\Chris\AppData\Local\Google 2014-04-23 01:47 - 2012-07-26 10:14 - 00694232 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-04-23 01:47 - 2012-07-26 10:14 - 00078296 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-04-19 15:10 - 2013-11-05 18:03 - 00000000 ____D () C:\AdwCleaner 2014-04-18 18:54 - 2012-07-26 07:26 - 00262144 ___SH () C:\Windows\system32\config\BBI 2014-04-18 18:34 - 2014-04-18 18:34 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr 2014-04-18 18:34 - 2014-04-18 18:34 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys 2014-04-18 18:34 - 2013-12-20 23:13 - 00085328 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys 2014-04-18 18:34 - 2013-03-01 01:32 - 00208416 _____ () C:\Windows\system32\Drivers\aswVmm.sys 2014-04-18 18:34 - 2013-03-01 01:32 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys 2014-04-18 18:34 - 2013-02-08 22:55 - 00001968 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk 2014-04-18 18:34 - 2013-01-19 22:30 - 01039096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys 2014-04-18 18:34 - 2013-01-19 22:30 - 00423240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys 2014-04-18 18:34 - 2013-01-19 22:30 - 00334648 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe 2014-04-18 18:34 - 2013-01-19 22:30 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys 2014-04-18 18:34 - 2013-01-19 22:30 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys 2014-04-18 01:46 - 2014-04-18 01:46 - 00012126 _____ () C:\Users\Chris\Downloads\content-article(2).php 2014-04-17 18:25 - 2014-04-17 18:25 - 00002620 _____ () C:\Users\Chris\Downloads\header-single(2).php 2014-04-17 18:20 - 2014-04-17 18:20 - 00056260 _____ () C:\Users\Chris\Downloads\mnet-home(1).css 2014-04-17 12:29 - 2014-04-17 12:29 - 00000867 _____ () C:\Users\Chris\Downloads\content-article(1).php 2014-04-17 12:14 - 2014-04-17 12:14 - 00011082 _____ () C:\Users\Chris\Downloads\related-katswe(5).php 2014-04-17 11:15 - 2014-04-17 11:15 - 00009756 _____ () C:\Users\Chris\Downloads\article-related(3).php 2014-04-17 11:09 - 2014-04-17 11:09 - 00001225 _____ () C:\Users\Chris\Downloads\content-single.php 2014-04-17 11:00 - 2014-04-17 11:00 - 00031909 _____ () C:\Users\Chris\Downloads\wp-login(1).php 2014-04-17 11:00 - 2014-04-17 11:00 - 00025665 _____ () C:\Users\Chris\Downloads\wp-signup(1).php 2014-04-17 11:00 - 2014-04-17 11:00 - 00010880 _____ () C:\Users\Chris\Downloads\wp-settings(1).php 2014-04-17 11:00 - 2014-04-17 11:00 - 00008235 _____ () C:\Users\Chris\Downloads\wp-mail(1).php 2014-04-17 11:00 - 2014-04-17 11:00 - 00004026 _____ () C:\Users\Chris\Downloads\wp-trackback.php 2014-04-17 11:00 - 2014-04-17 11:00 - 00003685 _____ () C:\Users\Chris\Downloads\wp-config(9).php 2014-04-17 11:00 - 2014-04-17 11:00 - 00003015 _____ () C:\Users\Chris\Downloads\xmlrpc.php 2014-04-17 11:00 - 2014-04-17 11:00 - 00002932 _____ () C:\Users\Chris\Downloads\wp-cron(1).php 2014-04-17 11:00 - 2014-04-17 11:00 - 00002380 _____ () C:\Users\Chris\Downloads\wp-links-opml(1).php 2014-04-17 11:00 - 2014-04-17 11:00 - 00002359 _____ () C:\Users\Chris\Downloads\wp-load(1).php 2014-04-17 10:59 - 2014-04-17 10:59 - 00153734 _____ () C:\Users\Chris\Downloads\htaccess(12) 2014-04-17 10:59 - 2014-04-17 10:59 - 00108673 _____ () C:\Users\Chris\Downloads\php_errorlog(1) 2014-04-17 10:59 - 2014-04-17 10:59 - 00105772 _____ () C:\Users\Chris\Downloads\search(1).php 2014-04-17 10:59 - 2014-04-17 10:59 - 00019929 _____ () C:\Users\Chris\Downloads\license(1).txt 2014-04-17 10:59 - 2014-04-17 10:59 - 00014280 _____ () C:\Users\Chris\Downloads\licens-sv_SE(1).txt 2014-04-17 10:59 - 2014-04-17 10:59 - 00009882 _____ () C:\Users\Chris\Downloads\readme(1).html 2014-04-17 10:59 - 2014-04-17 10:59 - 00004892 _____ () C:\Users\Chris\Downloads\wp-activate(1).php 2014-04-17 10:59 - 2014-04-17 10:59 - 00004795 _____ () C:\Users\Chris\Downloads\wp-comments-post(1).php 2014-04-17 10:59 - 2014-04-17 10:59 - 00004002 _____ () C:\Users\Chris\Downloads\settings(1).php 2014-04-17 10:59 - 2014-04-17 10:59 - 00003140 _____ () C:\Users\Chris\Downloads\wp-config-sample(1).php 2014-04-17 10:59 - 2014-04-17 10:59 - 00002392 _____ () C:\Users\Chris\Downloads\search_template(1).html 2014-04-17 10:59 - 2014-04-17 10:59 - 00000418 _____ () C:\Users\Chris\Downloads\index(2).php 2014-04-17 10:59 - 2014-04-17 10:59 - 00000358 _____ () C:\Users\Chris\Downloads\robots(1).txt 2014-04-17 10:59 - 2014-04-17 10:59 - 00000271 _____ () C:\Users\Chris\Downloads\wp-blog-header(1).php 2014-04-17 10:59 - 2014-04-17 10:59 - 00000219 _____ () C:\Users\Chris\Downloads\php(1).ini 2014-04-17 10:59 - 2014-04-17 10:59 - 00000053 _____ () C:\Users\Chris\Downloads\google9b43be63ea8e6a2d(1).html 2014-04-17 10:59 - 2014-04-17 10:59 - 00000021 _____ () C:\Users\Chris\Downloads\index(1).html 2014-04-17 10:57 - 2014-04-17 10:57 - 00959242 _____ () C:\Users\Chris\Downloads\medborga_mnet(28).sql.gz 2014-04-17 02:10 - 2014-04-17 02:10 - 00005905 _____ () C:\Users\Chris\Downloads\navigation-katvarlden.php 2014-04-17 02:00 - 2014-04-17 02:00 - 00002193 _____ () C:\Users\Chris\Downloads\single-katswe(8).php 2014-04-17 02:00 - 2014-04-17 02:00 - 00001160 _____ () C:\Users\Chris\Downloads\single-katvarlden(3).php 2014-04-16 12:38 - 2014-04-16 12:38 - 00011199 _____ () C:\Users\Chris\Downloads\news_home(2).php 2014-04-16 12:38 - 2014-04-16 12:38 - 00004776 _____ () C:\Users\Chris\Downloads\news_miljo(4).php 2014-04-15 16:40 - 2014-04-15 16:40 - 00056219 _____ () C:\Users\Chris\Downloads\mnet-home.css 2014-04-15 15:52 - 2014-04-15 15:52 - 00011450 _____ () C:\Users\Chris\Downloads\news_home(1).php 2014-04-15 12:15 - 2014-04-15 12:15 - 00986428 _____ () C:\Users\Chris\Downloads\medborga_mnet(27).sql.gz 2014-04-15 12:15 - 2014-04-15 12:15 - 00153734 _____ () C:\Users\Chris\Downloads\htaccess(11) 2014-04-15 12:15 - 2014-04-15 12:15 - 00003685 _____ () C:\Users\Chris\Downloads\wp-config(8).php 2014-04-15 11:08 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\rescache 2014-04-15 01:49 - 2013-01-19 17:20 - 00000000 ___RD () C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-04-15 01:49 - 2013-01-19 17:20 - 00000000 ___RD () C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools 2014-04-15 01:47 - 2012-07-26 10:12 - 00000000 ___RD () C:\Windows\ToastData 2014-04-15 01:47 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\WinStore 2014-04-14 21:23 - 2013-08-10 17:11 - 00000000 ____D () C:\Windows\system32\MRT 2014-04-14 21:21 - 2013-01-19 21:57 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-04-14 12:54 - 2014-04-14 12:54 - 00605840 _____ () C:\Users\Chris\Downloads\super-socializer.2.5.0.zip 2014-04-12 14:24 - 2014-04-12 14:24 - 00011686 _____ () C:\Users\Chris\Downloads\news_home.php Files to move or delete: ==================== C:\ProgramData\SetStretch.exe Some content of TEMP: ==================== C:\Users\Chris\AppData\Local\Temp\ffmpeg17.exe C:\Users\Chris\AppData\Local\Temp\fp_pl_pfs_installer.exe C:\Users\Chris\AppData\Local\Temp\MSETUP4.EXE C:\Users\Chris\AppData\Local\Temp\npp.6.5.2.Installer.exe C:\Users\Chris\AppData\Local\Temp\npp.6.5.5.Installer.exe C:\Users\Chris\AppData\Local\Temp\prismsetup.exe C:\Users\Chris\AppData\Local\Temp\Quarantine.exe C:\Users\Chris\AppData\Local\Temp\wpsetup.exe C:\Users\Chris\AppData\Local\Temp\x264enc6.exe C:\Users\Chris\AppData\Local\Temp\xmlUpdater.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-05-07 15:28 ==================== End Of Log ============================ Addition.txt Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-05-2014 01 Ran by Chris at 2014-05-12 17:37:52 Running from C:\Users\Chris\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} ==================== Installed Programs ====================== Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.206 - Adobe Systems Incorporated) Adobe Help Center 2.1 (x32 Version: 2.1 - Adobe Systems) Hidden Adobe Photoshop Elements 5.0 (HKLM-x32\...\Adobe Photoshop Elements 5) (Version: 5.0 - Adobe Systems Inc.) Adobe Photoshop Elements 5.0 (x32 Version: 5.0 - Adobe Systems Inc.) Hidden Adobe Reader XI (11.0.06) - Svenska (HKLM-x32\...\{AC76BA86-7AD7-1053-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated) Alcor Micro USB Card Reader (HKLM-x32\...\AmUStor) (Version: 3.3.143.61629 - Alcor Micro Corp.) Alcor Micro USB Card Reader (x32 Version: 3.3.143.61629 - Alcor Micro Corp.) Hidden ASUS Instant Connect (HKLM-x32\...\{89ECB85A-D933-4CEA-9116-5CBC9C2ED95B}) (Version: 1.2.8 - ASUS) ASUS InstantOn (HKLM-x32\...\{749F674B-2674-47E8-879C-5626A06B2A91}) (Version: 3.0.2 - ASUS) ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.1.5 - ASUS) ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 2.1.7 - ASUS) ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 1.0.35 - ASUS) ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 1.03.0004 - ASUS) ASUS Tutor (HKLM-x32\...\{58172D66-2F69-4215-9AEC-ED8196023736}) (Version: 1.0.6 - ASUS) ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 2.1.4 - ASUS) ASUS WebStorage Sync Agent (HKLM-x32\...\ASUS WebStorage) (Version: 1.1.9.120 - ASUS Cloud Corporation) ASUS VivoBook (HKLM\...\{04FDBE69-F9FD-42A2-9008-E5CE7F60C6BE}) (Version: 1.0.8 - ASUS) AsusVibe2.0 (HKLM-x32\...\Asus Vibe2.0) (Version: 2.0.10.168 - ASUSTEK) Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.7 - Atheros Communications Inc.) ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0023 - ASUS) avast! Free Antivirus (HKLM-x32\...\avast) (Version: 9.0.2018 - Avast Software) Canon Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version: - ) Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.4.0.0 - Canon Inc.) Canon MG5300 series användarregistrering (HKLM-x32\...\Canon MG5300 series användarregistrering) (Version: - ) Canon MG5300 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5300_series) (Version: - Canon Inc.) Canon MG5300 series On-screen Manual (HKLM-x32\...\Canon MG5300 series On-screen Manual) (Version: - ) Canon MP Navigator EX 5.0 (HKLM-x32\...\MP Navigator EX 5.0) (Version: - ) Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: - ) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden ExpressCache (HKLM\...\{2EBEFDA8-F905-4C39-AC1C-D5ABE7B3E0AE}) (Version: 1.0.86 - Diskeeper Corporation) FileZilla Client 3.7.3 (HKCU\...\FileZilla Client) (Version: 3.7.3 - Tim Kosse) Fotogalleriet (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden GAuth Authenticator (HKCU\...\http://gauth.apps.gbraad.nl) (Version: - ) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 34.0.1847.131 - Google Inc.) Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.) Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.24.7 - Google Inc.) Hidden Grundläggande enhetsprogramvara för HP Deskjet 2050 J510 series (HKLM\...\{CEE93371-0274-4691-9152-CA2FB0544148}) (Version: 28.0.1313.0 - Hewlett-Packard Co.) Intel® Dynamic Platform and Thermal Framework (HKLM-x32\...\FFD10ECE-F715-4a86-9BD8-F6F47DA5DA1C) (Version: 6.0.5.1080 - Intel Corporation) Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation) Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2843 - Intel Corporation) Intel® Rapid Start Technology (HKLM-x32\...\3D073343-CEEB-4ce7-85AC-A69A7631B5D6) (Version: 2.1.0.1002 - Intel Corporation) Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation) Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) Hidden Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation) Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Movie Maker (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden Movie Studio Platinum 13.0 (64-bit) (HKLM\...\{154C7340-7C70-11E3-A15F-F04DA23A5C58}) (Version: 13.0.879 - Sony) Mozilla Firefox 29.0.1 (x86 sv-SE) (HKLM-x32\...\Mozilla Firefox 29.0.1 (x86 sv-SE)) (Version: 29.0.1 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla) MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden MSVCRT Redists (Version: 1.0 - Sony Creative Software Inc.) Hidden MSVCRT Redists (x32 Version: 1.0 - Sony Creative Software Inc.) Hidden MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.5.5 - Notepad++ Team) OpenOffice.org 3.4.1 (HKLM-x32\...\{F6814637-1900-40AE-B370-37B64B1D92E9}) (Version: 3.41.9593 - Apache Software Foundation) Photo Gallery (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden Platform (x32 Version: 1.39 - VIA Technologies, Inc.) Hidden Poedit (HKLM-x32\...\{68EB2C37-083A-4303-B5D8-41FA67E50B8F}_is1) (Version: 1.5.7 - Vaclav Slavik) Prism Video File Converter (HKLM-x32\...\Prism) (Version: 2.10 - NCH Software) Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.206 - Qualcomm Atheros Communications) Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros) Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee) Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.) Subtitle Edit 3.3.14 (HKLM-x32\...\SubtitleEdit_is1) (Version: 3.3.14.0 - Nikse) WavePad Sound Editor (HKLM-x32\...\WavePad) (Version: 5.68 - NCH Software) VIA Platform Device Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.39 - VIA Technologies, Inc.) VideoPad Video Editor (HKLM-x32\...\VideoPad) (Version: 3.29 - NCH Software) Windows Live Communications Platform (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3522.0110 - Microsoft Corporation) Windows Live Essentials (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden Windows Live Installer (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden Windows Live Photo Common (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden Windows Live PIMT Platform (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden Windows Live SOXE (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden Windows Live SOXE Definitions (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden Windows Live UX Platform (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden Windows Live UX Platform Language Pack (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden Windows-drivrutinspaket - ASUS (ATP) Mouse (10/29/2012 1.0.0.148) (HKLM\...\C01F56FBD9B141017E63E2A1A141E59934D4DC67) (Version: 10/29/2012 1.0.0.148 - ASUS) WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.41.1 - ASUS) WinRAR 4.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH) VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN) XAMPP 1.8.1 (HKLM-x32\...\xampp) (Version: - ) Zoom Search Engine 6.0 (HKLM-x32\...\Zoom Search Engine 6.0_is1) (Version: 6.0 - Wrensoft) ==================== Restore Points ========================= 05-05-2014 07:38:48 Schemalagd kontrollpunkt 10-05-2014 15:05:17 Windows Update ==================== Hosts content: ========================== 2012-07-26 07:26 - 2012-07-26 07:26 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= Task: {05720970-6800-45DE-8C2D-2F025AD12412} - System32\Tasks\Microsoft\Windows\Setup\Pre-staged GDR Notification => C:\Windows\system32\NotificationUI.exe [2014-01-31] (Microsoft Corporation) Task: {10AEDD17-2B17-4F7C-A9AC-D6F7BE22CB97} - System32\Tasks\ASUS Live Update1 => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe Task: {11A40AE2-7243-4DD1-A9AB-E9340B2E7BED} - System32\Tasks\ASUS Touchpad Launcher (x64) => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [2012-10-31] (AsusTek) Task: {132EB9C5-5F85-4EED-9450-C7CBB000A2D9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-01-19] (Google Inc.) Task: {16D0FF61-0B9E-45A2-AED4-47A9684968C0} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-04-18] (AVAST Software) Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask Task: {213997E1-C6E1-424F-9BCF-A3BEF6EA0C5B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-01-19] (Google Inc.) Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList Task: {713E8A2F-4ACE-4556-A713-62CF8799D236} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2012-07-24] (ASUSTek Computer Inc.) Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState Task: {DC7F91BB-E009-4AEB-BC87-5AAD0567D5C6} - System32\Tasks\ASUS P4G => C:\Program Files\ASUS\P4G\BatteryLife.exe [2012-08-24] (ASUS) Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask Task: {F4BF69E8-5D9C-4049-A32C-88433807D07A} - System32\Tasks\ASUS Live Update2 => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2012-09-28 12:12 - 2012-07-30 13:26 - 00029056 _____ () C:\Windows\system32\DptfParticipantProcessorService.exe 2012-08-24 18:26 - 2012-08-24 18:26 - 00031360 _____ () C:\Program Files\ASUS\P4G\DevMng.dll 2012-06-18 17:24 - 2012-06-18 17:24 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_05.dll 2012-11-29 03:08 - 2012-09-24 03:58 - 00078456 _____ () C:\Program Files (x86)\VIA\VIAudioi\VDeck\QsApoApi64.dll 2012-11-29 03:08 - 2012-09-24 03:58 - 00386168 _____ () C:\Program Files (x86)\VIA\VIAudioi\VDeck\Dts2ApoApi64.dll 2012-08-10 20:28 - 2012-08-10 20:28 - 00384128 _____ () C:\Program Files (x86)\Bluetooth Suite\ContactsApi.dll 2012-08-10 20:23 - 2012-08-10 20:23 - 00020480 _____ () C:\Program Files (x86)\Bluetooth Suite\L10n\sv-SE\BtTray.sv-SE.dll 2012-09-28 12:11 - 2012-08-31 04:35 - 00094208 _____ () C:\Windows\system32\IccLibDll_x64.dll 2014-05-06 23:35 - 2014-05-06 23:35 - 02253824 _____ () C:\Program Files\AVAST Software\Avast\defs\14050601\algo.dll 2014-05-12 14:01 - 2014-05-12 14:01 - 02253312 _____ () C:\Program Files\AVAST Software\Avast\defs\14051200\algo.dll 2012-11-29 03:03 - 2012-06-25 12:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll 2012-08-24 19:17 - 2012-08-24 19:17 - 00009216 _____ () C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll 2013-11-14 13:31 - 2013-11-14 13:32 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll 2014-05-10 12:14 - 2014-05-10 12:14 - 03839088 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll 2011-07-18 23:07 - 2011-07-18 23:07 - 00014336 _____ () C:\Program Files (x86)\Notepad++\plugins\NppExport.dll 2014-01-07 01:42 - 2014-01-07 01:42 - 01611264 _____ () C:\Program Files (x86)\Notepad++\plugins\NppFTP.dll 2013-08-07 21:25 - 2013-08-07 21:25 - 00093696 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll 2013-01-18 14:20 - 2013-01-18 14:20 - 00985088 _____ () C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll 2013-01-18 14:20 - 2013-01-18 14:20 - 00170496 _____ () C:\Program Files (x86)\OpenOffice.org 3\program\libxslt.dll ==================== Alternate Data Streams (whitelisted) ========= ==================== Safe Mode (whitelisted) =================== ==================== EXE Association (whitelisted) ============= ==================== Disabled items from MSCONFIG ============== ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (05/12/2014 11:25:01 AM) (Source: DptfPolicyLpmServiceHelper) (User: ) (EventID: 1) Description: DptfPolicyLpmServiceHelperWinMain: CreateSharedMemory() failed. Error: (05/12/2014 11:25:01 AM) (Source: DptfPolicyLpmServiceHelper) (User: ) (EventID: 1) Description: DptfPolicyLpmServiceHelperCreateSharedMemory: CreateFileMapping() failed.Last error = [0x00000005] Error: (05/11/2014 05:58:01 PM) (Source: DptfPolicyLpmServiceHelper) (User: ) (EventID: 1) Description: DptfPolicyLpmServiceHelperWinMain: CreateSharedMemory() failed. Error: (05/11/2014 05:58:01 PM) (Source: DptfPolicyLpmServiceHelper) (User: ) (EventID: 1) Description: DptfPolicyLpmServiceHelperCreateSharedMemory: CreateFileMapping() failed.Last error = [0x00000005] Error: (05/11/2014 00:16:52 PM) (Source: DptfPolicyLpmServiceHelper) (User: ) (EventID: 1) Description: DptfPolicyLpmServiceHelperWinMain: CreateSharedMemory() failed. Error: (05/11/2014 00:16:52 PM) (Source: DptfPolicyLpmServiceHelper) (User: ) (EventID: 1) Description: DptfPolicyLpmServiceHelperCreateSharedMemory: CreateFileMapping() failed.Last error = [0x00000005] Error: (05/10/2014 04:57:51 PM) (Source: DptfPolicyLpmServiceHelper) (User: ) (EventID: 1) Description: DptfPolicyLpmServiceHelperWinMain: CreateSharedMemory() failed. Error: (05/10/2014 04:57:51 PM) (Source: DptfPolicyLpmServiceHelper) (User: ) (EventID: 1) Description: DptfPolicyLpmServiceHelperCreateSharedMemory: CreateFileMapping() failed.Last error = [0x00000005] Error: (05/10/2014 10:58:09 AM) (Source: DptfPolicyLpmServiceHelper) (User: ) (EventID: 1) Description: DptfPolicyLpmServiceHelperWinMain: CreateSharedMemory() failed. Error: (05/10/2014 10:58:09 AM) (Source: DptfPolicyLpmServiceHelper) (User: ) (EventID: 1) Description: DptfPolicyLpmServiceHelperCreateSharedMemory: CreateFileMapping() failed.Last error = [0x00000005] System errors: ============= Error: (05/12/2014 05:01:11 PM) (Source: Service Control Manager) (User: ) (EventID: 7000) Description: Tjänsten avast! HardwareID kunde inte startas på grund av följande fel: %%127 Error: (05/12/2014 02:01:18 PM) (Source: Service Control Manager) (User: ) (EventID: 7000) Description: Tjänsten avast! HardwareID kunde inte startas på grund av följande fel: %%127 Error: (05/11/2014 07:03:54 PM) (Source: Service Control Manager) (User: ) (EventID: 7000) Description: Tjänsten avast! HardwareID kunde inte startas på grund av följande fel: %%127 Error: (05/11/2014 00:52:21 PM) (Source: Service Control Manager) (User: ) (EventID: 7000) Description: Tjänsten avast! HardwareID kunde inte startas på grund av följande fel: %%127 Error: (05/10/2014 09:27:20 PM) (Source: Service Control Manager) (User: ) (EventID: 7000) Description: Tjänsten avast! HardwareID kunde inte startas på grund av följande fel: %%127 Error: (05/10/2014 11:05:08 AM) (Source: Service Control Manager) (User: ) (EventID: 7000) Description: Tjänsten avast! HardwareID kunde inte startas på grund av följande fel: %%127 Error: (05/09/2014 01:06:27 PM) (Source: Service Control Manager) (User: ) (EventID: 7000) Description: Tjänsten avast! HardwareID kunde inte startas på grund av följande fel: %%127 Error: (05/08/2014 00:27:21 PM) (Source: Service Control Manager) (User: ) (EventID: 7000) Description: Tjänsten avast! HardwareID kunde inte startas på grund av följande fel: %%127 Error: (05/07/2014 11:33:27 PM) (Source: Service Control Manager) (User: ) (EventID: 7000) Description: Tjänsten avast! HardwareID kunde inte startas på grund av följande fel: %%127 Error: (05/07/2014 04:00:31 PM) (Source: Service Control Manager) (User: ) (EventID: 7000) Description: Tjänsten avast! HardwareID kunde inte startas på grund av följande fel: %%127 Microsoft Office Sessions: ========================= Error: (05/12/2014 11:25:01 AM) (Source: DptfPolicyLpmServiceHelper) (User: ) (EventID: 1) Description: DptfPolicyLpmServiceHelperWinMain: CreateSharedMemory() failed. Error: (05/12/2014 11:25:01 AM) (Source: DptfPolicyLpmServiceHelper) (User: ) (EventID: 1) Description: DptfPolicyLpmServiceHelperCreateSharedMemory: CreateFileMapping() failed.Last error = [0x00000005] Error: (05/11/2014 05:58:01 PM) (Source: DptfPolicyLpmServiceHelper) (User: ) (EventID: 1) Description: DptfPolicyLpmServiceHelperWinMain: CreateSharedMemory() failed. Error: (05/11/2014 05:58:01 PM) (Source: DptfPolicyLpmServiceHelper) (User: ) (EventID: 1) Description: DptfPolicyLpmServiceHelperCreateSharedMemory: CreateFileMapping() failed.Last error = [0x00000005] Error: (05/11/2014 00:16:52 PM) (Source: DptfPolicyLpmServiceHelper) (User: ) (EventID: 1) Description: DptfPolicyLpmServiceHelperWinMain: CreateSharedMemory() failed. Error: (05/11/2014 00:16:52 PM) (Source: DptfPolicyLpmServiceHelper) (User: ) (EventID: 1) Description: DptfPolicyLpmServiceHelperCreateSharedMemory: CreateFileMapping() failed.Last error = [0x00000005] Error: (05/10/2014 04:57:51 PM) (Source: DptfPolicyLpmServiceHelper) (User: ) (EventID: 1) Description: DptfPolicyLpmServiceHelperWinMain: CreateSharedMemory() failed. Error: (05/10/2014 04:57:51 PM) (Source: DptfPolicyLpmServiceHelper) (User: ) (EventID: 1) Description: DptfPolicyLpmServiceHelperCreateSharedMemory: CreateFileMapping() failed.Last error = [0x00000005] Error: (05/10/2014 10:58:09 AM) (Source: DptfPolicyLpmServiceHelper) (User: ) (EventID: 1) Description: DptfPolicyLpmServiceHelperWinMain: CreateSharedMemory() failed. Error: (05/10/2014 10:58:09 AM) (Source: DptfPolicyLpmServiceHelper) (User: ) (EventID: 1) Description: DptfPolicyLpmServiceHelperCreateSharedMemory: CreateFileMapping() failed.Last error = [0x00000005] ==================== Memory info =========================== Percentage of memory in use: 85% Total physical RAM: 3981.59 MB Available physical RAM: 557.7 MB Total Pagefile: 5709.59 MB Available Pagefile: 1430.51 MB Total Virtual: 8192 MB Available Virtual: 8191.78 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:186.3 GB) (Free:84 GB) NTFS ==>[system with boot components (obtained from reading drive)] Drive d: (Data) (Fixed) (Total:258.44 GB) (Free:258 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 466 GB) (Disk ID: CDFAD22C) Partition: GPT Partition Type. ======================================================== Disk: 1 (Size: 22 GB) (Disk ID: 092661BB) Partition: GPT Partition Type. ==================== End Of Log ============================
- May 12, 2014
- 2 replies
Dad's computer infected by trojan.downloader.wi and trojan.sefnit

chrisbc replied to chrisbc's topic in Resolved Malware Removal Logs

Hi again! Thank you very much. The computer runs fine and is responsive in operation. Startup is still slow but has improved. I have disabled many unnecessary startup programs which got cpu usage to normal. There are two things I observe on startup. 1. After entering the user password and clicking on log in the screen flashes to a black screen for less than half a second and then goes back to normal before the desktop screen is loaded 2. The desktop document icons first load immediately but then they all go white for a little while before reloading again. At this point they don't load simultaneously but more one after the other and this takes some seconds to complete. The desktop is full of various documents at the moment and I guess it's a good idea to clean it up, which might speed things up even more. At the moment both SAS, AVAST and MBAM are installed. Next we will upgrade all our computers to MBAM pro. Would the best practise to avoid future infections be to run MBAM pro alongside Avast and disable SAS? Security check checkup.txt: Results of screen317's Security Check version 0.99.77 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 10 Out of date! ``````````````Antivirus/Firewall Check:`````````````` avast! Antivirus Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.75.0.1300 Java 7 Update 45 Adobe Flash Player 11.9.900.117 Adobe Reader XI Google Chrome 30.0.1599.101 Google Chrome 31.0.1650.57 ````````Process Check: objlist.exe by Laurent```````` AVAST Software Avast AvastSvc.exe AVAST Software Avast AvastUI.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 1 ````````````````````End of Log``````````````````````
Dad's computer infected by trojan.downloader.wi and trojan.sefnit

chrisbc replied to chrisbc's topic in Resolved Malware Removal Logs

Fixlog.txt: Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 17-11-2013 02 Ran by olof c e l1352 at 2013-11-18 16:40:50 Run:1 Running from C:\Users\olof c e l1352\Desktop Boot Mode: Normal ============================================== Content of fixlist: ***************** HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.emac...44v165r4761t405 URLSearchHook: HKCU - (No Name) - {16bb67e0-6319-4077-be84-f41269e051f3} - No File URLSearchHook: HKCU - (No Name) - {ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} - No File URLSearchHook: HKCU - (No Name) - {21755ee9-61a2-461a-9a1b-bf76a51515cc} - No File URLSearchHook: HKCU - (No Name) - {55d7c7bc-12a7-4f9b-81c0-600d9a182395} - No File SearchScopes: HKCU - ÛŸÆîZ§’2¹Þpv¨IÍá*X(Ž2s(ÛÎÀJºÔÓµ± vË°!×—(ä¼48Ð¸patm6êo^Mp`Ëõ÷_i£w˜¾!„Áû†x¢8€ÙjÀÿþ ´Ñ;áa´[¦†8 º~RÙxœòÜ8'£-)xä URL = BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM-x32 - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) Toolbar: HKLM-x32 - Utility Chest - {cf67755f-9265-449c-87cf-b945519e073b} - C:\Program Files (x86)\UtilityChest_49\bar\1.bin\49bar.dll No File Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File Toolbar: HKCU - No Name - {16BB67E0-6319-4077-BE84-F41269E051F3} - No File Toolbar: HKCU - No Name - {EBD898F8-FCF6-4694-BC3B-EABC7271EEB1} - No File Toolbar: HKCU - No Name - {21755EE9-61A2-461A-9A1B-BF76A51515CC} - No File Toolbar: HKCU - No Name - {55D7C7BC-12A7-4F9B-81C0-600D9A182395} - No File CHR HKLM-x32\...\Chrome\Extension: [gkgbjnieccdkmaejoghlheaojajcdldh] - C:\ProgramData\SaveAs\gkgbjnieccdkmaejoghlheaojajcdldh.crx CHR HKLM-x32\...\Chrome\Extension: [kfkcangbigakljkjeglcofaomihpejif] - C:\Users\olof c e l1352\AppData\Local\CRE\kfkcangbigakljkjeglcofaomihpejif.crx CHR HKLM-x32\...\Chrome\Extension: [ljagcjpnchcckmlnknbefnaamddcdoac] - C:\ProgramData\SaveAs\ljagcjpnchcckmlnknbefnaamddcdoac.crx ***************** HKCU\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully. HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{16bb67e0-6319-4077-be84-f41269e051f3} => Value deleted successfully. HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} => Value deleted successfully. HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{21755ee9-61a2-461a-9a1b-bf76a51515cc} => Value deleted successfully. HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{55d7c7bc-12a7-4f9b-81c0-600d9a182395} => Value deleted successfully. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\ÛŸÆîZ§’2¹Þpv¨IÍá*X(Ž2s(ÛÎÀJºÔÓµ± vË°!×—(ä¼48Ð¸patm6êo^Mp`Ëõ÷_i£w˜¾!„Áû†x¢8€ÙjÀÿþ ´Ñ;áa´[¦†8 º~RÙxœòÜ8'£-)xä => Key not found. HKCR\CLSID\ÛŸÆîZ§’2¹Þpv¨IÍá*X(Ž2s(ÛÎÀJºÔÓµ± vË°!×—(ä¼48Ð¸patm6êo^Mp`Ëõ÷_i£w˜¾!„Áû†x¢8€ÙjÀÿþ ´Ñ;áa´[¦†8 º~RÙxœòÜ8'£-)xä => Key not found. HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => Key deleted successfully. HKCR\Wow6432Node\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => Key deleted successfully. HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9} => Key deleted successfully. HKCR\Wow6432Node\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9} => Key deleted successfully. HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} => Value deleted successfully. HKCR\Wow6432Node\CLSID\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} => Key deleted successfully. HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{cf67755f-9265-449c-87cf-b945519e073b} => Value deleted successfully. HKCR\Wow6432Node\CLSID\{cf67755f-9265-449c-87cf-b945519e073b} => Key deleted successfully. HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Value deleted successfully. HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Key not found. HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{16BB67E0-6319-4077-BE84-F41269E051F3} => Value deleted successfully. HKCR\CLSID\{16BB67E0-6319-4077-BE84-F41269E051F3} => Key not found. HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EBD898F8-FCF6-4694-BC3B-EABC7271EEB1} => Value deleted successfully. HKCR\CLSID\{EBD898F8-FCF6-4694-BC3B-EABC7271EEB1} => Key not found. HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21755EE9-61A2-461A-9A1B-BF76A51515CC} => Value deleted successfully. HKCR\CLSID\{21755EE9-61A2-461A-9A1B-BF76A51515CC} => Key not found. HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{55D7C7BC-12A7-4F9B-81C0-600D9A182395} => Value deleted successfully. HKCR\CLSID\{55D7C7BC-12A7-4F9B-81C0-600D9A182395} => Key not found. HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\gkgbjnieccdkmaejoghlheaojajcdldh => Key deleted successfully. "C:\ProgramData\SaveAs\gkgbjnieccdkmaejoghlheaojajcdldh.crx" => File/Directory not found. HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\kfkcangbigakljkjeglcofaomihpejif => Key deleted successfully. "C:\Users\olof c e l1352\AppData\Local\CRE\kfkcangbigakljkjeglcofaomihpejif.crx" => File/Directory not found. HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ljagcjpnchcckmlnknbefnaamddcdoac => Key deleted successfully. "C:\ProgramData\SaveAs\ljagcjpnchcckmlnknbefnaamddcdoac.crx" => File/Directory not found. ==== End of Fixlog ====
Dad's computer infected by trojan.downloader.wi and trojan.sefnit

chrisbc replied to chrisbc's topic in Resolved Malware Removal Logs

Here are logs 04 to 07. STEP 04 JRT.txt is too large to paste even when it's split in half. I attach it instead. STEP 05 AdwCleaner[s1].txt # AdwCleaner v3.012 - Report created 16/11/2013 at 19:47:47 # Updated 11/11/2013 by Xplode # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits) # Username : olof c e l1352 - OLOFCEL1352 # Running from : C:\Users\olof c e l1352\Desktop\AdwCleaner (2).exe # Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** ***** [ Shortcuts ] ***** ***** [ Registry ] ***** ***** [ Browsers ] ***** -\\ Internet Explorer v10.0.9200.16720 -\\ Google Chrome v30.0.1599.101 [ File : C:\Users\olof c e l1352\AppData\Local\Google\Chrome\User Data\Default\preferences ] ************************* AdwCleaner[R0].txt - [19287 octets] - [11/11/2013 16:19:31] AdwCleaner[R1].txt - [917 octets] - [16/11/2013 19:41:24] AdwCleaner[s0].txt - [14613 octets] - [11/11/2013 16:22:51] AdwCleaner[s1].txt - [839 octets] - [16/11/2013 19:47:47] ########## EOF - C:\AdwCleaner\AdwCleaner[s1].txt - [898 octets] ########## mbam-log.txt: Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Databasversion: v2013.11.16.05 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16721 olof c e l1352 :: OLOFCEL1352 [administratör] 2013-11-16 19:59:27 mbam-log-2013-11-16 (19-59-27).txt Skanningstyp: Snabbskanning Aktiverade skanningsalternativ: Minne | Start | Register | Filsystem | Heuristik/Extra | Heuristik/Shuriken | PUP | PUM Inaktiverade skanningsalternativ: P2P Antal skannade objekt: 275803 Förfluten tid: 15 minut(er), 43 sekund(er) Upptäckta minnesprocesser: 0 (Inga skadliga poster hittades) Upptäckta minnesmoduler: 0 (Inga skadliga poster hittades) Upptäckta registernycklar: 0 (Inga skadliga poster hittades) Upptäckta registervärden: 0 (Inga skadliga poster hittades) Upptäckta registerdataposter: 0 (Inga skadliga poster hittades) Upptäckta mappar: 9 C:\Windows\System32\config\systemprofile\AppData\Roaming\DealPly (PUP.Optional.DealPly.A) -> Sattes i karantän och togs bort. C:\Windows\System32\config\systemprofile\AppData\Roaming\DealPly\UpdateProc (PUP.Optional.DealPly.A) -> Sattes i karantän och togs bort. C:\ProgramData\InstallMate\SaveAs (PUP.Optional.SaveAs.A) -> Sattes i karantän och togs bort. C:\ProgramData\InstallMate\SaveAs\851BEAA25B41D291 (PUP.Optional.SaveAs.A) -> Sattes i karantän och togs bort. C:\Users\olof c e l1352\AppData\Local\Temp\mt_ffx\BabylonToolbar (PUP.Optional.BabylonToolbar.A) -> Sattes i karantän och togs bort. C:\Users\olof c e l1352\AppData\Local\Temp\mt_ffx\BabylonToolbar\BabylonToolbar (PUP.Optional.BabylonToolbar.A) -> Sattes i karantän och togs bort. C:\Users\olof c e l1352\AppData\Local\Temp\mt_ffx\BabylonToolbar\BabylonToolbar\1.8.0.7 (PUP.Optional.BabylonToolbar.A) -> Sattes i karantän och togs bort. C:\Users\olof c e l1352\AppData\Local\Temp\ct3244149 (PUP.Optional.Conduit.A) -> Sattes i karantän och togs bort. C:\Users\olof c e l1352\AppData\Local\Temp\ct3300853 (PUP.Optional.Conduit.A) -> Sattes i karantän och togs bort. Upptäckta filer: 55 C:\Users\olof c e l1352\AppData\Local\Temp\1F13.tmp (PUP.Optional.PerformerSoft.A) -> Sattes i karantän och togs bort. C:\Users\olof c e l1352\AppData\Local\Temp\2B93.tmp (PUP.Optional.PerformerSoft.A) -> Sattes i karantän och togs bort. C:\Users\olof c e l1352\AppData\Local\Temp\5F59.tmp (PUP.Optional.FileScout.A) -> Sattes i karantän och togs bort. C:\Users\olof c e l1352\AppData\Local\Temp\9750.tmp (PUP.Optional.PerformerSoft.A) -> Sattes i karantän och togs bort. C:\Users\olof c e l1352\AppData\Local\Temp\dealply.exe (PUP.Optional.Dealply) -> Sattes i karantän och togs bort. C:\Users\olof c e l1352\AppData\Local\Temp\E58E.tmp (PUP.Optional.Babylon.A) -> Sattes i karantän och togs bort. C:\Users\olof c e l1352\AppData\Local\Temp\nsg920.exe (PUP.Optional.SearchProtect.A) -> Sattes i karantän och togs bort. C:\Users\olof c e l1352\AppData\Local\Temp\nsl117A.exe (PUP.Optional.SearchProtect.A) -> Sattes i karantän och togs bort. C:\Users\olof c e l1352\AppData\Local\Temp\nsl15BF.exe (PUP.Optional.SearchProtect.A) -> Sattes i karantän och togs bort. C:\Users\olof c e l1352\AppData\Local\Temp\nsl4FA.exe (PUP.Optional.SearchProtect.A) -> Sattes i karantän och togs bort. C:\Users\olof c e l1352\AppData\Local\Temp\nsp958F.exe (PUP.Optional.SearchProtect.A) -> Sattes i karantän och togs bort. C:\Users\olof c e l1352\AppData\Local\Temp\nsqA80B.exe (PUP.Optional.SearchProtect.A) -> Sattes i karantän och togs bort. C:\Users\olof c e l1352\AppData\Local\Temp\nsqF5BF.exe (PUP.Optional.SearchProtect.A) -> Sattes i karantän och togs bort. C:\Users\olof c e l1352\AppData\Local\Temp\nsv22BE.exe (PUP.Optional.Conduit.A) -> Sattes i karantän och togs bort. C:\Users\olof c e l1352\AppData\Local\Temp\nsvAEDF.exe (PUP.Optional.SearchProtect.A) -> Sattes i karantän och togs bort. C:\Users\olof c e l1352\AppData\Local\Temp\nsvFC93.exe (PUP.Optional.SearchProtect.A) -> Sattes i karantän och togs bort. C:\Users\olof c e l1352\AppData\Local\Temp\SecondStepInstaller.exe (PUP.Optional.Conduit.A) -> Sattes i karantän och togs bort. C:\Users\olof c e l1352\AppData\Local\Temp\setup_fsu_cid.exe (Trojan.Sefnit) -> Sattes i karantän och togs bort. C:\Users\olof c e l1352\AppData\Local\Temp\tbbabylonv3.exe (PUP.Optional.Babylon.A) -> Sattes i karantän och togs bort. C:\Users\olof c e l1352\AppData\Local\Temp\Updater.exe (PUP.Optional.Amonetize.A) -> Sattes i karantän och togs bort. C:\Users\olof c e l1352\AppData\Local\Temp\098A4136-BAB0-7891-9759-47E33460366A\MyBabylonTB.exe (PUP.Optional.BabylonToolBar.A) -> Sattes i karantän och togs bort. C:\Users\olof c e l1352\AppData\Local\Temp\54413A8E-BAB0-7891-BA8C-A685EE6768D5\MyBabylonTB.exe (PUP.Optional.BabylonToolBar.A) -> Sattes i karantän och togs bort. C:\Users\olof c e l1352\AppData\Local\Temp\79C68385-BAB0-7891-9B0A-65B35A117777\Latest\MyBabylonTB.exe (PUP.Optional.BabylonToolBar.A) -> Sattes i karantän och togs bort. C:\Users\olof c e l1352\AppData\Local\Temp\ct3244149\chLogic.exe (PUP.Optional.Conduit.A) -> Sattes i karantän och togs bort. C:\Users\olof c e l1352\AppData\Local\Temp\ct3244149\ctbe.exe (PUP.Optional.Conduit.A) -> Sattes i karantän och togs bort. C:\Users\olof c e l1352\AppData\Local\Temp\ct3244149\spch.exe (PUP.Optional.Conduit.A) -> Sattes i karantän och togs bort. C:\Users\olof c e l1352\AppData\Local\Temp\ct3244149\statisticsStub.exe (PUP.Optional.Conduit.A) -> Sattes i karantän och togs bort. C:\Users\olof c e l1352\AppData\Local\Temp\dropbox.exe\51571970a9fc4d18892400afb8e78788\dropbox.exe (PUP.Optional.DomaIQ) -> Sattes i karantän och togs bort. C:\Users\olof c e l1352\AppData\Local\Temp\dropbox.exe\51571970a9fc4d18892400afb8e78788\parent.txt (PUP.Optional.DomaIQ) -> Sattes i karantän och togs bort. C:\Users\olof c e l1352\AppData\Local\Temp\dropbox.exe\51571970a9fc4d18892400afb8e78788\SPIdentifier.exe (PUP.Optional.Conduit.A) -> Sattes i karantän och togs bort. C:\Users\olof c e l1352\AppData\Local\Temp\dropbox.exe\51571970a9fc4d18892400afb8e78788\1\dropbox.exe (PUP.Optional.DomaIQ) -> Sattes i karantän och togs bort. C:\Users\olof c e l1352\AppData\Local\Temp\dropbox.exe\51571970a9fc4d18892400afb8e78788\1\parent.txt (PUP.Optional.DomaIQ) -> Sattes i karantän och togs bort. C:\Users\olof c e l1352\AppData\Local\Temp\dropbox.exe\51571970a9fc4d18892400afb8e78788\1\SPIdentifier.exe (PUP.Optional.Conduit.A) -> Sattes i karantän och togs bort. C:\Users\olof c e l1352\AppData\Local\Temp\dropbox.exe\51571970a9fc4d18892400afb8e78788\6\dropbox.exe (PUP.Optional.DomaIQ) -> Sattes i karantän och togs bort. C:\Users\olof c e l1352\AppData\Local\Temp\dropbox.exe\51571970a9fc4d18892400afb8e78788\6\parent.txt (PUP.Optional.DomaIQ) -> Sattes i karantän och togs bort. C:\Users\olof c e l1352\AppData\Local\Temp\dropbox.exe\51571970a9fc4d18892400afb8e78788\6\SPIdentifier.exe (PUP.Optional.Conduit.A) -> Sattes i karantän och togs bort. C:\Users\olof c e l1352\AppData\Local\Temp\dropbox.exe\51571970a9fc4d18892400afb8e78788\8\dropbox.exe (PUP.Optional.DomaIQ) -> Sattes i karantän och togs bort. C:\Users\olof c e l1352\AppData\Local\Temp\dropbox.exe\51571970a9fc4d18892400afb8e78788\8\parent.txt (PUP.Optional.DomaIQ) -> Sattes i karantän och togs bort. C:\Users\olof c e l1352\AppData\Local\Temp\dropbox.exe\51571970a9fc4d18892400afb8e78788\8\SPIdentifier.exe (PUP.Optional.Conduit.A) -> Sattes i karantän och togs bort. C:\Users\olof c e l1352\Downloads\veetle-0.9.18.exe (PUP.Optional.OpenCandy) -> Sattes i karantän och togs bort. C:\Users\Public\AutoUpdate.exe (PUP.Optional.Conduit.A) -> Sattes i karantän och togs bort. C:\Windows\System32\config\systemprofile\AppData\Local\Windows Internet Name Service\wins.exe (Trojan.Downloader.WI) -> Sattes i karantän och togs bort. C:\ProgramData\InstallMate\SaveAs\Setup.dat (PUP.Optional.SaveAs.A) -> Sattes i karantän och togs bort. C:\ProgramData\InstallMate\SaveAs\Setup.exe (PUP.Optional.SaveAs.A) -> Sattes i karantän och togs bort. C:\ProgramData\InstallMate\SaveAs\Setup.ico (PUP.Optional.SaveAs.A) -> Sattes i karantän och togs bort. C:\ProgramData\InstallMate\SaveAs\TsuDll.dll (PUP.Optional.SaveAs.A) -> Sattes i karantän och togs bort. C:\ProgramData\InstallMate\SaveAs\_Setup.dll (PUP.Optional.SaveAs.A) -> Sattes i karantän och togs bort. C:\ProgramData\InstallMate\SaveAs\_Setupx.dll (PUP.Optional.SaveAs.A) -> Sattes i karantän och togs bort. C:\Users\olof c e l1352\AppData\Local\Temp\ct3244149\chromeid.txt (PUP.Optional.Conduit.A) -> Sattes i karantän och togs bort. C:\Users\olof c e l1352\AppData\Local\Temp\ct3244149\CT3244149.txt (PUP.Optional.Conduit.A) -> Sattes i karantän och togs bort. C:\Users\olof c e l1352\AppData\Local\Temp\ct3244149\dtime.csf (PUP.Optional.Conduit.A) -> Sattes i karantän och togs bort. C:\Users\olof c e l1352\AppData\Local\Temp\ct3244149\initData.json (PUP.Optional.Conduit.A) -> Sattes i karantän och togs bort. C:\Users\olof c e l1352\AppData\Local\Temp\ct3244149\manifest.json (PUP.Optional.Conduit.A) -> Sattes i karantän och togs bort. C:\Users\olof c e l1352\AppData\Local\Temp\ct3244149\setup.ini.txt (PUP.Optional.Conduit.A) -> Sattes i karantän och togs bort. C:\Users\olof c e l1352\AppData\Local\Temp\ct3300853\ddt.csf (PUP.Optional.Conduit.A) -> Sattes i karantän och togs bort. (klar) STEP 06 Eset-scan: C:\AdwCleaner\Quarantine\C\Program Files (x86)\DealPly\DealPlyUpdate.exe.vir Win32/DealPly.D application C:\AdwCleaner\Quarantine\C\Program Files (x86)\DealPly\DealPlyUpdateRun.exe.vir a variant of Win32/DealPly.C application C:\AdwCleaner\Quarantine\C\Program Files (x86)\DealPly\uninst.exe.vir Win32/DealPly.D application C:\AdwCleaner\Quarantine\C\Program Files (x86)\MapsGalaxy_39EI\Installr\4.bin\39EIPlug.dll.vir Win32/Toolbar.MyWebSearch application C:\AdwCleaner\Quarantine\C\Program Files (x86)\MapsGalaxy_39EI\Installr\4.bin\39EZSETP.dll.vir a variant of Win32/Toolbar.MyWebSearch.Q application C:\AdwCleaner\Quarantine\C\Program Files (x86)\MapsGalaxy_39EI\Installr\4.bin\NP39EISb.dll.vir Win32/Toolbar.MyWebSearch application C:\AdwCleaner\Quarantine\C\Program Files (x86)\SaveAs\sprotector.dll.vir a variant of Win32/SProtector.A application C:\AdwCleaner\Quarantine\C\Program Files (x86)\SaveAs\uninstall.exe.vir a variant of Win32/SProtector.B application C:\AdwCleaner\Quarantine\C\Program Files (x86)\TelevisionFanaticEI\Installr\1.bin\64EZSETP.dll.vir Win32/Toolbar.MyWebSearch.Q application C:\AdwCleaner\Quarantine\C\Program Files (x86)\TelevisionFanaticEI\Installr\1.bin\NP64EISb.dll.vir Win32/Toolbar.MyWebSearch application C:\AdwCleaner\Quarantine\C\Program Files (x86)\utilitychest_49\bar\1.bin\49auxstb.dll.vir Win32/Toolbar.MyWebSearch.W application C:\AdwCleaner\Quarantine\C\Program Files (x86)\utilitychest_49\bar\1.bin\49bar.dll.vir Win32/Toolbar.MyWebSearch.W application C:\AdwCleaner\Quarantine\C\Program Files (x86)\utilitychest_49\bar\1.bin\49bprtct.dll.vir Win32/Toolbar.MyWebSearch.W application C:\AdwCleaner\Quarantine\C\Program Files (x86)\utilitychest_49\bar\1.bin\49brmon.exe.vir Win32/Toolbar.MyWebSearch.W application C:\AdwCleaner\Quarantine\C\Program Files (x86)\utilitychest_49\bar\1.bin\49datact.dll.vir a variant of Win32/Toolbar.MyWebSearch.A application C:\AdwCleaner\Quarantine\C\Program Files (x86)\utilitychest_49\bar\1.bin\49htmlmu.dll.vir probably a variant of Win32/Toolbar.MyWebSearch.B application C:\AdwCleaner\Quarantine\C\Program Files (x86)\utilitychest_49\bar\1.bin\49ieovr.dll.vir probably a variant of Win32/Toolbar.MyWebSearch.P application C:\AdwCleaner\Quarantine\C\Program Files (x86)\utilitychest_49\bar\1.bin\49impipe.exe.vir Win32/Toolbar.MyWebSearch.W application C:\AdwCleaner\Quarantine\C\Program Files (x86)\utilitychest_49\bar\1.bin\49Plugin.dll.vir probably a variant of Win32/Toolbar.MyWebSearch application C:\AdwCleaner\Quarantine\C\Program Files (x86)\utilitychest_49\bar\1.bin\49reghk.dll.vir Win32/Toolbar.MyWebSearch.W application C:\AdwCleaner\Quarantine\C\Program Files (x86)\utilitychest_49\bar\1.bin\49skin.dll.vir a variant of Win32/Toolbar.MyWebSearch.P application C:\AdwCleaner\Quarantine\C\Program Files (x86)\utilitychest_49\bar\1.bin\49skplay.exe.vir Win32/Toolbar.MyWebSearch.W application C:\AdwCleaner\Quarantine\C\Program Files (x86)\utilitychest_49\bar\1.bin\49SrchMn.exe.vir Win32/Toolbar.MyWebSearch.W application C:\AdwCleaner\Quarantine\C\Program Files (x86)\utilitychest_49\bar\1.bin\AppIntegrator64.exe.vir Win64/Toolbar.MyWebSearch.A application C:\AdwCleaner\Quarantine\C\Program Files (x86)\utilitychest_49\bar\1.bin\AppIntegratorStub64.dll.vir Win64/Toolbar.MyWebSearch.A application C:\AdwCleaner\Quarantine\C\Program Files (x86)\utilitychest_49\bar\1.bin\CREXT.DLL.vir Win32/Toolbar.MyWebSearch.W application C:\AdwCleaner\Quarantine\C\Program Files (x86)\utilitychest_49\bar\1.bin\CrExtP49.exe.vir Win32/Toolbar.MyWebSearch.W application C:\AdwCleaner\Quarantine\C\Program Files (x86)\utilitychest_49\bar\1.bin\Hpg64.dll.vir Win64/Toolbar.MyWebSearch.A application C:\AdwCleaner\Quarantine\C\Program Files (x86)\utilitychest_49\bar\1.bin\NP49Stub.dll.vir Win32/Toolbar.MyWebSearch.T application C:\AdwCleaner\Quarantine\C\Program Files (x86)\utilitychest_49\bar\1.bin\T8HTML.DLL.vir probably a variant of Win32/Toolbar.MyWebSearch.F application C:\AdwCleaner\Quarantine\C\Program Files (x86)\utilitychest_49\bar\1.bin\T8TICKER.DLL.vir Win32/Toolbar.MyWebSearch.W application C:\AdwCleaner\Quarantine\C\ProgramData\BitGuard\2.6.1694.246\{16cdff19-861d-48e3-a751-d99a27784753}\BitGuard.dll.vir a variant of Win32/bProtector.A application C:\AdwCleaner\Quarantine\C\ProgramData\BitGuard\2.6.1694.246\{16cdff19-861d-48e3-a751-d99a27784753}\BitGuard.exe.vir a variant of Win32/bProtector.A application C:\AdwCleaner\Quarantine\C\ProgramData\BitGuard\2.6.1694.246\{16cdff19-861d-48e3-a751-d99a27784753}\uninstall.exe.vir a variant of Win32/bProtector.A application C:\AdwCleaner\Quarantine\C\ProgramData\Premium\SaveAs\run3ECE.tmp.vir Win32/GenUpdater application C:\AdwCleaner\Quarantine\C\ProgramData\Premium\SaveAs\run5961.tmp.vir Win32/GenUpdater application C:\AdwCleaner\Quarantine\C\ProgramData\Premium\SaveAs\run91BB.tmp.vir Win32/GenUpdater application C:\AdwCleaner\Quarantine\C\ProgramData\Premium\SaveAs\run9F65.tmp.vir Win32/GenUpdater application C:\AdwCleaner\Quarantine\C\ProgramData\Premium\SaveAs\runCD96.tmp.vir Win32/GenUpdater application C:\AdwCleaner\Quarantine\C\ProgramData\Premium\SaveAs\runE905.tmp.vir Win32/GenUpdater application C:\AdwCleaner\Quarantine\C\ProgramData\Premium\SaveAs\SaveAs.exe.vir Win32/GenUpdater application C:\AdwCleaner\Quarantine\C\ProgramData\SaveAs\50db9f808fb44.dll.vir Win32/Adware.MultiPlug.G application C:\AdwCleaner\Quarantine\C\ProgramData\SaveAs\50dba0a1a8e1a.dll.vir Win32/Adware.MultiPlug.G application C:\AdwCleaner\Quarantine\C\ProgramData\SaveAs\gkgbjnieccdkmaejoghlheaojajcdldh.crx.vir Win32/Adware.MultiPlug.H application C:\AdwCleaner\Quarantine\C\ProgramData\SaveAs\ljagcjpnchcckmlnknbefnaamddcdoac.crx.vir Win32/Adware.MultiPlug.H application C:\AdwCleaner\Quarantine\C\Users\olof c e l1352\AppData\Local\Google\Chrome\User Data\Default\Extensions\gaiilaahiahdejapggenmdmafpmbipje\3.0.7.2_0\background.html.vir Win32/DealPly.E application C:\AdwCleaner\Quarantine\C\Users\olof c e l1352\AppData\Roaming\file scout\filescout.exe.vir Win32/FileScout.A application C:\Users\olof c e l1352\AppData\Local\Temp\1037.tmp Win32/Toolbar.Babylon.M application C:\Users\olof c e l1352\AppData\Local\Temp\28F4.tmp Win32/Toolbar.Babylon.M application C:\Users\olof c e l1352\AppData\Local\Temp\coupish.exe multiple threats C:\Users\olof c e l1352\AppData\Local\Temp\D28B.tmp Win32/Toolbar.Babylon.M application C:\Users\olof c e l1352\AppData\Local\Temp\F4AB.tmp Win32/Toolbar.Babylon.M application C:\Users\olof c e l1352\AppData\Local\Temp\nsg46E9.tmp.tbFile.dll a variant of Win32/Toolbar.Conduit.B application C:\Users\olof c e l1352\AppData\Local\Temp\nslAC7E.tmp.tbFile.dll a variant of Win32/Toolbar.Conduit.B application C:\Users\olof c e l1352\AppData\Local\Temp\nslF2F0.tmp.tbFile.dll a variant of Win32/Toolbar.Conduit.B application C:\Users\olof c e l1352\AppData\Local\Temp\nsvF855.tmp.tbFile.dll a variant of Win32/Toolbar.Conduit.B application C:\Users\olof c e l1352\AppData\Local\Temp\tbbabylon.exe Win32/Toolbar.Babylon application C:\Users\olof c e l1352\AppData\Local\Temp\tbedrs.dll a variant of Win32/Toolbar.Conduit.B application C:\Users\olof c e l1352\AppData\Local\Temp\tbFil0.dll a variant of Win32/Toolbar.Conduit.B application C:\Users\olof c e l1352\AppData\Local\Temp\tbFile.dll a variant of Win32/Toolbar.Conduit.B application C:\Users\olof c e l1352\AppData\Local\Temp\tbFree.dll a variant of Win32/Toolbar.Conduit.B application C:\Users\olof c e l1352\AppData\Local\Temp\tbProd.dll a variant of Win32/Toolbar.Conduit.B application C:\Users\olof c e l1352\AppData\Local\Temp\tbWise.dll a variant of Win32/Toolbar.Conduit.B application C:\Users\olof c e l1352\AppData\Local\Temp\098A4136-BAB0-7891-9759-47E33460366A\BExternal.dll a variant of Win32/Toolbar.Babylon.F application C:\Users\olof c e l1352\AppData\Local\Temp\098A4136-BAB0-7891-9759-47E33460366A\Setup.exe a variant of Win32/Toolbar.Babylon.H application C:\Users\olof c e l1352\AppData\Local\Temp\54413A8E-BAB0-7891-BA8C-A685EE6768D5\BExternal.dll a variant of Win32/Toolbar.Babylon.F application C:\Users\olof c e l1352\AppData\Local\Temp\54413A8E-BAB0-7891-BA8C-A685EE6768D5\Setup.exe a variant of Win32/Toolbar.Babylon.H application C:\Users\olof c e l1352\AppData\Local\Temp\79C68385-BAB0-7891-9B0A-65B35A117777\Setup.exe a variant of Win32/Toolbar.Babylon.H application C:\Users\olof c e l1352\AppData\Local\Temp\79C68385-BAB0-7891-9B0A-65B35A117777\Latest\IEHelper.dll a variant of Win32/Toolbar.Babylon.E application C:\Users\olof c e l1352\AppData\Local\Temp\79C68385-BAB0-7891-9B0A-65B35A117777\Latest\Setup.exe a variant of Win32/Toolbar.Babylon.H application C:\Users\olof c e l1352\AppData\Local\Temp\C6457AEC-BAB0-7891-8CF7-CACC3E3E10F2\Setup.exe a variant of Win32/Toolbar.Babylon.H application C:\Users\olof c e l1352\AppData\Local\Temp\dropbox.exe\51571970a9fc4d18892400afb8e78788\1\software\Cloud_Backup_Setup.exe Win32/MyPCBackup.A application C:\Users\olof c e l1352\AppData\Local\Temp\dropbox.exe\51571970a9fc4d18892400afb8e78788\1\software\SaltarSmart_tg.exe Win32/BrowseFox.C application C:\Users\olof c e l1352\AppData\Local\Temp\dropbox.exe\51571970a9fc4d18892400afb8e78788\1\software\speedupmypc.exe Win32/SpeedUpMyPC.A application C:\Users\olof c e l1352\AppData\Local\Temp\dropbox.exe\51571970a9fc4d18892400afb8e78788\6\software\sp-downloader.exe Win32/Toolbar.Conduit.R application C:\Users\olof c e l1352\AppData\Local\Temp\dropbox.exe\51571970a9fc4d18892400afb8e78788\6\software\speedupmypc.exe Win32/SpeedUpMyPC.A application C:\Users\olof c e l1352\AppData\Local\Temp\dropbox.exe\51571970a9fc4d18892400afb8e78788\8\software\sp-downloader.exe Win32/Toolbar.Conduit.R application C:\Users\olof c e l1352\AppData\Local\Temp\dropbox.exe\51571970a9fc4d18892400afb8e78788\8\software\wajam_download.exe Win32/Wajam.B application C:\Users\olof c e l1352\AppData\Local\Temp\ICReinstall\cnet2_MyVideoConverter_Setup244_zip.exe a variant of Win32/InstallCore.D application C:\Users\olof c e l1352\AppData\Local\Temp\ICReinstall\cnet2_Pazera_Free_MOV_to_AVI_Converter_exe.exe a variant of Win32/InstallCore.D application C:\Users\olof c e l1352\AppData\Local\Temp\is1598539481\MyBabylonTB.exe Win32/Toolbar.Babylon application C:\Users\olof c e l1352\AppData\Local\Temp\scoped_dir_5196_10576\CRX_INSTALL\background.html Win32/DealPly.E application C:\Users\olof c e l1352\AppData\Local\Temp\scoped_dir_5780_12369\CRX_INSTALL\background.html Win32/DealPly.E application C:\Users\olof c e l1352\AppData\Local\Temp\scoped_dir_5780_783\CRX_INSTALL\50db9f808f91e2.62403641.js Win32/Adware.MultiPlug.H application C:\Users\olof c e l1352\Downloads\cnet2_Pazera_Free_MOV_to_AVI_Converter_exe.exe a variant of Win32/InstallCore.D application C:\Users\olof c e l1352\Downloads\installer_adobe_flash_player_Swedish (1).exe Win32/Toolbar.Babylon application C:\Users\olof c e l1352\Downloads\installer_adobe_flash_player_Swedish.exe Win32/Toolbar.Babylon application C:\Users\olof c e l1352\Downloads\installer_openoffice_Swedish.exe Win32/Toolbar.Babylon application C:\Users\olof c e l1352\Downloads\PDFdownload.exe Win32/InstalleRex.E application C:\Users\olof c e l1352\Downloads\SUPERsetup.exe Win32/OpenCandy application C:\Windows\Temp\LatestDealPlySetup5556.1.1.1.exe Win32/DealPly.B application C:\Windows\Temp\LatestDealPlySetup5556.exe Win32/DealPly.B application C:\Windows\Temp\nsq23C8.tmp.exe Win32/DealPly.B application C:\Windows\Temp\nst7D33.tmp.exe Win32/DealPly.B application STEP 07 The file Addition.txt is attached. FRST.txt: Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-11-2013 Ran by olof c e l1352 (administrator) on OLOFCEL1352 on 16-11-2013 23:21:11 Running from C:\Users\olof c e l1352\Downloads Windows 7 Home Premium Service Pack 1 (X64) OS Language: Swedish Internet Explorer Version 10 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE () C:\Program Files (x86)\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe (Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe (Acer Incorporated) C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe (Nero AG) C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (SupportSoft, Inc.) C:\Program Files (x86)\Telia\Supportassistenten\bin\sprtsvc.exe (SupportSoft, Inc.) C:\Program Files (x86)\Telia\Supportassistenten\bin\tgsrvc.exe () C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe () C:\Program Files (x86)\Tor\tor.exe (Acer Group) C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Apache Software Foundation) C:\PROGRA~1\BITNAM~1\apache2\bin\httpd.exe () C:\Program Files\BitNami WordPress Stack\mysql\bin\mysqld.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe (Apache Software Foundation) C:\PROGRA~1\BITNAM~1\apache2\bin\httpd.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Logitech Inc.) C:\Program Files (x86)\Logitech\Vid HD\Vid.exe (SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung Electronics) C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe (Samsung) C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe (Technology Nexus AB) C:\Program Files (x86)\Personal\bin\Personal.exe () C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (SupportSoft, Inc.) C:\Program Files (x86)\Telia\Supportassistenten\bin\sprtcmd.exe (Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe (ScanSoft, Inc.) C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe (Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe (Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe () C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe () C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe () C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe (Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe (Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe (Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ESET) C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineScannerApp.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\system32\prevhost.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10060320 2010-02-09] (Realtek Semiconductor) HKLM\...\Run: [KiesTrayAgent] - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [310640 2013-03-28] (Samsung Electronics Co., Ltd.) HKCU\...\Run: [Logitech Vid] - C:\Program Files (x86)\Logitech\Vid HD\Vid.exe [6129496 2011-01-13] (Logitech Inc.) HKCU\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-05-06] (Google Inc.) HKCU\...\Run: [sUPERAntiSpyware] - C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE [6604568 2013-11-07] (SUPERAntiSpyware) HKCU\...\Run: [KiesPreload] - C:\Program Files (x86)\Samsung\Kies\Kies.exe [1511792 2013-03-28] (Samsung) HKCU\...\Run: [KiesAirMessage] - C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe [578560 2013-03-20] (Samsung Electronics) HKCU\...\Run: [] - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [1106288 2013-03-28] (Samsung) HKCU\...\Run: [GarminExpressTrayApp] - C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1098072 2013-03-27] (Garmin Ltd or its subsidiaries) HKCU\...\Run: [skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20474528 2013-10-02] (Skype Technologies S.A.) HKLM-x32\...\Run: [Hotkey Utility] - C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe [611872 2010-08-04] () HKLM-x32\...\Run: [hpqSRMon] - C:\Program Files (x86)\HP\Digital Imaging\bin\HpqSRmon.exe [150528 2008-07-22] (Hewlett-Packard) HKLM-x32\...\Run: [Telia] - C:\Program Files (x86)\Telia\Supportassistenten\bin\sprtcmd.exe [206120 2010-07-07] (SupportSoft, Inc.) HKLM-x32\...\Run: [LWS] - C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [205336 2011-11-11] (Logitech Inc.) HKLM-x32\...\Run: [avast] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [4858968 2013-08-30] (AVAST Software) HKLM-x32\...\Run: [PaperPort PTD] - C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe [57393 2005-03-17] (ScanSoft, Inc.) HKLM-x32\...\Run: [indexSearch] - C:\Program Files (x86)\ScanSoft\PaperPort\IndexSearch.exe [40960 2005-03-17] (ScanSoft, Inc.) HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe [49208 2011-05-10] (Hewlett-Packard) HKLM-x32\...\Run: [] - [x] HKLM-x32\...\Run: [KiesTrayAgent] - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [310640 2013-03-28] (Samsung Electronics Co., Ltd.) HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated) HKLM-x32\...\Run: [HTC Sync Loader] - C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe [659456 2013-05-13] () HKLM-x32\...\Run: [sunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKU\Default\...\RunOnce: [scrSav] - C:\Program Files (x86)\eMachines\Screensaver\run_eMachines.exe [162336 2009-07-22] () HKU\Default User\...\RunOnce: [scrSav] - C:\Program Files (x86)\eMachines\Screensaver\run_eMachines.exe [162336 2009-07-22] () HKU\UpdatusUser\...\RunOnce: [scrSav] - C:\Program Files (x86)\eMachines\Screensaver\run_eMachines.exe [162336 2009-07-22] () Startup: C:\Users\olof c e l1352\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Övervaka bläckvarningar - HP Deskjet 2510 series.lnk ShortcutTarget: Övervaka bläckvarningar - HP Deskjet 2510 series.lnk -> C:\Program Files\HP\HP Deskjet 2510 series\bin\HPStatusBL.dll (Hewlett-Packard Co.) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.emachines.com/rdr.aspx?b=ACEW&l=041d&m=el1352&r=173603115903pe444v165r4761t405 URLSearchHook: HKCU - (No Name) - {16bb67e0-6319-4077-be84-f41269e051f3} - No File URLSearchHook: HKCU - (No Name) - {ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} - No File URLSearchHook: HKCU - (No Name) - {21755ee9-61a2-461a-9a1b-bf76a51515cc} - No File URLSearchHook: HKCU - (No Name) - {55d7c7bc-12a7-4f9b-81c0-600d9a182395} - No File SearchScopes: HKCU - ÛŸÆîZ§’2¹Þpv¨IÍá*X(Ž2s(ÛÎÀJºÔÓµ± vË°!×—(ä¼48Ð¸patm6êo^Mp`Ëõ÷_i£w˜¾!„Áû†x¢8€ÙjÀÿþ ´Ñ;áa´[¦†8 º~RÙxœòÜ8'£-)xä URL = BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation) BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) Toolbar: HKLM-x32 - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) Toolbar: HKLM-x32 - Utility Chest - {cf67755f-9265-449c-87cf-b945519e073b} - C:\Program Files (x86)\UtilityChest_49\bar\1.bin\49bar.dll No File Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File Toolbar: HKCU - No Name - {16BB67E0-6319-4077-BE84-F41269E051F3} - No File Toolbar: HKCU - No Name - {EBD898F8-FCF6-4694-BC3B-EABC7271EEB1} - No File Toolbar: HKCU - No Name - {21755EE9-61A2-461A-9A1B-BF76A51515CC} - No File Toolbar: HKCU - No Name - {55D7C7BC-12A7-4F9B-81C0-600D9A182395} - No File Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - No File Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 195.67.199.27 195.67.199.28 Chrome: ======= CHR Extension: (Google Docs) - C:\Users\OLOFCE~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0 CHR Extension: (Google Drive) - C:\Users\OLOFCE~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0 CHR Extension: (YouTube) - C:\Users\OLOFCE~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0 CHR Extension: (Google Search) - C:\Users\OLOFCE~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0 CHR Extension: (Skype Click to Call) - C:\Users\OLOFCE~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0 CHR Extension: (Google Wallet) - C:\Users\OLOFCE~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0 CHR Extension: (Gmail) - C:\Users\OLOFCE~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1 CHR HKLM-x32\...\Chrome\Extension: [gkgbjnieccdkmaejoghlheaojajcdldh] - C:\ProgramData\SaveAs\gkgbjnieccdkmaejoghlheaojajcdldh.crx CHR HKLM-x32\...\Chrome\Extension: [kfkcangbigakljkjeglcofaomihpejif] - C:\Users\olof c e l1352\AppData\Local\CRE\kfkcangbigakljkjeglcofaomihpejif.crx CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx CHR HKLM-x32\...\Chrome\Extension: [ljagcjpnchcckmlnknbefnaamddcdoac] - C:\ProgramData\SaveAs\ljagcjpnchcckmlnknbefnaamddcdoac.crx ==================== Services (Whitelisted) ================= R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [140672 2012-07-11] (SUPERAntiSpyware.com) R2 AdobeActiveFileMonitor5.0; C:\Program Files (x86)\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe [108712 2006-12-22] () R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-08-30] (AVAST Software) R2 ForceWare Intelligent Application Manager (IAM); C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe [626208 2009-08-11] () R2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [185688 2013-03-27] (Garmin Ltd or its subsidiaries) R2 Greg_Service; C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe [1150496 2009-08-28] (Acer Incorporated) R2 HTCMonitorService; C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [87368 2013-01-29] (Nero AG) R2 nSvcIp; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe [206880 2009-08-11] () R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [167424 2012-12-07] () R2 sprtsvc_teliada; C:\Program Files (x86)\Telia\Supportassistenten\bin\sprtsvc.exe [206120 2010-07-07] (SupportSoft, Inc.) S2 SupportSoft RemoteAssist; C:\Program Files (x86)\Common Files\SupportSoft\bin\ssrc.exe [382320 2010-07-07] (SupportSoft, Inc.) R2 tgsrvc_teliada; C:\Program Files (x86)\Telia\Supportassistenten\bin\tgsrvc.exe [185640 2010-07-07] (SupportSoft, Inc.) R2 tor; C:\Program Files (x86)\Tor\tor.exe [3233806 2013-08-23] () R2 Updater Service; C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe [243232 2010-01-29] (Acer Group) R2 wordpressApache; C:\PROGRA~1\BITNAM~1\apache2\bin\httpd.exe [20549 2011-09-09] (Apache Software Foundation) R2 wordpressMySQL; C:\Program Files\BitNami WordPress Stack\mysql\bin\mysqld.exe [8158720 2011-09-09] () ==================== Drivers (Whitelisted) ==================== R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [33400 2013-08-30] (AVAST Software) R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [80816 2013-08-30] (AVAST Software) R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [72016 2013-08-30] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-08-30] () R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1030952 2013-08-30] (AVAST Software) R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378944 2013-08-30] (AVAST Software) R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-08-30] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [204880 2013-08-30] () S3 btaudio; C:\Windows\System32\drivers\btaudio.sys [135208 2008-04-15] (Broadcom Corporation.) R3 BTDriver; C:\Windows\System32\DRIVERS\btport.sys [44200 2008-02-04] (Broadcom Corporation.) R3 BTKRNL; C:\Windows\System32\DRIVERS\btkrnl.sys [1282216 2008-04-15] (Broadcom Corporation.) S3 BTWDNDIS; C:\Windows\System32\DRIVERS\btwdndis.sys [156456 2007-09-20] (Broadcom Corporation.) S3 btwhid; C:\Windows\System32\DRIVERS\btwhid.sys [71592 2008-03-10] (Broadcom Corporation.) S3 BTWUSB; C:\Windows\System32\Drivers\btwusb.sys [56104 2008-03-27] (Broadcom Corporation.) R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com) R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com) S3 TdsNordecr; C:\Windows\System32\DRIVERS\nordecr.sys [28672 2007-10-30] (Todos Data System AB) S3 Tdsshbecr; C:\Windows\System32\DRIVERS\shbecr.sys [50176 2008-09-22] (Todos Data System AB) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-11-16 23:21 - 2013-11-16 23:21 - 00018770 _____ C:\Users\olof c e l1352\Downloads\FRST.txt 2013-11-16 23:20 - 2013-11-16 23:20 - 00000000 ____D C:\FRST 2013-11-16 23:17 - 2013-11-16 23:17 - 00011563 _____ C:\Users\olof c e l1352\Desktop\eset.txt 2013-11-16 21:30 - 2013-11-16 21:30 - 00014336 ___SH C:\Users\olof c e l1352\AppData\Thumbs.db 2013-11-16 21:02 - 2013-11-16 21:02 - 01957794 _____ (Farbar) C:\Users\olof c e l1352\Downloads\FRST64.exe 2013-11-16 20:31 - 2013-11-16 20:31 - 00000000 ____D C:\Program Files (x86)\ESET 2013-11-16 20:29 - 2013-11-16 20:30 - 02347384 _____ (ESET) C:\Users\olof c e l1352\Downloads\esetsmartinstaller_enu.exe 2013-11-16 19:23 - 2013-11-16 19:23 - 01085542 _____ C:\Users\olof c e l1352\Desktop\AdwCleaner (2).exe 2013-11-16 19:22 - 2013-11-16 19:22 - 00000000 ____D C:\Windows\ERUNT 2013-11-16 19:12 - 2013-11-16 19:13 - 01034531 _____ (Thisisu) C:\Users\olof c e l1352\Desktop\JRT.exe 2013-11-16 16:14 - 2013-11-16 19:12 - 00000000 ____D C:\Users\olof c e l1352\Desktop\mbar 2013-11-16 16:14 - 2013-11-16 17:37 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2013-11-16 16:12 - 2013-11-16 16:13 - 12576792 _____ (Malwarebytes Corp.) C:\Users\olof c e l1352\Downloads\mbar-1.07.0.1007.exe 2013-11-13 18:35 - 2013-11-13 18:35 - 00001982 _____ C:\Users\olof c e l1352\Desktop\RKreport[0]_S_11132013_183543.txt 2013-11-13 18:31 - 2013-11-13 18:37 - 00000000 ____D C:\Users\olof c e l1352\Desktop\RK_Quarantine 2013-11-13 18:30 - 2013-11-13 18:30 - 04118528 _____ C:\Users\olof c e l1352\Desktop\RogueKillerX64.exe 2013-11-13 18:29 - 2013-11-13 18:29 - 00000000 ____D C:\Windows\ERDNT 2013-11-13 18:28 - 2013-11-13 18:28 - 00000897 _____ C:\Users\UpdatusUser.olofcel1352\Desktop\NTREGOPT.lnk 2013-11-13 18:28 - 2013-11-13 18:28 - 00000897 _____ C:\Users\olof c e l1352\Desktop\NTREGOPT.lnk 2013-11-13 18:28 - 2013-11-13 18:28 - 00000878 _____ C:\Users\UpdatusUser.olofcel1352\Desktop\ERUNT.lnk 2013-11-13 18:28 - 2013-11-13 18:28 - 00000878 _____ C:\Users\olof c e l1352\Desktop\ERUNT.lnk 2013-11-13 18:28 - 2013-11-13 18:28 - 00000000 ____D C:\Program Files (x86)\ERUNT 2013-11-13 18:21 - 2013-11-13 18:22 - 00791393 _____ (Lars Hederer ) C:\Users\olof c e l1352\Downloads\erunt-setup.exe 2013-11-13 18:17 - 2013-11-13 18:20 - 00002296 _____ C:\Users\olof c e l1352\Desktop\Rkill.txt 2013-11-13 18:17 - 2013-11-13 18:17 - 00000000 ____D C:\Users\olof c e l1352\Desktop\rkill 2013-11-13 18:15 - 2013-11-13 18:16 - 01898232 _____ (Bleeping Computer, LLC) C:\Users\olof c e l1352\Desktop\rkill.exe 2013-11-11 19:44 - 2013-11-11 19:44 - 00027518 _____ C:\Users\olof c e l1352\Desktop\dds.txt 2013-11-11 19:44 - 2013-11-11 19:44 - 00009838 _____ C:\Users\olof c e l1352\Desktop\attach.txt 2013-11-11 19:41 - 2013-11-11 19:42 - 00688992 ____R (Swearware) C:\Users\olof c e l1352\Downloads\dds (1).com 2013-11-11 16:30 - 2013-11-11 16:30 - 00000000 ____D C:\Users\olof c e l1352\AppData\Local\Apple Computer 2013-11-11 16:22 - 2013-11-11 16:22 - 00019290 _____ C:\Users\olof c e l1352\Desktop\AdwCleaner[R0].txt 2013-11-11 16:19 - 2013-11-16 19:47 - 00000000 ____D C:\AdwCleaner 2013-11-11 16:19 - 2013-11-11 16:19 - 01085542 _____ C:\Users\olof c e l1352\Downloads\AdwCleaner (1).exe 2013-11-11 16:18 - 2013-11-11 16:18 - 01085542 _____ C:\Users\olof c e l1352\Downloads\AdwCleaner.exe 2013-11-11 16:18 - 2013-11-11 16:18 - 00000000 ____D C:\ProgramData\Oracle 2013-11-11 16:18 - 2013-10-08 07:46 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2013-11-11 16:17 - 2013-11-11 16:17 - 01085542 _____ C:\Users\olof c e l1352\Downloads\trzDA02.tmp 2013-11-11 16:17 - 2013-11-11 16:17 - 00004864 _____ C:\Windows\SysWOW64\jupdate-1.7.0_45-b18.log 2013-11-11 16:17 - 2013-10-08 07:50 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2013-11-11 16:17 - 2013-10-08 07:46 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2013-11-11 16:17 - 2013-10-08 07:46 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2013-11-11 16:15 - 2013-11-11 16:15 - 01014291 _____ C:\Users\olof c e l1352\Downloads\trzFE90.tmp 2013-11-11 15:28 - 2013-11-11 15:28 - 00085072 _____ C:\Users\olof c e l1352\AppData\Local\GDIPFONTCACHEV1.DAT 2013-11-08 00:20 - 2013-11-08 00:20 - 00915368 _____ (Oracle Corporation) C:\Users\olof c e l1352\Downloads\JavaSetup7u45.exe 2013-11-08 00:20 - 2013-11-08 00:20 - 00915368 _____ (Oracle Corporation) C:\Users\olof c e l1352\Downloads\JavaSetup7u45 (1).exe 2013-11-06 12:58 - 2013-11-06 12:58 - 00000328 _____ C:\Users\olof c e l1352\Desktop\CD-enhet - genväg (2).lnk 2013-11-06 12:55 - 2013-11-06 12:55 - 00000328 _____ C:\Users\olof c e l1352\Desktop\CD-enhet - genväg.lnk 2013-11-06 12:47 - 2013-11-06 12:47 - 00001079 _____ C:\Users\olof c e l1352\Desktop\SeagateExpansion Desk - genväg.lnk 2013-11-01 22:55 - 2013-11-01 23:04 - 131330363 _____ C:\Users\olof c e l1352\Downloads\Apache_OpenOffice_4.0.1_Win_x86_install_sv.exe 2013-10-29 22:59 - 2013-10-30 22:07 - 00120120 _____ C:\Users\olof c e l1352\Desktop\bill-kampmeier.odt 2013-10-29 22:51 - 2013-10-29 22:51 - 00001111 _____ C:\Users\olof c e l1352\Desktop\Disk A.lnk 2013-10-29 17:18 - 2013-10-29 17:18 - 00001936 _____ C:\Users\olof c e l1352\Desktop\Bläckpatroner & Lasertoner Billiga färgpatroner, bläckpatroner och toner NordicInk™.url 2013-10-28 00:27 - 2013-10-28 00:27 - 00024847 _____ C:\Users\olof c e l1352\Desktop\nordic ink.htm 2013-10-25 19:39 - 2013-10-26 00:26 - 00000000 ___RD C:\Users\olof c e l1352\Dropbox 2013-10-25 19:30 - 2013-10-26 00:59 - 00000000 ____D C:\Users\olof c e l1352\AppData\Roaming\Dropbox 2013-10-17 13:27 - 2013-10-17 13:27 - 00002220 _____ C:\Users\olof c e l1352\Desktop\odlingsprov.eml ==================== One Month Modified Files and Folders ======= 2013-11-16 23:21 - 2013-11-16 23:21 - 00018770 _____ C:\Users\olof c e l1352\Downloads\FRST.txt 2013-11-16 23:20 - 2013-11-16 23:20 - 00000000 ____D C:\FRST 2013-11-16 23:17 - 2013-11-16 23:17 - 00011563 _____ C:\Users\olof c e l1352\Desktop\eset.txt 2013-11-16 23:01 - 2013-08-31 23:26 - 00000868 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-11-16 22:26 - 2011-03-29 17:05 - 00000994 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-11-16 21:58 - 2012-10-19 22:18 - 00008704 ___SH C:\Users\olof c e l1352\AppData\Roaming\Thumbs.db 2013-11-16 21:49 - 2010-09-25 06:28 - 01863070 _____ C:\Windows\WindowsUpdate.log 2013-11-16 21:32 - 2013-09-14 14:04 - 00002148 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2013-11-16 21:30 - 2013-11-16 21:30 - 00014336 ___SH C:\Users\olof c e l1352\AppData\Thumbs.db 2013-11-16 21:02 - 2013-11-16 21:02 - 01957794 _____ (Farbar) C:\Users\olof c e l1352\Downloads\FRST64.exe 2013-11-16 20:31 - 2013-11-16 20:31 - 00000000 ____D C:\Program Files (x86)\ESET 2013-11-16 20:31 - 2009-07-14 05:45 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-11-16 20:31 - 2009-07-14 05:45 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-11-16 20:30 - 2013-11-16 20:29 - 02347384 _____ (ESET) C:\Users\olof c e l1352\Downloads\esetsmartinstaller_enu.exe 2013-11-16 20:26 - 2011-04-16 21:00 - 00000000 ____D C:\Users\olof c e l1352\AppData\Roaming\Skype 2013-11-16 20:23 - 2013-06-20 00:25 - 00000000 ____D C:\Users\olof c e l1352\AppData\Local\Htc 2013-11-16 20:21 - 2013-04-29 15:15 - 00000000 ____D C:\Users\olof c e l1352\AppData\Local\HTC MediaHub 2013-11-16 20:21 - 2013-03-26 22:40 - 00054156 ____H C:\Windows\QTFont.qfn 2013-11-16 20:21 - 2012-12-27 02:11 - 00000388 ____H C:\Windows\Tasks\SaveAsUpdaterTask{F219EBEA-7BB5-48DE-B5B2-6D6E46DDF9C2}.job 2013-11-16 20:21 - 2011-03-29 17:05 - 00000990 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-11-16 20:21 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2013-11-16 20:21 - 2009-07-14 05:51 - 00168465 _____ C:\Windows\setupact.log 2013-11-16 20:20 - 2010-05-06 16:59 - 00307210 _____ C:\Windows\PFRO.log 2013-11-16 20:18 - 2012-12-27 02:05 - 00000000 ____D C:\ProgramData\InstallMate 2013-11-16 19:50 - 2012-07-08 11:02 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update 2013-11-16 19:47 - 2013-11-11 16:19 - 00000000 ____D C:\AdwCleaner 2013-11-16 19:23 - 2013-11-16 19:23 - 01085542 _____ C:\Users\olof c e l1352\Desktop\AdwCleaner (2).exe 2013-11-16 19:22 - 2013-11-16 19:22 - 00000000 ____D C:\Windows\ERUNT 2013-11-16 19:13 - 2013-11-16 19:12 - 01034531 _____ (Thisisu) C:\Users\olof c e l1352\Desktop\JRT.exe 2013-11-16 19:12 - 2013-11-16 16:14 - 00000000 ____D C:\Users\olof c e l1352\Desktop\mbar 2013-11-16 17:37 - 2013-11-16 16:14 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2013-11-16 17:30 - 2012-02-20 19:23 - 00000000 ____D C:\Windows\Minidump 2013-11-16 17:00 - 2010-09-08 20:20 - 00661494 _____ C:\Windows\system32\perfh01D.dat 2013-11-16 17:00 - 2010-09-08 20:20 - 00141296 _____ C:\Windows\system32\perfc01D.dat 2013-11-16 17:00 - 2009-07-14 06:13 - 01573176 _____ C:\Windows\system32\PerfStringBackup.INI 2013-11-16 16:13 - 2013-11-16 16:12 - 12576792 _____ (Malwarebytes Corp.) C:\Users\olof c e l1352\Downloads\mbar-1.07.0.1007.exe 2013-11-16 16:09 - 2011-04-25 19:18 - 00003972 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{D7E6C6DE-06AB-4ABD-A253-51FBB2F9C6E4} 2013-11-13 18:37 - 2013-11-13 18:31 - 00000000 ____D C:\Users\olof c e l1352\Desktop\RK_Quarantine 2013-11-13 18:35 - 2013-11-13 18:35 - 00001982 _____ C:\Users\olof c e l1352\Desktop\RKreport[0]_S_11132013_183543.txt 2013-11-13 18:30 - 2013-11-13 18:30 - 04118528 _____ C:\Users\olof c e l1352\Desktop\RogueKillerX64.exe 2013-11-13 18:29 - 2013-11-13 18:29 - 00000000 ____D C:\Windows\ERDNT 2013-11-13 18:28 - 2013-11-13 18:28 - 00000897 _____ C:\Users\UpdatusUser.olofcel1352\Desktop\NTREGOPT.lnk 2013-11-13 18:28 - 2013-11-13 18:28 - 00000897 _____ C:\Users\olof c e l1352\Desktop\NTREGOPT.lnk 2013-11-13 18:28 - 2013-11-13 18:28 - 00000878 _____ C:\Users\UpdatusUser.olofcel1352\Desktop\ERUNT.lnk 2013-11-13 18:28 - 2013-11-13 18:28 - 00000878 _____ C:\Users\olof c e l1352\Desktop\ERUNT.lnk 2013-11-13 18:28 - 2013-11-13 18:28 - 00000000 ____D C:\Program Files (x86)\ERUNT 2013-11-13 18:22 - 2013-11-13 18:21 - 00791393 _____ (Lars Hederer ) C:\Users\olof c e l1352\Downloads\erunt-setup.exe 2013-11-13 18:20 - 2013-11-13 18:17 - 00002296 _____ C:\Users\olof c e l1352\Desktop\Rkill.txt 2013-11-13 18:17 - 2013-11-13 18:17 - 00000000 ____D C:\Users\olof c e l1352\Desktop\rkill 2013-11-13 18:16 - 2013-11-13 18:15 - 01898232 _____ (Bleeping Computer, LLC) C:\Users\olof c e l1352\Desktop\rkill.exe 2013-11-13 18:05 - 2011-06-06 15:55 - 00000940 _____ C:\Windows\Tasks\Google Software Updater.job 2013-11-11 19:44 - 2013-11-11 19:44 - 00027518 _____ C:\Users\olof c e l1352\Desktop\dds.txt 2013-11-11 19:44 - 2013-11-11 19:44 - 00009838 _____ C:\Users\olof c e l1352\Desktop\attach.txt 2013-11-11 19:42 - 2013-11-11 19:41 - 00688992 ____R (Swearware) C:\Users\olof c e l1352\Downloads\dds (1).com 2013-11-11 16:33 - 2012-04-08 17:36 - 00001082 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2013-11-11 16:33 - 2011-06-08 20:42 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-11-11 16:30 - 2013-11-11 16:30 - 00000000 ____D C:\Users\olof c e l1352\AppData\Local\Apple Computer 2013-11-11 16:22 - 2013-11-11 16:22 - 00019290 _____ C:\Users\olof c e l1352\Desktop\AdwCleaner[R0].txt 2013-11-11 16:19 - 2013-11-11 16:19 - 01085542 _____ C:\Users\olof c e l1352\Downloads\AdwCleaner (1).exe 2013-11-11 16:18 - 2013-11-11 16:18 - 01085542 _____ C:\Users\olof c e l1352\Downloads\AdwCleaner.exe 2013-11-11 16:18 - 2013-11-11 16:18 - 00000000 ____D C:\ProgramData\Oracle 2013-11-11 16:17 - 2013-11-11 16:17 - 01085542 _____ C:\Users\olof c e l1352\Downloads\trzDA02.tmp 2013-11-11 16:17 - 2013-11-11 16:17 - 00004864 _____ C:\Windows\SysWOW64\jupdate-1.7.0_45-b18.log 2013-11-11 16:17 - 2013-07-02 15:20 - 00000000 ____D C:\Program Files (x86)\Java 2013-11-11 16:15 - 2013-11-11 16:15 - 01014291 _____ C:\Users\olof c e l1352\Downloads\trzFE90.tmp 2013-11-11 15:28 - 2013-11-11 15:28 - 00085072 _____ C:\Users\olof c e l1352\AppData\Local\GDIPFONTCACHEV1.DAT 2013-11-11 11:02 - 2011-03-29 15:36 - 00000000 ____D C:\Users\olof c e l1352\AppData\Local\Google 2013-11-10 20:32 - 2013-01-18 00:37 - 00000000 ____D C:\Program Files\SUPERAntiSpyware 2013-11-08 00:20 - 2013-11-08 00:20 - 00915368 _____ (Oracle Corporation) C:\Users\olof c e l1352\Downloads\JavaSetup7u45.exe 2013-11-08 00:20 - 2013-11-08 00:20 - 00915368 _____ (Oracle Corporation) C:\Users\olof c e l1352\Downloads\JavaSetup7u45 (1).exe 2013-11-06 12:58 - 2013-11-06 12:58 - 00000328 _____ C:\Users\olof c e l1352\Desktop\CD-enhet - genväg (2).lnk 2013-11-06 12:55 - 2013-11-06 12:55 - 00000328 _____ C:\Users\olof c e l1352\Desktop\CD-enhet - genväg.lnk 2013-11-06 12:47 - 2013-11-06 12:47 - 00001079 _____ C:\Users\olof c e l1352\Desktop\SeagateExpansion Desk - genväg.lnk 2013-11-06 12:31 - 2013-03-24 13:25 - 00000000 ____D C:\Users\UpdatusUser.olofcel1352 2013-11-06 00:10 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\NDF 2013-11-01 23:04 - 2013-11-01 22:55 - 131330363 _____ C:\Users\olof c e l1352\Downloads\Apache_OpenOffice_4.0.1_Win_x86_install_sv.exe 2013-10-31 19:58 - 2012-02-15 23:40 - 00000000 ____D C:\Users\olof c e l1352\AppData\Roaming\HpUpdate 2013-10-31 15:36 - 2013-10-02 15:38 - 00002233 _____ C:\Users\Public\Desktop\HP Deskjet 2510 series.lnk 2013-10-30 22:07 - 2013-10-29 22:59 - 00120120 _____ C:\Users\olof c e l1352\Desktop\bill-kampmeier.odt 2013-10-29 22:51 - 2013-10-29 22:51 - 00001111 _____ C:\Users\olof c e l1352\Desktop\Disk A.lnk 2013-10-29 17:18 - 2013-10-29 17:18 - 00001936 _____ C:\Users\olof c e l1352\Desktop\Bläckpatroner & Lasertoner Billiga färgpatroner, bläckpatroner och toner NordicInk™.url 2013-10-28 00:27 - 2013-10-28 00:27 - 00024847 _____ C:\Users\olof c e l1352\Desktop\nordic ink.htm 2013-10-26 17:59 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache 2013-10-26 00:59 - 2013-10-25 19:30 - 00000000 ____D C:\Users\olof c e l1352\AppData\Roaming\Dropbox 2013-10-26 00:59 - 2013-03-21 16:18 - 00000347 _____ C:\Windows\wininit.ini 2013-10-26 00:59 - 2011-03-29 14:26 - 00000000 ___RD C:\Users\olof c e l1352\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2013-10-26 00:26 - 2013-10-25 19:39 - 00000000 ___RD C:\Users\olof c e l1352\Dropbox 2013-10-25 19:39 - 2011-03-29 14:21 - 00000000 ____D C:\Users\olof c e l1352 2013-10-20 10:07 - 2011-04-16 20:59 - 00000000 ___RD C:\Program Files (x86)\Skype 2013-10-20 10:07 - 2011-04-16 20:59 - 00000000 ____D C:\ProgramData\Skype 2013-10-19 13:06 - 2013-10-14 00:06 - 00000994 _____ C:\Users\olof c e l1352\Desktop\tallheehill.odt A- genväg.lnk 2013-10-17 13:27 - 2013-10-17 13:27 - 00002220 _____ C:\Users\olof c e l1352\Desktop\odlingsprov.eml Some content of TEMP: ==================== C:\Users\olof c e l1352\AppData\Local\Temp\3sf1ogjo.dll C:\Users\olof c e l1352\AppData\Local\Temp\apptorun.exe C:\Users\olof c e l1352\AppData\Local\Temp\as2oc5ts.dll C:\Users\olof c e l1352\AppData\Local\Temp\BackupSetup.exe C:\Users\olof c e l1352\AppData\Local\Temp\coupish.exe C:\Users\olof c e l1352\AppData\Local\Temp\dropbox.exe C:\Users\olof c e l1352\AppData\Local\Temp\Execute2App.exe C:\Users\olof c e l1352\AppData\Local\Temp\FlashPlayerUpdate.exe C:\Users\olof c e l1352\AppData\Local\Temp\FlashPlayerUpdate01.exe C:\Users\olof c e l1352\AppData\Local\Temp\GUR3EE4.exe C:\Users\olof c e l1352\AppData\Local\Temp\GUR6A94.exe C:\Users\olof c e l1352\AppData\Local\Temp\instloffer.exe C:\Users\olof c e l1352\AppData\Local\Temp\jre-6u24-windows-i586-iftw-rv.exe C:\Users\olof c e l1352\AppData\Local\Temp\jre-6u26-windows-i586-iftw-rv.exe C:\Users\olof c e l1352\AppData\Local\Temp\jre-6u29-windows-i586-iftw-rv.exe C:\Users\olof c e l1352\AppData\Local\Temp\jre-6u31-windows-i586-iftw-rv.exe C:\Users\olof c e l1352\AppData\Local\Temp\jre-6u34-windows-i586-iftw.exe C:\Users\olof c e l1352\AppData\Local\Temp\jre-6u35-windows-i586-iftw.exe C:\Users\olof c e l1352\AppData\Local\Temp\jre-6u37-windows-i586-iftw.exe C:\Users\olof c e l1352\AppData\Local\Temp\jre-7u13-windows-i586-iftw.exe C:\Users\olof c e l1352\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe C:\Users\olof c e l1352\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe C:\Users\olof c e l1352\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe C:\Users\olof c e l1352\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe C:\Users\olof c e l1352\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe C:\Users\olof c e l1352\AppData\Local\Temp\Kies2RemoveAll.exe C:\Users\olof c e l1352\AppData\Local\Temp\msvcp90.dll C:\Users\olof c e l1352\AppData\Local\Temp\msvcr90.dll C:\Users\olof c e l1352\AppData\Local\Temp\nsg46E9.tmp.tbFile.dll C:\Users\olof c e l1352\AppData\Local\Temp\nslAC7E.tmp.tbFile.dll C:\Users\olof c e l1352\AppData\Local\Temp\nslF2F0.tmp.tbFile.dll C:\Users\olof c e l1352\AppData\Local\Temp\nsvF855.tmp.tbFile.dll C:\Users\olof c e l1352\AppData\Local\Temp\ntdll_dump.dll C:\Users\olof c e l1352\AppData\Local\Temp\PatchIt.exe C:\Users\olof c e l1352\AppData\Local\Temp\Quarantine.exe C:\Users\olof c e l1352\AppData\Local\Temp\Setup.exe C:\Users\olof c e l1352\AppData\Local\Temp\SkypeSetup.exe C:\Users\olof c e l1352\AppData\Local\Temp\tbbabylon.exe C:\Users\olof c e l1352\AppData\Local\Temp\tbedrs.dll C:\Users\olof c e l1352\AppData\Local\Temp\tbFil0.dll C:\Users\olof c e l1352\AppData\Local\Temp\tbFile.dll C:\Users\olof c e l1352\AppData\Local\Temp\tbFree.dll C:\Users\olof c e l1352\AppData\Local\Temp\tbProd.dll C:\Users\olof c e l1352\AppData\Local\Temp\tbWise.dll C:\Users\olof c e l1352\AppData\Local\Temp\uninst.exe C:\Users\olof c e l1352\AppData\Local\Temp\v2gwrrah.dll C:\Users\olof c e l1352\AppData\Local\Temp\wmpfirefoxplugin.exe C:\Users\olof c e l1352\AppData\Local\Temp\wpsetup.exe C:\Users\olof c e l1352\AppData\Local\Temp\xmlUpdater.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-11-10 00:06 ==================== End Of Log ============================ JRT.txt Addition.txt
Dad's computer infected by trojan.downloader.wi and trojan.sefnit

chrisbc replied to chrisbc's topic in Resolved Malware Removal Logs

I am back with the requested logs step 03 to 05 not to miss the three day limit. The Eset scan is nearly complete. I am sorry for the delay. I will post step 06 and 07 as soon as possible. I did not succeed to post all in one reply. I need to post multiple replies. mbar-log.txt: Malwarebytes Anti-Rootkit BETA 1.07.0.1007 www.malwarebytes.org Database version: v2013.11.16.03 Windows 7 Service Pack 1 x64 NTFSInternet Explorer 10.0.9200.16721olof c e l1352 :: OLOFCEL1352 [administrator] 2013-11-16 16:15:59mbar-log-2013-11-16 (16-15-59).txt Scan type: Quick scanScan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/ShurikenScan options disabled: Objects scanned: 311345Time elapsed: 1 hour(s), 6 minute(s), 33 second(s) Memory Processes Detected: 0(No malicious items detected) Memory Modules Detected: 0(No malicious items detected) Registry Keys Detected: 0(No malicious items detected) Registry Values Detected: 0(No malicious items detected) Registry Data Items Detected: 0(No malicious items detected) Folders Detected: 0(No malicious items detected) Files Detected: 1C:\Windows\SysWOW64\trzD8D2.tmp (Trojan.Sefnit) -> Delete on reboot. Physical Sectors Detected: 0(No malicious items detected) (end) system-log.txt: ---------------------------------------Malwarebytes Anti-Rootkit BETA 1.07.0.1007 © Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x64 Account is Administrative Internet Explorer version: 10.0.9200.16721 File system is: NTFSDisk drives: C:\ DRIVE_FIXEDCPU speed: 2.812000 GHzMemory total: 4025868288, free: 1537368064 Downloaded database version: v2013.11.16.03Downloaded database version: v2013.10.11.02=======================================Initializing...------------ Kernel report ------------ 11/16/2013 16:15:49------------ Loaded modules -----------\SystemRoot\system32\ntoskrnl.exe\SystemRoot\system32\hal.dll\SystemRoot\system32\kdcom.dll\SystemRoot\system32\mcupdate_AuthenticAMD.dll\SystemRoot\system32\PSHED.dll\SystemRoot\system32\CLFS.SYS\SystemRoot\system32\CI.dll\SystemRoot\system32\drivers\Wdf01000.sys\SystemRoot\system32\drivers\WDFLDR.SYS\SystemRoot\system32\drivers\ACPI.sys\SystemRoot\system32\drivers\WMILIB.SYS\SystemRoot\system32\drivers\msisadrv.sys\SystemRoot\system32\drivers\pci.sys\SystemRoot\system32\drivers\vdrvroot.sys\SystemRoot\System32\drivers\partmgr.sys\SystemRoot\system32\drivers\volmgr.sys\SystemRoot\System32\drivers\volmgrx.sys\SystemRoot\system32\drivers\pciide.sys\SystemRoot\system32\drivers\PCIIDEX.SYS\SystemRoot\System32\drivers\mountmgr.sys\SystemRoot\system32\drivers\atapi.sys\SystemRoot\system32\drivers\ataport.SYS\SystemRoot\system32\DRIVERS\nvstor64.sys\SystemRoot\system32\DRIVERS\storport.sys\SystemRoot\system32\drivers\amdxata.sys\SystemRoot\system32\drivers\fltmgr.sys\SystemRoot\system32\drivers\fileinfo.sys\SystemRoot\System32\Drivers\Ntfs.sys\SystemRoot\System32\Drivers\msrpc.sys\SystemRoot\System32\Drivers\ksecdd.sys\SystemRoot\System32\Drivers\cng.sys\SystemRoot\System32\drivers\pcw.sys\SystemRoot\System32\Drivers\Fs_Rec.sys\SystemRoot\system32\drivers\ndis.sys\SystemRoot\system32\drivers\NETIO.SYS\SystemRoot\System32\Drivers\ksecpkg.sys\SystemRoot\System32\drivers\tcpip.sys\SystemRoot\System32\drivers\fwpkclnt.sys\SystemRoot\system32\drivers\volsnap.sys\SystemRoot\System32\Drivers\spldr.sys\SystemRoot\System32\drivers\rdyboost.sys\SystemRoot\System32\Drivers\mup.sys\SystemRoot\System32\drivers\hwpolicy.sys\SystemRoot\System32\DRIVERS\fvevol.sys\SystemRoot\system32\DRIVERS\disk.sys\SystemRoot\system32\DRIVERS\CLASSPNP.SYS\SystemRoot\System32\Drivers\aswVmm.sys\SystemRoot\System32\Drivers\aswRvrt.sys\SystemRoot\system32\drivers\cdrom.sys\SystemRoot\System32\Drivers\aswSnx.SYS\SystemRoot\System32\Drivers\Null.SYS\SystemRoot\System32\Drivers\Beep.SYS\SystemRoot\System32\drivers\vga.sys\SystemRoot\System32\drivers\VIDEOPRT.SYS\SystemRoot\System32\drivers\watchdog.sys\SystemRoot\System32\DRIVERS\RDPCDD.sys\SystemRoot\system32\drivers\rdpencdd.sys\SystemRoot\system32\drivers\rdprefmp.sys\SystemRoot\System32\Drivers\Msfs.SYS\SystemRoot\System32\Drivers\Npfs.SYS\SystemRoot\system32\DRIVERS\tdx.sys\SystemRoot\system32\DRIVERS\TDI.SYS\SystemRoot\System32\Drivers\aswTdi.SYS\SystemRoot\system32\drivers\afd.sys\SystemRoot\System32\Drivers\aswrdr2.sys\SystemRoot\System32\DRIVERS\netbt.sys\SystemRoot\system32\DRIVERS\wfplwf.sys\SystemRoot\system32\DRIVERS\pacer.sys\SystemRoot\system32\DRIVERS\netbios.sys\SystemRoot\system32\DRIVERS\wanarp.sys\SystemRoot\system32\drivers\termdd.sys\??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS\??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS\SystemRoot\system32\DRIVERS\rdbss.sys\SystemRoot\system32\drivers\nsiproxy.sys\SystemRoot\system32\drivers\mssmbios.sys\SystemRoot\System32\drivers\discache.sys\SystemRoot\System32\Drivers\dfsc.sys\SystemRoot\system32\DRIVERS\blbdrive.sys\SystemRoot\System32\Drivers\aswSP.SYS\SystemRoot\system32\DRIVERS\tunnel.sys\SystemRoot\system32\DRIVERS\amdppm.sys\SystemRoot\system32\drivers\i8042prt.sys\SystemRoot\system32\DRIVERS\kbdclass.sys\SystemRoot\system32\DRIVERS\mouclass.sys\SystemRoot\system32\DRIVERS\usbohci.sys\SystemRoot\system32\DRIVERS\USBPORT.SYS\SystemRoot\system32\DRIVERS\usbehci.sys\SystemRoot\system32\drivers\HDAudBus.sys\SystemRoot\system32\DRIVERS\nvmf6264.sys\SystemRoot\system32\DRIVERS\nvlddmkm.sys\SystemRoot\System32\Drivers\nvBridge.kmd\SystemRoot\System32\drivers\dxgkrnl.sys\SystemRoot\System32\drivers\dxgmms1.sys\SystemRoot\system32\drivers\wmiacpi.sys\SystemRoot\system32\DRIVERS\btkrnl.sys\SystemRoot\system32\drivers\CompositeBus.sys\SystemRoot\system32\DRIVERS\AgileVpn.sys\SystemRoot\system32\DRIVERS\rasl2tp.sys\SystemRoot\system32\DRIVERS\ndistapi.sys\SystemRoot\system32\DRIVERS\ndiswan.sys\SystemRoot\system32\DRIVERS\raspppoe.sys\SystemRoot\system32\DRIVERS\raspptp.sys\SystemRoot\system32\DRIVERS\rassstp.sys\SystemRoot\system32\drivers\swenum.sys\SystemRoot\system32\drivers\ks.sys\SystemRoot\system32\drivers\umbus.sys\SystemRoot\system32\DRIVERS\usbhub.sys\SystemRoot\system32\DRIVERS\btport.sys\SystemRoot\System32\Drivers\NDProxy.SYS\SystemRoot\system32\drivers\RTKVHD64.sys\SystemRoot\system32\drivers\portcls.sys\SystemRoot\system32\drivers\drmk.sys\SystemRoot\system32\drivers\ksthunk.sys\SystemRoot\System32\win32k.sys\SystemRoot\System32\drivers\Dxapi.sys\SystemRoot\system32\DRIVERS\usbccgp.sys\SystemRoot\system32\DRIVERS\USBD.SYS\SystemRoot\system32\DRIVERS\lvuvc64.sys\SystemRoot\system32\drivers\usbaudio.sys\SystemRoot\system32\DRIVERS\lvrs64.sys\SystemRoot\system32\drivers\hidusb.sys\SystemRoot\system32\drivers\HIDCLASS.SYS\SystemRoot\system32\drivers\HIDPARSE.SYS\SystemRoot\system32\DRIVERS\mouhid.sys\SystemRoot\System32\TSDDD.dll\SystemRoot\System32\cdd.dll\SystemRoot\System32\Drivers\crashdmp.sys\SystemRoot\System32\Drivers\dump_diskdump.sys\SystemRoot\System32\Drivers\dump_nvstor64.sys\SystemRoot\System32\Drivers\dump_dumpfve.sys\SystemRoot\system32\drivers\luafv.sys\??\C:\Windows\system32\drivers\aswMonFlt.sys\SystemRoot\System32\Drivers\aswFsBlk.SYS\SystemRoot\system32\DRIVERS\RMCAST.sys\SystemRoot\system32\DRIVERS\lltdio.sys\SystemRoot\system32\DRIVERS\rspndr.sys\SystemRoot\system32\drivers\HTTP.sys\SystemRoot\system32\DRIVERS\bowser.sys\SystemRoot\System32\drivers\mpsdrv.sys\SystemRoot\system32\DRIVERS\mrxsmb.sys\SystemRoot\system32\DRIVERS\mrxsmb10.sys\SystemRoot\system32\DRIVERS\mrxsmb20.sys\??\C:\Windows\system32\drivers\aksdf.sys\SystemRoot\System32\Drivers\fastfat.SYS\??\C:\Windows\system32\drivers\hardlock.sys\SystemRoot\system32\drivers\peauth.sys\SystemRoot\System32\Drivers\secdrv.SYS\SystemRoot\System32\DRIVERS\srvnet.sys\SystemRoot\System32\drivers\tcpipreg.sys\SystemRoot\System32\DRIVERS\srv2.sys\SystemRoot\System32\DRIVERS\srv.sys\SystemRoot\system32\DRIVERS\monitor.sys\SystemRoot\System32\ATMFD.DLL\??\C:\Windows\system32\drivers\mbamchameleon.sys\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys\Windows\System32\ntdll.dll\Windows\System32\smss.exe\Windows\System32\apisetschema.dll\Windows\System32\autochk.exe\Windows\System32\msctf.dll\Windows\System32\iertutil.dll\Windows\System32\clbcatq.dll\Windows\System32\difxapi.dll\Windows\System32\advapi32.dll\Windows\System32\shell32.dll\Windows\System32\usp10.dll\Windows\System32\msvcrt.dll\Windows\System32\oleaut32.dll\Windows\System32\Wldap32.dll\Windows\System32\setupapi.dll\Windows\System32\psapi.dll\Windows\System32\comdlg32.dll\Windows\System32\nsi.dll\Windows\System32\ws2_32.dll\Windows\System32\urlmon.dll\Windows\System32\rpcrt4.dll\Windows\System32\normaliz.dll\Windows\System32\imm32.dll\Windows\System32\gdi32.dll\Windows\System32\ole32.dll\Windows\System32\wininet.dll\Windows\System32\sechost.dll\Windows\System32\user32.dll\Windows\System32\lpk.dll\Windows\System32\shlwapi.dll\Windows\System32\kernel32.dll\Windows\System32\imagehlp.dll\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll\Windows\System32\devobj.dll\Windows\System32\wintrust.dll\Windows\System32\comctl32.dll\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll\Windows\System32\KernelBase.dll\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll\Windows\System32\crypt32.dll\Windows\System32\cfgmgr32.dll\Windows\System32\msasn1.dll\Windows\SysWOW64\normaliz.dll----------- End -----------Done!<<<1>>>Upper Device Name: \Device\Harddisk0\DR0Upper Device Object: 0xfffffa80045fe060Upper Device Driver Name: \Driver\Disk\Lower Device Name: \Device\0000005c\Lower Device Object: 0xfffffa800427f9c0Lower Device Driver Name: \Driver\nvstor64\<<<2>>>Physical Sector Size: 512Drive: 0, DevicePointer: 0xfffffa80045fe060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\--------- Disk Stack ------DevicePointer: 0xfffffa80045fd2a0, DeviceName: Unknown, DriverName: \Driver\partmgr\DevicePointer: 0xfffffa80045fe060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\DevicePointer: 0xfffffa8004282c00, DeviceName: Unknown, DriverName: \Driver\ACPI\DevicePointer: 0xfffffa800427f9c0, DeviceName: \Device\0000005c\, DriverName: \Driver\nvstor64\------------ End ----------Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\Upper DeviceData: 0x0, 0x0, 0x0Lower DeviceData: 0x0, 0x0, 0x0<<<3>>>Volume: C:File system type: NTFSSectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes<<<2>>><<<3>>>Volume: C:File system type: NTFSSectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytesScanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...<<<2>>><<<3>>>Volume: C:File system type: NTFSSectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytesDone!Drive 0Scanning MBR on drive 0...Inspecting partition table:MBR Signature: 55AADisk Signature: E0DCDAE0 Partition information: Partition 0 type is Other (0x27) Partition is NOT ACTIVE. Partition starts at LBA: 2048 Numsec = 35651584 Partition 1 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 35653632 Numsec = 204800 Partition is not bootable Partition 2 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 35858432 Numsec = 940912688 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Disk Size: 500107862016 bytesSector size: 512 bytes Scanning physical sectors of unpartitioned space on drive 0 (1-2047-976753168-976773168)...Done!Infected: C:\Windows\SysWOW64\trzD8D2.tmp --> [Trojan.Sefnit]Scan finishedCreating System Restore point...Cleaning up...Removal scheduling successful. System shutdown needed.System shutdown occurred======================================= Removal queue found; removal startedRemoving C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_i.mbam...Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\Bootstrap_0_1_35653632_i.mbam...Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_r.mbam...Removal finished---------------------------------------Malwarebytes Anti-Rootkit BETA 1.07.0.1007 © Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x64 Account is Administrative Internet Explorer version: 10.0.9200.16721 File system is: NTFSDisk drives: C:\ DRIVE_FIXEDCPU speed: 2.812000 GHzMemory total: 4025868288, free: 2790232064 =======================================---------------------------------------Malwarebytes Anti-Rootkit BETA 1.07.0.1007 © Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x64 Account is Administrative Internet Explorer version: 10.0.9200.16721 File system is: NTFSDisk drives: C:\ DRIVE_FIXEDCPU speed: 2.812000 GHzMemory total: 4025868288, free: 1891733504 =======================================Initializing...------------ Kernel report ------------ 11/16/2013 17:38:34------------ Loaded modules -----------\SystemRoot\system32\ntoskrnl.exe\SystemRoot\system32\hal.dll\SystemRoot\system32\kdcom.dll\SystemRoot\system32\mcupdate_AuthenticAMD.dll\SystemRoot\system32\PSHED.dll\SystemRoot\system32\CLFS.SYS\SystemRoot\system32\CI.dll\SystemRoot\System32\drivers\imofugc.sys\SystemRoot\system32\drivers\Wdf01000.sys\SystemRoot\system32\drivers\WDFLDR.SYS\SystemRoot\system32\drivers\ACPI.sys\SystemRoot\system32\drivers\WMILIB.SYS\SystemRoot\system32\drivers\msisadrv.sys\SystemRoot\system32\drivers\pci.sys\SystemRoot\system32\drivers\vdrvroot.sys\SystemRoot\System32\drivers\partmgr.sys\SystemRoot\system32\drivers\volmgr.sys\SystemRoot\System32\drivers\volmgrx.sys\SystemRoot\system32\drivers\pciide.sys\SystemRoot\system32\drivers\PCIIDEX.SYS\SystemRoot\System32\drivers\mountmgr.sys\SystemRoot\system32\drivers\atapi.sys\SystemRoot\system32\drivers\ataport.SYS\SystemRoot\system32\DRIVERS\nvstor64.sys\SystemRoot\system32\DRIVERS\storport.sys\SystemRoot\system32\drivers\amdxata.sys\SystemRoot\system32\drivers\fltmgr.sys\SystemRoot\system32\drivers\fileinfo.sys\SystemRoot\System32\Drivers\Ntfs.sys\SystemRoot\System32\Drivers\msrpc.sys\SystemRoot\System32\Drivers\ksecdd.sys\SystemRoot\System32\Drivers\cng.sys\SystemRoot\System32\drivers\pcw.sys\SystemRoot\System32\Drivers\Fs_Rec.sys\SystemRoot\system32\drivers\ndis.sys\SystemRoot\system32\drivers\NETIO.SYS\SystemRoot\System32\Drivers\ksecpkg.sys\SystemRoot\System32\drivers\tcpip.sys\SystemRoot\System32\drivers\fwpkclnt.sys\SystemRoot\system32\drivers\volsnap.sys\SystemRoot\System32\Drivers\spldr.sys\SystemRoot\System32\drivers\rdyboost.sys\SystemRoot\System32\Drivers\mup.sys\SystemRoot\System32\drivers\hwpolicy.sys\SystemRoot\System32\DRIVERS\fvevol.sys\SystemRoot\system32\DRIVERS\disk.sys\SystemRoot\system32\DRIVERS\CLASSPNP.SYS\SystemRoot\System32\Drivers\aswVmm.sys\SystemRoot\System32\Drivers\aswRvrt.sys\SystemRoot\system32\drivers\cdrom.sys\SystemRoot\System32\Drivers\aswSnx.SYS\SystemRoot\System32\Drivers\Null.SYS\SystemRoot\System32\Drivers\Beep.SYS\SystemRoot\System32\drivers\vga.sys\SystemRoot\System32\drivers\VIDEOPRT.SYS\SystemRoot\System32\drivers\watchdog.sys\SystemRoot\System32\DRIVERS\RDPCDD.sys\SystemRoot\system32\drivers\rdpencdd.sys\SystemRoot\system32\drivers\rdprefmp.sys\SystemRoot\System32\Drivers\Msfs.SYS\SystemRoot\System32\Drivers\Npfs.SYS\SystemRoot\system32\DRIVERS\tdx.sys\SystemRoot\system32\DRIVERS\TDI.SYS\SystemRoot\System32\Drivers\aswTdi.SYS\SystemRoot\system32\drivers\afd.sys\SystemRoot\System32\Drivers\aswrdr2.sys\SystemRoot\System32\DRIVERS\netbt.sys\SystemRoot\system32\DRIVERS\wfplwf.sys\SystemRoot\system32\DRIVERS\pacer.sys\SystemRoot\system32\DRIVERS\netbios.sys\SystemRoot\system32\DRIVERS\wanarp.sys\SystemRoot\system32\drivers\termdd.sys\??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS\??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS\SystemRoot\system32\DRIVERS\rdbss.sys\SystemRoot\system32\drivers\nsiproxy.sys\SystemRoot\system32\drivers\mssmbios.sys\SystemRoot\System32\drivers\discache.sys\SystemRoot\System32\Drivers\dfsc.sys\SystemRoot\system32\DRIVERS\blbdrive.sys\SystemRoot\System32\Drivers\aswSP.SYS\SystemRoot\system32\DRIVERS\tunnel.sys\SystemRoot\system32\DRIVERS\amdppm.sys\SystemRoot\system32\drivers\i8042prt.sys\SystemRoot\system32\DRIVERS\kbdclass.sys\SystemRoot\system32\DRIVERS\mouclass.sys\SystemRoot\system32\DRIVERS\usbohci.sys\SystemRoot\system32\DRIVERS\USBPORT.SYS\SystemRoot\system32\DRIVERS\usbehci.sys\SystemRoot\system32\drivers\HDAudBus.sys\SystemRoot\system32\DRIVERS\nvmf6264.sys\SystemRoot\system32\DRIVERS\nvlddmkm.sys\SystemRoot\System32\Drivers\nvBridge.kmd\SystemRoot\System32\drivers\dxgkrnl.sys\SystemRoot\System32\drivers\dxgmms1.sys\SystemRoot\system32\drivers\wmiacpi.sys\SystemRoot\system32\DRIVERS\btkrnl.sys\SystemRoot\system32\drivers\CompositeBus.sys\SystemRoot\system32\DRIVERS\AgileVpn.sys\SystemRoot\system32\DRIVERS\rasl2tp.sys\SystemRoot\system32\DRIVERS\ndistapi.sys\SystemRoot\system32\DRIVERS\ndiswan.sys\SystemRoot\system32\DRIVERS\raspppoe.sys\SystemRoot\system32\DRIVERS\raspptp.sys\SystemRoot\system32\DRIVERS\rassstp.sys\SystemRoot\system32\drivers\swenum.sys\SystemRoot\system32\drivers\ks.sys\SystemRoot\system32\drivers\umbus.sys\SystemRoot\system32\DRIVERS\usbhub.sys\SystemRoot\system32\DRIVERS\btport.sys\SystemRoot\System32\Drivers\NDProxy.SYS\SystemRoot\system32\drivers\RTKVHD64.sys\SystemRoot\system32\drivers\portcls.sys\SystemRoot\system32\drivers\drmk.sys\SystemRoot\system32\drivers\ksthunk.sys\SystemRoot\System32\win32k.sys\SystemRoot\System32\drivers\Dxapi.sys\SystemRoot\System32\Drivers\crashdmp.sys\SystemRoot\System32\Drivers\dump_diskdump.sys\SystemRoot\System32\Drivers\dump_nvstor64.sys\SystemRoot\System32\Drivers\dump_dumpfve.sys\SystemRoot\system32\DRIVERS\monitor.sys\SystemRoot\System32\TSDDD.dll\SystemRoot\System32\cdd.dll\SystemRoot\system32\DRIVERS\usbccgp.sys\SystemRoot\system32\DRIVERS\USBD.SYS\SystemRoot\system32\DRIVERS\lvuvc64.sys\SystemRoot\system32\drivers\usbaudio.sys\SystemRoot\system32\DRIVERS\lvrs64.sys\SystemRoot\system32\drivers\luafv.sys\??\C:\Windows\system32\drivers\aswMonFlt.sys\SystemRoot\System32\Drivers\aswFsBlk.SYS\SystemRoot\system32\drivers\hidusb.sys\SystemRoot\system32\drivers\HIDCLASS.SYS\SystemRoot\system32\drivers\HIDPARSE.SYS\SystemRoot\system32\DRIVERS\mouhid.sys\SystemRoot\system32\DRIVERS\RMCAST.sys\SystemRoot\system32\DRIVERS\lltdio.sys\SystemRoot\system32\DRIVERS\rspndr.sys\SystemRoot\system32\drivers\HTTP.sys\SystemRoot\system32\DRIVERS\bowser.sys\SystemRoot\System32\drivers\mpsdrv.sys\SystemRoot\system32\DRIVERS\mrxsmb.sys\SystemRoot\system32\DRIVERS\mrxsmb10.sys\SystemRoot\system32\DRIVERS\mrxsmb20.sys\??\C:\Windows\system32\drivers\aksdf.sys\SystemRoot\System32\Drivers\fastfat.SYS\??\C:\Windows\system32\drivers\hardlock.sys\SystemRoot\system32\drivers\peauth.sys\SystemRoot\System32\Drivers\secdrv.SYS\SystemRoot\System32\DRIVERS\srvnet.sys\SystemRoot\System32\drivers\tcpipreg.sys\SystemRoot\System32\DRIVERS\srv2.sys\SystemRoot\System32\DRIVERS\srv.sys\SystemRoot\System32\ATMFD.DLL\SystemRoot\system32\drivers\spsys.sys\SystemRoot\system32\DRIVERS\USBSTOR.SYS\SystemRoot\system32\drivers\WudfPf.sys\SystemRoot\system32\DRIVERS\WUDFRd.sys\??\C:\Windows\system32\drivers\mbamchameleon.sys\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys\Windows\System32\ntdll.dll\Windows\System32\smss.exe\Windows\System32\apisetschema.dll\Windows\System32\autochk.exe\Windows\System32\ws2_32.dll\Windows\System32\nsi.dll\Windows\System32\user32.dll\Windows\System32\shlwapi.dll\Windows\System32\clbcatq.dll\Windows\System32\wininet.dll\Windows\System32\shell32.dll\Windows\System32\advapi32.dll\Windows\System32\iertutil.dll\Windows\System32\psapi.dll\Windows\System32\kernel32.dll\Windows\System32\normaliz.dll\Windows\System32\rpcrt4.dll\Windows\System32\comdlg32.dll\Windows\System32\lpk.dll\Windows\System32\difxapi.dll\Windows\System32\msctf.dll\Windows\System32\imagehlp.dll\Windows\System32\gdi32.dll\Windows\System32\setupapi.dll\Windows\System32\Wldap32.dll\Windows\System32\ole32.dll\Windows\System32\urlmon.dll\Windows\System32\sechost.dll\Windows\System32\msvcrt.dll\Windows\System32\oleaut32.dll\Windows\System32\imm32.dll\Windows\System32\usp10.dll\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll\Windows\System32\crypt32.dll\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll\Windows\System32\wintrust.dll\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll\Windows\System32\KernelBase.dll\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll\Windows\System32\comctl32.dll\Windows\System32\cfgmgr32.dll\Windows\System32\devobj.dll\Windows\System32\msasn1.dll\Windows\SysWOW64\normaliz.dll----------- End -----------Done!<<<1>>>Upper Device Name: \Device\Harddisk2\DR2Upper Device Object: 0xfffffa800424e060Upper Device Driver Name: \Driver\Disk\Lower Device Name: \Device\00000070\Lower Device Object: 0xfffffa800653cb60Lower Device Driver Name: \Driver\USBSTOR\<<<1>>>Upper Device Name: \Device\Harddisk1\DR1Upper Device Object: 0xfffffa800434d790Upper Device Driver Name: \Driver\Disk\Lower Device Name: \Device\0000006f\Lower Device Object: 0xfffffa80044c5750Lower Device Driver Name: \Driver\USBSTOR\<<<1>>>Upper Device Name: \Device\Harddisk0\DR0Upper Device Object: 0xfffffa80045ff060Upper Device Driver Name: \Driver\Disk\Lower Device Name: \Device\0000005c\Lower Device Object: 0xfffffa8004272060Lower Device Driver Name: \Driver\nvstor64\<<<2>>>Physical Sector Size: 512Drive: 0, DevicePointer: 0xfffffa80045ff060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\--------- Disk Stack ------DevicePointer: 0xfffffa80045fe5e0, DeviceName: Unknown, DriverName: \Driver\partmgr\DevicePointer: 0xfffffa80045ff060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\DevicePointer: 0xfffffa800426f790, DeviceName: Unknown, DriverName: \Driver\ACPI\DevicePointer: 0xfffffa8004272060, DeviceName: \Device\0000005c\, DriverName: \Driver\nvstor64\------------ End ----------Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\Upper DeviceData: 0x0, 0x0, 0x0Lower DeviceData: 0x0, 0x0, 0x0<<<3>>>Volume: C:File system type: NTFSSectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes<<<2>>><<<3>>>Volume: C:File system type: NTFSSectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytesScanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...<<<2>>><<<3>>>Volume: C:File system type: NTFSSectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytesDone!Drive 0Scanning MBR on drive 0...Inspecting partition table:MBR Signature: 55AADisk Signature: E0DCDAE0 Partition information: Partition 0 type is Other (0x27) Partition is NOT ACTIVE. Partition starts at LBA: 2048 Numsec = 35651584 Partition 1 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 35653632 Numsec = 204800 Partition is not bootable Partition 2 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 35858432 Numsec = 940912688 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Disk Size: 500107862016 bytesSector size: 512 bytes Scanning physical sectors of unpartitioned space on drive 0 (1-2047-976753168-976773168)...Done!Physical Sector Size: 512Drive: 1, DevicePointer: 0xfffffa800434d790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\--------- Disk Stack ------DevicePointer: 0xfffffa800653c690, DeviceName: Unknown, DriverName: \Driver\partmgr\DevicePointer: 0xfffffa800434d790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\DevicePointer: 0xfffffa80044c5750, DeviceName: \Device\0000006f\, DriverName: \Driver\USBSTOR\------------ End ----------Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\Upper DeviceData: 0x0, 0x0, 0x0Lower DeviceData: 0x0, 0x0, 0x0Drive 1Scanning MBR on drive 1...Inspecting partition table:MBR Signature: 55AADisk Signature: 0 Partition information: Partition 0 type is Other (0xc) Partition is NOT ACTIVE. Partition starts at LBA: 8064 Numsec = 16048256 Partition 1 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Disk Size: 8220835840 bytesSector size: 512 bytes Done!Physical Sector Size: 512Drive: 2, DevicePointer: 0xfffffa800424e060, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\--------- Disk Stack ------DevicePointer: 0xfffffa800424ea40, DeviceName: Unknown, DriverName: \Driver\partmgr\DevicePointer: 0xfffffa800424e060, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\DevicePointer: 0xfffffa800653cb60, DeviceName: \Device\00000070\, DriverName: \Driver\USBSTOR\------------ End ----------Alternate DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\Upper DeviceData: 0x0, 0x0, 0x0Lower DeviceData: 0x0, 0x0, 0x0Drive 2Scanning MBR on drive 2...Inspecting partition table:MBR Signature: 55AADisk Signature: 0 Partition information: Partition 0 type is Other (0x1) Partition is NOT ACTIVE. Partition starts at LBA: 32 Numsec = 4064 Partition 1 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Disk Size: 2097152 bytesSector size: 512 bytes Done!Scan finished======================================= Removal queue found; removal startedRemoving C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_i.mbam...Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\Bootstrap_0_1_35653632_i.mbam...Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_r.mbam...Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_1_i.mbam...Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_1_r.mbam...Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_2_i.mbam...Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_2_r.mbam...Removal finished
Dad's computer infected by trojan.downloader.wi and trojan.sefnit

chrisbc replied to chrisbc's topic in Resolved Malware Removal Logs

Hi. Thank you very much for helping us. Below is the RogueKiller log. My father's other computer, a laptop which is also infected, connects to the router via the same ethernet switch. Should I remove it? RogueKiller V8.7.7 _x64_ [Nov 11 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.adlice.com/forum/ Website : http://www.adlice.com/softwares/roguekiller/ Blog : http://tigzyrk.blogspot.com/ Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : olof c e l1352 [Admin rights] Mode : Scan -- Date : 11/13/2013 18:35:43 | ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 2 ¤¤¤ [HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Scheduled tasks : 2 ¤¤¤ [V1][sUSP PATH] SaveAsUpdaterTask{F219EBEA-7BB5-48DE-B5B2-6D6E46DDF9C2}.job : C:\ProgramData\Premium\SaveAs\SaveAs.exe - /schedule /profilepath "C:\ProgramData\Premium\SaveAs\profile.ini" [x][x] -> FOUND [V2][sUSP PATH] {1AD1E410-00E5-4BBA-B98D-BF943C4FD6B7} : msiexec.exe - /package "C:\Users\olof c e l1352\Desktop\HTC Sync Manager.msi" [x][x] -> FOUND ¤¤¤ Startup Entries : 0 ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤ ¤¤¤ External Hives: ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> %SystemRoot%\System32\drivers\etc\hosts ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) Hitachi HDS721050CLA SCSI Disk Device +++++ --- User --- [MBR] a8e9fe9e2a046abd9fd00d2a1142f66f [bSP] 65bc1de4e042f9e93b3960b1f7768c78 : Windows 7/8 MBR Code Partition table: 0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 17408 Mo 1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 35653632 | Size: 100 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 35858432 | Size: 459430 Mo User = LL1 ... OK! Error reading LL2 MBR! Finished : << RKreport[0]_S_11132013_183543.txt >>
Dad's computer infected by trojan.downloader.wi and trojan.sefnit

chrisbc posted a topic in Resolved Malware Removal Logs

Hi. My dad's windows 7 desktop machine is running very slow and takes almost ten minutes to finish start-up. Mbam scan shows Trojan.Sefnit and Trojan.Downloader.WI, Scan logs all open up in Greek for unknown reason but are correct when copied and pasted in browser. I removed Conduit search hijacker with Adwcleaner, it seems gone, but have not touched the Mbam delete button yet afraid I might do something wrong. Grateful for help! DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 10.0.9200.16720 BrowserJavaVersion: 10.45.2Run by olof c e l1352 at 19:42:49 on 2013-11-11Microsoft Windows 7 Home Premium 6.1.7601.1.1252.46.1053.18.3839.2142 [GMT 1:00].AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}.============== Running Processes ===============.C:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\nvvsvc.exeC:\Windows\system32\svchost.exe -k RPCSSC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\svchost.exe -k netsvcsC:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exeC:\Windows\system32\svchost.exe -k GPSvcGroupC:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exeC:\Program Files\NVIDIA Corporation\Display\nvxdsync.exeC:\Windows\system32\nvvsvc.exeC:\Windows\system32\svchost.exe -k NetworkServiceC:\Program Files\AVAST Software\Avast\AvastSvc.exeC:\Windows\System32\spoolsv.exeC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonationC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Program Files\SUPERAntiSpyware\SASCORE64.EXEC:\Program Files (x86)\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exeC:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeC:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exeC:\Windows\system32\taskhost.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeC:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exeC:\Program Files (x86)\Logitech\Vid HD\Vid.exeC:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXEC:\Program Files\Windows Sidebar\sidebar.exeC:\Program Files (x86)\Samsung\Kies\Kies.exeC:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exeC:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exeC:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exeC:\Program Files (x86)\eMachines\Registration\GregHSRW.exeC:\Program Files (x86)\Personal\bin\Personal.exeC:\Program Files\NVIDIA Corporation\Display\nvtray.exeC:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exeC:\Windows\SysWOW64\svchost.exe -k hpdevmgmtC:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exeC:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exeC:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exeC:\Program Files (x86)\Telia\Supportassistenten\bin\sprtcmd.exeC:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exeC:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exeC:\Program Files\AVAST Software\Avast\AvastUI.exeC:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXEC:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exeC:\Windows\system32\RunDll32.exeC:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exeC:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exeC:\Program Files (x86)\Common Files\Java\Java Update\jusched.exeC:\Program Files (x86)\Telia\Supportassistenten\bin\sprtsvc.exeC:\Windows\system32\svchost.exe -k imgsvcC:\Program Files (x86)\Telia\Supportassistenten\bin\tgsrvc.exeC:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exeC:\Program Files (x86)\Tor\tor.exeC:\Program Files\eMachines\eMachines Updater\UpdaterService.exeC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXEC:\PROGRA~1\BITNAM~1\apache2\bin\httpd.exeC:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exeC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exeC:\Program Files\BitNami WordPress Stack\mysql\bin\mysqld.exeC:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exeC:\PROGRA~1\BITNAM~1\apache2\bin\httpd.exeC:\Windows\system32\SearchIndexer.exeC:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestrictedC:\Program Files\Windows Media Player\wmpnetwk.exeC:\Windows\System32\svchost.exe -k LocalServicePeerNetC:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exeC:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exeC:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exeC:\Windows\system32\svchost.exe -k SDRSVCC:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exeC:\Windows\System32\svchost.exe -k secsvcsC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exeC:\Windows\system32\taskhost.exeC:\Windows\system32\taskeng.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Windows\notepad.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Windows\system32\SearchProtocolHost.exeC:\Windows\system32\SearchFilterHost.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Windows\System32\cscript.exe.============== Pseudo HJT Report ===============.uURLSearchHooks: {16bb67e0-6319-4077-be84-f41269e051f3} - <orphaned>uURLSearchHooks: {ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} - <orphaned>uURLSearchHooks: {21755ee9-61a2-461a-9a1b-bf76a51515cc} - <orphaned>uURLSearchHooks: {55d7c7bc-12a7-4f9b-81c0-600d9a182395} - <orphaned>mWinlogon: Userinit = userinit.exe,BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dllBHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dllBHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllBHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dllBHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dllTB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - TB: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dllTB: Utility Chest: {cf67755f-9265-449c-87cf-b945519e073b} - EB: Developer Tools: {1A6FE369-F28C-4AD9-A3E6-2BCB50807CF1} - C:\Program Files (x86)\Internet Explorer\iedvtool.dllEB: <No Name>: {555D4D79-4BD2-4094-A395-CFC534424A05} - LocalServer32 - <no file>EB: <No Name>: {555D4D79-4BD2-4094-A395-CFC534424A05} - LocalServer32 - <no file>uRun: [Logitech Vid] "C:\Program Files (x86)\Logitech\Vid HD\Vid.exe" -bootmodeuRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"uRun: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exeuRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRunuRun: [KiesPreload] "C:\Program Files (x86)\Samsung\Kies\Kies.exe" /preloaduRun: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startupuRun: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exeuRun: [GarminExpressTrayApp] "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe"uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrunmRun: [Hotkey Utility] C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exemRun: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exemRun: [Telia] "C:\Program Files (x86)\Telia\Supportassistenten\bin\sprtcmd.exe" /P TeliaDAmRun: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hidemRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /noguimRun: [PaperPort PTD] C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exemRun: [indexSearch] C:\Program Files (x86)\ScanSoft\PaperPort\IndexSearch.exemRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exemRun: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exemRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"mRun: [HTC Sync Loader] "C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startupmRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silentdRun: [searchProtect] \SearchProtect\bin\cltmng.exeStartupFolder: C:\Users\OLOFCE~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\VERVAK~1.LNK - C:\Windows\System32\RunDll32.exeStartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BANKID~1.LNK - C:\Program Files (x86)\Personal\bin\Personal.exeStartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exeStartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exeStartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ONSCRE~1.LNK - C:\Program Files\Logitech\OnScreen Keyboard\LOnScreenKeyboard.exemPolicies-Explorer: NoActiveDesktop = dword:1mPolicies-Explorer: NoActiveDesktopChanges = dword:1mPolicies-System: ConsentPromptBehaviorUser = dword:3mPolicies-System: EnableUIADesktopToggle = dword:0IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.htmlIE: Skicka till &Bluetooth-enhet... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htmIE: Skicka till Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htmIE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dllIE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dllIE: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exeIE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dllIE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htmTCP: NameServer = 195.67.199.27 195.67.199.28TCP: Interfaces\{70B2A71F-8C03-469D-9028-E4E45B8A181E} : DHCPNameServer = 195.67.199.27 195.67.199.28TCP: Interfaces\{7B06EEB5-39F7-4D41-9E86-C14F3E0185F6} : DHCPNameServer = 192.168.42.129Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dllHandler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dllHandler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dllSSODL: WebCheck - <orphaned>mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chromex64-BHO: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dllx64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllx64-TB: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dllx64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -sx64-Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exex64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htmx64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>x64-SSODL: WebCheck - <orphaned>.============= SERVICES / DRIVERS ===============.R0 aswRvrt;aswRvrt;C:\Windows\System32\drivers\aswRvrt.sys [2013-3-21 65336]R0 aswVmm;aswVmm;C:\Windows\System32\drivers\aswVmm.sys [2013-3-21 204880]R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2011-6-8 1030952]R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2011-6-8 378944]R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2012-7-11 140672]R2 aksdf;aksdf;C:\Windows\System32\drivers\aksdf.sys [2010-9-27 75648]R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2011-6-8 33400]R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2011-6-8 80816]R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-9-14 46808]R2 Greg_Service;GRegService;C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe [2009-8-28 1150496]R2 HTCMonitorService;HTCMonitorService;C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [2013-1-29 87368]R2 PassThru Service;Internet Pass-Through Service;C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2013-6-20 167424]R2 sprtsvc_teliada;SupportSoft Sprocket Service (teliada);C:\Program Files (x86)\Telia\Supportassistenten\bin\sprtsvc.exe [2011-3-29 206120]R2 tgsrvc_teliada;SupportSoft Repair Service (teliada);C:\Program Files (x86)\Telia\Supportassistenten\bin\tgsrvc.exe [2011-3-29 185640]R2 tor;Tor Win32 Service;C:\Program Files (x86)\Tor\tor.exe [2013-8-23 3233806]R2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-1-18 450848]R2 Updater Service;Updater Service;C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe [2010-5-6 243232]R2 wordpressApache;wordpressApache;C:\PROGRA~1\BITNAM~1\apache2\bin\httpd.exe [2011-12-20 20549]R2 wordpressMySQL;wordpressMySQL;C:\Program Files\BitNami WordPress Stack\mysql\bin\mysqld.exe [2011-12-20 8158720]R3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2012-1-18 351136]R3 LVUVC64;Logitech QuickCam Pro 9000(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2012-1-18 4865568]R3 Tdsshbecr;Handelsbanken card reader;C:\Windows\System32\drivers\shbecr.sys [2008-9-22 50176]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]S2 Garmin Core Update Service;Garmin Core Update Service;C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [2013-3-27 185688]S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-9-5 171680]S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-2-28 183560]S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2013-4-26 102936]S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2012-6-8 48488]S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-8 1492840]S3 HTCAND64;HTC Device Driver;C:\Windows\System32\drivers\ANDROIDUSB.sys [2009-11-2 33736]S3 htcnprot;HTC NDIS Protocol Driver;C:\Windows\System32\drivers\htcnprot.sys [2012-12-7 36928]S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-11-21 19456]S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2013-4-26 203544]S3 TdsNordecr;Nordea NCR1 SmartCard Reader;C:\Windows\System32\drivers\nordecr.sys [2007-10-30 28672]S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-11-21 57856]S3 WatAdminSvc;Aktiveringsteknologier för Windows-tjänst;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-3-30 1255736]S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184].=============== Created Last 30 ================.2013-11-11 15:30:11 -------- d-----w- C:\Users\olof c e l1352\AppData\Local\Apple Computer2013-11-11 15:19:26 -------- d-----w- C:\AdwCleaner2013-11-11 15:18:26 -------- d-----w- C:\ProgramData\Oracle2013-11-11 15:17:59 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll2013-11-11 14:28:16 -------- d-----w- C:\Users\olof c e l1352\AppData\Local\{0D57432C-413C-49C7-9518-32F28D7ADD98}2013-11-10 22:02:45 -------- d-----w- C:\Users\olof c e l1352\AppData\Local\{DB2393D9-5CCE-422D-BA27-2B744535672F}2013-11-10 10:02:19 -------- d-----w- C:\Users\olof c e l1352\AppData\Local\{C9BD7A46-0975-4773-AD77-CE092FC545E0}2013-11-09 13:38:48 -------- d-----w- C:\Users\olof c e l1352\AppData\Local\{2D052A5E-6A48-4700-A1DE-F5D95B2B2C30}2013-11-08 20:06:34 10280728 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{56098514-BB31-433C-A207-05DCEAB6FCCF}\mpengine.dll2013-11-08 11:31:24 -------- d-----w- C:\Users\olof c e l1352\AppData\Local\{E299758C-804F-426B-8C11-0CF199D9D65A}2013-11-08 11:03:20 -------- d-----w- C:\Users\olof c e l1352\AppData\Local\{5FC548F2-3B1D-4317-A291-703E49377BC0}2013-11-07 11:02:41 -------- d-----w- C:\Users\olof c e l1352\AppData\Local\{193480A2-920A-4FA7-A29E-C4E7AD6F1162}2013-11-06 12:22:22 -------- d-----w- C:\Users\olof c e l1352\AppData\Local\{B26628C9-61BC-4E9A-BE8A-F10C9B35A96A}2013-11-06 11:34:27 -------- d-----w- C:\Users\olof c e l1352\AppData\Local\{88364FD3-0481-4251-AD7C-93FFAE71C496}2013-11-06 11:31:41 -------- d-----w- C:\Users\olof c e l1352\AppData\Local\{E716A89F-A180-49C8-A6BD-B11A526A1B5E}2013-11-05 12:50:48 -------- d-----w- C:\Users\olof c e l1352\AppData\Local\{21F83423-E116-480E-BF9A-1E7A982EF1BC}2013-11-04 10:35:22 -------- d-----w- C:\Users\olof c e l1352\AppData\Local\{A33750FB-44D2-4A63-91AB-28EEE0CCF797}2013-11-03 15:21:01 -------- d-----w- C:\Users\olof c e l1352\AppData\Local\{097889FA-65EB-419D-BB16-435491797611}2013-11-02 13:05:24 -------- d-----w- C:\Users\olof c e l1352\AppData\Local\{709713B9-96C9-4B8F-B327-308EBA6DDE3E}2013-11-01 13:14:42 -------- d-----w- C:\Users\olof c e l1352\AppData\Local\{A395BA54-CF67-48B0-8B52-97C541DDB73F}2013-10-31 15:32:55 -------- d-----w- C:\Users\olof c e l1352\AppData\Local\{BC581700-5C1D-47FA-AB93-1228846032ED}2013-10-31 00:49:23 -------- d-----w- C:\Users\olof c e l1352\AppData\Local\{338B2F77-2E60-4503-A089-3092BBAA5EFA}2013-10-30 09:34:22 -------- d-----w- C:\Users\olof c e l1352\AppData\Local\{A74F197A-DAF7-4C85-A738-049DA02E1D75}2013-10-29 11:48:27 -------- d-----w- C:\Users\olof c e l1352\AppData\Local\{F24037DF-FC7C-4532-97C5-5ACB1D4D61F0}2013-10-28 11:56:30 -------- d-----w- C:\Users\olof c e l1352\AppData\Local\{F7697BF2-B25C-4765-899D-6BC3EC1F4A2F}2013-10-28 11:18:56 -------- d-----w- C:\Users\olof c e l1352\AppData\Local\{4EDC6F30-56C5-4871-9981-4E646BCD6FD4}2013-10-27 13:19:52 -------- d-----w- C:\Users\olof c e l1352\AppData\Local\{3E224203-F6E7-498C-A0DA-09D9856F52D9}2013-10-26 15:24:32 -------- d-----w- C:\Users\olof c e l1352\AppData\Local\{81CBDEF7-6BF7-4435-B03C-B39C899A79A9}2013-10-25 23:50:38 -------- d-----w- C:\Users\olof c e l1352\AppData\Local\{C299E4A8-3126-48B3-9BB8-710416BCB517}2013-10-25 18:39:34 -------- d-----r- C:\Users\olof c e l1352\Dropbox2013-10-25 18:30:39 -------- d-----w- C:\Users\olof c e l1352\AppData\Roaming\Dropbox2013-10-25 09:29:12 -------- d-----w- C:\Users\olof c e l1352\AppData\Local\{62FCCC89-00AF-4DD9-B8FD-F431CFD8E5E5}2013-10-24 17:31:49 -------- d-----w- C:\Users\olof c e l1352\AppData\Local\{31C4559C-DBDF-4092-9AB2-0F88F4104443}2013-10-23 23:18:17 -------- d-----w- C:\Users\olof c e l1352\AppData\Local\{660D0F44-05AB-48EF-B79B-C745B611AFC5}2013-10-23 09:41:30 -------- d-----w- C:\Users\olof c e l1352\AppData\Local\{402AD5C0-22AC-4CF6-8D9A-35991899295B}2013-10-23 09:27:10 -------- d-----w- C:\Users\olof c e l1352\AppData\Local\{7AEB18B4-158E-419D-92F1-2F601D80EAC2}2013-10-23 09:22:28 -------- d-----w- C:\Users\olof c e l1352\AppData\Local\{A6445F20-C5B7-4A7A-AF70-972C95202B32}2013-10-23 09:14:34 -------- d-----w- C:\Users\olof c e l1352\AppData\Local\{8A4B621F-A27C-47B8-8D4B-083711617FF3}2013-10-22 11:25:43 -------- d-----w- C:\Users\olof c e l1352\AppData\Local\{394A8B0B-FD5F-40BE-8385-66CB7B231C9F}2013-10-21 12:44:39 -------- d-----w- C:\Users\olof c e l1352\AppData\Local\{829169EF-E14F-4A21-83AD-EEBC67F2321A}2013-10-20 23:26:52 -------- d-----w- C:\Users\olof c e l1352\AppData\Local\{5CF88F07-2449-4371-A67B-56B050C213BF}2013-10-20 09:08:57 -------- d-----w- C:\Users\olof c e l1352\AppData\Local\{3B011F1D-6A6A-4F15-B015-CEDE8C0A752C}2013-10-19 12:01:39 -------- d-----w- C:\Users\olof c e l1352\AppData\Local\{61C5D425-4220-4A25-9BAC-51A044719EF0}2013-10-18 23:23:12 -------- d-----w- C:\Users\olof c e l1352\AppData\Local\{751447A5-78F1-4375-8707-ABB1EBDA354A}2013-10-18 08:11:59 -------- d-----w- C:\Users\olof c e l1352\AppData\Local\{3CF3E6C7-9843-437C-ABFF-C9205CE6C84B}2013-10-17 19:39:39 -------- d-----w- C:\Users\olof c e l1352\AppData\Local\{F9BDCB73-7D90-4ED8-8A00-0D4020C81753}2013-10-17 07:19:35 -------- d-----w- C:\Users\olof c e l1352\AppData\Local\{91F20A7F-D2EC-4DF6-99A4-D0FF0A58711F}2013-10-16 09:21:22 -------- d-----w- C:\Users\olof c e l1352\AppData\Local\{7BCC318F-C49E-4013-8E85-C00498595CA8}2013-10-15 13:19:26 -------- d-----w- C:\Users\olof c e l1352\AppData\Local\{3A44D6E8-2C39-4B38-8642-BD3F90358C1E}2013-10-15 00:22:29 -------- d-----w- C:\Users\olof c e l1352\AppData\Local\{DD32ED83-D6F5-4CB5-992D-F2892199898E}2013-10-14 11:14:31 -------- d-----w- C:\Users\olof c e l1352\AppData\Local\{81C758B2-12C5-48D5-8263-234A9478A3E3}2013-10-13 12:35:02 -------- d-----w- C:\Users\olof c e l1352\AppData\Local\{E94E03AA-D40E-4DAD-8E21-3B143CA8E112}.==================== Find3M ====================.2013-10-08 20:02:28 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl2013-10-08 20:02:28 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe2013-09-22 23:28:06 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll2013-09-22 23:27:49 2876928 ----a-w- C:\Windows\SysWow64\jscript9.dll2013-09-22 23:27:48 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll2013-09-22 23:27:48 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll2013-09-22 22:55:10 2241024 ----a-w- C:\Windows\System32\wininet.dll2013-09-22 22:54:51 3959296 ----a-w- C:\Windows\System32\jscript9.dll2013-09-22 22:54:50 67072 ----a-w- C:\Windows\System32\iesetup.dll2013-09-22 22:54:50 136704 ----a-w- C:\Windows\System32\iesysprep.dll2013-09-21 03:38:39 2706432 ----a-w- C:\Windows\System32\mshtml.tlb2013-09-21 03:30:24 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb2013-09-21 02:48:36 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe2013-09-21 02:39:47 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe2013-09-14 01:10:19 497152 ----a-w- C:\Windows\System32\drivers\afd.sys2013-09-08 02:30:37 1903552 ----a-w- C:\Windows\System32\drivers\tcpip.sys2013-09-08 02:27:14 327168 ----a-w- C:\Windows\System32\mswsock.dll2013-09-08 02:03:58 231424 ----a-w- C:\Windows\SysWow64\mswsock.dll2013-09-04 12:12:11 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys2013-09-04 12:11:51 325120 ----a-w- C:\Windows\System32\drivers\usbport.sys2013-09-04 12:11:49 99840 ----a-w- C:\Windows\System32\drivers\usbccgp.sys2013-09-04 12:11:43 52736 ----a-w- C:\Windows\System32\drivers\usbehci.sys2013-09-04 12:11:43 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys2013-09-04 12:11:42 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys2013-09-04 12:11:40 7808 ----a-w- C:\Windows\System32\drivers\usbd.sys2013-09-03 12:35:10 278800 ------w- C:\Windows\System32\MpSigStub.exe2013-08-30 07:48:10 72016 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys2013-08-30 07:48:10 65336 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys2013-08-30 07:48:10 204880 ----a-w- C:\Windows\System32\drivers\aswVmm.sys2013-08-30 07:48:10 1030952 ----a-w- C:\Windows\System32\drivers\aswSnx.sys2013-08-30 07:48:09 80816 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys2013-08-30 07:47:40 41664 ----a-w- C:\Windows\avastSS.scr2013-08-29 02:17:48 5549504 ----a-w- C:\Windows\System32\ntoskrnl.exe2013-08-29 02:16:35 1732032 ----a-w- C:\Windows\System32\ntdll.dll2013-08-29 02:16:28 243712 ----a-w- C:\Windows\System32\wow64.dll2013-08-29 02:16:14 859648 ----a-w- C:\Windows\System32\tdh.dll2013-08-29 02:13:28 878080 ----a-w- C:\Windows\System32\advapi32.dll2013-08-29 01:51:45 3969472 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe2013-08-29 01:51:45 3914176 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe2013-08-29 01:50:31 5120 ----a-w- C:\Windows\SysWow64\wow32.dll2013-08-29 01:50:30 1292192 ----a-w- C:\Windows\SysWow64\ntdll.dll2013-08-29 01:50:16 619520 ----a-w- C:\Windows\SysWow64\tdh.dll2013-08-29 01:48:17 640512 ----a-w- C:\Windows\SysWow64\advapi32.dll2013-08-29 01:48:15 44032 ----a-w- C:\Windows\apppatch\acwow64.dll2013-08-29 00:49:53 25600 ----a-w- C:\Windows\SysWow64\setup16.exe2013-08-29 00:49:52 7680 ----a-w- C:\Windows\SysWow64\instnm.exe2013-08-29 00:49:52 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll2013-08-29 00:49:49 2048 ----a-w- C:\Windows\SysWow64\user.exe2013-08-28 01:21:06 3155968 ----a-w- C:\Windows\System32\win32k.sys2013-08-28 01:12:33 461312 ----a-w- C:\Windows\System32\scavengeui.dll.============= FINISH: 19:44:04,59 =============== .UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH IT.DDS (Ver_2012-11-20.01).Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume2Install Date: 2011-03-29 15:21:00System Uptime: 2013-11-11 16:44:57 (3 hours ago).Motherboard: eMachines | | EL1352Processor: AMD Athlon II X2 220 Processor | CPU 1 | 1596/200mhz.==== Disk Partitions =========================.C: is FIXED (NTFS) - 449 GiB total, 371,316 GiB free.D: is CDROM ().==== Disabled Device Manager Items =============.Class GUID: {4d36e96f-e325-11ce-bfc1-08002be10318}Description: Microsoft PS/2 MouseDevice ID: ACPI\PNP0F03\4&5532EA8&0Manufacturer: MicrosoftName: Microsoft PS/2 MousePNP Device ID: ACPI\PNP0F03\4&5532EA8&0Service: i8042prt.Class GUID: {36fc9e60-c465-11cf-8056-444553540000}Description: Unknown DeviceDevice ID: USB\VID_0000&PID_0000\5&3075D867&0&5Manufacturer: (USB-standardvärdstyrenhet)Name: Unknown DevicePNP Device ID: USB\VID_0000&PID_0000\5&3075D867&0&5Service: .==== System Restore Points ===================.RP249: 2013-10-25 16:24:08 - Windows UpdateRP250: 2013-10-25 20:25:45 - Uniblue SpeedUpMyPC installationRP251: 2013-10-25 21:55:29 - Uniblue SpeedUpMyPC installationRP252: 2013-10-26 01:46:17 - Removed Produktförbättringsstudie för HP Deskjet 2510 seriesRP253: 2013-10-29 12:35:03 - Windows UpdateRP254: 2013-11-01 13:44:33 - Windows UpdateRP255: 2013-11-05 13:39:14 - Windows UpdateRP257: 2013-11-06 00:07:32 - Windows Defender CheckpointRP258: 2013-11-06 00:18:46 - Windows SäkerhetskopieringRP259: 2013-11-08 21:05:01 - Windows UpdateRP260: 2013-11-10 00:42:37 - Removed Skype™ 6.9RP261: 2013-11-11 16:16:10 - Installed Java 7 Update 45.==== Installed Programs ======================.4500_Help64 Bit HP CIO Components InstallerAcrobat.comActiveX-kontroll för fjärranslutningar för Windows Live MeshAdobe AIRAdobe Flash Player 11 ActiveXAdobe Flash Player 11 PluginAdobe Help Center 2.1Adobe Photoshop Elements 5.0Adobe Reader XI (11.0.05) - SvenskaAdvertising Centeravast! Free AntivirusAvidemux 2.5BankID säkerhetsprogramBing BarBitNami WordPress Stackbpd_scanBPDSoftwareBPDSoftware_IniBufferChmCameraHelperMsiCanon DIGITAL CAMERA Solution Disk Software GuideCanon PowerShot S95 Camera User GuideCanon Utilities Digital Photo Professional 3.9Canon Utilities PhotoStitchConTEXT v0.98.6CyberLink PowerDVD 9D3DX10DATA BECKER Visitenkarten-Druckerei Business EditionDestinationsDeviceDiscoveryDocMgrDocProcEarth BridgeElevated InstallereMachines Recovery ManagementeMachines RegistrationeMachines ScreenSavereMachines UpdatererLTFaxGarmin Communicator PluginGarmin Communicator Plugin x64Garmin ExpressGarmin Express TrayGarmin Update ServiceGarmin USB DriversGeoSetter 3.4.16Google ChromeGoogle DriveGoogle EarthGoogle Update HelperGoogle UpdaterGPBaseService2GPS InformationGrundläggande enhetsprogramvara för HP Deskjet 2510 seriesHotfix for Microsoft .NET Framework 4 Client Profile (KB2461678)Hotkey UtilityHP Customer Participation Program 13.0HP Deskjet 2050 J510 series Grundläggande enhetsprogramvaraHP Deskjet 2510 series HjälpHP Deskjet 2510 series Setup GuideHP Document Manager 2.0HP Imaging Device Functions 13.0HP Photo CreationsHP Photosmart Essential 3.5HP Solution Center 13.0HP UpdateHPDiagnosticAlertHPPhotoSmartDiscLabelContent1HPPhotosmartEssentialHPProductAssistantHTC BMP USB DriverHTC Driver InstallerHTC SyncHTC Sync ManagerIdentity CardIIS 7.5 ExpressImagXpressIPTInstallerJ4500Java 7 Update 45Java Auto UpdaterJunk Mail filter updateLogitech Onscreen Keyboard 1.0Logitech Webcam SoftwareLogitech Vid HDLWS FacebookLWS GalleryLWS Help_mainLWS LauncherLWS Motion DetectionLWS Pictures And VideoLWS TwitterLWS Webcam SoftwareLWS Video Mask MakerLWS VideoEffectsLWS WLM PluginLWS YouTube PluginMalwarebytes Anti-Malware version 1.75.0.1300MarketResearchMesh RuntimeMessenger CompanionMicrosoft .NET Framework 4 Client ProfileMicrosoft .NET Framework 4 Client Profile Language Pack - SVEMicrosoft .NET Framework 4 Client Profile SVE Language PackMicrosoft .NET Framework 4 ExtendedMicrosoft .NET Framework 4 Extended Language Pack - SVEMicrosoft .NET Framework 4 Extended SVE Language PackMicrosoft Application Error ReportingMicrosoft Office XP Media ContentMicrosoft SilverlightMicrosoft SQL Server 2005 Compact Edition [ENU]Microsoft Visual C++ 2005 RedistributableMicrosoft Visual C++ 2008 Redistributable - x64 9.0.30729.17Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161MSVCRTMSVCRT_amd64MSXML 4.0 SP2 (KB954430)MSXML 4.0 SP2 (KB973688)MSXML 4.0 SP3 ParserMSXML 4.0 SP3 Parser (KB2758694)Nero 9 EssentialsNero ControlCenterNero DiscSpeedNero DiscSpeed HelpNero DriveSpeedNero DriveSpeed HelpNero Express HelpNero InfoToolNero InfoTool HelpNero InstallerNero Online UpgradeNero StartSmartNero StartSmart HelpNero StartSmart OEMNeroExpressneroxmlNotepad++NVIDIA-uppdatering 1.10.8NVIDIA Display Control PanelNVIDIA DriversNVIDIA ForceWare Network Access ManagerNVIDIA Grafikdrivrutin 307.83NVIDIA Install ApplicationNVIDIA Update ComponentsNVIDIAs kontrollpanel 307.83OCR Software by I.R.I.S. 13.0Officejet J4500 SeriesOLYMPUS CAMEDIA Master 4.2OpenOffice.org 3.3PaperPortPicasa 3ProductContextPVSonyDllQuickTimeRealtek High Definition Audio DriverSamsung KiesSAMSUNG USB Driver for Mobile PhonesSaveAsScanSecurity Update for CAPICOM (KB931906)Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)Security Update for Microsoft .NET Framework 4 Client Profile Language Pack - SVE (KB2518870)Security Update for Microsoft .NET Framework 4 Extended (KB2487367)Security Update for Microsoft .NET Framework 4 Extended (KB2656351)Security Update for Microsoft .NET Framework 4 Extended (KB2736428)Security Update for Microsoft .NET Framework 4 Extended (KB2742595)Security Update for Microsoft .NET Framework 4 Extended (KB2858302v2)Skype Click to CallSkype™ 6.9SolutionCenterStatusSUPERAntiSpywareSupportassistentenToolboxTrayAppUpdate for Microsoft .NET Framework 4 Client Profile (KB2468871)Update for Microsoft .NET Framework 4 Client Profile (KB2533523)Update for Microsoft .NET Framework 4 Client Profile (KB2600217)Update for Microsoft .NET Framework 4 Client Profile (KB2836939)Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3)Update for Microsoft .NET Framework 4 Extended (KB2468871)Update for Microsoft .NET Framework 4 Extended (KB2533523)Update for Microsoft .NET Framework 4 Extended (KB2600217)Update for Microsoft .NET Framework 4 Extended (KB2836939)Update for Microsoft .NET Framework 4 Extended (KB2836939v3)Utility Chest ToolbarWebRegWelcome CenterWIDCOMM Bluetooth SoftwareWindows Driver Package - Garmin (grmnusb) GARMIN Devices (04/19/2012 2.3.1.0)Windows Live Communications PlatformWindows Live EssentialsWindows Live Family SafetyWindows Live ID Sign-in AssistantWindows Live InstallerWindows Live Language SelectorWindows Live MailWindows Live MeshWindows Live MessengerWindows Live Messenger Companion CoreWindows Live MIME IFilterWindows Live Movie MakerWindows Live Photo CommonWindows Live Photo GalleryWindows Live PIMT PlatformWindows Live Remote ClientWindows Live Remote Client ResourcesWindows Live Remote ServiceWindows Live Remote Service ResourcesWindows Live SOXEWindows Live SOXE DefinitionsWindows Live SyncWindows Live UX PlatformWindows Live UX Platform Language PackWindows Live WriterWindows Live Writer ResourcesWinRAR 4.01 (32-bit)Zoom Search Engine 6.0.==== End Of File =========================== Malwarebytes Anti-Malware 1.75.0.1300www.malwarebytes.org Databasversion: v2013.11.11.07 Windows 7 Service Pack 1 x64 NTFSInternet Explorer 10.0.9200.16721olof c e l1352 :: OLOFCEL1352 [administratör] 2013-11-11 16:34:31MBAM-log-2013-11-11 (19-15-51).txt Skanningstyp: Fullständig skanning (C:\|D:\|)Aktiverade skanningsalternativ: Minne | Start | Register | Filsystem | Heuristik/Extra | Heuristik/Shuriken | PUP | PUMInaktiverade skanningsalternativ: P2PAntal skannade objekt: 499246Förfluten tid: 2 timme(ar), 10 minut(er), 22 sekund(er) Upptäckta minnesprocesser: 0(Inga skadliga poster hittades) Upptäckta minnesmoduler: 0(Inga skadliga poster hittades) Upptäckta registernycklar: 0(Inga skadliga poster hittades) Upptäckta registervärden: 0(Inga skadliga poster hittades) Upptäckta registerdataposter: 0(Inga skadliga poster hittades) Upptäckta mappar: 9C:\Windows\System32\config\systemprofile\AppData\Roaming\DealPly (PUP.Optional.DealPly.A) -> Ingen åtgärd.C:\Windows\System32\config\systemprofile\AppData\Roaming\DealPly\UpdateProc (PUP.Optional.DealPly.A) -> Ingen åtgärd.C:\ProgramData\InstallMate\SaveAs (PUP.Optional.SaveAs.A) -> Ingen åtgärd.C:\ProgramData\InstallMate\SaveAs\851BEAA25B41D291 (PUP.Optional.SaveAs.A) -> Ingen åtgärd.C:\Users\olof c e l1352\AppData\Local\Temp\mt_ffx\BabylonToolbar (PUP.Optional.BabylonToolbar.A) -> Ingen åtgärd.C:\Users\olof c e l1352\AppData\Local\Temp\mt_ffx\BabylonToolbar\BabylonToolbar (PUP.Optional.BabylonToolbar.A) -> Ingen åtgärd.C:\Users\olof c e l1352\AppData\Local\Temp\mt_ffx\BabylonToolbar\BabylonToolbar\1.8.0.7 (PUP.Optional.BabylonToolbar.A) -> Ingen åtgärd.C:\Users\olof c e l1352\AppData\Local\Temp\ct3244149 (PUP.Optional.Conduit.A) -> Ingen åtgärd.C:\Users\olof c e l1352\AppData\Local\Temp\ct3300853 (PUP.Optional.Conduit.A) -> Ingen åtgärd. Upptäckta filer: 71C:\AdwCleaner\Quarantine\C\Program Files (x86)\DealPly\DealPlyTune.dll.vir (PUP.Optional.Dealply) -> Ingen åtgärd.C:\AdwCleaner\Quarantine\C\Program Files (x86)\DealPly\DealPlyUpdate.exe.vir (PUP.Optional.Dealply) -> Ingen åtgärd.C:\AdwCleaner\Quarantine\C\Program Files (x86)\DealPly\DealPlyUpdateRun.exe.vir (PUP.Optional.Dealply) -> Ingen åtgärd.C:\AdwCleaner\Quarantine\C\Program Files (x86)\DealPly\uninst.exe.vir (PUP.Optional.Dealply) -> Ingen åtgärd.C:\AdwCleaner\Quarantine\C\ProgramData\BitGuard\2.6.1694.246\{16cdff19-861d-48e3-a751-d99a27784753}\BitGuard.dll.vir (PUP.Optional.Protector) -> Ingen åtgärd.C:\AdwCleaner\Quarantine\C\ProgramData\BitGuard\2.6.1694.246\{16cdff19-861d-48e3-a751-d99a27784753}\BitGuard.exe.vir (PUP.Optional.PerformerSoft.A) -> Ingen åtgärd.C:\AdwCleaner\Quarantine\C\ProgramData\BitGuard\2.6.1694.246\{16cdff19-861d-48e3-a751-d99a27784753}\uninstall.exe.vir (PUP.Optional.PerformerSoft.A) -> Ingen åtgärd.C:\AdwCleaner\Quarantine\C\ProgramData\SaveAs\uninstall.exe.vir (PUP.Optional.SilentInstall.A) -> Ingen åtgärd.C:\AdwCleaner\Quarantine\C\Users\olof c e l1352\AppData\Roaming\file scout\filescout.exe.vir (PUP.Optional.FileScout.A) -> Ingen åtgärd.C:\AdwCleaner\Quarantine\C\Users\olof c e l1352\AppData\Roaming\OpenCandy\7FC7D286A4AA4F94991D98D1B47BEA36\SmartbarExeInstaller.exe.vir (PUP.Optional.SmartBar.A) -> Ingen åtgärd.C:\Users\olof c e l1352\AppData\Local\Temp\1F13.tmp (PUP.Optional.PerformerSoft.A) -> Ingen åtgärd.C:\Users\olof c e l1352\AppData\Local\Temp\2B93.tmp (PUP.Optional.PerformerSoft.A) -> Ingen åtgärd.C:\Users\olof c e l1352\AppData\Local\Temp\5F59.tmp (PUP.Optional.FileScout.A) -> Ingen åtgärd.C:\Users\olof c e l1352\AppData\Local\Temp\9750.tmp (PUP.Optional.PerformerSoft.A) -> Ingen åtgärd.C:\Users\olof c e l1352\AppData\Local\Temp\dealply.exe (PUP.Optional.Dealply) -> Ingen åtgärd.C:\Users\olof c e l1352\AppData\Local\Temp\E58E.tmp (PUP.Optional.Babylon.A) -> Ingen åtgärd.C:\Users\olof c e l1352\AppData\Local\Temp\nsg920.exe (PUP.Optional.SearchProtect.A) -> Ingen åtgärd.C:\Users\olof c e l1352\AppData\Local\Temp\nsl117A.exe (PUP.Optional.SearchProtect.A) -> Ingen åtgärd.C:\Users\olof c e l1352\AppData\Local\Temp\nsl15BF.exe (PUP.Optional.SearchProtect.A) -> Ingen åtgärd.C:\Users\olof c e l1352\AppData\Local\Temp\nsl4FA.exe (PUP.Optional.SearchProtect.A) -> Ingen åtgärd.C:\Users\olof c e l1352\AppData\Local\Temp\nsp958F.exe (PUP.Optional.SearchProtect.A) -> Ingen åtgärd.C:\Users\olof c e l1352\AppData\Local\Temp\nsqA80B.exe (PUP.Optional.SearchProtect.A) -> Ingen åtgärd.C:\Users\olof c e l1352\AppData\Local\Temp\nsqF5BF.exe (PUP.Optional.SearchProtect.A) -> Ingen åtgärd.C:\Users\olof c e l1352\AppData\Local\Temp\nsv22BE.exe (PUP.Optional.Conduit.A) -> Ingen åtgärd.C:\Users\olof c e l1352\AppData\Local\Temp\nsvAEDF.exe (PUP.Optional.SearchProtect.A) -> Ingen åtgärd.C:\Users\olof c e l1352\AppData\Local\Temp\nsvFC93.exe (PUP.Optional.SearchProtect.A) -> Ingen åtgärd.C:\Users\olof c e l1352\AppData\Local\Temp\SecondStepInstaller.exe (PUP.Optional.Conduit.A) -> Ingen åtgärd.C:\Users\olof c e l1352\AppData\Local\Temp\setup_fsu_cid.exe (Trojan.Sefnit) -> Ingen åtgärd.C:\Users\olof c e l1352\AppData\Local\Temp\tbbabylonv3.exe (PUP.Optional.Babylon.A) -> Ingen åtgärd.C:\Users\olof c e l1352\AppData\Local\Temp\Updater.exe (PUP.Optional.Amonetize.A) -> Ingen åtgärd.C:\Users\olof c e l1352\AppData\Local\Temp\098A4136-BAB0-7891-9759-47E33460366A\MyBabylonTB.exe (PUP.Optional.BabylonToolBar.A) -> Ingen åtgärd.C:\Users\olof c e l1352\AppData\Local\Temp\54413A8E-BAB0-7891-BA8C-A685EE6768D5\MyBabylonTB.exe (PUP.Optional.BabylonToolBar.A) -> Ingen åtgärd.C:\Users\olof c e l1352\AppData\Local\Temp\79C68385-BAB0-7891-9B0A-65B35A117777\Latest\MyBabylonTB.exe (PUP.Optional.BabylonToolBar.A) -> Ingen åtgärd.C:\Users\olof c e l1352\AppData\Local\Temp\ct3244149\chLogic.exe (PUP.Optional.Conduit.A) -> Ingen åtgärd.C:\Users\olof c e l1352\AppData\Local\Temp\ct3244149\ctbe.exe (PUP.Optional.Conduit.A) -> Ingen åtgärd.C:\Users\olof c e l1352\AppData\Local\Temp\ct3244149\spch.exe (PUP.Optional.Conduit.A) -> Ingen åtgärd.C:\Users\olof c e l1352\AppData\Local\Temp\ct3244149\statisticsStub.exe (PUP.Optional.Conduit.A) -> Ingen åtgärd.C:\Users\olof c e l1352\AppData\Local\Temp\dropbox.exe\51571970a9fc4d18892400afb8e78788\dropbox.exe (PUP.Optional.DomaIQ) -> Ingen åtgärd.C:\Users\olof c e l1352\AppData\Local\Temp\dropbox.exe\51571970a9fc4d18892400afb8e78788\parent.txt (PUP.Optional.DomaIQ) -> Ingen åtgärd.C:\Users\olof c e l1352\AppData\Local\Temp\dropbox.exe\51571970a9fc4d18892400afb8e78788\SPIdentifier.exe (PUP.Optional.Conduit.A) -> Ingen åtgärd.C:\Users\olof c e l1352\AppData\Local\Temp\dropbox.exe\51571970a9fc4d18892400afb8e78788\1\dropbox.exe (PUP.Optional.DomaIQ) -> Ingen åtgärd.C:\Users\olof c e l1352\AppData\Local\Temp\dropbox.exe\51571970a9fc4d18892400afb8e78788\1\parent.txt (PUP.Optional.DomaIQ) -> Ingen åtgärd.C:\Users\olof c e l1352\AppData\Local\Temp\dropbox.exe\51571970a9fc4d18892400afb8e78788\1\SPIdentifier.exe (PUP.Optional.Conduit.A) -> Ingen åtgärd.C:\Users\olof c e l1352\AppData\Local\Temp\dropbox.exe\51571970a9fc4d18892400afb8e78788\1\software\Hometab.exe (PUP.Optional.HomeTab.A) -> Ingen åtgärd.C:\Users\olof c e l1352\AppData\Local\Temp\dropbox.exe\51571970a9fc4d18892400afb8e78788\1\software\SaltarSmart_tg.exe (PUP.Optional.SaltarSmart.A) -> Ingen åtgärd.C:\Users\olof c e l1352\AppData\Local\Temp\dropbox.exe\51571970a9fc4d18892400afb8e78788\6\dropbox.exe (PUP.Optional.DomaIQ) -> Ingen åtgärd.C:\Users\olof c e l1352\AppData\Local\Temp\dropbox.exe\51571970a9fc4d18892400afb8e78788\6\parent.txt (PUP.Optional.DomaIQ) -> Ingen åtgärd.C:\Users\olof c e l1352\AppData\Local\Temp\dropbox.exe\51571970a9fc4d18892400afb8e78788\6\SPIdentifier.exe (PUP.Optional.Conduit.A) -> Ingen åtgärd.C:\Users\olof c e l1352\AppData\Local\Temp\dropbox.exe\51571970a9fc4d18892400afb8e78788\6\software\sp-downloader.exe (PUP.Optional.Conduit.A) -> Ingen åtgärd.C:\Users\olof c e l1352\AppData\Local\Temp\dropbox.exe\51571970a9fc4d18892400afb8e78788\8\dropbox.exe (PUP.Optional.DomaIQ) -> Ingen åtgärd.C:\Users\olof c e l1352\AppData\Local\Temp\dropbox.exe\51571970a9fc4d18892400afb8e78788\8\parent.txt (PUP.Optional.DomaIQ) -> Ingen åtgärd.C:\Users\olof c e l1352\AppData\Local\Temp\dropbox.exe\51571970a9fc4d18892400afb8e78788\8\SPIdentifier.exe (PUP.Optional.Conduit.A) -> Ingen åtgärd.C:\Users\olof c e l1352\AppData\Local\Temp\dropbox.exe\51571970a9fc4d18892400afb8e78788\8\software\sp-downloader.exe (PUP.Optional.Conduit.A) -> Ingen åtgärd.C:\Users\olof c e l1352\AppData\Local\Temp\dropbox.exe\51571970a9fc4d18892400afb8e78788\8\software\wajam_download.exe (PUP.Optional.Wajam) -> Ingen åtgärd.C:\Users\olof c e l1352\Downloads\veetle-0.9.18.exe (PUP.Optional.OpenCandy) -> Ingen åtgärd.C:\Users\Public\AutoUpdate.exe (PUP.Optional.Conduit.A) -> Ingen åtgärd.C:\Windows\System32\trzD8D2.tmp (Trojan.Sefnit) -> Ingen åtgärd.C:\Windows\System32\config\systemprofile\AppData\Local\Windows Internet Name Service\wins.exe (Trojan.Downloader.WI) -> Ingen åtgärd.C:\ProgramData\InstallMate\SaveAs\Setup.dat (PUP.Optional.SaveAs.A) -> Ingen åtgärd.C:\ProgramData\InstallMate\SaveAs\Setup.exe (PUP.Optional.SaveAs.A) -> Ingen åtgärd.C:\ProgramData\InstallMate\SaveAs\Setup.ico (PUP.Optional.SaveAs.A) -> Ingen åtgärd.C:\ProgramData\InstallMate\SaveAs\TsuDll.dll (PUP.Optional.SaveAs.A) -> Ingen åtgärd.C:\ProgramData\InstallMate\SaveAs\_Setup.dll (PUP.Optional.SaveAs.A) -> Ingen åtgärd.C:\ProgramData\InstallMate\SaveAs\_Setupx.dll (PUP.Optional.SaveAs.A) -> Ingen åtgärd.C:\Users\olof c e l1352\AppData\Local\Temp\ct3244149\chromeid.txt (PUP.Optional.Conduit.A) -> Ingen åtgärd.C:\Users\olof c e l1352\AppData\Local\Temp\ct3244149\CT3244149.txt (PUP.Optional.Conduit.A) -> Ingen åtgärd.C:\Users\olof c e l1352\AppData\Local\Temp\ct3244149\dtime.csf (PUP.Optional.Conduit.A) -> Ingen åtgärd.C:\Users\olof c e l1352\AppData\Local\Temp\ct3244149\initData.json (PUP.Optional.Conduit.A) -> Ingen åtgärd.C:\Users\olof c e l1352\AppData\Local\Temp\ct3244149\manifest.json (PUP.Optional.Conduit.A) -> Ingen åtgärd.C:\Users\olof c e l1352\AppData\Local\Temp\ct3244149\setup.ini.txt (PUP.Optional.Conduit.A) -> Ingen åtgärd.C:\Users\olof c e l1352\AppData\Local\Temp\ct3300853\ddt.csf (PUP.Optional.Conduit.A) -> Ingen åtgärd.
PUP.Optional.Spigot.A

chrisbc replied to chrisbc's topic in Resolved Malware Removal Logs

I have now spotted one change to the computer - The sound is gone.
- November 4, 2013
- 4 replies
PUP.Optional.Spigot.A

chrisbc replied to chrisbc's topic in Resolved Malware Removal Logs

A note: This was the exact threat and its location: C:\$Recycle.Bin\S-1-5-21-1002489473-995878723-4086953177-1001\$RD8WPON.exe (PUP.Optional.Spigot.A)
- November 4, 2013
- 4 replies
PUP.Optional.Spigot.A

chrisbc replied to chrisbc's topic in Resolved Malware Removal Logs

DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 10.0.9200.16660 Run by Chris C at 20:41:51 on 2013-11-03 Microsoft Windows 8 6.2.9200.0.1252.46.1053.18.3982.1323 [GMT 1:00] . AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\system32\dwm.exe C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k NetworkService C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe C:\Program Files\AVAST Software\Avast\AvastSvc.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe C:\Program Files (x86)\Bluetooth Suite\adminservice.exe C:\Windows\system32\DptfParticipantProcessorService.exe C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe C:\Program Files\Intel\iCLS Client\HeciServer.exe C:\Windows\SysWOW64\irstrtsv.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\system32\viakaraokesrv.exe C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskhostex.exe C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnWMI.exe C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe C:\Program Files\ASUS\P4G\BatteryLife.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Program Files (x86)\OpenOffice.org 3\program\swriter.exe C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe C:\Program Files (x86)\VIA\VIAudioi\VDeck\viaaud.exe C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin C:\Program Files (x86)\Bluetooth Suite\BtTray.exe C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe C:\Program Files (x86)\ASUS\Splendid\ACMON.exe C:\Windows\SysWOW64\ACEngSvr.exe C:\Program Files\AVAST Software\Avast\AvastUI.exe C:\Windows\system32\RunDll32.exe C:\Program Files (x86)\Adobe\Photoshop Elements 5.0\apdproxy.exe C:\Windows\system32\igfxpers.exe C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe C:\Windows\splwow64.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe C:\Program Files\Windows NT\Accessories\WORDPAD.EXE C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . mWinlogon: Userinit = userinit.exe, BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll TB: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui mRun: [Adobe Photo Downloader] "C:\Program Files (x86)\Adobe\Photoshop Elements 5.0\apdproxy.exe" StartupFolder: C:\Users\CHRISC~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe StartupFolder: C:\Users\CHRISC~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\VERVAK~1.LNK - C:\Windows\System32\RunDll32.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\ASUSVI~1.LNK - C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe mPolicies-System: DisableCAD = dword:1 TCP: Interfaces\{78789464-991B-499C-AADA-F68A77E25D3E} : DHCPNameServer = 195.67.199.27 195.67.199.28 TCP: Interfaces\{F55F098D-9DD7-42C8-9069-C2B006ED874A} : DHCPNameServer = 192.168.1.1 192.168.1.1 Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll SSODL: WebCheck - <orphaned> mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome x64-BHO: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll x64-BHO: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll x64-TB: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe x64-Run: [DptfPolicyLpmServiceHelper] C:\Windows\System32\DptfPolicyLpmServiceHelper.exe x64-Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r x64-Run: [VIAAUD] C:\Program Files (x86)\VIA\VIAudioi\VDeck\viaaud.exe x64-Run: [btTray] "C:\Program Files (x86)\Bluetooth Suite\BtTray.exe" x64-Run: [btvStack] "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe" x64-Run: [ACMON] C:\Program Files (x86)\ASUS\Splendid\ACMON.exe x64-mPolicies-System: DisableCAD = dword:1 x64-IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned> x64-Notify: igfxcui - igfxdev.dll x64-SSODL: WebCheck - <orphaned> . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Chris C\AppData\Roaming\Mozilla\Firefox\Profiles\of9j2mi2.default\ FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll . ============= SERVICES / DRIVERS =============== . R0 aswRvrt;aswRvrt;C:\Windows\System32\Drivers\aswRvrt.sys [2013-3-1 65336] R0 aswVmm;aswVmm;C:\Windows\System32\Drivers\aswVmm.sys [2013-3-1 204880] R0 excsd;ExpressCache Storage Filter Driver;C:\Windows\System32\Drivers\excsd.sys [2012-11-29 95024] R0 iaStorA;iaStorA;C:\Windows\System32\Drivers\iaStorA.sys [2012-7-5 645952] R1 aswKbd;aswKbd;C:\Windows\System32\Drivers\aswKbd.sys [2013-1-19 21136] R1 aswSnx;aswSnx;C:\Windows\System32\Drivers\aswSnx.sys [2013-1-19 1030952] R1 aswSP;aswSP;C:\Windows\System32\Drivers\aswSP.sys [2013-1-19 378944] R1 ATKWMIACPIIO;ATKWMIACPI Driver;C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2011-9-7 17536] R1 excfs;ExpressCache File System Filter Driver;C:\Windows\System32\Drivers\excfs.sys [2012-11-29 23344] R2 ASMMAP64;ASMMAP64;C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-7-2 15416] R2 ASUS InstantOn;ASUS InstantOn Service;C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe [2012-4-13 277120] R2 aswFsBlk;aswFsBlk;C:\Windows\System32\Drivers\aswFsBlk.sys [2013-1-19 33400] R2 aswMonFlt;aswMonFlt;C:\Windows\System32\Drivers\aswMonFlt.sys [2013-1-19 80816] R2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Bluetooth Suite\AdminService.exe [2012-8-10 211584] R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-9-6 46808] R2 DptfParticipantProcessorService;Intel® Dynamic Platform & Thermal Framework Processor Participant Service Application;C:\Windows\System32\DptfParticipantProcessorService.exe [2012-9-28 29056] R2 ExpressCache;ExpressCache;C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe [2012-3-30 79664] R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-4-20 635104] R2 Intel® ME Service;Intel® ME Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [2012-11-29 129856] R2 irstrtsv;Intel® Rapid Start Technology Service;C:\Windows\SysWOW64\irstrtsv.exe [2012-11-29 193576] R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2012-11-29 166720] R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-11-3 418376] R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-11-3 701512] R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-11-29 365376] R2 VIAKaraokeService;VIA Karaoke digital mixer Service;C:\Windows\System32\ViakaraokeSrv.exe [2012-9-28 27792] R2 ZAtheros Bt&Wlan Coex Agent;ZAtheros Bt&Wlan Coex Agent;C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [2012-8-10 323584] R3 AiCharger;ASUS Charger Driver;C:\Windows\System32\Drivers\AiCharger.sys [2012-7-24 17152] R3 AthBTPort;Qualcomm Atheros Virtual Bluetooth Class;C:\Windows\System32\Drivers\btath_flt.sys [2012-11-29 88728] R3 ATP;ASUS PS/2 Port Input Device;C:\Windows\System32\Drivers\AsusTP.sys [2012-10-31 61824] R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\Windows\System32\Drivers\btath_a2dp.sys [2012-11-29 344216] R3 btath_avdt;Qualcomm Atheros Bluetooth AVDT Service;C:\Windows\System32\Drivers\btath_avdt.sys [2012-11-29 114840] R3 BTATH_BUS;Qualcomm Atheros Bluetooth Bus;C:\Windows\System32\Drivers\btath_bus.sys [2012-11-29 33944] R3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\System32\Drivers\btath_hcrp.sys [2012-11-29 178840] R3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\Windows\System32\Drivers\btath_lwflt.sys [2012-11-29 76952] R3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\System32\Drivers\btath_rcp.sys [2012-11-29 135832] R3 BtFilter;BtFilter;C:\Windows\System32\Drivers\btfilter.sys [2012-11-29 567808] R3 BthLEEnum;Lågenergidrivrutin för Bluetooth;C:\Windows\System32\Drivers\BthLEEnum.sys [2012-7-26 202752] R3 DptfDevDram;DptfDevDram;C:\Windows\System32\Drivers\DptfDevDram.sys [2012-9-28 107328] R3 DptfDevFan;DptfDevFan;C:\Windows\System32\Drivers\DptfDevFan.sys [2012-9-28 42816] R3 DptfDevGen;DptfDevGen;C:\Windows\System32\Drivers\DptfDevGen.sys [2012-9-28 64832] R3 DptfDevPch;DptfDevPch;C:\Windows\System32\Drivers\DptfDevPch.sys [2012-9-28 96064] R3 DptfDevProc;DptfDevProc;C:\Windows\System32\Drivers\DptfDevProc.sys [2012-9-28 228672] R3 DptfManager;DptfManager;C:\Windows\System32\Drivers\DptfManager.sys [2012-9-28 361792] R3 HIDSwitch;ASUS Wireless Radio Control;C:\Windows\System32\Drivers\AsHIDSwitch64.sys [2012-9-28 21152] R3 IntcDAud;Intel® bildskärmsljud;C:\Windows\System32\Drivers\IntcDAud.sys [2012-9-28 342528] R3 irstrtdv;Intel® Rapid Start Technology Driver;C:\Windows\System32\Drivers\irstrtdv.sys [2012-11-29 43800] R3 L1C;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller;C:\Windows\System32\Drivers\L1C63x64.sys [2012-9-28 110744] R3 MBAMProtector;MBAMProtector;C:\Windows\System32\Drivers\mbam.sys [2013-11-3 25928] R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\Windows\System32\Drivers\viahduaa.sys [2012-9-28 2203792] S2 DptfPolicyLpmService;Intel® Dynamic Platform & Thermal Framework Low Power Mode Service Application;C:\Windows\System32\DptfPolicyLpmService.exe [2012-9-28 36224] S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-7-25 162672] S3 AmUStor;AM USB Stroage Driver;C:\Windows\System32\Drivers\AmUStor.sys [2012-7-13 101504] S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\Drivers\rdpvideominiport.sys [2013-1-20 27880] S3 RTL8168;Realtek 8168 NT Driver;C:\Windows\System32\Drivers\Rt630x64.sys [2012-6-2 589824] . =============== File Associations =============== . FileExt: .txt: soffice.StarWriterDocument.6="C:\Program Files (x86)\OpenOffice.org 3\program\swriter.exe" -o "%1" [userChoice] . =============== Created Last 30 ================ . 2013-11-03 18:23:29 -------- d-----w- C:\Users\Chris C\AppData\Roaming\Malwarebytes 2013-11-03 18:22:57 -------- d-----w- C:\ProgramData\Malwarebytes 2013-11-03 18:22:54 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys 2013-11-03 18:22:54 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware . ==================== Find3M ==================== . 2013-11-03 19:09:27 401 ----a-w- C:\Users\Chris C\AppData\Roaming\sp_data.sys 2013-08-30 07:48:10 72016 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys 2013-08-30 07:48:10 65336 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys 2013-08-30 07:48:10 204880 ----a-w- C:\Windows\System32\drivers\aswVmm.sys 2013-08-30 07:48:10 1030952 ----a-w- C:\Windows\System32\drivers\aswSnx.sys 2013-08-30 07:48:09 80816 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys 2013-08-30 07:47:40 41664 ----a-w- C:\Windows\avastSS.scr 2013-08-14 23:19:15 312832 ----a-w- C:\Windows\System32\LocationApi.dll . ============= FINISH: 20:42:09,96 =============== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 8 Boot Device: \Device\HarddiskVolume1 Install Date: 2013-01-19 16:18:30 System Uptime: 2013-11-03 20:08:04 (0 hours ago) . Motherboard: ASUSTeK COMPUTER INC. | | S400CA Processor: Intel® Core i5-3317U CPU @ 1.70GHz | SOCKET 0 | 1701/100mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 186 GiB total, 104,681 GiB free. D: is FIXED (NTFS) - 258 GiB total, 257,996 GiB free. . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP39: 2013-10-28 19:17:39 - Schemalagd kontrollpunkt . ==== Installed Programs ====================== . Adobe Flash Player 11 Plugin Adobe Help Center 2.1 Adobe Photoshop Elements 5.0 Adobe Reader X (10.1.8) MUI Alcor Micro USB Card Reader ASUS Instant Connect ASUS InstantOn ASUS LifeFrame3 ASUS Live Update ASUS Power4Gear Hybrid ASUS Smart Gesture ASUS Splendid Video Enhancement Technology ASUS Tutor ASUS USB Charger Plus ASUS WebStorage Sync Agent ASUS VivoBook AsusVibe2.0 Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver ATK Package avast! Free Antivirus ExpressCache FileZilla Client 3.7.3 GAuth Authenticator Google Chrome Google Toolbar for Internet Explorer Google Update Helper Grundläggande enhetsprogramvara för HP Deskjet 2050 J510 series Intel® Dynamic Platform and Thermal Framework Intel® Management Engine Components Intel® Processor Graphics Intel® Rapid Start Technology Intel® SDK for OpenCL - CPU Only Runtime Package Intel® Trusted Connect Service Client Malwarebytes Anti-Malware version 1.75.0.1300 Microsoft Office Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Mozilla Firefox 24.0 (x86 sv-SE) Mozilla Maintenance Service MSVCRT Redists Notepad++ OpenOffice.org 3.4.1 Platform Poedit Qualcomm Atheros Bluetooth Suite (64) Qualcomm Atheros Client Installation Program Shared C Run-time for x64 Skype™ 6.7 VIA Platform Device Manager VideoPad Video Editor Windows-drivrutinspaket - ASUS (ATP) Mouse (10/29/2012 1.0.0.148) WinFlash WinRAR 4.20 (64-bit) XAMPP 1.8.1 Zoom Search Engine 6.0 . ==== End Of File ===========================
- November 3, 2013
- 4 replies
PUP.Optional.Spigot.A

chrisbc posted a topic in Resolved Malware Removal Logs

All of a sudden I had three tabs opened by themselves in succession in Firefox. Never had any problems before and took good care not to get infected. A full system mbam scan produced one threat: A PUP.Optional.Spigot.A located in the trash bin. I had Mbam quarantine and remove. All seems fine. Should I take extra steps to make sure I am not infected? The infected file seems potentially harmful after having read some threads here in the forum. Thanks!
- November 3, 2013
- 4 replies

Sign In

chrisbc

Posts

Joined

Last visited

Content Type

Events

Profiles

Forums

Everything posted by chrisbc

Avast detects web threat without page visit

Dad's computer infected by trojan.downloader.wi and trojan.sefnit

Dad's computer infected by trojan.downloader.wi and trojan.sefnit

Dad's computer infected by trojan.downloader.wi and trojan.sefnit

Dad's computer infected by trojan.downloader.wi and trojan.sefnit

Dad's computer infected by trojan.downloader.wi and trojan.sefnit

Dad's computer infected by trojan.downloader.wi and trojan.sefnit

PUP.Optional.Spigot.A

PUP.Optional.Spigot.A

PUP.Optional.Spigot.A

PUP.Optional.Spigot.A

Browse

Activity

Personal

Business

Business Modules

Partners

Learn

Start here

Type of malware/attacks

How does it get on my computer?

Scams and grifts

Support

Important Information