Jump to content

Recommended Posts

Hello there. So we have a few computers in our home. One day when I was using one of them I noticed that Internet Explorer had the SnapDo hijacker, I think. I were able to change the homepage to Google. After a reboot the homepage were still Google. I also know that the AV we have on the computer, that is Norton, have blocked a few files in the past. It might have removed the hijacker, but did not do anything to the homepage.

Afterwards I checked the downloades folder. In it were a few dodgy downloaders / files. (As I said; Norton have blocked something, it might have been them. But I am still not sure if it blocked it all.)

Some of the files was named Outlook, it was zipped too. I do believe it comes as an installer, if it is from Microsoft? There was also an Windows updater from Oracle. And the last some kind of an installer from some random guy.

Link to post
Share on other sites

Hello Tagara! My name is Borislav and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
  • Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.
Please follow the instructions here and then post your log files in a new reply in this thread:

http://forums.malwarebytes.org/index.php?showtopic=9573

Link to post
Share on other sites

DDS:

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 10.0.9200.16537

Run by Peter at 16:16:37 on 2014-01-09

Microsoft Windows 8  6.2.9200.0.1252.47.1044.18.8047.6338 [GMT 1:00]

.

AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

.

============== Running Processes ===============

.

C:\windows\system32\svchost.exe -k DcomLaunch

C:\windows\system32\svchost.exe -k RPCSS

C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\windows\system32\svchost.exe -k netsvcs

C:\windows\system32\svchost.exe -k LocalService

C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\windows\system32\svchost.exe -k NetworkService

C:\windows\System32\spoolsv.exe

C:\windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe

c:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\windows\system32\dashost.exe

C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe

C:\windows\system32\svchost.exe -k imgsvc

C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\windows\system32\SearchIndexer.exe

C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\windows\System32\dwm.exe

C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe

C:\windows\system32\taskhostex.exe

C:\windows\Explorer.EXE

C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Windows\SysWOW64\rundll32.exe

C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\windows\system32\taskeng.exe

C:\windows\system32\SearchProtocolHost.exe

C:\windows\system32\SearchFilterHost.exe

C:\windows\system32\wbem\wmiprvse.exe

C:\windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

mWinlogon: Userinit = userinit.exe

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coieplg.dll

BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ips\ipsbho.dll

BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL

TB: <No Name>: {ae07101b-46d4-4a98-af68-0333ea26e113} - LocalServer32 - <no file>

uRun: [spotify] "C:\Users\Peter\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart

uRun: [spotify Web Helper] "C:\Users\Peter\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"

uRun: [NextLive] C:\windows\SysWOW64\rundll32.exe "C:\Users\Peter\AppData\Roaming\newnext.me\nengine.dll",EntryPoint -m l

mRun: [Adobe ARM] "c:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun: [mobilegeni daemon] C:\Program Files (x86)\Mobogenie\DaemonProcess.exe

uPolicies-Explorer: NoDriveTypeAutoRun = dword:145

IE: E&ksporter til Microsoft Excel - C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000

IE: Se&nd til OneNote - C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

TCP: NameServer = 192.168.0.1

TCP: Interfaces\{B0743606-5239-4AEC-BD5D-A51D895858EC} : DHCPNameServer = 192.168.0.1

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

AppInit_DLLs=  

SSODL: WebCheck - <orphaned>

mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome

mASetup: {A6EADE66-0000-0000-484E-7E8A45000000} - "c:\Windows\SysWOW64\Rundll32.exe" "c:\Program Files (x86)\Adobe\Reader 11.0\Esl\AiodLite.dll",CreateReaderUserSettings

x64-BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll

x64-BHO: Easy Photo Print: {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll

x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL

x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll

x64-TB: Easy Photo Print: {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll

x64-TB: <No Name>: {ae07101b-46d4-4a98-af68-0333ea26e113} - LocalServer32 - <no file>

x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s

x64-Run: [igfxTray] C:\windows\System32\igfxtray.exe

x64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exe

x64-Run: [Persistence] C:\windows\System32\igfxpers.exe

x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll

x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>

x64-Notify: igfxcui - igfxdev.dll

x64-SSODL: WebCheck - <orphaned>

.

============= SERVICES / DRIVERS ===============

.

R0 SymDS;Symantec Data Store;C:\windows\System32\Drivers\NISx64\1404000.028\symds64.sys [2013-6-15 493656]

R0 SymEFA;Symantec Extended File Attributes;C:\windows\System32\Drivers\NISx64\1404000.028\symefa64.sys [2013-6-15 1139800]

R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\BASHDefs\20131218.001\BHDrvx64.sys [2013-12-18 1526488]

R1 ccSet_NIS;Norton Internet Security Settings Manager;C:\windows\System32\Drivers\NISx64\1404000.028\ccsetx64.sys [2013-6-15 169048]

R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\IPSDefs\20140108.001\IDSviA64.sys [2014-1-9 521944]

R1 SymIRON;Symantec Iron Driver;C:\windows\System32\Drivers\NISx64\1404000.028\ironx64.sys [2013-6-15 224416]

R1 SymNetS;Symantec Network Security WFP Driver;C:\windows\System32\Drivers\NISx64\1404000.028\symnets.sys [2013-6-15 433752]

R2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [2009-5-14 759048]

R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccsvchst.exe [2013-6-15 144368]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2013-12-5 137648]

R3 ISCT;Intel® Smart Connect Technology Device Driver;C:\windows\System32\Drivers\ISCTD64.sys [2012-12-20 46016]

R3 RTL8168;Realtek 8168 NT Driver;C:\windows\System32\Drivers\Rt630x64.sys [2012-12-20 719504]

S0 SymELAM;Symantec ELAM Driver;C:\windows\System32\Drivers\NISx64\1404000.028\symelam.sys [2013-6-15 23448]

S3 LVUSBS64;Logitech USB Monitor Filter;C:\windows\System32\Drivers\LVUSBS64.sys [2008-7-26 50072]

S3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\Drivers\Rt64win7.sys [2012-12-7 676968]

S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\System32\Drivers\usbaapl64.sys [2012-12-13 54784]

S3 WSDScan;WSD Scan Support;C:\windows\System32\Drivers\WSDScan.sys [2012-12-7 23552]

S3 WUDFWpdMtp;WUDFWpdMtp;C:\windows\System32\Drivers\WUDFRd.sys [2012-7-26 198656]

.

=============== Created Last 30 ================

.

2013-12-27 23:14:02 236208 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10229.bin

2013-12-21 20:26:57 -------- d-----w- C:\Program Files (x86)\WebexpEnhancedV1

2013-12-17 22:05:05 -------- d-----w- C:\Users\Peter\.android

2013-12-17 22:05:04 -------- d-----w- C:\Users\Peter\AppData\Roaming\newnext.me

2013-12-17 22:05:04 -------- d-----w- C:\Users\Peter\AppData\Local\Mobogenie

2013-12-17 22:05:04 -------- d-----w- C:\Users\Peter\AppData\Local\genienext

2013-12-17 22:05:04 -------- d-----w- C:\Users\Peter\AppData\Local\cache

2013-12-17 22:04:30 -------- d-----w- C:\Program Files (x86)\Mobogenie

2013-12-17 22:03:59 -------- d-----w- C:\Users\Peter\AppData\Local\Programs

2013-12-15 14:07:01 23350272 ----a-w- C:\Program Files\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll

2013-12-15 14:07:00 22615040 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll

2013-12-10 19:38:41 -------- d-----w- C:\Users\Peter\AppData\Local\Blizzard Entertainment

.

==================== Find3M  ====================

.

2013-12-04 00:53:54 78304 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl

2013-12-04 00:53:54 694240 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe

2013-11-23 06:43:58 420864 ----a-w- C:\windows\System32\WMPhoto.dll

2013-11-23 05:05:01 368640 ----a-w- C:\windows\SysWow64\WMPhoto.dll

2013-11-06 23:18:57 4036608 ----a-w- C:\windows\System32\win32k.sys

2013-11-01 05:38:21 312320 ----a-w- C:\windows\System32\msieftp.dll

2013-11-01 03:49:24 273408 ----a-w- C:\windows\SysWow64\msieftp.dll

2013-10-25 06:19:22 2241536 ----a-w- C:\windows\System32\wininet.dll

2013-10-25 06:19:12 915968 ----a-w- C:\windows\System32\uxtheme.dll

2013-10-25 06:17:57 3959808 ----a-w- C:\windows\System32\jscript9.dll

2013-10-25 04:45:11 1767936 ----a-w- C:\windows\SysWow64\wininet.dll

2013-10-25 04:43:42 2877952 ----a-w- C:\windows\SysWow64\jscript9.dll

2013-10-19 05:45:45 62976 ----a-w- C:\windows\System32\imagehlp.dll

2013-10-19 04:04:07 59392 ----a-w- C:\windows\SysWow64\imagehlp.dll

.

============= FINISH: 16:17:02,23 ===============

Link to post
Share on other sites

Attach log:

 

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 8

Boot Device: \Device\HarddiskVolume2

Install Date: 27.12.2012 17:04:13

System Uptime: 02.01.2014 23:16:11 (161 hours ago)

.

Motherboard: MSI |  | B75MA-S01 (MS-7798)

Processor: Intel® Core i3-2130 CPU @ 3.40GHz | SOCKET 0 | 3400/100mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 922 GiB total, 834,672 GiB free.

D: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP51: 15.12.2013 23:20:38 - Windows Update

RP52: 24.12.2013 14:23:29 - Planlagt kontrollpunkt

RP54: 03.01.2014 00:06:54 - Planlagt kontrollpunkt

.

==== Installed Programs ======================

.

ABBYY FineReader 9.0 Sprint

Adobe Reader XI  MUI

Age of Conan: Unchained

Apple-programsupport

Apple Mobile Device Support

Apple Software Update

Bonjour

D3DX10

Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition

Epson Download Navigator

Epson Easy Photo Print 2

Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)

Epson Event Manager

Epson Print CD

EPSON PX730 Series Printer Uninstall

EPSON Scan

EpsonNet Print

Fotogalleri

Fotogalleriet

Google Chrome

Google Update Helper

Intel® Processor Graphics

iTunes

Java 7 Update 9 (64-bit)

Microsoft Application Error Reporting

Microsoft Office 2010 Service Pack 1 (SP1)

Microsoft Office Access MUI (Norwegian (Bokmål)) 2010

Microsoft Office Excel MUI (Norwegian (Bokmål)) 2010

Microsoft Office Home and Student 2010

Microsoft Office Office 64-bit Components 2010

Microsoft Office OneNote MUI (Norwegian (Bokmål)) 2010

Microsoft Office Outlook MUI (Norwegian (Bokmål)) 2010

Microsoft Office PowerPoint MUI (Norwegian (Bokmål)) 2010

Microsoft Office Proof (English) 2010

Microsoft Office Proof (German) 2010

Microsoft Office Proof (Norwegian (Bokmål)) 2010

Microsoft Office Proof (Norwegian (Nynorsk)) 2010

Microsoft Office Proofing (Norwegian (Bokmål)) 2010

Microsoft Office Publisher MUI (Norwegian (Bokmål)) 2010

Microsoft Office Shared 64-bit MUI (Norwegian (Bokmål)) 2010

Microsoft Office Shared MUI (Norwegian (Bokmål)) 2010

Microsoft Office Single Image 2010

Microsoft Office Word MUI (Norwegian (Bokmål)) 2010

Microsoft Silverlight

Microsoft SkyDrive

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Movie Maker

MSVCRT

MSVCRT110

MSVCRT110_amd64

Norton Internet Security

Photo Common

Photo Gallery

Realtek High Definition Audio Driver

Security Update for Microsoft Excel 2010 (KB2826033) 32-Bit Edition

Security Update for Microsoft InfoPath 2010 (KB2760406) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553284) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2687276) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2687423) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2760781) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2826023) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2826035) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2850016) 32-Bit Edition

Security Update for Microsoft Outlook 2010 (KB2837597) 32-Bit Edition

Security Update for Microsoft Publisher 2010 (KB2553147) 32-Bit Edition

Security Update for Microsoft Visio 2010 (KB2810068) 32-Bit Edition

Software Version Updater

Spotify

Unity Web Player

Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition

Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553065)

Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition

Update for Microsoft Office 2010 (KB2566458)

Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition

Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition

Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition

Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition

Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition

Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition

Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition

Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition

Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition

Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition

Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition

Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition

Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition

Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition

Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition

Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition

Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition

Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition

Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition

Update for Microsoft Word 2010 (KB2837593) 32-Bit Edition

Webexp Enhanced

Windows Driver Package - Intel (iaStor) hdc  (11/29/2011 11.0.0.1032)

Windows Driver Package - Intel (ISCT) System  (05/04/2012 1.0.7.0)

Windows Driver Package - Intel (MEIx64) System  (07/02/2012 8.1.0.1263)

Windows Driver Package - Intel Corporation (igfx) Display  (10/17/2012 9.17.10.2875)

Windows Driver Package - Intel hdc  (08/26/2011 9.3.0.1011)

Windows Driver Package - Intel System  (03/10/2011 9.2.0.1026)

Windows Driver Package - Intel System  (08/26/2011 9.3.0.1011)

Windows Driver Package - Intel USB  (08/26/2011 9.3.0.1011)

Windows Driver Package - Realtek (RTL8168) Net  (09/07/2012 8.004.0907.2012)

Windows Driver Package - Realtek Semiconductor Corp. HD Audio Driver (06/19/2012 6.0.1.6662)

Windows Live Communications Platform

Windows Live Essentials

Windows Live Installer

Windows Live Photo Common

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

World of Warcraft

.

==== End Of File ===========================

Link to post
Share on other sites

Sorry for the delay. As I said, there is some dodgy files in the downloads folder, do I delete these, upload them somewhere or do I keep them, for now?
Also, about the SnapDo homepage in IE.. It does not set the homepage back to SnapDo, but it is still there. When I was using Google Chrome I used the adress bar to search for something, it then redirected me to SnapDo's malicious searchengine. If I do not want to be directed to it I will have to enter Google.com and then search for something. So SnapDo is still on the computer.

Let's home we can get rid if this, the items in the downloads folder and the other itmes that might be hiding somewhere on the computer.

Link to post
Share on other sites

Do not delete anything. Just follow my instructions.

Step 1

Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Step 2

Please download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan button. Wait until is finished.
  • Click on Clean.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner\AdwCleaner[s0].txt as well.
Step 3
  • Launch Malwarebytes' Anti-Malware
  • Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
  • Go to Scanner tab and select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

In your next reply, post the following log files:

  • Junkware Removal Tool log
  • AdwCleaner log
  • Malwarebytes' Anti-Malware log
Link to post
Share on other sites

A few notes before I post the logs:

 

-The computer is used for things like Facebook, reading the news and a few purchases online. So if you see anything that have to do with movie making (like I saw in the log above) it is something we want removed.

 

-After the scans (see logs below) SnapDo is still there. Not as a homepage, but when I use the adress bar to search for something it redirects me to SnapDo's search instead of Google.

 

-When borwsing the internet to check the post I used Google. When I search for something there is a little window at the top, with URL's that is being sponsed by whatever is on the computer somewhere. It did not go away after these scans either.

 

-When I was going to download Malwarebytes I went to the official site to get it, of course. When I got there an addon, or something like that, popped up. I think it was called MoboWallet, and was telling me about money, and how I could earn it. It did only pop up at that site.

 

-Random popups sometimes, mostly adds in them, when using Google Chrome. (I am not sure if they are gone after the scans that I just did.)

Link to post
Share on other sites

JRT:

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 6.1.0 (01.07.2014:1)

OS: Windows 8 x64

Ran by Peter on 10.01.2014 at 14:41:52,34

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



 

~~~ Services


 

~~~ Registry Values

 

Failed to delete: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{ae07101b-46d4-4a98-af68-0333ea26e113}

Failed to delete: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{ae07101b-46d4-4a98-af68-0333ea26e113}

Failed to delete: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{ae07101b-46d4-4a98-af68-0333ea26e113}

Failed to delete: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{ae07101b-46d4-4a98-af68-0333ea26e113}

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Search Bar

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Search Page

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\\Default_Search_URL

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL\\Default

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\searchURL\\Default

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\searchURL\\Default

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\\SearchAssistant

Suspicious HKCU\..\Run entries found. Trojan:JS/Medfos.B?

 

   Value Name          Type                             Value Data                     

========================================================================================

   NextLive    REG_SZ    C:\windows\SysWOW64\rundll32.exe "C:\Users\Peter\AppData\Roaming\newnext.me\nengine.dll",EntryPoint -m l



 

~~~ Registry Keys

 

Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}

Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{67BD9EEB-AA06-4329-A940-D250019300C9}

Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}

Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{A0EE0278-2986-4E5A-884E-A3BF0357E476}

Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}

Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{67BD9EEB-AA06-4329-A940-D250019300C9}

Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}

Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{A0EE0278-2986-4E5A-884E-A3BF0357E476}

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\smartbar

Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\updater.amiupd

Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\updater.amiupd.1

Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}

Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{67BD9EEB-AA06-4329-A940-D250019300C9}

Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}

Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\TypeLib\{A0EE0278-2986-4E5A-884E-A3BF0357E476}

Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}

Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{67BD9EEB-AA06-4329-A940-D250019300C9}

Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}

Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\TypeLib\{A0EE0278-2986-4E5A-884E-A3BF0357E476}

Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\au__rasapi32

Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\optimizerpro_rasapi32

Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\optprostart_rasapi32

Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\snapdo_rasapi32

Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\snapdo_rasmancs

Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{99c91fc5-db5b-4aa0-bb70-5d89c5a4df96}

Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{99c91fc5-db5b-4aa0-bb70-5d89c5a4df96}

Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\au__rasapi32

Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\optimizerpro_rasapi32

Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\optprostart_rasapi32

Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\snapdo_rasapi32

Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\snapdo_rasmancs

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}

Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}

Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}

Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}


 

~~~ Files

 

Failed to delete: [File] C:\windows\Tasks\amiupdxp.job


 

~~~ Folders

 

Successfully deleted: [Folder] "C:\Users\Peter\appdata\local\swvupdater"

Successfully deleted: [Folder] "C:\Users\Peter\documents\optimizer pro"


 

~~~ Chrome

 

Successfully deleted: [Folder] C:\Users\Peter\appdata\local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl


 

~~~ Event Viewer Logs were cleared




 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on 10.01.2014 at 14:45:17,68

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Link to post
Share on other sites

AdwCleaner:

 

# AdwCleaner v3.016 - Report created 10/01/2014 at 14:47:41

# Updated 23/12/2013 by Xplode

# Operating System : Windows 8  (64 bits)

# Username : Peter - LIAVAAG

# Running from : C:\Users\Peter\Desktop\MAGNUS - IKKJE SLETT\AdwCleaner.exe

# Option : Clean

 

***** [ Services ] *****

 

***** [ Files / Folders ] *****

 

Folder Deleted : C:\Program Files (x86)\Mobogenie

Folder Deleted : C:\Users\Peter\AppData\Local\Mobogenie

Folder Deleted : C:\Users\Peter\Documents\Mobogenie

File Deleted : C:\windows\Tasks\AmiUpdXp.job

File Deleted : C:\windows\System32\Tasks\AmiUpdXp

 

***** [ Shortcuts ] *****

 

***** [ Registry ] *****

 

Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [NextLive]

Key Deleted : HKLM\SOFTWARE\Classes\Updater.AmiUpd

Key Deleted : HKLM\SOFTWARE\Classes\Updater.AmiUpd.1

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\optimizerpro_rasapi32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\optprostart_rasapi32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd

Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [mobilegeni daemon]

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{67BD9EEB-AA06-4329-A940-D250019300C9}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A0EE0278-2986-4E5A-884E-A3BF0357E476}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}

Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]

Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}

Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]

Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}

Key Deleted : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}

Key Deleted : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}

Key Deleted : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}

 

***** [ Browsers ] *****

 

-\\ Internet Explorer v10.0.9200.16537

 

Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl [Default]

 

-\\ Google Chrome v31.0.1650.63

 

[ File : C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\preferences ]

 

Deleted : homepage

Deleted : icon_url

Deleted : search_url

Deleted : keyword

 

*************************

 

AdwCleaner[R0].txt - [3429 octets] - [10/01/2014 14:46:49]

AdwCleaner[s0].txt - [3251 octets] - [10/01/2014 14:47:41]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [3311 octets] ##########

Link to post
Share on other sites

MBAM:

 

Malwarebytes Anti-Malware 1.75.0.1300

www.malwarebytes.org

 

Databaseversjon: v2014.01.10.04

 

Windows 8 x64 NTFS

Internet Explorer 10.0.9200.16750

Peter :: LIAVAAG [administrator]

 

10.01.2014 14:52:49

mbam-log-2014-01-10 (14-52-49).txt

 

Skanntype: Hurtigsøk

Aktiverte skanningsinnstillinger: Minne | Oppstart | Register | Filsystem | Heuristikk/Ekstra | Heuristikk/Shuriken | PUP | PUM

Deaktiverte skanninnstillinger: P2P

Objekter skannet: 212943

Tid tilbakelagt: 3 minutt(er), 17 sekund(er)

 

Minneprosesser oppdaget: 0

(Ingen skadelige objekter funnet)

 

Minnemoduler oppdaget: 0

(Ingen skadelige objekter funnet)

 

Registernøkler oppdaget: 1

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Webexp Enhanced (PUP.Optional.Webexp) -> Satt i karantene og slettet vellykket.

 

Registerverdier oppdaget: 0

(Ingen skadelige objekter funnet)

 

Registerfiler oppdaget: 0

(Ingen skadelige objekter funnet)

 

Mapper oppdaget: 11

C:\Users\Peter\AppData\Roaming\newnext.me (PUP.Optional.NextLive.A) -> Satt i karantene og slettet vellykket.

C:\Users\Peter\AppData\Roaming\newnext.me\cache (PUP.Optional.NextLive.A) -> Satt i karantene og slettet vellykket.

C:\Program Files (x86)\WebexpEnhancedV1 (PUP.Optional.Webexp) -> Satt i karantene og slettet vellykket.

C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha811 (PUP.Optional.Webexp) -> Satt i karantene og slettet vellykket.

C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha811\ch (PUP.Optional.Webexp) -> Satt i karantene og slettet vellykket.

C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha811\ff (PUP.Optional.Webexp) -> Satt i karantene og slettet vellykket.

C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha811\ff\chrome (PUP.Optional.Webexp) -> Satt i karantene og slettet vellykket.

C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha811\ff\chrome\content (PUP.Optional.Webexp) -> Satt i karantene og slettet vellykket.

C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha811\ff\chrome\content\icons (PUP.Optional.Webexp) -> Satt i karantene og slettet vellykket.

C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha811\ff\chrome\content\icons\default (PUP.Optional.Webexp) -> Satt i karantene og slettet vellykket.

C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha811\ie (PUP.Optional.Webexp) -> Satt i karantene og slettet vellykket.

 

Filer oppdaget 18

C:\Users\Peter\AppData\Local\Temp\awh4440.tmp (PUP.Optional.Amonetize) -> Satt i karantene og slettet vellykket.

C:\Users\Peter\AppData\Local\Temp\awhF2A5.tmp (PUP.Optional.AdLyrics) -> Satt i karantene og slettet vellykket.

C:\Users\Peter\AppData\Local\Temp\setup__4216.exe (PUP.Optional.InstallMonetizer) -> Satt i karantene og slettet vellykket.

C:\Users\Peter\AppData\Local\Temp\Updater.exe (PUP.Optional.Amonetize) -> Satt i karantene og slettet vellykket.

C:\Users\Peter\Downloads\FlashPlayer__4369_i157741291_il14.exe (PUP.Optional.InstallMonetizer) -> Satt i karantene og slettet vellykket.

C:\Users\Peter\Downloads\FlashPlayer__4369_i157741428_il14.exe (PUP.Optional.InstallMonetizer) -> Satt i karantene og slettet vellykket.

C:\Users\Peter\AppData\Roaming\newnext.me\nengine.cookie (PUP.Optional.NextLive.A) -> Satt i karantene og slettet vellykket.

C:\Users\Peter\AppData\Roaming\newnext.me\nengine.dll (PUP.Optional.NextLive.A) -> Satt i karantene og slettet vellykket.

C:\Users\Peter\AppData\Roaming\newnext.me\cache\spark.bin (PUP.Optional.NextLive.A) -> Satt i karantene og slettet vellykket.

C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha811\uninstall.exe (PUP.Optional.Webexp) -> Satt i karantene og slettet vellykket.

C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha811\ch\WebexpEnhancedV1alpha811.crx (PUP.Optional.Webexp) -> Satt i karantene og slettet vellykket.

C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha811\ff\chrome.manifest (PUP.Optional.Webexp) -> Satt i karantene og slettet vellykket.

C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha811\ff\install.rdf (PUP.Optional.Webexp) -> Satt i karantene og slettet vellykket.

C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha811\ff\chrome\content\ffWebexpEnhancedV1alpha811.js (PUP.Optional.Webexp) -> Satt i karantene og slettet vellykket.

C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha811\ff\chrome\content\ffWebexpEnhancedV1alpha811ffaction.js (PUP.Optional.Webexp) -> Satt i karantene og slettet vellykket.

C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha811\ff\chrome\content\overlay.xul (PUP.Optional.Webexp) -> Satt i karantene og slettet vellykket.

C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha811\ff\chrome\content\icons\Thumbs.db (PUP.Optional.Webexp) -> Satt i karantene og slettet vellykket.

C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha811\ff\chrome\content\icons\default\WebexpEnhancedV1alpha811_32.png (PUP.Optional.Webexp) -> Satt i karantene og slettet vellykket.

 

(klar)

Link to post
Share on other sites

Download OTL to your Desktop

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Please tick the Scan All users. Next, click the Quick Scan button. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic.
Link to post
Share on other sites

Still random pop-ups and an extra search tab in Google like before. (If I search for Malwarebytes it gives links that go to other pages, not a good thing to have there.) I don't know if that pop-up that I told you about earlier is there. (The one that tells me about a way to earn money etc. When I visit the Malwarebytes page.)

 

So, what do you think? Can we get rid of these things?

Logs below:

Link to post
Share on other sites

OTL:

 

OTL logfile created on: 10.01.2014 23:52:05 - Run 1

OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Peter\Desktop\MAGNUS - IKKJE SLETT

64bit- An unknown product  (Version = 6.2.9200) - Type = NTWorkstation

Internet Explorer (Version = 9.10.9200.16750)

Locale: 00000414 | Country: Norge | Language: NOR | Date Format: dd.MM.yyyy

 

7,86 Gb Total Physical Memory | 6,47 Gb Available Physical Memory | 82,36% Memory free

9,05 Gb Paging File | 7,59 Gb Available in Paging File | 83,93% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 922,21 Gb Total Space | 834,33 Gb Free Space | 90,47% Space Free | Partition Type: NTFS

 

Computer Name: LIAVAAG | User Name: Peter | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 

========== Processes (SafeList) ==========

 

PRC - [2014.01.10 23:50:29 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Peter\Desktop\MAGNUS - IKKJE SLETT\OTL.exe

PRC - [2013.12.04 03:48:06 | 000,863,184 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

PRC - [2013.05.21 05:44:22 | 000,144,368 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe

PRC - [2012.09.24 05:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- c:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

PRC - [2010.10.12 13:56:40 | 000,979,328 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe

PRC - [2009.05.14 17:07:14 | 000,759,048 | ---- | M] (ABBYY) -- C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe

 

 

========== Modules (No Company Name) ==========

 

MOD - [2013.12.04 03:48:04 | 000,399,312 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll

MOD - [2013.12.04 03:48:03 | 013,586,896 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll

MOD - [2013.12.04 03:48:02 | 004,055,504 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll

MOD - [2013.12.04 03:47:11 | 000,702,416 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\libglesv2.dll

MOD - [2013.12.04 03:47:11 | 000,099,792 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\libegl.dll

MOD - [2013.12.04 03:47:08 | 001,619,408 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ffmpegsumo.dll

MOD - [2012.05.30 07:51:08 | 000,699,280 | R--- | M] () -- C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\20.4.0.40\wincfi39.dll

 

 

========== Services (SafeList) ==========

 

SRV:64bit: - [2013.08.16 06:39:26 | 002,371,728 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\WSService.dll -- (WSService)

SRV:64bit: - [2013.07.02 01:44:21 | 000,016,048 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)

SRV:64bit: - [2013.06.24 23:54:45 | 000,263,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc)

SRV:64bit: - [2013.06.01 10:19:58 | 000,207,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc)

SRV:64bit: - [2013.05.04 07:58:02 | 000,470,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)

SRV:64bit: - [2013.05.04 07:57:05 | 000,179,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure)

SRV:64bit: - [2013.04.09 05:48:42 | 000,169,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)

SRV:64bit: - [2013.03.02 03:45:07 | 000,171,008 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker)

SRV:64bit: - [2013.03.02 03:45:05 | 000,180,224 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker)

SRV:64bit: - [2013.01.10 00:23:16 | 001,964,544 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc)

SRV:64bit: - [2013.01.10 00:22:35 | 000,438,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM)

SRV:64bit: - [2012.11.06 05:36:55 | 002,675,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)

SRV:64bit: - [2012.09.20 07:31:18 | 000,116,736 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc)

SRV:64bit: - [2012.07.26 04:07:47 | 000,065,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc)

SRV:64bit: - [2012.07.26 04:07:40 | 000,283,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc)

SRV:64bit: - [2012.07.26 04:07:25 | 000,012,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc)

SRV:64bit: - [2012.07.26 04:06:34 | 000,743,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon)

SRV:64bit: - [2012.07.26 04:06:33 | 000,161,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc)

SRV:64bit: - [2012.07.26 04:06:33 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup)

SRV:64bit: - [2012.07.26 04:05:55 | 000,059,904 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)

SRV:64bit: - [2012.07.26 04:05:34 | 000,037,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS)

SRV:64bit: - [2012.07.26 04:05:24 | 000,342,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService)

SRV:64bit: - [2012.07.26 04:05:08 | 000,122,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AUInstallAgent.dll -- (AllUserInstallAgent)

SRV:64bit: - [2012.07.26 01:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss)

SRV:64bit: - [2012.07.26 01:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync)

SRV:64bit: - [2012.07.26 01:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown)

SRV:64bit: - [2012.07.26 01:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv)

SRV:64bit: - [2012.07.26 01:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange)

SRV:64bit: - [2012.07.26 01:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat)

SRV - [2013.05.21 05:44:22 | 000,144,368 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe -- (NIS)

SRV - [2012.11.06 05:36:55 | 002,675,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll -- (PrintNotify)

SRV - [2012.10.22 17:40:30 | 000,277,024 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)

SRV - [2012.09.24 05:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- c:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2012.07.26 04:20:04 | 000,018,432 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc)

SRV - [2009.05.14 17:07:14 | 000,759,048 | ---- | M] (ABBYY) [Auto | Running] -- C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe -- (ABBYY.Licensing.FineReader.Sprint.9.0)

 

 

========== Driver Services (SafeList) ==========

 

DRV:64bit: - [2013.10.10 12:53:35 | 000,096,600 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\wfplwfs.sys -- (WFPLWFS)

DRV:64bit: - [2013.10.05 07:10:20 | 000,285,016 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\spaceport.sys -- (spaceport)

DRV:64bit: - [2013.10.02 03:50:07 | 000,447,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\USBHUB3.SYS -- (USBHUB3)

DRV:64bit: - [2013.08.16 06:41:13 | 000,058,200 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\Drivers\dam.sys -- (dam)

DRV:64bit: - [2013.08.10 07:30:22 | 000,151,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\tpm.sys -- (TPM)

DRV:64bit: - [2013.07.09 09:04:07 | 000,120,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpioclx.sys -- (GPIOClx0101)

DRV:64bit: - [2013.07.02 02:41:47 | 000,337,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\USBXHCI.SYS -- (USBXHCI)

DRV:64bit: - [2013.07.02 02:41:47 | 000,213,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\UCX01000.SYS -- (UCX01000)

DRV:64bit: - [2013.07.02 01:44:14 | 000,036,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdBoot.sys -- (WdBoot)

DRV:64bit: - [2013.07.01 23:08:49 | 000,247,216 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdFilter.sys -- (WdFilter)

DRV:64bit: - [2013.06.29 07:15:54 | 000,195,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdbus.sys -- (sdbus)

DRV:64bit: - [2013.06.19 06:43:00 | 000,177,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\SYMEVENT64x86.SYS -- (SymEvent)

DRV:64bit: - [2013.06.01 04:08:57 | 000,037,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthAvrcpTg.sys -- (BthAvrcpTg)

DRV:64bit: - [2013.05.23 06:25:28 | 001,139,800 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\Drivers\NISx64\1404000.028\symefa64.sys -- (SymEFA)

DRV:64bit: - [2013.05.21 06:02:00 | 000,493,656 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\NISx64\1404000.028\symds64.sys -- (SymDS)

DRV:64bit: - [2013.05.16 06:02:14 | 000,796,760 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\Drivers\NISx64\1404000.028\srtsp64.sys -- (SRTSP)

DRV:64bit: - [2013.04.25 01:43:56 | 000,433,752 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\NISx64\1404000.028\symnets.sys -- (SymNetS)

DRV:64bit: - [2013.04.16 03:41:14 | 000,169,048 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\NISx64\1404000.028\ccsetx64.sys -- (ccSet_NIS)

DRV:64bit: - [2013.03.05 02:40:08 | 000,224,416 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\NISx64\1404000.028\ironx64.sys -- (SymIRON)

DRV:64bit: - [2013.03.05 02:21:35 | 000,036,952 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\NISx64\1404000.028\srtspx64.sys -- (SRTSPX)

DRV:64bit: - [2013.03.02 11:57:46 | 000,077,544 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\storahci.sys -- (storahci)

DRV:64bit: - [2013.03.02 11:39:38 | 000,069,864 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\pdc.sys -- (pdc)

DRV:64bit: - [2013.01.10 02:53:32 | 000,028,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpiowin32.sys -- (msgpiowin32)

DRV:64bit: - [2012.12.13 12:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)

DRV:64bit: - [2012.11.27 04:55:44 | 000,029,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthhfHid.sys -- (bthhfhid)

DRV:64bit: - [2012.11.20 05:54:31 | 000,039,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hidi2c.sys -- (hidi2c)

DRV:64bit: - [2012.11.06 04:55:44 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\fxppm.sys -- (FxPPM)

DRV:64bit: - [2012.10.22 17:40:12 | 005,332,896 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\igdkmd64.sys -- (igfx)

DRV:64bit: - [2012.10.12 09:08:01 | 000,027,880 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\rdpvideominiport.sys -- (RdpVideoMiniport)

DRV:64bit: - [2012.10.11 08:25:48 | 000,056,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdstor.sys -- (sdstor)

DRV:64bit: - [2012.10.11 06:19:44 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WSDScan.sys -- (WSDScan)

DRV:64bit: - [2012.09.20 08:55:27 | 003,265,256 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2012.09.20 08:55:24 | 000,533,224 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2012.09.07 01:25:26 | 000,719,504 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\Rt630x64.sys -- (RTL8168)

DRV:64bit: - [2012.08.21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\GEARAspiWDM.sys -- (GEARAspiWDM)

DRV:64bit: - [2012.07.26 06:26:46 | 000,025,328 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2012.07.26 06:26:45 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\condrv.sys -- (condrv)

DRV:64bit: - [2012.07.26 06:00:58 | 000,322,800 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\VSTXRAID.SYS -- (VSTXRAID)

DRV:64bit: - [2012.07.26 06:00:58 | 000,106,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\VerifierExt.sys -- (VerifierExt)

DRV:64bit: - [2012.07.26 06:00:58 | 000,097,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\uaspstor.sys -- (UASPStor)

DRV:64bit: - [2012.07.26 06:00:57 | 000,077,040 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\acpiex.sys -- (acpiex)

DRV:64bit: - [2012.07.26 06:00:55 | 000,064,240 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\mvumis.sys -- (mvumis)

DRV:64bit: - [2012.07.26 06:00:55 | 000,030,960 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2012.07.26 06:00:52 | 000,092,400 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2012.07.26 06:00:52 | 000,081,136 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sss.sys -- (LSI_SSS)

DRV:64bit: - [2012.07.26 06:00:52 | 000,064,752 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2012.07.26 06:00:51 | 000,113,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)

DRV:64bit: - [2012.07.26 06:00:51 | 000,081,136 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\EhStorClass.sys -- (EhStorClass)

DRV:64bit: - [2012.07.26 06:00:49 | 000,258,288 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2012.07.26 06:00:49 | 000,106,736 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\3ware.sys -- (3ware)

DRV:64bit: - [2012.07.26 06:00:49 | 000,076,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2012.07.26 06:00:48 | 000,026,352 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2012.07.26 05:57:54 | 000,361,200 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\clfs.sys -- (CLFS)

DRV:64bit: - [2012.07.26 05:53:16 | 000,067,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vpci.sys -- (vpci)

DRV:64bit: - [2012.07.26 04:17:38 | 000,036,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\terminpt.sys -- (terminpt)

DRV:64bit: - [2012.07.26 03:29:47 | 000,021,504 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WSDPrint.sys -- (WSDPrintDevice)

DRV:64bit: - [2012.07.26 03:29:14 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mshidumdf.sys -- (mshidumdf)

DRV:64bit: - [2012.07.26 03:29:08 | 000,048,640 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicDisplay.sys -- (BasicDisplay)

DRV:64bit: - [2012.07.26 03:29:03 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\HyperVideo.sys -- (HyperVideo)

DRV:64bit: - [2012.07.26 03:28:52 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicRender.sys -- (BasicRender)

DRV:64bit: - [2012.07.26 03:27:58 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vmgencounter.sys -- (gencounter)

DRV:64bit: - [2012.07.26 03:27:41 | 000,018,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\kdnic.sys -- (kdnic)

DRV:64bit: - [2012.07.26 03:27:37 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpitime.sys -- (acpitime)

DRV:64bit: - [2012.07.26 03:27:33 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\npsvctrig.sys -- (npsvctrig)

DRV:64bit: - [2012.07.26 03:27:29 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WpdUpFltr.sys -- (WpdUpFltr)

DRV:64bit: - [2012.07.26 03:27:16 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpipagr.sys -- (acpipagr)

DRV:64bit: - [2012.07.26 03:27:01 | 000,011,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hyperkbd.sys -- (hyperkbd)

DRV:64bit: - [2012.07.26 03:26:46 | 000,062,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SerCx.sys -- (SerCx)

DRV:64bit: - [2012.07.26 03:26:43 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SpbCx.sys -- (SpbCx)

DRV:64bit: - [2012.07.26 03:26:34 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbGD.sys -- (TsUsbGD)

DRV:64bit: - [2012.07.26 03:26:13 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\bthhfenum.sys -- (BthHFEnum)

DRV:64bit: - [2012.07.26 03:25:57 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\dmvsc.sys -- (dmvsc)

DRV:64bit: - [2012.07.26 03:25:56 | 000,057,344 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2012.07.26 03:25:13 | 000,045,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\wpcfltr.sys -- (wpcfltr)

DRV:64bit: - [2012.07.26 03:25:01 | 000,126,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\NdisImPlatform.sys -- (NdisImPlatform)

DRV:64bit: - [2012.07.26 03:23:53 | 000,068,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mslldp.sys -- (MsLldp)

DRV:64bit: - [2012.07.26 03:23:42 | 000,097,792 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\Ndu.sys -- (Ndu)

DRV:64bit: - [2012.07.24 09:37:56 | 000,046,016 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\ISCTD64.sys -- (ISCT)

DRV:64bit: - [2012.07.02 23:16:02 | 000,062,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\HECIx64.sys -- (MEIx64)

DRV:64bit: - [2012.06.20 19:45:12 | 000,023,448 | R--- | M] (Symantec Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\NISx64\1404000.028\symelam.sys -- (SymELAM)

DRV:64bit: - [2012.02.16 12:42:00 | 000,676,968 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\Rt64win7.sys -- (RTL8167)

DRV:64bit: - [2011.11.29 19:40:32 | 000,568,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\iaStor.sys -- (iaStor)

DRV:64bit: - [2008.07.26 15:26:34 | 000,050,072 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\LVUSBS64.sys -- (LVUSBS64)

DRV:64bit: - [2008.07.26 15:22:34 | 002,624,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\LV302V64.SYS -- (PID_PEPI)

DRV - [2013.12.18 01:32:10 | 001,526,488 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\BASHDefs\20131218.001\BHDrvx64.sys -- (BHDrvx64)

DRV - [2013.12.13 07:29:03 | 000,521,944 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\IPSDefs\20140109.001\IDSviA64.sys -- (IDSVia64)

DRV - [2013.11.21 07:05:58 | 000,484,952 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)

DRV - [2013.11.21 07:05:58 | 000,137,648 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)

DRV - [2013.08.29 06:15:33 | 002,099,288 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\VirusDefs\20140109.018\ex64.sys -- (NAVEX15)

DRV - [2013.08.29 06:15:32 | 000,126,040 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\VirusDefs\20140109.018\eng64.sys -- (NAVENG)

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\..\SearchScopes,DefaultScope =

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

 

 

IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

 

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

 

IE - HKU\S-1-5-21-2179294692-925929481-4060802572-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com

IE - HKU\S-1-5-21-2179294692-925929481-4060802572-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com

IE - HKU\S-1-5-21-2179294692-925929481-4060802572-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.no/

IE - HKU\S-1-5-21-2179294692-925929481-4060802572-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://no.msn.com/?ocid=iehp

IE - HKU\S-1-5-21-2179294692-925929481-4060802572-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = nb-NO

IE - HKU\S-1-5-21-2179294692-925929481-4060802572-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C2 C3 3C 92 59 E4 CD 01  [binary data]

IE - HKU\S-1-5-21-2179294692-925929481-4060802572-1001\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com

IE - HKU\S-1-5-21-2179294692-925929481-4060802572-1001\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com

IE - HKU\S-1-5-21-2179294692-925929481-4060802572-1001\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-2179294692-925929481-4060802572-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR

IE - HKU\S-1-5-21-2179294692-925929481-4060802572-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2179294692-925929481-4060802572-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

 

 

========== FireFox ==========

 

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.40.2: C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: c:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Peter\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\coFFPlgn\ [2014.01.10 14:59:22 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\IPSFF [2013.10.09 20:32:39 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ext@WebexpEnhancedV1alpha811.net: C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha811\ff

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ext@VideoPlayerV3beta783.net: C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta783\ff [2014.01.10 07:19:12 | 000,000,000 | ---D | M]

 

[2014.01.10 07:19:12 | 000,000,000 | ---D | M] (Video Player) -- C:\PROGRAM FILES (X86)\VIDEOPLAYERV3\VIDEOPLAYERV3BETA783\FF

File not found (No name found) -- C:\PROGRAM FILES (X86)\WEBEXPENHANCEDV1\WEBEXPENHANCEDV1ALPHA811\FF

 

========== Chrome  ==========

 

CHR - default_search_provider: Web (Enabled)

CHR - default_search_provider: search_url = http://feed.snapdo.com/?publisher=TightropeYB&dpid=TightropeYB&co=NO&userid=92c6f4b4-5228-1732-3dbe-c4695b7f518b&searchtype=ds&q={searchTerms}&installDate=17/12/2013

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms},

CHR - homepage: http://www.google.com

CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll

CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll

CHR - plugin: Norton Identity Safe (Enabled) = C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.1.0.32_0\npcoplgn.dll

CHR - plugin: Adobe Acrobat (Enabled) = c:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll

CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL

CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL

CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll

CHR - plugin: Java Platform SE 7 U9 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll

CHR - plugin: Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

CHR - plugin: Java Deployment Toolkit 7.0.90.5 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll

CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll

CHR - Extension: Google Drive = C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\

CHR - Extension: YouTube = C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\

CHR - Extension: Google Search = C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\

CHR - Extension: Video Player = C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\hokmjecidondokiglcmdodmifnopckeh\1.1_0\

CHR - Extension: Norton Identity Protection = C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.4.5.2_0\

CHR - Extension: Google Wallet = C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\

CHR - Extension: Gmail = C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

 

O1 HOSTS File: ([2012.07.26 06:26:49 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\Drivers\etc\hosts

O2:64bit: - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)

O2:64bit: - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION)

O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)

O2:64bit: - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation)

O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\IPS\IPSBHO.DLL (Symantec Corporation)

O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL (Microsoft Corporation)

O2 - BHO: (Video Player) - {bb30cfa1-ade9-4c2d-aa3f-1dc917cfa047} - C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta783\ie\VideoPlayerV3beta783.dll ()

O3:64bit: - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION)

O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)

O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)

O4 - HKU\S-1-5-21-2179294692-925929481-4060802572-1001..\Run: [spotify] C:\Users\Peter\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd)

O4 - HKU\S-1-5-21-2179294692-925929481-4060802572-1001..\Run: [spotify Web Helper] C:\Users\Peter\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O7 - HKU\S-1-5-21-2179294692-925929481-4060802572-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B0743606-5239-4AEC-BD5D-A51D895858EC}: DhcpNameServer = 192.168.0.1

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O18:64bit: - Protocol\Handler\wlpg - No CLSID value found

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)

O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O30 - LSA: Security Packages - (livessp) -  File not found

O32 - HKLM CDRom: AutoRun - 1

O33 - MountPoints2\{43e0f585-92ba-11e2-be88-d43d7e323d24}\Shell - "" = AutoRun

O33 - MountPoints2\{43e0f585-92ba-11e2-be88-d43d7e323d24}\Shell\AutoRun\command - "" = "E:\iLinker.exe"

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

 

========== Files/Folders - Created Within 30 Days ==========

 

[2014.01.10 14:51:03 | 000,000,000 | ---D | C] -- C:\Users\Peter\AppData\Roaming\Malwarebytes

[2014.01.10 14:50:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2014.01.10 14:50:54 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys

[2014.01.10 14:50:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2014.01.10 14:46:40 | 000,000,000 | ---D | C] -- C:\AdwCleaner

[2014.01.10 14:41:49 | 000,000,000 | ---D | C] -- C:\windows\ERUNT

[2014.01.10 07:19:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoPlayerV3

[2014.01.09 16:12:10 | 000,000,000 | ---D | C] -- C:\Users\Peter\Desktop\MAGNUS - IKKJE SLETT

[2013.12.17 23:09:06 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP

[2013.12.17 23:05:05 | 000,000,000 | ---D | C] -- C:\Users\Peter\.android

[2013.12.17 23:05:04 | 000,000,000 | ---D | C] -- C:\Users\Peter\AppData\Local\genienext

[2013.12.17 23:05:04 | 000,000,000 | ---D | C] -- C:\Users\Peter\AppData\Local\cache

[2013.12.17 23:03:59 | 000,000,000 | ---D | C] -- C:\Users\Peter\AppData\Local\Programs

[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

 

========== Files - Modified Within 30 Days ==========

 

[2014.01.10 23:48:30 | 000,001,002 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job

[2014.01.10 23:48:23 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat

[2014.01.10 15:03:28 | 001,362,464 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI

[2014.01.10 15:03:28 | 000,710,046 | ---- | M] () -- C:\windows\SysNative\perfh009.dat

[2014.01.10 15:03:28 | 000,448,670 | ---- | M] () -- C:\windows\SysNative\perfh014.dat

[2014.01.10 15:03:28 | 000,132,416 | ---- | M] () -- C:\windows\SysNative\perfc009.dat

[2014.01.10 15:03:28 | 000,076,846 | ---- | M] () -- C:\windows\SysNative\perfc014.dat

[2014.01.10 14:58:46 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys

[2014.01.10 14:58:45 | 2455,220,223 | -HS- | M] () -- C:\hiberfil.sys

[2014.01.10 07:19:57 | 000,000,170 | ---- | M] () -- C:\extensions.ini

[2014.01.10 01:14:00 | 000,001,006 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job

[2014.01.02 00:10:03 | 000,356,288 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT

[2013.12.21 21:27:43 | 000,000,000 | ---- | M] () -- C:\extensions.sqlite

[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

 

========== Files Created - No Company Name ==========

 

[2014.01.02 22:37:25 | 000,002,720 | ---- | C] () -- C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton Internet Security.lnk

[2014.01.02 00:09:57 | 000,356,288 | ---- | C] () -- C:\windows\SysNative\FNTCACHE.DAT

[2013.12.21 21:27:43 | 000,000,170 | ---- | C] () -- C:\extensions.ini

[2013.12.21 21:27:43 | 000,000,000 | ---- | C] () -- C:\extensions.sqlite

[2013.12.12 07:17:21 | 000,385,528 | ---- | C] () -- C:\windows\SysNative\ApnDatabase.xml

[2013.09.11 16:12:10 | 000,083,968 | ---- | C] () -- C:\windows\SysWow64\OEMLicense.dll

[2012.12.27 17:19:04 | 000,451,072 | ---- | C] () -- C:\windows\SysWow64\ISSRemoveSP.exe

[2012.12.20 01:46:23 | 000,272,928 | ---- | C] () -- C:\windows\SysWow64\igvpkrng600.bin

[2012.12.20 01:46:18 | 000,064,512 | ---- | C] () -- C:\windows\SysWow64\igdde32.dll

[2012.12.20 01:46:17 | 000,963,452 | ---- | C] () -- C:\windows\SysWow64\igcodeckrng600.bin

[2012.07.26 09:13:10 | 000,215,943 | ---- | C] () -- C:\windows\SysWow64\dssec.dat

[2012.07.26 09:13:09 | 000,000,741 | ---- | C] () -- C:\windows\SysWow64\NOISE.DAT

[2012.07.26 08:21:26 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat

[2012.07.26 02:17:42 | 000,043,520 | ---- | C] () -- C:\windows\SysWow64\BWContextHandler.dll

[2012.07.25 21:37:29 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin

[2012.07.25 21:28:31 | 000,364,544 | ---- | C] () -- C:\windows\SysWow64\msjetoledb40.dll

[2012.06.02 15:31:19 | 000,673,088 | ---- | C] () -- C:\windows\SysWow64\mlang.dat

 

========== ZeroAccess Check ==========

 

[2013.10.29 21:18:03 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

 

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

 

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

"" = C:\Windows\SysNative\shell32.dll -- [2013.08.02 07:28:20 | 019,758,080 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2013.08.02 06:08:10 | 017,561,088 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012.07.26 04:05:38 | 001,004,544 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2012.07.26 04:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012.07.26 04:07:41 | 000,455,680 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

 

========== LOP Check ==========

 

[2013.09.21 21:53:37 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\Epson

[2014.01.09 23:41:06 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\Spotify

[2013.07.01 21:04:11 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\Unity

 

========== Purity Check ==========

 

 

 

< End of report >

Link to post
Share on other sites

Extras log:

 

OTL Extras logfile created on: 10.01.2014 23:52:05 - Run 1

OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Peter\Desktop\MAGNUS - IKKJE SLETT

64bit- An unknown product  (Version = 6.2.9200) - Type = NTWorkstation

Internet Explorer (Version = 9.10.9200.16750)

Locale: 00000414 | Country: Norge | Language: NOR | Date Format: dd.MM.yyyy

 

7,86 Gb Total Physical Memory | 6,47 Gb Available Physical Memory | 82,36% Memory free

9,05 Gb Paging File | 7,59 Gb Available in Paging File | 83,93% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 922,21 Gb Total Space | 834,33 Gb Free Space | 90,47% Space Free | Partition Type: NTFS

 

Computer Name: LIAVAAG | User Name: Peter | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 

========== Extra Registry (SafeList) ==========

 

 

========== File Associations ==========

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)

.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

 

[HKEY_USERS\S-1-5-21-2179294692-925929481-4060802572-1001\SOFTWARE\Classes\<extension>]

.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

 

========== Shell Spawning ==========

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

 

========== Security Center Settings ==========

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = CE 37 E6 AF FF 6A CD 01  [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

 

========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

 

========== Authorized Applications List ==========

 

 

========== Vista Active Open Ports Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{03BB7199-2D0E-4C25-A900-B9300C2BD9B9}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{063E6B0A-7E03-46E3-AC9A-413C9A4140F2}" = lport=139 | protocol=6 | dir=in | app=system |

"{0877D262-0B96-402F-B66D-5967FBCE0730}" = lport=1542 | protocol=17 | dir=in | name=realtek wps udp prot |

"{09303CC2-03BE-4B0E-9393-EBBE9785BE24}" = lport=1542 | protocol=17 | dir=in | name=realtek wps udp prot |

"{192D4335-01DA-4940-90A5-32AA8123AD14}" = lport=2869 | protocol=6 | dir=in | app=system |

"{19AB878D-D3C7-4D46-AB19-2359F10EE6D1}" = lport=53 | protocol=17 | dir=in | name=realtek ap udp prot |

"{1A71FE52-C780-4F46-893D-2207AF9840C1}" = rport=10243 | protocol=6 | dir=out | app=system |

"{1A962E21-ABAF-4881-9C51-51443876E234}" = lport=53 | protocol=17 | dir=in | name=realtek ap udp prot |

"{1BBADB01-A80C-44A4-97E6-B655908DA56A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{1E9080B2-FB85-4813-B897-AA619AC7294E}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{2987A752-14B6-47E1-A1C3-AFB8BD698EE7}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |

"{3223BDD5-EF07-4C7E-9AE3-9BDE73393283}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{385DDD46-ABED-465E-9EEC-DBBCD80DD64C}" = lport=138 | protocol=17 | dir=in | app=system |

"{3A26222D-2A0A-4434-A9E3-200BF483CC55}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{4668FEC6-11DA-48CB-9AC5-331A993B80D0}" = lport=1542 | protocol=6 | dir=in | name=realtek wps tcp prot |

"{488DA9D1-9260-43E3-942D-672579E7F018}" = lport=1542 | protocol=6 | dir=in | name=realtek wps tcp prot |

"{4F4A0F1F-3892-4630-89FB-7891D74E6208}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{54FE15C9-87FB-422F-8410-C993C392144F}" = rport=139 | protocol=6 | dir=out | app=system |

"{68DBBC67-EAF6-4BB4-A738-3D1BB640EC08}" = lport=445 | protocol=6 | dir=in | app=system |

"{79F5F066-DF43-457C-833D-F64E33B7D250}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |

"{7CD8C17D-9F9D-46E7-8CEC-602DFF4D1CC2}" = rport=137 | protocol=17 | dir=out | app=system |

"{8B52762B-D752-466B-9D77-4D5C23335D3D}" = lport=137 | protocol=17 | dir=in | app=system |

"{8E507BB7-3F86-48DC-83E3-FB21319301A2}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{A91A2C4C-79EE-405A-9655-FBCCF600F63E}" = rport=445 | protocol=6 | dir=out | app=system |

"{BC1E78DE-E4CE-4B5C-B40F-975AEDDDC4D6}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

"{C694873F-9703-4B35-B67D-FD3089CDB87D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{D5D6B608-5C8A-4A79-8329-67DA0946152C}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |

"{E1ABF382-0D96-48C4-837B-2EA357D26C4B}" = rport=138 | protocol=17 | dir=out | app=system |

"{EEA129A0-8209-4A5D-8CED-AE33EB9C55BA}" = lport=10243 | protocol=6 | dir=in | app=system |

 

========== Vista Active Application Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{053C5942-EE06-4A2D-BF5F-A65B776164F7}" = protocol=17 | dir=in | app=c:\program files (x86)\asus\usb-n13 wlan card utilities\rtwlan.exe |

"{08DDFA54-86C7-41AF-B8DD-47742D4DC1A1}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |

"{0D112478-F589-4BBF-96DC-BC076CA41C02}" = protocol=6 | dir=out | app=system |

"{126148EE-CDB0-442E-B237-E25774381797}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1737\agent.exe |

"{127C03AC-1855-4490-A8CC-426F2219DFFC}" = protocol=6 | dir=in | app=c:\program files (x86)\asus\usb-n13 wlan card utilities\rtwlan.exe |

"{12E74777-9E33-4211-9516-7B88B9182E7F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{150C58FE-8F13-47B5-B3B8-714352B465D0}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{1910E772-85EC-4B02-A4A3-A75E6D025EE2}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{19390F33-E748-4D54-A4E2-51F9A1BBFD51}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |

"{1BEA73DD-63B1-4548-B585-F09C0A24CE7B}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |

"{2248EFCE-410C-49B4-9EDD-7AD9801D714D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{226DA6E0-1185-4C64-BEDD-41CAB9AD2458}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |

"{22FC1881-9915-44CA-9111-15490184AE39}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{2939BFCC-9C1B-4FD4-BE32-623E6BB927C8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{2D2A0766-86BC-47EF-B55B-BE420C869794}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{2EC91E70-36C8-407A-B1BD-BEE888A612BE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{3BE656CE-38FB-4685-ABDB-71DBEAA057D1}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe |

"{41669948-FF87-418D-8569-57EB26484B12}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{43AFF11C-E8E4-4D92-9809-C5172EAF11B7}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{45A2DA80-0E24-4F18-AAB4-977BCE861C47}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |

"{4BED45D4-2CB3-4942-A8F8-D4A4D0B5403B}" = protocol=6 | dir=in | app=c:\program files (x86)\asus\usb-n13 wlan card utilities\rtwlan.exe |

"{5F221F01-6DA8-4F0F-B264-0F76569925F2}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |

"{63294DA7-A4BA-4AFC-8E3E-940449E83660}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{690B0374-A3BD-42E1-895C-D9F408B7B8DA}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |

"{71287E7A-BFFB-4970-B0F5-9A429008E4B0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{73A21230-7560-457C-A33D-A2F02B239AD4}" = protocol=17 | dir=in | app=c:\users\peter\appdata\local\temp\epson px730 series_home\network\epsonnetsetup\epsonnetsetup3_4_1_fc_1_0_ww_direct\eneasyapp.exe |

"{76FB497F-6D39-40EC-8CBB-87F74F6C2B76}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{7C37AB71-28D6-429F-A035-61A4DDCBC23F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{90B69B62-C37B-4761-84B0-E05CA7010FF5}" = dir=out | name=windows_ie_ac_001 |

"{981D5556-6C58-4BF4-85C6-1117ADD57BC0}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |

"{99F13CCA-2015-4C44-852E-50A86D42309A}" = protocol=6 | dir=in | app=d:\network\epsonnetsetup\eneasyapp.exe |

"{9CB96073-7FBA-41C6-873B-7DEFA6CE9552}" = dir=in | app=c:\users\administrator\appdata\local\microsoft\skydrive\skydrive.exe |

"{A8074542-BC7F-4064-972E-8D83BDB9DA6A}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe |

"{AA7DB25B-827F-4314-96D7-A14013F1DD8C}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |

"{BC15BA5E-DED7-4FE5-86ED-BB4CE162BA20}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |

"{C4546F7E-D2D0-4014-A303-5BF44836B933}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.2380\agent.exe |

"{CA88E945-632B-46F1-8AAE-5AA4948FF6CF}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |

"{CDAE1839-48D3-4AA6-BED9-E188590A5DF8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{D9AABF15-DCA5-4C78-AB2D-DCB192BE7D60}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |

"{DAF4782D-E995-4753-B613-47218A963641}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |

"{DBCD7608-CBCA-484A-ADE1-5520CB63A9C1}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.2380\agent.exe |

"{DD340CAE-C278-4C8C-A288-6D6C34CAD244}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1737\agent.exe |

"{E14DCD25-280F-41DD-9345-52D058185BFE}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |

"{E48DE895-3D45-4C13-8483-A8F25723EA8C}" = protocol=17 | dir=in | app=d:\network\epsonnetsetup\eneasyapp.exe |

"{E5894EF7-5311-4C8D-B9F0-06684823D974}" = protocol=17 | dir=in | app=c:\program files (x86)\asus\usb-n13 wlan card utilities\rtwlan.exe |

"{EDECD5B1-BA3B-4402-98A3-53D4415005F9}" = protocol=6 | dir=in | app=c:\users\peter\appdata\local\temp\epson px730 series_home\network\epsonnetsetup\epsonnetsetup3_4_1_fc_1_0_ww_direct\eneasyapp.exe |

"TCP Query User{A5979162-4F92-4165-A487-AAFEA5873098}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |

"UDP Query User{45C29326-5F56-48D0-B686-90AEED058045}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |

 

========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0225AD21-F3E2-4916-BFF3-65D3F9052582}" = iTunes

"{26A24AE4-039D-4CA4-87B4-2F86417009FF}" = Java 7 Update 9 (64-bit)

"{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support

"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010

"{90140000-002A-0414-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Norwegian (Bokmål)) 2010

"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting

"{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64

"4A5EF81C80190F479C6FB16BC8CF595275AAC778" = Windows Driver Package - Realtek Semiconductor Corp. HD Audio Driver (06/19/2012 6.0.1.6662)

"64A62163FE43328D13305746CB8BCC93F2DF6545" = Windows Driver Package - Intel (iaStor) hdc  (11/29/2011 11.0.0.1032)

"6CBF275A27BB7C00C18E97EF3F2180EF5A6BD92E" = Windows Driver Package - Realtek (RTL8168) Net  (09/07/2012 8.004.0907.2012)

"97EE1802A0385A37DE6323FA39EC76BEB2D73E41" = Windows Driver Package - Intel USB  (08/26/2011 9.3.0.1011)

"9BC1D406C7F459937934ABBF1D718304962F15C8" = Windows Driver Package - Intel System  (03/10/2011 9.2.0.1026)

"9D7CD466F7FC8B18FF1B84943B7BB8648D17FCE8" = Windows Driver Package - Intel System  (08/26/2011 9.3.0.1011)

"A7E82C89A6D6643325B95A4FEDAB3DB18640208F" = Windows Driver Package - Intel hdc  (08/26/2011 9.3.0.1011)

"C8CA88388A58C08FD1318BB111CC8BDC79A3B577" = Windows Driver Package - Intel (ISCT) System  (05/04/2012 1.0.7.0)

"E439B1D292FF1A0DA518129C45F2B8E69DD7D97D" = Windows Driver Package - Intel (MEIx64) System  (07/02/2012 8.1.0.1263)

"EPSON PX730 Series" = EPSON PX730 Series Printer Uninstall

"FD46FC8B82707DFC86508A0368CBC6E6EBDAD7ED" = Windows Driver Package - Intel Corporation (igfx) Display  (10/17/2012 9.17.10.2875)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0454BB9A-2A7A-4214-BDFF-937F7A711A44}" = Windows Live Communications Platform

"{0E1BB4B4-00FF-45B1-914B-AB8D8B9862B3}" = Windows Live UX Platform Language Pack

"{10F63395-157F-4B93-AB4D-702A2FF11942}" = Epson Download Navigator

"{18272881-CFC0-434D-A975-E5BE44206AA0}" = Windows Live UX Platform Language Pack

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{306C7AEF-16C7-428D-93AA-99D4A4090243}" = Movie Maker

"{30F99474-EBE3-4134-A02B-F6CD38CFE243}" = Photo Gallery

"{36BEC461-B58A-414D-993E-E2BDD1F1A14B}" = Movie Maker

"{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print

"{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}" = Apple-programsupport

"{49F068F2-4323-417B-AFC8-1E43F479D46C}" = Windows Live Essentials

"{4CCBD1F4-CEEC-452A-9CB8-46564B501315}" = Windows Live UX Platform

"{5078CEC3-A56F-4080-8CD4-ED7BCBE5686B}" = Photo Common

"{537B16E0-A39F-47CB-9C1E-50978862B108}" = Windows Live UX Platform Language Pack

"{5BABDA39-61CF-41EE-992D-4054B6649A9B}" = Movie Maker

"{6A8DB215-7BCD-4377-B015-2E4541A3E7C6}" = Windows Live PIMT Platform

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update

"{7E63F102-A9E9-4F4C-8004-BC62974736BF}" = Movie Maker

"{88809C3E-8C92-4454-AEB7-B26166E3D6CD}" = Windows Live UX Platform Language Pack

"{8A642ACD-CE3A-4A23-A8B1-A0F7EB12B214}" = Windows Live SOXE Definitions

"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT

"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110

"{8ED43F7E-A8F6-4898-AF11-B6158F2EDF94}" = Epson Event Manager

"{90140000-0015-0414-0000-0000000FF1CE}" = Microsoft Office Access MUI (Norwegian (Bokmål)) 2010

"{90140000-0015-0414-0000-0000000FF1CE}_Office14.SingleImage_{709415CB-DE43-4F15-96F5-148545F8EDE5}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0016-0414-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Norwegian (Bokmål)) 2010

"{90140000-0016-0414-0000-0000000FF1CE}_Office14.SingleImage_{709415CB-DE43-4F15-96F5-148545F8EDE5}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0018-0414-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Norwegian (Bokmål)) 2010

"{90140000-0018-0414-0000-0000000FF1CE}_Office14.SingleImage_{709415CB-DE43-4F15-96F5-148545F8EDE5}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0019-0414-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Norwegian (Bokmål)) 2010

"{90140000-0019-0414-0000-0000000FF1CE}_Office14.SingleImage_{709415CB-DE43-4F15-96F5-148545F8EDE5}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001A-0414-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Norwegian (Bokmål)) 2010

"{90140000-001A-0414-0000-0000000FF1CE}_Office14.SingleImage_{709415CB-DE43-4F15-96F5-148545F8EDE5}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001B-0414-0000-0000000FF1CE}" = Microsoft Office Word MUI (Norwegian (Bokmål)) 2010

"{90140000-001B-0414-0000-0000000FF1CE}_Office14.SingleImage_{709415CB-DE43-4F15-96F5-148545F8EDE5}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010

"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010

"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-0414-0000-0000000FF1CE}" = Microsoft Office Proof (Norwegian (Bokmål)) 2010

"{90140000-001F-0414-0000-0000000FF1CE}_Office14.SingleImage_{F3137115-1D72-46BE-9D42-B5DE61971F2A}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-0814-0000-0000000FF1CE}" = Microsoft Office Proof (Norwegian (Nynorsk)) 2010

"{90140000-001F-0814-0000-0000000FF1CE}_Office14.SingleImage_{751049E8-D99F-4DE1-9FC2-71DE06655678}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-002A-0414-1000-0000000FF1CE}_Office14.SingleImage_{BBFE07A3-B32C-4D6E-B5CA-9F420106EC9D}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-002C-0414-0000-0000000FF1CE}" = Microsoft Office Proofing (Norwegian (Bokmål)) 2010

"{90140000-002C-0414-0000-0000000FF1CE}_Office14.SingleImage_{66FC3637-893A-4837-A32C-0DD98E7F8444}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010

"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-006E-0414-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Norwegian (Bokmål)) 2010

"{90140000-006E-0414-0000-0000000FF1CE}_Office14.SingleImage_{C166254D-5FB6-4D3F-8509-3575387141B9}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-00A1-0414-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Norwegian (Bokmål)) 2010

"{90140000-00A1-0414-0000-0000000FF1CE}_Office14.SingleImage_{709415CB-DE43-4F15-96F5-148545F8EDE5}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{9F470E17-4FC3-4091-A508-D5347A16A2B9}" = Fotogalleriet

"{A37F2060-813A-4325-9456-272B10EE75EF}" = Windows Live Essentials

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{AC76BA86-7AD7-FFFF-7B44-AB0000000001}" = Adobe Reader XI  MUI

"{B2D55EB8-32C5-4B43-9006-9E97DECBA178}" = Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)

"{C034A6F9-6569-491B-B3BF-F5D15221A708}" = Windows Live Essentials

"{C424CD5E-EA05-4D3E-B5DA-F9F149E1D3AC}" = Windows Live Installer

"{C7929038-EDFB-416D-A2C9-CC65416DA0DF}" = Photo Common

"{C9B6EFD0-4F01-4BBA-8374-39AD99A3ED72}" = Windows Live Photo Common

"{D16A31F9-276D-4968-A753-FFEAC56995D0}" = Epson Print CD

"{D888F114-7537-4D48-AF03-5DA9C82D7540}" = Photo Common

"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10

"{E0E0FB88-D570-463E-A98E-733B7B656867}" = Photo Gallery

"{E354D495-5DA4-4CCF-AB39-080F6A4141BE}" = Fotogalleri

"{EC33D375-5164-4374-9061-43F5C6073219}" = Photo Common

"{ED6C77F9-4D7E-447C-9EC0-9A212D075535}" = Movie Maker

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F1CA7DAE-F998-499C-8CA5-FC58CA2416EC}" = Windows Live Essentials

"{F9000000-0018-0000-0000-074957833700}" = ABBYY FineReader 9.0 Sprint

"{FC6C7107-7D72-41A1-A031-3CE751159BAB}" = Photo Gallery

"{FE7C0B3D-50B9-4951-BE78-A321CBF86552}" = Windows Live SOXE

"{FFF841F3-9A15-4F61-BD16-C19F132E5A27}" = Epson Easy Photo Print 2

"ABBYY FineReader 9.0 Sprint" = ABBYY FineReader 9.0 Sprint

"Age of Conan_is1" = Age of Conan: Unchained

"EPSON Scanner" = EPSON Scan

"Google Chrome" = Google Chrome

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware versjon 1.75.0.1300

"NIS" = Norton Internet Security

"Office14.SingleImage" = Microsoft Office Home and Student 2010

"Video Player" = Video Player

"WinLiveSuite" = Windows Live Essentials

"World of Warcraft" = World of Warcraft

 

========== HKEY_USERS Uninstall List ==========

 

[HKEY_USERS\S-1-5-21-2179294692-925929481-4060802572-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"SkyDriveSetup.exe" = Microsoft SkyDrive

"Spotify" = Spotify

"UnityWebPlayer" = Unity Web Player

 

========== Last 20 Event Log Errors ==========

 

[ Application Events ]

Error - 25.07.2013 08:43:02 | Computer Name = Liavaag | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: Continuously busy for more than a second

 

Error - 25.07.2013 08:43:02 | Computer Name = Liavaag | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledEvent 1172

 

Error - 25.07.2013 08:43:02 | Computer Name = Liavaag | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledSPRetry 1172

 

Error - 12.09.2013 15:04:05 | Computer Name = Liavaag | Source = Application Hang | ID = 1002

Description = Programmet IEXPLORE.EXE versjon 10.0.9200.16660 sluttet å samhandle

med Windows og ble lukket. Hvis du vil se om det finnes mer informasjon tilgjengelig

om problemet, åpner du problemloggen i kontrollpanelet for Handlingssenter.    Prosess-ID:

8c0    Starttidspunkt: 01ceafead5e8e184    Avslutningstidspunkt: 16    Programbane: C:\Program

Files (x86)\Internet Explorer\IEXPLORE.EXE    Rapport-ID: 1544bd6d-1bde-11e3-be99-d43d7e323d24

 

Fullstendig

navn på feilpakke:     Relativ program-ID for feilpakke:   

 

Error - 21.09.2013 16:46:30 | Computer Name = Liavaag | Source = Application Error | ID = 1000

Description = Programnavn med feil: spoolsv.exe, versjon: 6.2.9200.16384, tidsangivelse:

0x501080ef  Modulnavn med feil: ntdll.dll, versjon: 6.2.9200.16579, tidsangivelse:

0x51637f77  Unntakskode: 0xc0000374  Feilforskyvning: 0x00000000000ebd59  Feil prosess-ID:

0x1960  Feil starttid for program: 0x01ceb70b2b1b9f5d  Feil programbane: C:\windows\System32\spoolsv.exe

Feil

modulbane: C:\windows\SYSTEM32\ntdll.dll  Rapport-ID: e44398c9-22fe-11e3-be9a-d43d7e323d24

Fullstendig

navn på feilpakke:   Relativ program-ID for feilpakke:

 

Error - 09.10.2013 16:19:23 | Computer Name = Liavaag | Source = MsiInstaller | ID = 11500

Description =

 

Error - 19.11.2013 03:59:17 | Computer Name = Liavaag | Source = Desktop Window Manager | ID = 9020

Description = Desktop Window Manager oppdaget en alvorlig feil (0x8898008d)

 

Error - 28.12.2013 17:39:45 | Computer Name = Liavaag | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: Continuously busy for more than a second

 

Error - 28.12.2013 17:39:45 | Computer Name = Liavaag | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledEvent 1156

 

Error - 28.12.2013 17:39:45 | Computer Name = Liavaag | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledSPRetry 1156

 

[ System Events ]

Error - 27.05.2013 17:15:01 | Computer Name = Liavaag | Source = EventLog | ID = 6008

Description = Forrige avslutning av systemet klokken 22:36:10 den ?27.?05.?2013

var uventet.

 

Error - 12.07.2013 01:40:37 | Computer Name = Liavaag | Source = DCOM | ID = 10010

Description =

 

Error - 19.08.2013 15:40:03 | Computer Name = Liavaag | Source = Service Control Manager | ID = 7034

Description = Tjenesten Bonjour-tjeneste avsluttet uventet. Det har den gjort 1

gang(er).

 

Error - 21.09.2013 16:46:38 | Computer Name = Liavaag | Source = Service Control Manager | ID = 7031

Description = Tjenesten Print Spooler ble uventet avbrutt. Det har den blitt 1 gang(er).

Følgende korrigerende handling blir utført om 5000 millisekunder: Start tjenesten

på nytt.

 

Error - 22.09.2013 03:46:42 | Computer Name = Liavaag | Source = Microsoft-Windows-Kernel-Boot | ID = 29

Description =

 

Error - 22.09.2013 03:47:11 | Computer Name = Liavaag | Source = EventLog | ID = 6008

Description = Forrige avslutning av systemet klokken 22:49:03 den ?21.?09.?2013

var uventet.

 

Error - 11.10.2013 17:21:33 | Computer Name = Liavaag | Source = Tcpip | ID = 4199

Description = Systemet fant en adressekonflikt for IP-adresse 192.168.0.11 og maskinvareadressen

for

systemet 30-10-E4-1A-B8-C9. Nettverksoperasjonen på dette systemet kan være skadet

som  et resultat av dette.

 

Error - 29.10.2013 18:16:43 | Computer Name = Liavaag | Source = EventLog | ID = 6008

Description = Forrige avslutning av systemet klokken 22:24:20 den ?29.?10.?2013

var uventet.

 

Error - 06.12.2013 11:49:58 | Computer Name = Liavaag | Source = EventLog | ID = 6008

Description = Forrige avslutning av systemet klokken 07:27:55 den ?06.?12.?2013

var uventet.

 

Error - 17.12.2013 18:16:55 | Computer Name = Liavaag | Source = Service Control Manager | ID = 7031

Description = Tjenesten Update albrechto ble uventet avbrutt. Det har den blitt

1 gang(er). Følgende korrigerende handling blir utført om 5000 millisekunder: Start

tjenesten på nytt.

 

 

< End of report >

Link to post
Share on other sites

Run OTL

Note: A copy of an OTL fix log is saved in a text file at C:\_OTL\MovedFiles
Link to post
Share on other sites

A few seconds after it had started a window popped up, it told me that something had went wrong, and that the computer would reboot in one minute. I had no option to stop this. So I thought that it was OTL doing this. It was not, and the fix did not finish. Shall I try again?

 

NOTE: I did not close Google Chrome when I started the fix, but OTL closed it when it started. Was this the reason, or is it something that is stopping OTL from running?

Link to post
Share on other sites

SnapDo is still there. So is WebXP Enhanced V1, which is the one that keeps popping up ads when you browse. The sponsored search that pop up in Google whenever you search for something is there aswell. I think that it is connected to WebXP too, but I am not sure.

Log is below:

Link to post
Share on other sites

All processes killed

========== OTL ==========

Use Chrome's Settings page to remove the default_search_provider items.

========== FILES ==========

< ipconfig /flushdns /c >

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

C:\Users\Peter\Desktop\MAGNUS - IKKJE SLETT\OTL\cmd.bat deleted successfully.

C:\Users\Peter\Desktop\MAGNUS - IKKJE SLETT\OTL\cmd.txt deleted successfully.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: All Users

 

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Java cache emptied: 0 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Java cache emptied: 0 bytes

 

User: Peter

->Temp folder emptied: 5572 bytes

->Temporary Internet Files folder emptied: 1508232 bytes

->Java cache emptied: 1157473 bytes

->Google Chrome cache emptied: 374117848 bytes

->Flash cache emptied: 4218 bytes

 

User: Public

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 29255685 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes

RecycleBin emptied: 0 bytes

 

Total Files Cleaned = 387,00 mb

 

 

OTL by OldTimer - Version 3.2.69.0 log created on 01112014_153735

 

Files\Folders moved on Reboot...

C:\Users\Peter\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

 

PendingFileRenameOperations files...

 

Registry entries deleted on Reboot...

Link to post
Share on other sites

SnapDo is still there. So is WebXP Enhanced V1, which is the one that keeps popping up ads when you browse. The sponsored search that pop up in Google whenever you search for something is there aswell. I think that it is connected to WebXP too, but I am not sure.

Log is below:

This is the situation after executing my script?

Link to post
Share on other sites

I think that some reading about this malware should be done. I do believe that SnapDo drops a few reg. keys, I am not sure about WebXP. Remember that we have to clean IE aswell.

Also, one of the earlier logs that I posted I saw something called Pepper Flash Player, or something like that. Could this be removed aswell, I do believe that this is a PUP aswell. I do not recall to have installed this.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.